…Both registerd with ESTDOMAINS INC. Visit our friends at Sunbelt for more! And for free help in removing this, visit our forum.

Oh btw like the new look?

These guys are unbelievable! Thanks to nosirrah, it seems another rogue can be kicked, bashed and added to a growing and never ending list.

This one goes by the name of ContraVirus, no jokes please …LOL!

And as you can guess. The Whois details are of a similar sound!

“Registration Service Provided By: ESTDOMAINS INC”

Yup, same old ESTDOMAINS INC are included. With the same old email service they use. But this one comes, or can be bought, bundled with PrivacyGuarantor Bundle. Their Spyware Tip Of The Day:-

“If a website asks that you download a free toolbar because it has some interesting feature, don’t do it unless you are confident the company can be trusted. If you’d like a useful Toolbar with many functions,…”

My Tip? Well you can’t trust anything from ESTDOMAINS INC. They have about all the rogues. They scam you in thinking you have viruses and tell you to buy their product. If you did have malware. We clean you as best we can for FREE. And don’t install crapware on your system.

So make up your own mind.

Seriously though. Avoid this one like the plague. My advice is to use recommended programs in removing anything malicious rather then something like we mentioned in this article. Which we don’t recommend.

Just visit our forum and navigate around to see what we recommend and to receive free help in removing this rogue or any other rogue. Discuss this here.

Update, 9th of June - Removal Guide for ContraVirus - Update Blog Post

**Security Cadets is in no way affiliated with ContraVirus**

Well. In all fairness. They do seem to have been round for sometime. At least a few as they have been given a red rating by siteadvisor.

And at least one has some interesting meta keywords. Like: make money … LOL

First on the mount: Break Spyware

Whois details show that this is one hosted at PublicDomainRegistry.com, based in New Jersey. But of course that doesn’t mean these are americans behind the scam.

The same old e-mail service is being used, Gmail

Next to get a beating: Mr Antispy

What can only be described as the worst Popeye look-a-like ever on their site! This one is hosted at ESTDOMAINS INC.

Taken from their website and as you can see they still managed to include spysheriff.com. Whether that is a lack of intelligence or just for us to spot. We will never know. But still funny as they managed to make mistakes similar to older rogues.

Next to get a mention: Spy Marshal

Another one from ESTDOMAINS INC. And from Whois, one that is Active as we speak.

And one that sucks, in my opinion! Even without looking at the important bits like Terms of Service or EULA. You can tell it is just another annoying fake scanner.

Next to be ripped: Malware Alarm

This one is already red as regards to SiteAdvisor. But we’ll mention it just for double blows!

Again one that is from ESTDOMAINS INC. However its current status on Whois is Locked.

Next in the spotlight: CurePCSolutions

And this one actually claims to be the ‘Best Anti-Spyware Software of 2006‘. Interestingly enough this one is from YESNIC CO. LTD, based in Seoul.

I can’t be sure that this one is a rogue without me testing it or someone else. But it is one to keep an eye on.

Last but not least: WinAntiVirus

Another one that is already red at SiteAdvisor. And at Whois it’s under ESTDOMAINS INC.

But the funny thing being is the following:

This was from their download page. The other funny thing is the keywords they used:

‘frame, traffic, trade, installation, fethard, webmoney, online stat, affiliate program, make money, active-x, high price’

And the description:

‘We buy iframe traffic, and pay high price for every unique installation’

They also mention SpySheriff at one point too. Which, as you should know, is a rogue.

Now this may cause confusion as it’s already listed on the Rogue/Suspect Anti-Spyware list under different domains!

Round Up:

What pay services do they use? Well look no further:

• Break Spyware - SegPay
• Mr AntiSpy - I don’t know. I get directed to the front page when ‘trying‘ to buy.
• Spy Marshal - Regsoft
• Malware Alarm - ISoftPay
• CurePCSolutions - Don’t know either. Their pay service seems messed up
• WinAntiVirus Best - I wouldn’t know from looking at their site. But I suspect it’s the same old Segpay or ISoftPay

Please avoid these like the plague. For most they don’t care what they dump on your system. Visit our forum for FREE help in removing these! And discuss it in more detail here.

