PCSecureSystem

Description:	Rogue Security Program
Risk Level:	Critical
Date of First Occurence:	Tuesday, April 15, 2008
Software Developer:	(unknown)
Brief Info:	Rogue/Suspect Anti-Spyware Product "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection
Removal:	This threat can be removed using "Spyware Terminator"

RIMUOVI SPYWARE »

Geographical Distribution of Threat "PCSecureSystem"

Threat Info

View All

Detected Items

Detected Files: %PROGRAMFILES%\PCSecureSystem\Up\aviupd.exe MD5: 7797D6FCEEA087986010EAF1781DED58 Size:602112 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UpDate\UADAILY.DLL MD5: 7FDE161B08C14C198BE04BB3F3553CFC Size:65256 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UpDate\UA27604.DLL MD5: 8F49977E80D7B0A67421651526FB9442 Size:170921 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UpDate\UA27603.DLL MD5: EAE66A00EA03418FD46158479B3BAECC Size:165473 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UpDate\UA27602.DLL MD5: 87BC18887EE68D636B7D71159CFAAE36 Size:153123 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UpDate\UA27601.DLL MD5: C837529ED8ED5060577049ED73453D4D Size:113369 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNPEPACK.DLL MD5: 1E6250CE35D1F6F3AA5456D02967C0E9 Size:69211 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNPACKS2.DLL MD5: 5ECBB6C3B335F05B857AE0C56484B279 Size:73091 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNPACKS.DLL MD5: E17370296861D8A15F9C6BDD4B2C2DF0 Size:373419 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNPACK.DLL MD5: 4ECBF71A0EE92AD5133FE38F2DA1EA57 Size:331275 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNMIME.DLL MD5: DD1F43DB6001736E5F35C99EDFE4066F Size:44202 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\unamscan.dll MD5: DF6958E9BA1D73E7AEF47EF6C46281DF Size:47616 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNADBX.DLL MD5: 3F742797F3A89980159019FEB17A424B Size:286720 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\UNACPU.DLL MD5: 46B810693C6DB63897949566248281FD Size:9728 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANWIN1.DLL MD5: DF537DE9898F69F7A4D3305F9A179991 Size:836351 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANTROJ.DLL MD5: 8171CD21864D286810BAC74950E18B0C Size:1045102 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANTOOL.DLL MD5: A91DDAE3949F2D954B1E435A68D7624A Size:114320 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANSCR.DLL MD5: AFBBDCB570928407BD8F8602BA54859B Size:276532 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANOTHR.DLL MD5: 0D0ED5F72760C6A073B48417078B1368 Size:40707 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANMCR1.DLL MD5: A652CF6D85403A8477DF041F35BE9023 Size:200849 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANFUNC.DLL MD5: 636E5D27C3798E12A97F5D8B37620F98 Size:63004 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANEMUL.DLL MD5: 8898D6F8672D55910871426B87A61A1A Size:28301 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANDOS1.DLL MD5: 4E735D206C4041BCBBE31A9B50EA6F86 Size:1265683 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANDLDR.DLL MD5: 84482D14152A9202C605D61D77809A7D Size:1123285 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANBCDR.DLL MD5: 4001F8BD5D48EC30B61479BFAE91E157 Size:913355 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\SCANADWR.DLL MD5: F9C8302F2C505740820A88581D29EFAB Size:246310 %PROGRAMFILES%\PCSecureSystem\Engines\plugins\BORLNDMM.DLL MD5: 232966BF4E5F15491481AC3958131A21 Size:22528 %PROGRAMFILES%\PCSecureSystem\sqlite3.dll MD5: 55012ADD096C9E6928AC096AEFFF253E Size:247232 %PROGRAMFILES%\PCSecureSystem\rpt.dll MD5: 6BD0191CEFE8A1279E1EE4BEB902BBDA Size:163840 %PROGRAMFILES%\PCSecureSystem\scnkrnl.dll MD5: 9DA344E755867D3AD46A608F42E7F892 Size:569344 %PROGRAMFILES%\PCSecureSystem\RTasks.exe MD5: 2286D3F749D5AD7216C05BE6C43D6995 Size:13824 %PROGRAMFILES%\PCSecureSystem\Restart.exe MD5: BEF957FED808825BD2E4AA350ACA75AF Size:53248 %PROGRAMFILES%\PCSecureSystem\unins000.exe MD5: 5DEE4D16CF064CACFAB66BFF8006D216 Size:682364 %SYSDIR%\Drivers\FMTR.sys MD5: 316B198DAEA435B953DB51D3549497EA Size:46592 %PROGRAMFILES%\PCSecureSystem\Tools\popupg.dll MD5: 57E477E0E008370A83EC5803335686BC Size:139264 MD5: 57E477E0E008370A83EC5803335686BC %PROGRAMFILES%\PCSecureSystem\Dat\HI.exe MD5: FB8110BEC7A0112B24E5E9CEBA94A8A7 Size:121856 %PROGRAMFILES%\PCSecureSystem\Tools\IEFWBHO.dll MD5: EB9FEFF5332581DDFF1D541096310B44 Size:1100288 MD5: EB9FEFF5332581DDFF1D541096310B44 %PROGRAMFILES%\PCSecureSystem\pgs.exe MD5: 31730DF57E84E6D9BABC3AD99A0A98BA Size:3002368 MD5: 31730DF57E84E6D9BABC3AD99A0A98BA %PROGRAMFILES%\PCSecureSystem\Up\Download\cppuhawt\enemies2080.exe MD5: E6E9DAC3BC67AEE6FB07FD07AF3BEF4E Size:3419042
