Sunday, November 27, 2011

Fake Website part 2

Well Readers it has been a long time and i have a popular and most marketed fake website and a fake software. The Website name and url is http://www.proflightsimulator.com and its fake software is pro flight simulator. The software in this website is a exact copy of the most popular open source flight simulator flight gear. The flight gear team says that there is no change the only change in the pro flight simulator is the name of the software. lines in the website states the truth. The lines below are taken from their website it is not my own creation if you doubt me look at this URL http://www.proflightsimulator.com/fg-help.htm
---------------------------------------------------------------------------------------------------------


Why are we different?:
  • A plug and play system that works without the hassles of advanced customization
    Makes it easy to start playing the game without having the need to perform complex technical installation.
  • We offer a one stop launch system and makes it easy to add aircraft + scenery.
    No more fiddling with files and not knowing where to copy them. Its a one-click installation process.
  • The complete start up of the game was rewritten to help new users with this issue.
  • There is better hardware and add-on software interfacing capabilities. (Eg: Joystick support)
  • We've incorporated More Photo-Realistic SceneryNew updates are added monthly.
  • Reduce the lag effect in flying
  • New aircraft models are added on a regular basis.
    (FG does not provide new updates very regularly) 
  • Customer support is only an email away 
    (Open source products do not offer any support) 
  • VATSim network integration! Fly with other pilots on aviation networks. (should be ready in 4 months time) 
To be compliant, we've released the game until the GNU/GPL license.
There're also planned works to include a few major improvements in the next few months namely:
- Improving joystick interface (one-click configuration with all major flight control hardware)
- Intergrating VATSIM and other network support.
- Constant development of new aircraft and new sceneries.
It would be much much different from what FlightGear was.
it also comes complete with bug fixes, and we reinvest back into this version of the game to get programmers to make more additions and bug fixes.
We have a team of paid developers who are working full time to add new code and new ideas to fully develop this.
As such, the cost you'll be paying will go into the development of this game. There will be new changes and updates every month.
This is a separate branch of FlightGear and it may be based on it but it is definitely NOT similar in the aspects mentioned above.
To say it is simply FlightGear would be inaccurate and illegal.

-------------------------------------------------------------------------------------------------------------------------------
Now you can understand that this software is a copy of flight gear. Be Away from SCAMS. I am providing this because i don't like fakes and copied software. The website also tell us there is 100% money back guarantee but there isn't the company remain silent when they are contacted about the money back. Please don't lose your money on these fake websites and their software.
Posted by at No comments:

Sunday, September 18, 2011

Spyware Part 4

Well hello again i am here to give you all the another part of Spyware. First spyware is Autorun Deactivator.

Autorun Deactivator 
It is called itself as a Autorun Virus Remover but what is the real deal of this software is make unwanted entries in the registry and delete all files named "Autorun" that is all. After uninstallation it leaves traces on the registry. It also install some spyware from the internet.

 The next is not a spyware, It is about spyware website

 Well you all aware of www.co.cc website, A popular free domain provider. But now It is not because Google removed the co.cc subdomains from their search result and eset smart security don't give access to co.cc subdomains. The reason behind this is lot of spyware producers use co.cc subdomains to spread the spyware. So Google took a great step and removed all the co.cc domain and subdomain from their search result
Posted by at No comments:

Saturday, August 20, 2011

Fake website

1.www.winzix.com
Which has a software that will corrupt your system
2.www.spbd.weebly.com
Which has spyware and malware that try to steal your data
Posted by at No comments:

Monday, July 18, 2011

Spyware part 3

Well hello i am reporting the 3rd part of Spyware list that could damage your software. the programs i would like to introduce in this list is Torrent101, BitGrabber, BitRoll.

The report from Symantec is as follows

Updated:
July 3, 2007 2:15:40 PM
Type:Potentially Unwanted App
Name:Torrent101; BitGrabber; BitRoll
Version:3.2.0.0
Publisher:
WakeNet
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
When the program is executed, it creates the following folders:
%UserProfile%\Application Data\BitGrabber
%UserProfile%\Application Data\BitGrabber\Data
%UserProfile%\Application Data\BitRoll
%UserProfile%\Application Data\BitRoll\Data
%UserProfile%\Application Data\[RANDOM FOLDER NAME]
%UserProfile%\Application Data\Torrent101
%UserProfile%\Application Data\Torrent101\Data
%UserProfile%\Favorites\Online Gaming
C:\Documents and Settings\All Users\Application Data\[RANDOM FOLDER NAME]
C:\Documents and Settings\All Users\Start Menu\Programs\BitGrabber
C:\Documents and Settings\All Users\Start Menu\Programs\BitRoll
C:\Documents and Settings\All Users\Start Menu\Programs\Torrent101
%ProgramFiles%\BitGrabber
%ProgramFiles%\BitGrabber\Skins
%ProgramFiles%\BitGrabber\Support
%ProgramFiles%\BitRoll
%ProgramFiles%\BitRoll\Skins
%ProgramFiles%\BitRoll\Support
%ProgramFiles%\[RANDOM FOLDER NAME]
%ProgramFiles%\Torrent101
%ProgramFiles%\Torrent101\Skins
%ProgramFiles%\Torrent101\Support
%SystemDrive%\My Downloads

Next, the program drops the following files:
%UserProfile%\Application Data\BitGrabber\Data\downloads.dat
%UserProfile%\Application Data\BitGrabber\Data\downloads.dat.bkp
%UserProfile%\Application Data\BitGrabber\Data\metadata.dat
%UserProfile%\Application Data\BitGrabber\Data\metadata.dat.bkp
%UserProfile%\Application Data\BitRoll\Data\downloads.dat
%UserProfile%\Application Data\BitRoll\Data\downloads.dat.bkp
%UserProfile%\Application Data\BitRoll\Data\metadata.dat
%UserProfile%\Application Data\BitRoll\Data\metadata.dat.bkp
%UserProfile%\Application Data[RANDOM FOLDER NAME]\[RANDOM FILE NAME]
%UserProfile%\Application Data[RANDOM FOLDER NAME]\Dart Rect Creative.exe
%UserProfile%\Application Data[RANDOM FOLDER NAME]\[RANDOM FILE NAME ONE].exe
%UserProfile%\Application Data[RANDOM FOLDER NAME]\[RANDOM FILE NAME TWO].exe
%UserProfile%\Application Data[RANDOM FOLDER NAME]\[RANDOM FILE NAME THREE].exe
%UserProfile%\Application Data[RANDOM FOLDER NAME]\readmename.exe
%UserProfile%\Application Data\Torrent101\Data\downloads.dat
%UserProfile%\Application Data\Torrent101\Data\downloads.dat.bkp
%UserProfile%\Application Data\Torrent101\Data\metadata.dat
%UserProfile%\Application Data\Torrent101\Data\metadata.dat.bkp
C:\Documents and Settings\[CURRENT USER]\Cookies\[USER NAME]@ad.yieldmanager[ONE RANDOM NUMBER].txt
C:\Documents and Settings\[CURRENT USER]\Cookies\[USER NAME]@ayb.netbios-wait[ONE RANDOM NUMBER].txt
C:\Documents and Settings\[CURRENT USER]\Cookies\[USER NAME]@inside.bitroll[ONE RANDOM NUMBER].txt
C:\Documents and Settings\[CURRENT USER]\Cookies\[USER NAME]@inside.torrent101[ONE RANDOM NUMBER].txt
%UserProfile%\Desktop\BitGrabber.lnk
%UserProfile%\Desktop\BitRoll.lnk
%UserProfile%\Desktop\Torrent101.lnk
%UserProfile%\Local Settings\Temp\bis[ONE RANDOM CHARACTER FILE NAME ONE].exe
%UserProfile%\Local Settings\Temp\bis[ONE RANDOM CHARACTER FILE NAME TWO].exe
%UserProfile%\Local Settings\Temp\bis[ONE RANDOM CHARACTER FILE NAME THREE].exe
C:\Documents and Settings\All Users\Application Data\[RANDOM FOLDER NAME][RANDOM FILE NAME]
C:\Documents and Settings\All Users\Application Data\[RANDOM FOLDER NAME]\[RANDOM FILE NAME ONE].exe
C:\Documents and Settings\All Users\Application Data\[RANDOM FOLDER NAME]\[RANDOM FILE NAME TWO].exe
C:\Documents and Settings\All Users\Application Data\[RANDOM FOLDER NAME]\[RANDOM FILE NAME THREE].exe
C:\Documents and Settings\All Users\Start Menu\Programs\BitGrabber\BitGrabber.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\BitGrabber\Uninstall BitGrabber.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\BitRoll\BitRoll.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\BitRoll\Uninstall BitRoll.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Torrent101\Torrent101.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Torrent101\Uninstall Torrent101.lnk
%ProgramFiles%\BitGrabber\BitGrabber.exe
%ProgramFiles%\BitGrabber\BitGrabber.TRC
%ProgramFiles%\BitGrabber\minime.exe
%ProgramFiles%\BitGrabber\settings.ini
%ProgramFiles%\BitGrabber\settings.stp
%ProgramFiles%\BitGrabber\SkinCrafterDll.dll
%ProgramFiles%\BitGrabber\Skins\Quadro.skf
%ProgramFiles%\BitGrabber\Support\connecting.gif
%ProgramFiles%\BitGrabber\Support\default.htm
%ProgramFiles%\BitGrabber\Support\dots.gif
%ProgramFiles%\BitGrabber\Support\logo.jpg
%ProgramFiles%\BitGrabber\Support\porttest_error.htm
%ProgramFiles%\BitGrabber\Support\porttest_start.htm
%ProgramFiles%\BitGrabber\TorrentManager.dll
%ProgramFiles%\BitGrabber\unins000.dat
%ProgramFiles%\BitGrabber\unins000.exe
%ProgramFiles%\BitRoll\BitRoll.exe
%ProgramFiles%\BitRoll\BitRoll.TRC
%ProgramFiles%\BitRoll\minime.exe
%ProgramFiles%\BitRoll\settings.ini
%ProgramFiles%\BitRoll\settings.stp
%ProgramFiles%\BitRoll\SkinCrafterDll.dll
%ProgramFiles%\BitRoll\Skins\Flexi.skf
%ProgramFiles%\BitRoll\Support\connecting.gif
%ProgramFiles%\BitRoll\Support\default.htm
%ProgramFiles%\BitRoll\Support\dots.gif
%ProgramFiles%\BitRoll\Support\logo.jpg
%ProgramFiles%\BitRoll\Support\porttest_error.htm
%ProgramFiles%\BitRoll\Support\porttest_start.htm
%ProgramFiles%\BitRoll\TorrentManager.dll
%ProgramFiles%\BitRoll\unins000.dat
%ProgramFiles%\BitRoll\unins000.exe
%ProgramFiles%\Torrent101\minime.exe
%ProgramFiles%\Torrent101\settings.ini
%ProgramFiles%\Torrent101\settings.stp
%ProgramFiles%\Torrent101\SkinCrafterDll.dll
%ProgramFiles%\Torrent101\Skins\Zorg.skf
%ProgramFiles%\Torrent101\Support\connecting.gif
%ProgramFiles%\Torrent101\Support\default.htm
%ProgramFiles%\Torrent101\Support\dots.gif
%ProgramFiles%\Torrent101\Support\logo.jpg
%ProgramFiles%\Torrent101\Support\porttest_error.htm
%ProgramFiles%\Torrent101\Support\porttest_start.htm
%ProgramFiles%\Torrent101\Torrent101.exe
%ProgramFiles%\Torrent101\Torrent101.TRC
%ProgramFiles%\Torrent101\TorrentManager.dll
%ProgramFiles%\Torrent101\unins000.dat
%ProgramFiles%\Torrent101\unins000.exe
%Windir%\Tasks\[RANDOM FILE NAME].job

