Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Double trouble with AntiSpyware 3000

  • Please log in to reply
2 replies to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,639 posts
  • Gender:Male
  • Location:USA
  • Local time:02:23 AM

Posted 06 February 2009 - 11:54 PM

It has been an interesting day in rogue releases, including the new rogue AntiSpyware 3000 that is from the same family as Real Antivirus. This rogue actually contains a double payload. Not only do you get a rogue for your trouble, but they also bundled in the W32.Jeefo virus.

When installing AntiSpyware 3000, malware researcher Nosirrah found that a process C:\Windows\svchost.exe was also installed and alerted me to it. When scanned at VirusTotal we found out that this file is the virus W32.Jeefo. I then tested the installer and found the same thing happened on my test box. The current version of AntiSpyware 3000 is installed via a self-extracting zip archive executable. It seems that this executable has been infected with the virus, and when we run the executable to extract the AntiSpyware 3000 file, it infects our machine.

There has been some discussion as to whether or not this double-payload of rogue and virus was in fact intentional. Were the malware writers trying to intentionally infect us with a virus to make it harder to do malware research? Or are they just so sloppy that their executables are being further infected with other malware. Unfortunately, we will never know the answer to this, but anyone who is looking to test this rogue on their machine should be careful.

Once clue, though, that we found that may lead us to believe that the developers are just sloppy is the strange behavior that occurs when you click on the help tab in the AntiSpyware 3000 program. Instead of going to the homepage for AntiSpyware 3000, it attempts to connect to the homepage for Real Antivirus, which is no longer available. This is because AntiSpyware 3000 is simply a reskin of Real Antivirus and they forgot to remove the link in the code.

We have made a removal guide that will walk you through removing this infection for free. A brief excerpt of the guide is below:

AntiSpyware 3000 is a new rogue anti-spyware program that displays false infections in the scan results when scanning your computer. AntiSpyware 3000 is advertised via false advertising in the shape of fake online anti-malware scanners. When visiting certain sites you will be shown a pop-up stating that your computer is infected. When you attempt to close this pop-up you will automatically be brought to a new site and shown an advertisement that pretends to be an online anti-malware scanner. When this advertisement is completed it will state that your computer is infected and that you should download and install AntiSpyware 3000. It is important to understand that when the advertisement tells you that you are infected you should ...Read the full guide on how to remove AntiSpyware 3000

BC AdBot (Login to Remove)


#2 Guest_tylerisdabest_*


  • Guests

Posted 10 February 2009 - 12:10 AM

this the newest roughware?

#3 Guest_tylerisdabest_*


  • Guests

Posted 10 February 2009 - 12:11 AM

i have not been seeing any new roughware lately mabe everyones catching on to roughware?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users