SpyCrush - Another rogue to avoid!
February 7th, 2007 by AndyAtHullYup, another one to add to the fast growing list. Originally, as you will see in the setup image, a clone of VirusBurst(er) which you can see here and here.
And the program in looks is no to different from VirusBurst either.
(click on the thumbnail to enlarge)
The same mistakes, and the same lies. And the same behind the scenes details. By that I mean Estdomain Inc and hosted at Netcathost. See here for more.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.comDomain Name: SPYCRUSH.COM
Registrant:
ODS ltd
Robyn Turner (turnrobyn@gmail.com)
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200Creation Date: 10-Aug-2006
Expiration Date: 10-Aug-2007Domain servers in listed order:
managedns4.estboxes.com
managedns3.estboxes.com
managedns2.estboxes.com
managedns1.estboxes.com
And Netcathost has the honor of being SANS’ most hated of 2005 - SANS.
So avoid this rogue like the plague. In fact use our self-help removal guide here. Or ask for step by step help with an expert here. You can also discuss this matter further in our forum.
(Thanks to some of the members at SpywareWarrior)
Filed under Rogue Programs, Security Related |
February 7th, 2007 at 7:32 pm
Blah here we go again another round of hunt the Malware dont it just drive you crazy …
February 8th, 2007 at 2:43 pm
[...] Security Cadets: SpyCrush - Another rogue to avoid! “Yup, another one to add to the fast growing list … avoid this rogue like the plague.” [...]
June 10th, 2007 at 1:37 pm
We have somehow gotten this on our laptop and can’t find it to remove it. We have not downloaded any software for it. We ran AVG anti-spyware and thought it had it but it remains on our task bar and keeps popping up. Any help you can give us would be appreciated. Thanks
June 10th, 2007 at 2:24 pm
For this one you have two options.
1 - Use the self-help removal guide;
http://forum.securitycadets.com/index.php?showtopic=1540
2 - Get direct help in our forum with a qualified helper;
http://forum.securitycadets.com/index.php?showforum=2
Registration is needed before you post, but it’s free. This is to prevent being harvested by spammmers.
Following the removal guide may remove the program and what comes with it, but that doesn’t mean you are all clean. You may have other malware unrelated to spycrush.
Andy
June 11th, 2007 at 2:12 pm
please
June 12th, 2007 at 6:34 pm
Does anyone know if this is a real US company??? Their website indicates they are based in Braintree, MA., however after much trying I have been unable to find any contact info as far as tele#, addr, or anything for this company called Spycrush, Inc.
June 12th, 2007 at 8:11 pm
Hi Miller,
To answer your question as best as I can, and in a way, this company is more than likely not from the US and the details given are more than likely fake.
The people behind these scams are generally based in Ukraine and that region. They often use fake details to make it look like they are legit to normal computer users. Just another way to convince and get the money they want.
On the whois I mention it shows you who the registrar is, which is Estdomains. These are not to be trusted and are behind many scams. Some say that are mafia related, I say they are scum.
So I hope that answered your question.
Andy
June 17th, 2007 at 7:38 am
thanks. this got rid of the spycrush program on my computer. Will this softwear block it from coming back?