It then creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"army logo" = "%UserProfile%\Application Data[RANDOM FOLDER NAME]\readmename.exe"

The program then creates the following registry subkeys:
HKEY_CURRENT_USER\Software\BookDriveBat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Setup Once Inside
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\keep inside loud
HKEY_CURRENT_USER\Software\WakeNet
HKEY_CLASSES_ROOT\.torrent
HKEY_CLASSES_ROOT\BitGrabber
HKEY_CLASSES_ROOT\BitRoll
HKEY_CLASSES_ROOT\CLSID\{D5792AA9-D373-4039-8670-2CDAB6A71F15}
HKEY_CLASSES_ROOT\Interface\{3FFBBD07-EB2D-4305-982B-21DA43DED39C}
HKEY_CLASSES_ROOT\Torrent101
HKEY_CLASSES_ROOT\TorrentManager.WebManager
HKEY_CLASSES_ROOT\TorrentManager.WebManager.1
HKEY_CLASSES_ROOT\TypeLib\{970CC246-0D83-4FFA-9832-62F19B4505CB}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5792AA9-D373-4039-8670-2CDAB6A71F15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitGrabber_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitRoll_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent101_is1

It also creates the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\"DownloadUI" = "{D5792AA9-D373-4039-8670-2CDAB6A71F15}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"netsearchsoft.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netbios-wait.com" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\"www.netsearchsoft.com" = ""

The program can then be used as a Torrent client application.

It creates two hidden Internet Explorer processes that stay resident after the application is closed.

The program downloads a copy of Adware.Lop onto the computer.

It also installs a Browser Helper Object and displays advertisements in Internet Explorer.


Another program from this family is TorrentQ it also a same type of application that do all the things mentioned above.
Posted by at No comments:

Friday, July 8, 2011

Spyware Part 2

Winzix : It is a typical spyware that load bunch of spyware and adware which will crash you system or make the system to malfunction. According to Symantec the report of Winzix is as follows


Symantec Security Response
http://www.symantec.com/security_response/index.jsp
WinZix
Updated:July 12, 2007 1:37:27 PM
Type:Potentially Unwanted App
Name:Winzix
Publisher:Winzix
Risk Impact:Low
Systems Affected:Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
SUMMARY

Behavior
WinZix is a potentially unwanted application that may download other programs on to the computer.

