Sunday 31 January 2010

"Antimalware Defender" Scareware Disguised as a Windows Critical Security Update

Antimalware Defender is another scareware application. It pops up dialog boxes falsely claiming it is part of a Windows Critical Update:





Antimalware Defender reports lots of malware on a clean system:



You can use FreeFixer to remove AntiMalware Defender. I've pasted a FreeFixer log below which will help you identify the malware items:

FreeFixer v0.53 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2010-01-31 15:04


Browser Helper Objects

{fa217b17-bd53-4441-bc32-3de578a2826a}, {fa217b17-bd53-4441-bc32-3de578a2826a}, C:\WINDOWS\system32\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi

Registry Startups (4 whitelisted)

HKLM\..\Run, fa217b17-bd53-4445-bc32-3de578a2826a_6 = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi", start minimized

HKCU\..\Run, fa217b17-bd53-4445-bc32-3de578a2826a_6 = "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\roger\Application Data\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi", start minimized

Processes (23 whitelisted)

C:\Program Files\FreeFixer\freefixer.exe

Explorer.exe Modules (109 whitelisted)

C:\WINDOWS\system32\MSVCR71.dll

Rundll Modules (71 whitelisted)

C:\DOCUME~1\roger\LOCALS~1\Temp\wrk90.tmp

Recently created/modified files

2 minutes, c:\Documents and Settings\roger\Local Settings\Temp\wrk90.tmp

2 minutes, c:\Program Files\Antimalware Defender\Antimalware Defender.dll

2 minutes, c:\Documents and Settings\roger\Local Settings\Application Data\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi

2 minutes, c:\Documents and Settings\roger\Application Data\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi

2 minutes, c:\Documents and Settings\All Users\Application Data\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi

2 minutes, c:\WINDOWS\system32\fa217b17-bd53-4445-bc32-3de578a2826a_6.avi

2 minutes, c:\Documents and Settings\roger\Local Settings\Temporary Internet Files\Content.IE5\6CSRVCZ7\s[2].bin


Did this help you remove AntiMalware Defender?

Saturday 30 January 2010

MyPcSecure Scareware

MyPcSecure claims to detect malware on a clean system:



It's located in C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe

Wednesday 27 January 2010

How to set up Magic Mouse on Windows


Do you want to use Apple's Magic Mouse on Windows? No problem, just follow these step-by-step instructions. I've tested this on Windows XP. Right-click, left-click and vertical scroll are working just fine:

1. Open up the Windows Control Panel. (classic mode):

2. Double click on Bluetooth Devices:



3. In the Devices tab, click Add.



4. Check "My device is set up and ready to be found".

5. Power on your magic mouse with the on/off switch under the mouse. If it is already powered on, power it off and on again.

6. Click Next.

7. After a while, Windows will find the Magic Mouse.

8. Select "Apple Wireless Mouse" and click Next



9. Select "Use the passkey found in the documentation". Type in 0000 as the passkey and click Next:



10 Click Finish:



11. Click OK:



12. Now you should be able to move the mouse pointer, use left- and right-click. To get the vertical scroll working you need to install the Magic Mouse Windows drivers. These are made available by the great people over at uneasysilence.com. There's a 32-bit and and 64-bit version.

13. Done.

Did this help you get your Magic Mouse working on Windows?

Tuesday 12 January 2010

SysDefenders Scareware

Here's another faked anti-virus program. Claims to detects lots of malware on a clean system:




FreeFixer v0.51 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2010-01-12 07:29


Registry Startups (4 whitelisted)
HKCU\..\Run, 8ytzu5al.exe = C:\WINDOWS\system32\8ytzu5al.exe

Processes (21 whitelisted)
C:\Program Files\FreeFixer.0.51\freefixer.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\8ytzu5al.exe
C:\Program Files\SysDefenders Software\SysDefenders\SysDefenders.exe

End of FreeFixer log

Monday 11 January 2010

Tweets, Google Search Results and Speech Ballons

This was news to me. Tweets now appear in Google's search results, in a speech balloon:

Friday 1 January 2010

Antivirus PC 2009

Antivirus PC 2009 is yet another faked antivirus program. It claims to detect malware on a clean system: