Talk:Rogue security software/Archive 1

This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Archive 1

On the screenshot, two rogue applications, Spydawn and Spylocked seem to detect a third rogue software, SpySheriff! Is this true? —Preceding unsigned comment added by 91.139.25.121 (talk) 22:25, 21 December 2007 (UTC)

This article contains the same basic information as the List of fake anti-spyware programs article. It would be best to combine the two - making the list a subsection of this article. -DevinCook (talk) 14:53, 28 April 2008 (UTC)

Merger was accepted. Sephiroth storm (talk) 20:24, 19 August 2008 (UTC)

Why does this article redirect from Registry Booster, given that this program is not listed as rogue software? Even UniBlue, the apparent vendor, is not listed as a maker of rogue software. If it warrants redirecting to this article from "Registry Booster," shouldn't it be mentioned in the article? Otherwise, why the redirect? (216.15.62.119 (talk) 02:23, 5 October 2008 (UTC))

feel free to correct it. Sephiroth storm (talk) 05:04, 5 October 2008 (UTC)

This is a damn rogue software that disguises as a 404 error page (similar to the "The page cannot be found" one) and encourages you to download "AntiSpyware Shield", whici is a fake spyware remover.--200.71.161.1 (talk) 23:47, 7 October 2008 (UTC)

If you can provide anymore information, it would be very much appreciated. Sephiroth storm (talk) 19:35, 8 October 2008 (UTC)

After some research, I find this interesting. The site itself is not Rouge Software obviously, while the endorsed products may be. I would not mind having an article on it, but I don't think that we can make it its own article, maybe adding a section on the articles of the promoted software. Thoughts? —Preceding unsigned comment added by Sephiroth storm (talk • contribs) 17:32, 9 October 2008 (UTC)

And how about making an article about AntiSpyware Shield (the site manage404.com takes you to)? There we could write a section about this infamous dsguise.--200.71.161.1 (talk) 22:15, 2 November 2008 (UTC)

Is it listed in the Rouge software article? If not, please feel free add it to the list, and we'll get on it as soon as possible. While you are at it, feel free to register and join the Wikipedia community.

Sephiroth storm (talk) 12:46, 3 November 2008 (UTC)

What happen to the screenshot!!! --MasterOfTheXP (talk) 00:33, 11 October 2008 (UTC)

Of What? Sephiroth storm (talk) 14:30, 5 November 2008 (UTC)

Hijackthis will never "cripple" a computer, removing all the entries does not cripple anything, it would stop software that starts with windows, would strip all browser add-ons and possibly disable virus scanners etc... All of which can be re-installed afterwards with little effort. Saying that hijackthis can "cripple" a computer is simply not true, and quite frankly, displays ignorance of the subject the article relates to.

Umm, according to Merijn Bellekom, HJT may possibly cripple your system, if the person chooses to fix everything. This is the creator of HJT, no offense I trust him more than anyone else. Now whether he is just CYA or not, if he says it I think it is a reliable source for saying as such. In respect of fairness I have copied and pasted the question and the FULL response, so you can see I am not misleading you. All I have done is bolded the initials before sentences and bolded probably cripple. While I agree that it is hard to think of how it would do so,I trust the creator of HJT knows his program inside and out. Also, I know it CAN disable your internet/network when trying to remove certain infections(removal of some dll's requires special fixes to remove their hooks from the TCP/IP stack or all network connectivity is lost. Source

Interview: (M.S.= Michael Simpson (interviewer) M.B. = Merijn Bellekom (creator of HJT)):

M.S.:Ive read a number of articles where people say that it is safe to remove everything HJT finds. Would you say that is accurate? M.B.:No, no, no. Absolutely not. HJT doesn't differentiate between 'good' items and 'bad' items, so "fixing" it all would disable numerous system components and probably cripple your system by disabling printer drivers, custom graphics card utilities, antivirus programs, firewalls etc. Do NOT fix everything HijackThis finds after a scan. After running HiJackThis If you have questions about what can or cannot be removed safely, you can check out Merijn's log tutorial or post your log file to one of the forums listed in his Help Forums.

PedroDaGr8 (talk) 23:24, 5 December 2008 (UTC)

I have to agree, just as with registry cleaners, and even prominent Malware removal software, it is possible for system files to be corrupted or replaced to the point where removal by some programs could render the system unstable. i.e. if NTLDR, or BOOT.ini was replaced by malware, and then removed by HJt or anouther product. Sephiroth storm (talk) 00:11, 6 December 2008 (UTC)

Hey, I am just mentioning I made some edits. Mainly I split apart the two separate parts dealing with how the program attempts to goad the user into installing the program (knowingly or otherwise) and how once installed the program attempts to get the user to buy the "full" version. The latter was most of the work as I attempted to list some of the common symptoms encountered such as false positives, security warnings etc. If you dislike my edit feel free to revert it. I hope I helped the quality of the article.PedroDaGr8 (talk) 00:20, 6 December 2008 (UTC)

The list of rogue software seems to be a bit unorganized; would it help to rearrange the rogue programs as "families"? For example, maybe we could list Antivirus 360, Antivirus 2008, and other links that redirect to the MS Antivirus article under a family called "MS Antivirus"? ObbySnadles (talk) 13:23, 14 April 2009 (UTC)

An interesting idea, though by grouping in families, you lose the ability to look for items by name. I wonder what others think about this. I think at minimum, the concept of families should be discussed in the article itself. Once I have finished citing all of the rogue products (having removed a legit and a few websites, the necessity of this citation is becoming sorely evident for me) I can begin this if someone else has not already begun it.PedroDaGr8 (talk) 00:30, 18 April 2009 (UTC)

Does anyone know what this is in reference to? Does it mean that the entries shown as being Rogue need to be sourced? If so I will get on that, or is it referring to symptoms?PedroDaGr8 (talk) 05:48, 28 February 2009 (UTC)

Well the first column is done.PedroDaGr8 (talk) 03:25, 6 April 2009 (UTC)

Column 2 is DONE!!!!!! PedroDaGr8 (talk) 03:28, 18 April 2009 (UTC)

ALL ARE DONE!!!!!!!!! WHOO HOO! Now time to focus on citations in the article itself. That was a hard task, I removed several applications that had NO proof of malevolence, some websites that were just distributers of rogue software and not rogue software themselves etc.PedroDaGr8 (talk) 03:29, 18 April 2009 (UTC)

Why no mention of this particular malum in se malware? The first clue (if you know where to look) is a Advanced Virus Remover folder and executable PAVRM which apparently gets installed just by click yes or no a some pop-up. Then as it runs, it mutates, moves around, renames itself, insinuates in odd corners of the system, disables Task Manager, disable Command Line window, by the time you realize something's not kosher, making removal a pain.

Advanced Virus Remover is a virus that then asks you to pay to remnove it. I'm ready to go ballistic. Naaman Brown (talk) 17:25, 25 November 2009 (UTC)

There's really only a few of these running around... they go by different names and have different skins, but the name is changed frequently to make it harder for users to track down removal information. I'm sorry... they can change the name faster then we can keep up. ---J.S (T/C/WRE) 00:57, 12 January 2010 (UTC)

This domain has a very bad reputation. Norton says the page is safe, but it's users say the software they are trying to peddle comes with quite a bit of spyware. MyWOT also ranks them as potentially unsafe. It might be a good idea to unlink this website. Thought? -----J.S (T/C/WRE) 01:20, 12 January 2010 (UTC)

Sure, remove the references. WP:RS(simplifying a lot here) says that if it's not published by a reputable publisher, it has to be a recognized expert in the field. I'm not seeing it meeting either one. --HamburgerRadio (talk) 08:28, 12 January 2010 (UTC)

After struggling for days to rid my computer of Personal Security malware, I thought I'd share the final (and ridiculously easy) solution with others.

I down-loaded various reputable (albeit the free versions) anti-virus and anti-malware software, none of which could get rid of this extremely frustrating and incapacitating malware. Then, during my web research I unexpectedly came across the answer in a computer-geek blog. Apparently someone (with the same problem) somehow managed to trace the sender and threaten them (I don't know how) until they simply told him. Below is a copy of their e-mail:

“Dear customer, Thank you for contacting Customer Support Center. Please follow my instructions to uninstall Personal Antivirus 1.Open My computer, choose Disk C; 2.Find C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk 3.Run the Uninstall file. 4.Reboot your computer. There are other options to find the uninstall file:-paste the following string to Windows Explorer address bar and execute it (Press Enter key): C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk or Start->Run->C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk After that our product will be removed. If you have any questions concerning our software, please contact our Customer Support Service.”

I tried it almost as a joke and couldn't believe my eyes when it worked. The final links looked slightly different when I did it though, but somewhere in the “common files” folder you’re bound to see something that mentions “Uninstall”.

Hope this helps someone somewhere to spend slightly less of life's valuable hours on such nonsense. Is there some way to link this bit of advice to where Personal Security is mentioned in the list of malware in the Rogue security software article?

