Late this evening I got news that a new rogue threat from the same branch of “Fake anti-virus” malware such as Personal AntiVirus and Antivirus 360 had just been seen in the wild.
I decided to take a close look at the software touting itself as “MalwareCleaner 2009″.
Straight away upon visiting their website, malwarecleaner2009.com, it was apparent that something was seriously wrong. The website claimed to have approval from a well known and respected pc magazine in the UK- Pc Pro, however this is a complete and blatant lie- with the Pc Pro website making no mention of such a product. ever.
The next thing that came to my attention was the wording on their website- it seemed suspiciously familiar…almost like it had been copied and pasted from somwhere else…surely not?
Have a look at the wording on the the malwarecleaner2009 website (click the image for bigger version):
….and now compare it to description for a well known (real) antivirus, Eset NOD32:
I think me and you know where this is going, right?
With my malware senses already on high alert due to the deceptive nature of their website, I then decided to install MalwareCleaner 2009 on my computer in order to see what it would do once installed on a computer.
The installer started off quite civilised even with options asking about “automatic updates” and “threat detection” (click images for bigger size):
However, after the installer had finished I was not at all surprised that the dirty tricks were just beginning…. a quick check showed me that the installer, apart from putting malwarecleaner 2009 on my machine- had also ladened it with a shedload of fake malware- dropped into different folders on my computer:
This is the full list of locations where fake “infected” files were dropped on my test computer:
C:\Program Files\Acronis\upxbei.exe
C:\Program Files\Bonjour\rkmvnwtq.dll
C:\Program Files\FileZilla FTP Client\ojvceq.scr
C:\Program Files\Kaspersky Lab\usjkeulr.com
C:\Program Files\Microsoft Works\qornq.com
C:\Program Files\Nokia\bcaumiqw.exe
C:\Program Files\Reference Assemblies\toiqqpd.scr
C:\Program Files\Synaptics\pidekwim.com
C:\Program Files\Windows Defender\killkr.exe
C:\Program Files\Windows Photo Gallery\pqsgeijl.scr
C:\Windows\Debug\rndwvgl.com
C:\Windows\IME\mysfoxc.exe
C:\Windows\Minidump\peimbj.exe
C:\Windows\Performance\rkvxcdcn.com
C:\Windows\Resources\wtadnnyj.scr
C:\Windows\Setup\gybdxtog.dll
C:\Windows\tapi\mwhbmksa.com
C:\Windows\WindowsMobile\heqsjbv.exe
C:\Windows\System32\CodeIntegrity\gappbmks.com
C:\Windows\System32\en-US\lised.dll
C:\Windows\System32\hr-HR\lujogyl.scr
C:\Windows\System32\LogFiles\qrpsv.scr
C:\Windows\System32\NDF\seedp.exe
C:\Windows\System32\ras\pdfdlcox.scr
C:\Windows\System32\SMI\uysfwa.exe
C:\Windows\System32\wbem\wtgfuvbd.dll
….and the main infection itself being dropped onto the computer as C:\Grubxp\571613.exe
You may be wondering why they would go to all this trouble and make all of those fake files on a computer, well the answer is very simple- they want to scare you as much as possible and make the fake scan results of malware cleaner 2009 more plausible- notice how the scan screen is flagging up the items it itself has just put on your computer!
As with every fake anitvirus type software, it has it’s fair share of scary warnings to goad a victim into purchasing into this scam:
And also accompanying this malware was a very convincing windows security center mockup…clicking the “find a program” button would only lead straight back to the malwarecleaner 2009 website.
Now we will get onto how to remove and delete malwarecleaner 2009 from your computer:
To remove MalwareCleaner 2009 and all of it’s traces, Malwarebytes’ Anti-Malware is currently the best tool for the job that can remove MalwareCleaner 2009 completely. Malwarebytes’ is completely FREE for personal use (without realtime protection) and can be downloaded from the Malwarebytes’ website by clicking here:
http://www.malwarebytes.org/mbam.php
Download it, install it, remember to update it first and then perform a scan which will find and remove MalwareCleaner 2009 and any other nasties lurking on your system.
If Malwarebytes Anti-Malware has helped you remove personal anti virus, please consider buying a license to say thanks and support me and the Malwarebytes’ fight against malware- you can securely purchase a license by clicking here:
https://store.malwarebytes.org/342/?affiliate=4568&cart=29945&scope=cart – please note that this is completely optional and not a requirement for it to scan and remove malwarecleaner 2009, but you will benefit in future from real time protection that will prevent infections like this and many others installing themselves on your system!
If you want a second opinion on your system after running Malwarebytes’, then AVPTool by Kaspersky is an excellent (free) choice, which you can download here:
ftp://ftp.kaspersky.com/devbuilds/AVPTool/index.html
Just download it, install it and run a scan to see if there are any other viruses lurking on your system.
If you have trouble removing MalwareCleaner 2009, please leave a comment and I will do my best to help- likewise if I helped you remove it just leave a comment to let me know 