Yet another lame attempt from the IE Defender crew. This time they’ve gone back to the old look which first kicked it all off with IE Defender.

IE AntiVirus

(Click for the original size - Please upload to your server if used)

These idiots, or your own choice of word, first started with IE Defender, tried their hands at comedy and then disputed the fact we classified it as a rogue. However since then, they have released:

• AntiSpy Pro
• Files Secure
• Malware Bell

That tells you a thousand words. So what is the URL for this latest rogue? It’s the following:

www(dot)ieantivirus(dot)com

Do not visit the above site unless you know what you are doing. Doing so without the knowledge and experience may result in malware being downloaded.

The obvious signs are there and Estdomains Inc are not far behind as the whois states.

There is a removal guide for you to follow should you not wish to seek step by step help from our experts;

How To Remove IE AntiVirus (removal instructions)

If you do wish to get hands on assistance, then navigate to our support forum for malware removal or chat about this here.

FYI. If you fancy keeping yourself updated with the latest Zlob and associated malware then bookmark this usefull blog;

Bharath’s Security Blog

We don’t tend to blog enough about all the details behind this type of malware when we blog about rogues. We like to simplify things in order to give a better understanding to those who may not directly understand what it’s all about.

We’ll certainly be adding the above blog to our links pages.

Link: http://bharath-m-narayan.blogspot.com/

It wasn’t going to take long before I would bring you yet another rogue application. Certainly nothing new when I include that the following is a clone of IE Defender and File Secure.

What it also tries to do is make sure several aspects of it’s website looks and feels like Microsoft. Their favicon is the same as Microsoft and the way they try and present the product in a similar case image is similar. Not at all surprising, but could become confusing and unknown for regular internet users.

Let’s take a look;-

Malware Bell

(Click for the original size - Please upload to your server if used)

Web site;-

www(dot)malwarebell(dot)com

And Estdomains Inc is it’s ICANN Registrar. Like we didn’t know! So, what are we doing about this? To put it simple, offering you help for free as these organisations try to take your money. We already have a free removal guide set up for this rogue and will, as always, be offering free assistance with our experts in the correct forum.

Get help of you have has the unfortunate chance to be infected with this. And if in doubt, ask in our forum.

Links;-

How to remove Malware Bell (removal instructions)

New day and a new rogue, Awola 6.0 Anti-Spyware.

And just in case you get the impression we only report the odd rogues, because there are only the odd rogues. Then you will be wrong as many rogues get created and go live months after initial work. This can then add to dozens of rogues being released daily. We’re focusing on the ones installed by malware which leads me onto the following:

Awola 6.0 Anti-Spyware

(Click to Enlarge for the exact size)

Website:

www(dot)awola(dot)com

There is not a great deal other to say other than it will be a pain to remove if you have got this via the malware it came with. If that is the case then get yourself to our automatic removal guide for this - How To Remove Awola 6.0 Anti-Spyware (removal instructions).

You can also chat about this in more detail if you wish in our forum - HERE.

Rember me blogging about SPYwareREMOVER? Well, now, after several weeks since that article, we have a someone posting replies about this in our forum.

Going by the tag: chris_2squared, just Google and you will get my drift!

Whilst I have the opportunity to blog and catch up on things, I’d thought I’d update you on a new rogue anti-spyware roaming about on the net.

Called SPYwareRemover, this rogue displays a fake alert message and downloads, then instalsl the rogue. Their website also states several key words which can cause confusion and fool computer users into thinking this is a legit and leading application:

Windows® Anti-Spyware and World’s #1 Spyware Remover.

As the arrows point, the confusion lies within the site to pass it of as something great.

When automatically installed and scanning, it looks like this:

And the guys behind this are non other than C-NetMedia. Ben Edelman has a nice article about them here.

Website URL or link:

www(dot)spywareremover(dot)com

So where do you go if you have had this appear on your system? Good question. We have our own guide linked at the end of this article. But just be careful of removal guides out there which are there to gain financial advantages themselves by purchasing a product in order to remove the infection, SpywareRemover. Our guide is 100% free.

Has this affected you? Then chat to us about this in our forum and put your views out there.

Removal Guide: SPYwareREMOVER removal instructions

First time in a long time that we have directly posted about a rogue. In fact it was over a month ago.

Today we will be highlighting a rogue called VirusHeat. And as you can figure from the screenshot below. This one is a variant/clone/sister of VirusProtect, VirusProtectPro and many more. No surprises there.

The details on who are behind it are no different either. Estdomains Inc and Ukrtelegroup Ltd are listed on the whois. And the URL to the infected site is:

www(dot)virusheat(dot)com

Avoid going to the site, unless you really know what you are doing.

Of course, once you have this flashing at you at 100 mph you want to know how you can remove it? Well, we have an automated removal guide in place HERE. But you can also get step by step guidance with a helper in our forum.

Have you been infected with this? Or have you got a question? Chat about this in details here for any questions.

It’s that time again when a new rogue antispyware appears. Many different variants get released daily, however we’re focusing on the Zlob varient.

The following rogue is a variant from the IE Defender, AntiSpy Pro rogues. The ones that acted like fools and still do.

The one I am bringing to light is called Files Secure.

(Click to the original size)

Without having to go into great details, this one has the following site (do not log onto it unless you know what you’re doing):

www(dot)files-secure(dot)com

And from the whois we can tell EstDomains Inc and Ukrtelegroup Ltd are involved.

If you got infected with this and need help, then make sure you visit our Malware Removal support forum. And if English isn’t your first language then visit other ASAP sites with support sites for different languages.

An automated removal guide will be available soon. In the mean time chat about this here in details.