Neospace Internet Security – Another Rogue!
March 3rd, 2007 by AndyAtHull… and not just ANY rogue, no! One that gets upto all kind of wrongness as this application installs through exploits. This time not from ESTDOMAINS.
Fun, Fun, FUN I hear you say? Well, no, a pain to be honest. One of the pain is that is looks like Lavasoft’s Ad-Aware. Surely a copyright issue?
(Click to Enlarge)
First discovered by nosirrah, Marcin Kleczynski had a thing or two to say:
“So I decided to run a quick scan. Immediately after clicking the Scan button, hundreds of threats popped up, which I knew were false positives because this is a clean install of Windows Vista Home Premium edition.”
…..OOPS and damn right nasty! The whois is a load of ramble aswell:
Registrant:
Richard Fowler
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United KingdomRegistered through: Domains Priced Right
Domain Name: NEOSPACELAB.COM
Created on: 10-Jan-07
Expires on: 10-Jan-08
Last Updated on:Administrative Contact:
Fowler, Richard
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom
+44.2084369201Technical Contact:
Fowler, Richard
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom
+44.2084369201Domain servers in listed order:
NS.VIVAHOSTER.COM
NS2.VIVAHOSTER.COM
With the e-mail address being fake! Not only that, the IP is also known to be related to porcosnet.com. A well known site which is in the mvp hosts file that also uses exploits!
Avoid this one. However IF you have been exploited and have Neospace, then pop into our HijackThis & Removal forum for free help in removing it and a general check over.
Discuss it in detail here. And you can also Digg It. Spread the word! Removal guide coming soon!
Filed under Rogue Programs, Security Related | 7 Comments »
March 4th, 2007 at 16:19
[...] It also looks alot like Lavasoft’s Ad-Aware. Simple another one to avoid……read more | digg [...]
March 5th, 2007 at 21:52
A friend of mine went to the site and his sharp eye noticed there is an icon at the top of the page being used as an “endorsement” that is a rip off on the PCWorld icon. He set PCWorld onto them. This should be good. PCWorld isn’t going to take their icon or a close facsimile being used in this manner.
March 6th, 2007 at 21:37
[...] read more | digg story It also looks alot like Lavasoft’s Ad-Aware. Simple another one to avoid……read more | digg […][...]
March 16th, 2007 at 11:13
I have been infecrted with Neospace, have done a Norton and Spybot check however they can’t find it. I have downloaded and run Hijackthis. It has scanned all my files but i can’t see what I am supposed to delete. There is no mention of Neospace anywhere. Can anyone help? Thanks
March 16th, 2007 at 18:05
Hi Rammo,
I hope you manage to read this. There are specialized tools to use to remove this one.
Using HJT to delete entries without advice can be dangerous so if you pop to the link below and post a HJT log a helper will be with you asap.
http://forum.securitycadets.com/index.php?showforum=2
Registering is free and quick.
March 18th, 2007 at 16:07
Cheers for the advice. I`ll give it a go and get back to you. Thanks
April 17th, 2007 at 17:21
Thank you. :) :)
That Neospace WAS a very big problem for me , now isn’t.
Thank you again.