When installing AntiSpyware 3000, malware researcher Nosirrah found that a process C:\Windows\svchost.exe was also installed and alerted me to it. When scanned at VirusTotal we found out that this file is the virus W32.Jeefo. I then tested the installer and found the same thing happened on my test box. The current version of AntiSpyware 3000 is installed via a self-extracting zip archive executable. It seems that this executable has been infected with the virus, and when we run the executable to extract the AntiSpyware 3000 file, it infects our machine.
There has been some discussion as to whether or not this double-payload of rogue and virus was in fact intentional. Were the malware writers trying to intentionally infect us with a virus to make it harder to do malware research? Or are they just so sloppy that their executables are being further infected with other malware. Unfortunately, we will never know the answer to this, but anyone who is looking to test this rogue on their machine should be careful.
Once clue, though, that we found that may lead us to believe that the developers are just sloppy is the strange behavior that occurs when you click on the help tab in the AntiSpyware 3000 program. Instead of going to the homepage for AntiSpyware 3000, it attempts to connect to the homepage for Real Antivirus, which is no longer available. This is because AntiSpyware 3000 is simply a reskin of Real Antivirus and they forgot to remove the link in the code.
We have made a removal guide that will walk you through removing this infection for free. A brief excerpt of the guide is below:
AntiSpyware 3000 is a new rogue anti-spyware program that displays false infections in the scan results when scanning your computer. AntiSpyware 3000 is advertised via false advertising in the shape of fake online anti-malware scanners. When visiting certain sites you will be shown a pop-up stating that your computer is infected. When you attempt to close this pop-up you will automatically be brought to a new site and shown an advertisement that pretends to be an online anti-malware scanner. When this advertisement is completed it will state that your computer is infected and that you should download and install AntiSpyware 3000. It is important to understand that when the advertisement tells you that you are infected you should ...Read the full guide on how to remove AntiSpyware 3000