Neospace Internet Security – Another Rogue!

March 3rd, 2007 by AndyAtHull

… and not just ANY rogue, no! One that gets upto all kind of wrongness as this application installs through exploits. This time not from ESTDOMAINS.

Fun, Fun, FUN I hear you say? Well, no, a pain to be honest. One of the pain is that is looks like Lavasoft’s Ad-Aware. Surely a copyright issue?

NeoSpace Internet Security
(Click to Enlarge)

First discovered by nosirrah, Marcin Kleczynski had a thing or two to say:

“So I decided to run a quick scan. Immediately after clicking the Scan button, hundreds of threats popped up, which I knew were false positives because this is a clean install of Windows Vista Home Premium edition.”

…..OOPS and damn right nasty! The whois is a load of ramble aswell:

Registrant:
Richard Fowler
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom

Registered through: Domains Priced Right
Domain Name: NEOSPACELAB.COM
Created on: 10-Jan-07
Expires on: 10-Jan-08
Last Updated on:

Administrative Contact:
Fowler, Richard
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom
+44.2084369201

Technical Contact:
Fowler, Richard
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom
+44.2084369201

Domain servers in listed order:
NS.VIVAHOSTER.COM
NS2.VIVAHOSTER.COM

With the e-mail address being fake! Not only that, the IP is also known to be related to porcosnet.com. A well known site which is in the mvp hosts file that also uses exploits!

Avoid this one. However IF you have been exploited and have Neospace, then pop into our HijackThis & Removal forum for free help in removing it and a general check over.

Discuss it in detail here. And you can also Digg It. Spread the word! Removal guide coming soon!

Comments (7)

  1. [...] It also looks alot like Lavasoft’s Ad-Aware. Simple another one to avoid……read more | digg [...]

  2. JeanInMontana says:

    A friend of mine went to the site and his sharp eye noticed there is an icon at the top of the page being used as an “endorsement” that is a rip off on the PCWorld icon. He set PCWorld onto them. This should be good. PCWorld isn’t going to take their icon or a close facsimile being used in this manner.

  3. [...] read more | digg story It also looks alot like Lavasoft’s Ad-Aware. Simple another one to avoid……read more | digg […][...]

  4. Rammo says:

    I have been infecrted with Neospace, have done a Norton and Spybot check however they can’t find it. I have downloaded and run Hijackthis. It has scanned all my files but i can’t see what I am supposed to delete. There is no mention of Neospace anywhere. Can anyone help? Thanks

  5. AndyAtHull says:

    Hi Rammo,

    I hope you manage to read this. There are specialized tools to use to remove this one.

    Using HJT to delete entries without advice can be dangerous so if you pop to the link below and post a HJT log a helper will be with you asap.

    http://forum.securitycadets.com/index.php?showforum=2

    Registering is free and quick.

  6. Rammo says:

    Cheers for the advice. I`ll give it a go and get back to you. Thanks

  7. Ico says:

    Thank you. :) :)
    That Neospace WAS a very big problem for me , now isn’t.
    Thank you again.

Leave a Reply

Download SCars (Beta) v0.6.5b2


Download SCars

Click here for the secondary mirror.

Testimonials for SCars

  • "SCars is probably one of the better programs I have in my arsenal to help keep people up to date and cleaned up. Yes, you could tell people to run cleanup programs once a week. Or you could get SCars to remind them!" - Olrik Lenstra
  • Contact us to add yours.

Securitycadets on Facebook


Securitycadets on Facebook