AUSP

• SpyGraphica    (Sun, 20 May 2012 07:53:49 CDT)
  SpyGraphica is a commercial computer surveillance program that logs keystrokes and takes screenshots of user activity. It sends gathered data to a configurable e-mail address. SpyGraphica must be manually installed. It automatically runs on every Windows startup.
• Windows Private Shield    (Sun, 20 May 2012 03:32:27 CDT)
  Windows Private Shield is a rogue anti-spyware program that performs a fake system scan and outputs many, usually more than twenty, false system security threats and infections to make you think that your computer is infected with spyware, adware, worms and other viruses. The rogue anti-spyware program is promoted via Trojan downloaders and droppers, fake online virus scanners and spam messages. Once installed, Windows Private Shield will report numerous fake and non-existent infections and then will ask to purchase the program to remove the infections in order to clean your PC and protect it against other malware threats. Of course, you shouldn't buy it, because Windows Private Shield is nothing more but a scam and it won't protect your computer or remove any infections simply because they do not exist. Instead, please use the removal instructions below to remove Windows Private Shield from your computer using legitimate malware removal software listed below.When running, the rogue anti-spyware program will block legit PC software and state that it's infected or corrupted. Of course, it will block anti-virus and anti-spyware programs in the first place, but that's not all, it will also block such programs as notepad or task manager and Windows registry editor. Some of the fake Windows Private Shield popups will impersonate Widows Security Center and will claim that your computer is not protected or under attack from the net. It will also display fake security alerts and pop-ups like every on or two minutes. Some of the fake security alerts read:ErrorSoftware without a digital signature detected.Your system files are at risk. We strongly advise you to activate your protection.Torrent AlertRecomended: Please use secure encrypted protocol for torrent links.Torrent link detected!Receiving this notification means that you have violated the copyright laws. Using Torrent for downloading movies and licensed software shall be prose...
• WinMaximizer    (Sat, 19 May 2012 16:12:45 CDT)
  WinMaximizer is a program, which we can categorize as fake system optimizer. In short, this virus tries to trick users into believing their computers are under severe virus attacks and tries to get their money by providing the fix for the fake errors they create. Winmaximizer installs into system without the expressed consent of the user. After the instalation this fake system optimizer starts checking the system which is complete fake. Winmaximizer has preprogrammed reports and shows numerous problems on your system. This virus states that you have some registry errors, that your system was compromised, finds some fake files which winmaximizer labels as insecure. The trick is that win32/winmaximizer promises to eliminate all identified problems. If you would click “remove the threats button”, it automatically asks you to pay 10 USD for its PAID version. First of all these "errors" are fake, 2-spyware.com spyware research team tested Win Maximizer and it found almost three hundreds items on clean test machine. WinMaximizer 2012 is created by the cyber group which has produced many malicious system optimizer programs like System Check, System Fix.How you can get WinMaximizer virus?There are some easy ways to get this infection. First of all please do not download anything from internet from suspicious resources, as there are many hacked sites, where you can get infected with WinMaximizer. Virus enters the system using security vulnerabilities of your system. It is a hard process to get rid of this infection. simple unintall ways does not help which makes removal process of winmaximizer a bit difficult.What to do if you infected?Do not pay them money. If you will pay, you will not get your money back even if you dispute the charges in the bank. Ignore all the error results and try to follow our manual removal instructions for winmaximizer below. Also it is a good idea to scan your computer with reputable anti-spyw...
• Windows Pro Safety Release    (Fri, 18 May 2012 07:42:22 CDT)
  Windows Pro Safety Release is a rogue anti-spyware program that comes mostly from fake online virus scanners, infected websites and malicious PDF and executable files. The rogue program is usually promoted via exploit packs and crimeware kits. Once installed, the rogue anti-spyware program will performa a fake system scan and display a list of critical infections or system security threats that can't be removed unless you first purchase the rogue program. Windows Pro Safety Release is nothing more but a scam since it asks you to pay for fake malware removal procedure. It will prompt you to pay for a full version of the program to remove the infections which don't even exist in the first place. So how you can trust it? You can't. It goes without saying that you should remove Windows Pro Safety Release from your computer as soon as possible. While running, Windows Pro Safety Release will flood the system with fake and very annoying security alerts and pop-ups notifications claiming that your computer is infected with malware, spyware and very dangerous viruses that can delete your files or steal your data. It will also claim that your computer is under attack from a remote web server that may install additional malware that may indeed later used to steal personal data or delete files. Anyway, such false information should be ignored just like the false scan results. Furthermore, Windows Pro Safety Release may block pretty much every security related website and disable system security tools such as Task Manager or Regedit to protect itself from being removed. It will probably block antivirus software too. ErrorKeylogger activity detected. System information security is at risk.It is recommended to activate protection and run a full system scan.ErrorSoftware without a digital signature detected.Your system files are at risk. We strongly advise you to activate your protect...
• Stekct    (Fri, 18 May 2012 07:11:48 CDT)
  Stekct is a malicious worm that attempts to use social networks and instant messaging to spread a message containing a link to a malicious file. Here’s how the message would look like:"HAHA LOL could this be you? hxxp://goo.gl/LFDt0?Facebook.com-IMG<six random numbers.JPG"Additionally, it opens a backdoor connection to the compromised computer, which allows the attacker to perform various commands, including downloading malicious files and executing them, controlling the IM programs and social networks to send spam messages to the infected computer owners contacts. This is the list of affected IM and Social Network sites:AIMGoogle TalkICQMSNYahoo! MessengerFacebookSkypeWindows Live MessengerStekct modifies the system registry to allow it to start every time when windows starts. Additionally it adds itself to the list of trusted processes which get authorised to access the network just by modifying another registry value. It also tries to disable these antivirus processes and services:antivirserviceavgntaviraupgradeserviceavpkavsvcmsascuimsmp svcwindefendwuauservMoreover, this malicious worm tries to terminate processes and delete all the associated files:egui.exeekrn.exemsseces.exesvhost.exeYahooAUService.exe
• Linfo    (Fri, 18 May 2012 05:53:20 CDT)
  Linfo is a malicious Trojan horse which is made to open a backdoor on a compromised computer. It opens a backdoor by connecting to one of the listed below links, by enabling the cybercriminal to take over the computers information[http://]www.ancold.org.au/mycfg/mycmd/[ENCODED HO[REMOVED][http://]www.ancold.org.au/mycfg/myscr/Myup[REMOVED]Linfo allows the cybercriminal to perform the following very dangerous actions:Upload system informationDownload, upload, execute, delete, move, and copy filesStart a remote shellList running processesList contents of local driveSearch for local filesCreate and remove directoriesDownload an updated configuration fileChange the frequency of the intervals in which the computer contacts the remote serverExecute shellcodeChange command and control serversShut down or reboot the compromised computerLog off the current user
• Wiarp    (Fri, 18 May 2012 05:16:21 CDT)
  Wiarp is a malicious Trojan horse which works as a back door on an infected computer. After creating a backdoor connection, this parasite waits for commands from its creator. This is the location where this malicious Trojan connects to:[http://]update.yahoo-upgrade.com/ch[REMOVED] Additiona lly, Trojan Wiarp enables the attacker to perform the following dangerous actions on victims computer:Inject files into running processesEnd running processesCreate a serviceDownload a remote fileOpen a command line
• Windows Secure Kit 2012    (Fri, 18 May 2012 04:49:33 CDT)
  Windows Secure Kit 2012 is a browser hijacker that has been noticed even on some well known websites. It seems that it's a new way how scammers try to distribute Security Shield and other rogue anti-spywares that have been found to belong to FakeVimes or WinWebSec families of rogues. Undoubtedly, scammers seek to generate some money in this way.By displaying fake Windows Security Alert that reports about numerous viruses detected, Windows Secure Kit 2012 initiates a need to purchase licensed version of Security Shield. Please, never fall into this scam. Instead of that, make sure your anti-virus and anti-spyware programs are up to date in order to have Windows Secure Kit 2012 flagged as malware before it tricks you. In addition, if you have noticed Security Shield on your computer, don't leave it there because it will continue redirecting you to its purchase page or even may disable you from the internet and let more viruses inside. We highly recommend you to run a full system scan with SpyHunter and Spyware Doctor to remove Security Shield without any delay.
• Farfli    (Fri, 18 May 2012 04:43:54 CDT)
  Farfli is a malicious Trojan horse which is made to modify Internet Explorer start page. It also has a possibility to download and execute malicious software or dangerous files. This parasite may be downloaded from these locations:[http://]install1.ring520.org/kk[REMOVED][http://]install2.rin g520.org/kk[REMOVED][http://]install3.ring520.org/kk[REMOVED][http://]ins tall4.ring520.org/kk[REMOVED]Farfli drops its files on the system folder, and modifies the registry. It’s simple to know if you’re infected. If your internet explorer is constantly changing its homepage, and you see a bookmark to this page “http://www.6781.com/?001” that you didn’t create - you’re infected by this malicious parasite. Farfli notifies the cybercriminals about the infection, so it is very important to delete it from your system. This is the full list of this Trojans start pages:[http://]www.baidu.com/inde[REMOVED][http://]www.kzdh.com[REMOVED] www.7255.com/?gabout.blank.la?gMoreover, Trojan Farfli looks for a specific Web browser to be installed and modifies .ini files to redirect the search via the Baidu URL and adds a specific affiliate name:Maxthon Browser .ini file: [MAXTHON INSTALLATION FOLDER]Configsetupcenter.ini TheWorld Browser .ini file: [THEWORLD INSTALLATION FOLDER]TheWorld.ini
• Happili redirect    (Fri, 18 May 2012 02:59:50 CDT)
  Happili redirect virus is a browser hijacker which redirects searches of google.com to happili.com and some other random pages. It’s very hard to notice the infiltration of this malicious software, but it may come bundled with other types of malware which comes with insecure downloads. It is almost impossible to search with google when you’re infected with this virus.Happily redirect virus does affect Macs too. First thing you need to do is to update Java as this virus uses Java to infect Mac and PC computers. It will be a hard tast to remove this infection as it is used with zeroaccess malware, which is one of the worst malware ever made to the computer system. you will need special tool to remove Happily redirect.Here are removal options for PC users:Symantec offers ZeroAccess Fix Tool. This tool can detect and remove the infection, but it might not work with Happili redirect virus and other patest variantsKaspersky offers TDSSKiller. This utility does find the infection and kill all malicious DLL.Webroot has developed its own tool to remove special viruses like this. After using any of tools mentioned above you need to scan you system with reputable anti-spyware software, like Spyhunter, Spyware Doctor or MalwareBytes anti-malware to remove remaining infection. Removal instructions for MAC users:you MUST update JAVA. This Java security update removes the most common variants of the Flashback malware. Apple support provides this informationF-secure developed flashback removal tool which can identify Happily redirect virus and remove it. DO NOT mess with manual removal if you are not advanced MAC user deeply familiar with the system. Use the automated F-secure tool.When a computer is infected with Hapili redirect, user is taken to a website which is not the link that was shown when clickin on a google search results. These redirected pages might infect your PC even mo...