PRO Antispyware 2009 rogue antispyware application
Posted: November 26th, 2008 |Pro Antispyware 2009 is a rogue application from the same family as Antispyware Pro XP and AntiSpyware 2008 XP. Pro Antispyware 2009 is advertised through the web sites that claim to appear online malware scanners. During the advertisement, it will pretend to scan your computer and then display a warning box alerting that your computer is infected. Then it suggest you to download and install ProAntispyware 2009 in order to clean your computer.
When Pro Antispyware 2009 is installed it will be configured to automatically start when you logon to Windows. When the application is launched, it scans your system and lists a large amount of fake infections that cannot be removed unless you purchase the full version of the software. While running, the programs will also display fake pop-up and taskbar security alerts stating your computer is threatened or being attacked and that you should buy the software to protect your data. These messages are just a way that the developers try to scare user into purchasing their product. Last, but not least, Pro Antispyware 2009 will also install an adware Trojan as a browser helper object (BHO) in Microsoft Internet Explorer. This adware will display pop-ups on your computer from mxlivemedia.com when using Microsoft Internet Explorer.
Virustotal report
File setup_225_7777_.exe received on 11.18.2008 12:09:21 (CET)
Current status: finished
Result: 3/36 (8.33%)
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| AhnLab-V3 | 2008.11.18.2 | 2008.11.18 | - |
| AntiVir | 7.9.0.31 | 2008.11.18 | - |
| Authentium | 5.1.0.4 | 2008.11.18 | - |
| Avast | 4.8.1281.0 | 2008.11.17 | - |
| AVG | 8.0.0.199 | 2008.11.17 | - |
| BitDefender | 7.2 | 2008.11.18 | - |
| CAT-QuickHeal | 10.00 | 2008.11.18 | - |
| ClamAV | 0.94.1 | 2008.11.18 | - |
| DrWeb | 4.44.0.09170 | 2008.11.18 | - |
| eSafe | 7.0.17.0 | 2008.11.17 | - |
| eTrust-Vet | 31.6.6210 | 2008.11.14 | - |
| Ewido | 4.0 | 2008.11.17 | - |
| F-Prot | 4.4.4.56 | 2008.11.17 | W32/SuspPack.H.gen!Eldorado |
| F-Secure | 8.0.14332.0 | 2008.11.18 | - |
| Fortinet | 3.117.0.0 | 2008.11.18 | - |
| GData | 19 | 2008.11.18 | - |
| Ikarus | T3.1.1.45.0 | 2008.11.18 | - |
| K7AntiVirus | 7.10.526 | 2008.11.15 | - |
| Kaspersky | 7.0.0.125 | 2008.11.18 | - |
| McAfee | 5437 | 2008.11.17 | - |
| Microsoft | 1.4104 | 2008.11.17 | Program:Win32/WinSpywareProtect |
| NOD32 | 3621 | 2008.11.18 | - |
| Norman | 5.80.02 | 2008.11.17 | - |
| Panda | 9.0.0.4 | 2008.11.17 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.11.17 | - |
| Prevx1 | V2 | 2008.11.18 | - |
| Rising | 21.04.12.00 | 2008.11.18 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.11.18 | - |
| Sophos | 4.35.0 | 2008.11.18 | - |
| Sunbelt | 3.1.1801.2 | 2008.11.14 | - |
| Symantec | 10 | 2008.11.18 | - |
| TheHacker | 6.3.1.1.157 | 2008.11.18 | - |
| TrendMicro | 8.700.0.1004 | 2008.11.18 | - |
| VBA32 | 3.12.8.9 | 2008.11.17 | - |
| ViRobot | 2008.11.18.1474 | 2008.11.18 | - |
| VirusBuster | 4.5.11.0 | 2008.11.17 | - |
| Additional information |
|---|
| File size: 114688 bytes |
| MD5…: 5113da8324f92352294aee4f47a532b2 |
| SHA1..: fc2bd52925959ee5061e412d12754ccc120d7925 |
| SHA256: 9506866e9b3cda9e1867c34e091dc1c662032395e1dcf857627fa31547c76bd3 |
| SHA512: ddb22cefe217431451134787847b8fc7b697bb154778cb41b63bc0d2caa70aa6 6d544bb2cf0b89c06d47ba7c56345b0408ac08354e44eddd0e20e17ca74a822e |
| PEiD..: - |
| TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) |
| PEInfo: PE Structure information
( base data ) ( 6 sections ) ( 6 imports ) ( 0 exports ) |
Leave a Reply