Mantray (talk) 09:03, 9 March 2010 (UTC)

Is anyone else concerned about the IP address 121.54.32.36 slowly replacing links with ones to spyware-fix.net? The link target is a bit worrisome too. All the contact information on spyware-fix.net is vague, and the domain is registered by proxy. --HamburgerRadio (talk) 22:08, 17 July 2010 (UTC)

Why would the article link to the sites that have the virus software?

The article has links to the sites that will install the viruses on your computer.

I know, it happend to me. —Preceding unsigned comment added by 71.121.168.69 (talk) 09:01, 1 August 2010 (UTC)

The list is kind of a mess when it comes to links. It needs to be fixed; e.g. sorting by family? --ÆAUSSIEevilÆ 05:50, 12 October 2010 (UTC)

Seconded. I really wish the Symantec links at the bottom weren't broken, they look like interesting stories. Ivionday (talk) 08:15, 24 November 2010 (UTC)

<Confused> The list was split into a separate article 6 days ago; there's only one external link, and it's not a Symantec one. Socrates2008 (Talk) 08:36, 24 November 2010 (UTC)

Isn't rogueware the same thing as fakeware? — Preceding unsigned comment added by 140.32.107.150 (talk) 15:44, 26 May 2011 (UTC)

Closing the browser window does not remove a rogue security software program, although it is true that if the browser is closed the right way before the infection infiltrates the system, it can stop an infection before it starts. However, even in those rogues that affect the browser, simply closing the browser means that the infection is still there, and will continue to operate once the browser is reopened.

Using personal experience and in checking various sources, not one security software website I can find recommends closing the browser to remove a rogue program. However, they do recommend using a malware or anti-virus program to scan for infection.^[1] This section also does not list any of the anti-virus/anti-malware programs that could potentially remove rogue security software, nor does it mention the need to scan the system after an attempted rogue infiltration such as an attempted download, fake warning, or other rogue activity to be sure the software did not install. Essentially, this section is missing some basic, important information, and contains severely misleading information - I will correct as soon as possible. JC.Torpey (talk) 21:04, 24 January 2012 (UTC)

---

Would such be classified as rogue software? Malwarebytes did an analysis of a supposed Xbox One emulator on their blog, and it did reek of the same modus operandi as with most emulator scams and supposed iOS jailbreak tools. Blake Gripling (talk) 03:03, 30 July 2013 (UTC)

Shouldn't PCKeeper be mentioned in the article? I was a victim of it; it is a PUP and rogue antivirus. Zeobit should also be listed as a maker of rogue software. When Windows 8.1 was the latest Windows OS release, the PCKeeper page was a pop-up I received on the Merriam-Webster website. It was a site that read something like: "Fix the Windows 8.1 Problem Now! Click Here to Fix Now!" There was a large button that said "Fix Now". Upon clicking, a PCKeeper window opened, "scanning" my computer, and then telling me that my system was critically infected. I don't remember if it wanted me to get a "full version". Could you include this content in the article? The current PCKeeper site is http://pckeeper.com/ . The site looked different back then though. Hope this helps. 76.111.81.193 (talk) 19:53, 14 January 2016 (UTC)

Hello fellow Wikipedians,

I have just added archive links to one external link on Rogue security software. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive http://web.archive.org/web/20110830143044/http://tech.yahoo.com/blog/null/107193 to http://tech.yahoo.com/blog/null/107193

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 04:36, 1 March 2016 (UTC)

Wikipedia has no article about the fake Indian antivirus Protegent. Considering that Vinesauce "Vargskelethor" Joel has turned this into a meme, I'm very surprised. If not an article, then maybe a section of this article?

Thanks,

-insert valid name here- (my talk) —Preceding undated comment added 19:34, 16 September 2017 (UTC)

Malwarebytes did an analysis of Protegent when I emailed them about it, and apart from a network filter component that happens to have been abused by actual rogue AVs, they couldn't find any conclusive evidence that Protegent is in any way malicious. Blake Gripling (talk) 22:51, 16 September 2017 (UTC)

https://www.cybersecurity-insiders.com/north-korea-uses-fall-chill-malware-to-cyber-attack-us-government/ https://www.securityweek.com/north-korean-hackers-hit-cryptocurrency-exchange-macos-malware https://www.kaspersky.com/blog/lazarus-crypto-exchange-attack/23610/ https://www.intego.com/mac-security-blog/operation-applejeus-and-osxlazarus-rise-of-a-mac-apt/ https://securelist.com/operation-applejeus/87553/ https://www.computerweekly.com/news/252447492/North-Koreans-add-Mac-OS-to-cryptocurrency-stealing-malware-attacks

Click on the links

Operation AppleJeus — Preceding unsigned comment added by Personisgaming (talk • contribs) 20:34, 10 August 2019 (UTC)