# New Targets in Detection â?? December 2007



## JohnthePilot

*New Targets in Detection – December 2007*

*New Targets in Detection – December 2007*
This list was provided by Lavasoft.

*AdwarePatrol *
AdwarePatrol is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*AdwarePro*
AdwarePro is rogue anti-spyware. It exploits the name “Ad-Aware.” AdwarePro also displays false positives with the aim to trick the user into buying the commercial version.

*AdwareRemover*
AdwareRemover is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*AdwareRemover2007*
AdwareRemover2007 is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*AntiSpyPro*
AntiSpyPro is rogue anti-spyware and a clone of IEDefender; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*AntivirusProtection* 
AntivirusProtection is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*Cleanator *
Cleanator is rogue anti-errorware that tricks the user into buying the commercial version. Cleanator’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

*DeusCleaner*
DeusCleaner is rogue anti-spyware that tricks the user into buying the commercial version. DeusCleaner’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. 

*DoctorAdware*
DoctorAdware is rogue anti-spyware and a clone of DoctorAdwarePro; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*DoctorAdwarePro*
DoctorAdwarePro is rogue anti-spyware that tricks the user into buying the commercial version. DoctorAdwarePro’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare / trick the user into clicking yes.

*DrProtection*
DrProtection is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*ErrorDigger*
ErrorDigger is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*ErrorInspector*
ErrorInspector is rogue anti-errorware that tricks the user into buying the commercial version. ErrorInspector's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

*ETDSecurityScanner*
ETDSecurityScanner is rogue anti-spyware that tricks the user into buying the commercial version. ETDSecurityScanner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

*GuardCenter*
GuardCenter is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*LiveAntispy* 
LiveAntispy is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*MacroVirus*
MacroVirus is rogue anti-spyware. It detects files based on name and location, potentially generating many false positives. SpywareBot's GUI is a clone of SpywareBot.

*MalwareDestructor*
MalwareDestructor is a rogue anti-spyware application; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*OnlineGuard*
OnlineGuard is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*Pestbot* 
PestBot is rogue anti-spyware and a clone of SpywareXP; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*RegistryCleanerXP* 
RegistryCleanerXP may be a rogue registry cleaner/ FraudTool application that can display exaggerated registry error warnings in the form of pop-ups. The pop-ups may look similar to Windows notifications, tricking the user into believing that the warnings are real and originate from Windows.

*SmartAntiSpyware*
SmartAntiSpyware is rogue anti-spyware that tricks the user into buying the commercial version. SmartAntiSpyware's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

*VirusProtect*
VirusProtect is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*VsSpy*
VsSpy is rogue anti-spyware and a clone of RaptorDefence; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

*Win32.Backdoor. KolMat*
Win32.Backdoor.KolMat opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor. Small*
Win32.Backdoor.Small installs a backdoor service on the infected computer allowing the attacker to gain control of the compromised system.

*Win32.Trojan. AdClicker*
Win32.Trojan.AdClicker is a Trojan that will visit certain web pages in the background to simulate users clicking on ads.

*Win32.Trojan. Inject*
Win32.Trojan.Inject is malware that injects itself into legitimate processes. It may run behind processes as svchost.exe, iexplorer.exe and rundll32.exe. While running protected by another process, it may contact remote domains to download more malware. Its purpose is to hide itself from the visible processes and infect the user’s system.

*Win32.Trojan. Pushdo*
Win32.Trojan.Pushdo is a Trojan that is often installed through downloaders. It is known to come with rootkit components that are used to hide its presence.

*Win32.Trojan. Searches*
Win32.Trojan.Searches copies itself to the root and runs continuously as a process in stealth, giving no clue of its functionality to the user.

*Win32.Trojan. Shutdowner*
Win32.Trojan.Shutdowner will attempt to shutdown the infected machine without the user’s permission.

*Win32.TrojanDropper. Frijoiner*
Win32.TrojanDropper.Frijoiner will drop additional files on the infected system. These files are often other Trojans or downloaders.

*Win32.TrojanSpy. Broker*
Win32.TrojanSpy.Broker will try to monitor and steal log-in information on the infected machine. It is also known to install a rootkit to help hide its presence.

*Win32.TrojanSpy. Graball *
Win32.TrojanSpy.Graball will try to monitor and steal log-in information on the infected machine.

*Win32.TrojanSpy. Pophot *
Win32.TrojanSpy.Pophot will try to monitor and steal login information on the infected machine. It will also try to open Chinese web pages.

*Win32.Virus.Kies*
Win32.Virus.Kies is a virus that infects selected executable files. If infected by Win32.Virus.Kies, you will need to run an anti-virus program to clear it.

*Win32.Virus.Trats*
Win32.Virus.Trats is a virus that infects selected executable files. If infected by Win32.Virus.Trats, you will need to run an anti-virus program to clear it.

*WinZix*
WinZix is a compression program that makes the user aware of the fact that it will show advertisements from time to time. This version of WinZix includes an unwanted installation of Lop. The Lop infection causes system instability, hijacks Internet Explorer, and guards processes to prevent the user from killing it manually. It may cause auto-updates and operate in stealth.


----------