Detected Files with variable Filenames: MD5: DFDD37BFED0755BCD08917FDE6DFCF95 Size: 159264 %APPDATA%\install_en[1].exe %TEMP%\vntmrykt.exe %TEMP%\urclqecd.exe %TEMP%\rhvqsuwb.exe %TEMP%\qrjatydi.exe %TEMP%\mofugclq.exe %TEMP%\dlwixoql.exe d:\System Volume Information\_restore{45A8AA17-3491-4933-AEB9-15CC5D44125D}\RP14\A0011845.exe d:\System Volume Information\_restore{45A8AA17-3491-4933-AEB9-15CC5D44125D}\RP11\A0005545.exe %SystemDiskRoot%\Documents and Settings\Guest.YOUR-D0F670B45A\Application Data\install_en[1].exe d:\System Volume Information\_restore{90D98DAF-A1D0-488A-8B9C-D02A6FE86052}\RP14\A0028418.exe MD5: 077C99DDFC78BAC0F5E0684D9EFD1C1F Size: 40960 %PROGRAMFILES%\%7C25\Activate.exe %PROGRAMFILES%\TrojanerFilter\Activate.exe %PROGRAMFILES%\AntiSpionagePro\Activate.exe %PROGRAMFILES%\VirusAlarma\Activate.exe %PROGRAMFILES%\SpyGuardPro\Activate.exe %PROGRAMFILES%\AntivirusPCSuite\Activate.exe %PROGRAMFILES%\WinSpyControl\Activate.exe %SystemDiskRoot%\System Volume Information\_restore{E92F476D-2609-425C-AF11-34EBED91AE66}\RP564\A0134009.exe MD5: 144D8CF1A1D3362114810BBA17E4A28D Size: 1921024 %PROGRAMFILES%\SpyGuardPro\pgs.exe %PROGRAMFILES%\BestsellerAntivirus\pgs.exe %PROGRAMFILES%\1\pgs.exe %PROGRAMFILES%\WinSpyControl\pgs.exe %PROGRAMFILES%\SpyGuardPro\pgs .exe %SystemDiskRoot%\Documents and Settings\Owner.YOUR-XHTR8HVC4P.001\Local Settings\Temp\TMP6A.tmp %PROGRAMFILES%\AntivirusPCSuite\pgs.exe %USERPROFILE%\Local Settings\Temp\TMP10C.tmp %USERPROFILE%\Local Settings\Temp\pgs.exe MD5: 5F8733CBC62F1820C0C02296970F5665 Size: 46592 %SYSDIR%\Drivers\FMTR.sys %PROGRAMFILES%\AVSYSTEMCARE\FMTR.sys %PROGRAMFILES%\WinSpyControl\FMTR.sys %PROGRAMFILES%\TrustedAntivirus\FMTR.sys %SystemDiskRoot%\System Volume Information\_restore{78114D33-B5E7-4685-AEE5-929BAE61477B}\RP328\A0499851.sys %SystemDiskRoot%\System Volume Information\_restore{78114D33-B5E7-4685-AEE5-929BAE61477B}\RP328\A0499817.sys MD5: 72541878B96F7B06A23DA1FEE863D4FE Size: 1100288 %PROGRAMFILES%\BestsellerAntivirus\Tools\IEFWBHO.dll %TEMP%\iefwbho.dll %PROGRAMFILES%\WinSecureAv\Tools\IEFWBHO.dll %PROGRAMFILES%\AVSYSTEMCARE\Tools\IEFWBHO.dll %PROGRAMFILES%\1\Tools\IEFWBHO.dll %PROGRAMFILES%\SpyGuardPro\Tools\IEFWBHO.dll %PROGRAMFILES%\AntivirusPCSuite\Tools\IEFWBHO.dll %PROGRAMFILES%\WinSpyControl\Tools\IEFWBHO.dll %SystemDiskRoot%\System Volume Information\_restore{78114D33-B5E7-4685-AEE5-929BAE61477B}\RP328\A0499849.dll MD5: D5A7C8DE2BD1867DF65F16D2F6138CD7 Size: 589824 %COMMONFILES%\AllertaMinacce\stmon.exe %COMMONFILES%\PROTEZIONEFIDATA\STMON.EXE %COMMONFILES%\BastioneAntivirus\stmon.exe %COMMONFILES%\VirusDifesa\stmon.exe %COMMONFILES%\SletingenVirus\stmon.exe %DESKTOP%\recupero\testdisk-6.9.win\testdisk-6.9\win\recup_dir.99\f58980080.exe %PROGRAMFILES%\Alwil Software\Avast4\DATA\moved\is-4T3VK.tmp %PROGRAMFILES%\Alwil Software\Avast4\DATA\moved\is-1GQUO.tmp %COMMONFILES%\1\stmon.exe %COMMONFILES%\BastioneAntivirus\bm.exe %COMMONFILES%\VirusDifesa\bm.exe and next 2 variations. MD5: 28FD70A5367C74EAA98E3B2C84A2C8C7 Size: 569344 %PROGRAMFILES%\1\scnkrnl.dll %PROGRAMFILES%\ProtezionefiData\scnkrnl.dll %PROGRAMFILES%\VirusAlarma\scnkrnl.dll %PROGRAMFILES%\TrustedAntivirus\scnkrnl.dll MD5: 0CFFCDE710F2B323F7E4A78ED5937219 Size: 53248 %PROGRAMFILES%\WinSecureAv\Restart.exe %SystemDiskRoot%\System Volume Information\_restore{0ECD54B3-65D3-4574-AD04-FFF49E9BDB37}\RP79\A0040181.exe MD5: AFB42A0B7218569AA2252F539B9E63E4 Size: 154890 %COMMONFILES%\WinSecureAv\ugcw.exe %COMMONFILES%\SpyGuardPro\ugcw .exe %COMMONFILES%\AntivirusPCSuite\ugcw.exe %SystemDiskRoot%\Documents and Settings\Owner.YOUR-XHTR8HVC4P.001\Local Settings\Temp\TMP6D.tmp %COMMONFILES%\PCSecureSystem\uga6pcw.exe %SystemDiskRoot%\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP40\A0034926.exe %USERPROFILE%\Local Settings\Temp\TMP10F.tmp %USERPROFILE%\Local Settings\Temp\ugcw.exe %DESKTOP%\Unused desktop\AVSystemCare\uga6pcw.exe MD5: 5B35EC8D59D9805EB4C06C2DF371E86E Size: 14336 %PROGRAMFILES%\SpyGuardPro\RTasks.exe %PROGRAMFILES%\AntivirusPCSuite\RTasks.exe %USERPROFILE%\Local Settings\Temp\rtasks.exe MD5: 907514249B7C4CAA4CF875F05C2A35D7 Size: 669036 %PROGRAMFILES%\PCSecureSystem\unins001.exe %PROGRAMFILES%\PCSecureSystem\unins000.exe