**Security Cadets is in no way associated with these programs**

It’s not everyday you get accused of owning a product! That happens to be a rogue! Then get an angry end user ask us to cough up because some result in a search engine happens to have the key word ‘VirusBursters‘ directed to this site.

Today someone left an interesting comment to this post:

“Sirs,

Since paying and downloading your “product” last week I have had nothing but problems with my computer.

Please refund my money immediately. I have had to take my computerfor expensive proffessional help to have the damge repaired.
Please confirm!!!! Thank you. PJM” - Patrick Mathews

Here is your confirmation. And I hope you read this.

I don’t mind anyone post a comment here on our blog. Infact I encourage it. As a security expert I know all too well the way you and other victims feel about being infected with this rogue program and then having to pay for it.

However we as a security blog and forum, that is part of asap, are in no way affiliated or owners of VirusBursters or any other rogue for that matter.

We do the opposite. We help you get clean, hopefully before you have to pay. Then we offer advice to anyone on what programs to use that reduces the chance of being re-infected.

After that we encourage anyone to complain at Malware Complaints. So you, the victims, can have a voice. The same voice you used to post your comments here. Only it will mean more and will have better coverage.

Please. If you are reading this. Register in our forum. And post a HJT log so we can help you remove it for free.

I hope this confirmation was the answer you was looking for.

Staff at Securitycadets.

Hey everyone. Apologies for the lack of articles this past week.

I have been very busy designing a new web-site from scratch basiclly with the help of a very good friend called Sammi! More on that soon!

Also if you visit our forum often, you may have noticed that an update has happend. If you notice a problem. Then please tell us! So we can pass it on to our board provider.

Hopefully this weekend I will have some articles posted. However we could do with your help. Recently we managed to get some new bloggers on board. However I am still after the odd one or two new bloggers that can offer something different about security but still keep it cutting edge!

We don’t ask you to blog daily. But the odd blog a week would be great! So if you are interested, just mail us!

Please, if you are not in the security field. Don’t mail us.

New month and new articles to read! Yes I have been lacking recently. But the fact we have other bloggers you may have not noticed.

It’s been a funny old week for me. I had jobs lined up. Jobs go. And current jobs left to one side. But that hasen’t stopped the internet bringing up interesting findings.

Let’s begin…

MySpace Phish Leads To Zango Installs:

“A while ago on the Spywareguide Blog, I covered a technique being used in Peer to Peer land involving URLs being embedded in Quicktime movies, which would then pop open a website. This has now been taken to the next level, with an intensive and seemingly never ending Phish attack, the sole aim of which seems to be directing end-users to a collection of Zango movies on a pornographic website. The Phish pages are hosted on compromised servers - presumably the people doing the hacking aren’t particuarly brilliant at it, because they keep getting found out (an example of them being caught in the act can be seen here).

How does this attack work?” - Read here

The Zealots win again:

Ok this should have been a whole article on its own. But its not! Remember the sha-bangs with Brain Codec? Well it now seems they have the braincodec.com domain parked. Zealots ftw!!!!

You can now buy Yapbrowser:

…the domain! - Read Here

Bits from Bill One Year Anniversary:

…Now if you haven’t bookmarked this Bill’s blog yet. Shame on you!

“I never knew it would be possible but I’ve been a blogger now for a full year. Two years ago I’m sure I was making fun of people who Blogged. It has been a lot more work than I expected but it has also been lot more fun. I’m very grateful to all of you who have been regular readers and especially those of you leaving your comments.” - Read Here

Of course this blog was founded nearly a year ago. This being before we moved to this domain. So stay tuned for all sorts of funky-ness and ‘maybe‘ prizes on offer.

…That sir is the cue for all you vendors out there to sponser us! Gawd I am cheeky!

New WGA Tool for Windows XP:

“This is an “opt-in” update that will initially be distributed only to systems running four known compromised product keys. According to the announcement, Microsoft plans to update the Windows XP WGA Notifications tool every 90-120 days.” - Read Here

Ok so that rounds up some of the articles I have been reading recently. Stay tuned for all kinds of stuff happening. And the oppertunity for some of you bloggers to get involved!