Antivirus Protection Dates
Initial Rapid Release version July 10, 2007 revision 017
Latest Rapid Release version April 29, 2011 revision 036
Initial Daily Certified version July 10, 2007 revision 017
Latest Daily Certified version April 29, 2011 revision 037
Initial Weekly Certified release date July 11, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
TECHNICAL DETAILS
When the program is executed, it displays the following interface:

It then creates the following files:
C:\Documents and Settings\All Users\Start Menu\Programs\WinZix\Uninstall WinZix.lnk
%ProgramFiles%\WinZix\Flexi.skf
%ProgramFiles%\WinZix\SkinCrafterDll.dll
%ProgramFiles%\WinZix\unins000.dat
%ProgramFiles%\WinZix\unins000.exe
%UserProfile%\Desktop\WinZix-2.0-setup-0514.exe
C:\Documents and Settings\All Users\Start Menu\Programs\WinZix\WinZix.lnk
%ProgramFiles%\WinZix\minime.exe
%ProgramFiles%\WinZix\WinZix.exe
%ProgramFiles%\WinZix\WinZixManager.dll
%UserProfile%\Desktop\WinZix.lnk

Next, the program creates the following registry subkeys:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\.zix
HKEY_CLASSES_ROOT\CLSID\{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinZixManager
HKEY_CLASSES_ROOT\Interface\{41CA7D4D-AE77-4B13-9459-E9AB7EFECAAD}
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix
HKEY_CLASSES_ROOT\TypeLib\{10954590-2B3A-41EC-97BB-C95A5E646DA9}
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell
HKEY_CLASSES_ROOT\winzix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZix_is1

The program also creates the following registry entries:
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell.1\"Default" = "WinZixShell Class"
HKEY_CLASSES_ROOT\WinZixManager.WinZixShell.1\CLSID\"Default" = "{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}" = "WinZixShell extension"

The program may then download a copy of Adware.Lop on to the computer.

This is a information of Winzix from Symantec Corporation

Next Spyware i want to talk about it 3wPlayer:

3wPlayer is a rogue media player software application bundled with trojans that can infect computers running Microsoft Windows. It is designed to exploit users who download video files, instructing them to download and install the program in order to view the video. The 3wPlayer employs a form of social engineering to infect computers. Seemingly desirable video files, such as recent movies, are released via BitTorrent or other distribution channels. These files resemble conventional AVI files, but are engineered to display a message when played on most media player programs, instructing the user to visit the 3wPlayer website and download the software to view the video. The 3wPlayer is infected with Trojan.Win32.Obfuscated.According to Symantec, 3wPlayer "may download" a piece of adware they refer to as Adware.Lop, which "adds its
own toolbar and search button to Internet Explorer".

Also another Software that is DivoCodec and X3Codec

The DivoCodec or Divo Codec or X3Codec has also been identified as a trojan similar to 3wPlayer. Users are instructed to download the codec in order to view or play an AVI/MP4/MP3/WMA file, often downloaded via P2P programs.
Instead of actual codecs, DivoCodec installs malware on the users computer. The DivoCodec is polymorphic and can change its structure. It has also been known to write to another process' virtual memory (process hijacking).
Posted by at No comments:

Spyware Part 1

The part 1 of the post includes some of the spyware known commonly they are

CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.

Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.

HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements.

Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and other agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay.The FTC filed a complaint, since settled, against Movieland and eleven other defendants charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers."

WeatherStudio has a plugin that displays a window-panel near the bottom of a browser window. The official website notes that it is easy to remove (uninstall) WeatherStudio from a computer, using its own uninstall-program, such as under C:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns to the prior display appearance, without the need to modify the browser settings.

Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies (as seen in their [Zango End User License Agreement])

Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to Control Server. Some information can be the search-history, the Websites visited, and even keystrokes.More recently, Zlob has been known to hijack routers set to defaults.

Please comment if there is anything wrong
Posted by at No comments:

What is a Adware ?

Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up.They may also be in the user interface of the software or on a screen presented to the user during the installation process. The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software.
Posted by at No comments:

What is a spyware?

Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet connection or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is provided by the term privacy-invasive software.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
Posted by at No comments:

Starting My Spyware Around the World Blog

This blog is to spot you all the Spware and Adware in the world so that you are aware about it and we will give full information of these softwares in the posts. This blog is maintained by Arvin Soft
Posted by at No comments:
Subscribe to: Posts (Atom)