Detecting items list:

Files by Name %COMMONFILES%\PCSecureSystem\bm.exe %COMMONFILES%\PCSecureSystem\ugcw.exe %PROGRAMFILES%\PCSecureSystem\Activate.exe %PROGRAMFILES%\PCSecureSystem\FMTR.sys %SYSDIR%\drivers\FMTR.sys %PROGRAMFILES%\PCSecureSystem\pgs.exe %PROGRAMFILES%\PCSecureSystem\Restart.exe %PROGRAMFILES%\PCSecureSystem\RTasks.exe %PROGRAMFILES%\PCSecureSystem\scnkrnl.dll %PROGRAMFILES%\PCSecureSystem\Tools\IEFWBHO.dll
Files by MD5 MD5: D5A7C8DE2BD1867DF65F16D2F6138CD7 Size: 589824 MD5: AFB42A0B7218569AA2252F539B9E63E4 Size: 154890 MD5: 077C99DDFC78BAC0F5E0684D9EFD1C1F Size: 40960 MD5: 5F8733CBC62F1820C0C02296970F5665 Size: 46592 MD5: 5F8733CBC62F1820C0C02296970F5665 Size: 46592
Files by Directories %COMMONFILES%\PCSecureSystem %PROGRAMFILES%\PCSecureSystem
Files by CLSID or Name CLSID=7A7F202E-AF91-4889-9DD5-2FE241085CC1 CLSID=FAAD2038-C371-473d-86F1-5B11D39C3775
Registry Keys HKLM\SOFTWARE\Classes\GPBlocker.IEPBlocker HKLM\SOFTWARE\Classes\GPBlocker.IEPBlocker.1 HKCR\GPBlocker.IEPBlocker HKCR\GPBlocker.IEPBlocker.1 HKLM\SOFTWARE\PCSecureSystem HKCU\Software\PCSecureSystem HKLM\SYSTEM\CurrentControlSet\Services\fmtr HKCR\AVIEBHO.IEFW HKCR\AVIEBHO.IEFW.2
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=PCSecureSystem Value=%PROGRAMFILES%\PCSecureSystem\pgs.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=ugcw Value=?%SystemDiskRoot%\PROGRA~?\COMMON~1\PCSECU~?\ugcw.exe? -start HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=Salestart* Value=?%COMMONFILES%\PCSecureSystem\bm.exe*

« Go to Software Database

Cerca nel nostro database dei software

Sfoglia il database dei software

Ultimissime notizie sui Malware

23. settembre 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notizie sui vecchi malware »