tumblr hit counter

Fake Windows Security Center alert

May 21
  • (7) Comments

We’ve started receiving email messages passing itself off as a warning message from the Windows Security Center.

The subject of the message is Windows Security Center Alert!

The message contains a window informing you that your computer can be a victim of an infection and recommending you to scan your system. Additionally, it contains a link to a program that is supposed to remove these threats from your computer.

The message is like the following:

WindowsSecurityCenter_en

The website to which the link points can be any of the following, among others:

http://sterss<blocked>0mb.com/setup.zip

http://verno<blocked>0mb.com/setup.zip

http://juliedr<bloqueado>0mb.com/setup.zip

The file SETUP.ZIP, once decompressed, contains the rogueware detected as Adware/DataProtection. Once installed, it displays different messages depending on the language of the operating system installed in your computer.

It is programmed to display messages in the following languages:

French

Italian

German

Spanish

Norwegian

Polish

Czech

Ukrainian

Russian

Post to Twitter

  • (7) Comments

Comments

  1. Joe Bloe says:

    I think it resides in pagefile.sys as well.

    I had pagefile referenced to seperate HDD on second IDE to tweak system speed.

    When I got the infection I hit reset button immediately (crashing the system but saving documents).

    Tried to reimage XP OS and just write over the infected install.

    Kept getting boot error message to the effect “missing / corrupted file WINDOWS/SYSTEM32/CONFIG/SYSTEM” message and new image would stall in DOS.

    Know the backup image was OK because had used it previous day( its a non incremental backup and keep dual copies of backup image on 2 seperate drives in case one drive fails / data becomes corrupted).

    Tried imaging 4 times using each backup image twice in case it was a bad write / image.

    Kept getting same boot error.

    Finally fixed problem by booting MiniXP from disc. Deleting all files (including pagefile.sys) held on non OS partitions which are referenced to by OS (I keep My Documents on seperate partition as well using Windows “Move” function).

    When I rebooted problem was fixed.

    Only strange thing is that OS is now 130 KB smaller than before.

  2. Joe Bloe says:

    Could the moderator please tell me why my reply to the “Fake Windows Security Center alert” post/ was removed ?

  3. Joe Bloe says:

    Apologies now its back.

Trackbacks

  1. [...] out more at Panda Labs Alerts, Hacks and scams [...]

  2. [...] the rest here: Fake Windows Security Center alert Category: Panda News « New Facebook Privacy Controls Arrive on Wednesday You [...]

  3. [...] Fake Windows Security Center alert | PandaLabs BlogAttenti ai nuovi fake: Windows 7 Compatibility Checker, Office 2010 Beta, Windows Security Center – NonSoloSecurity Blog di Feliciano Intini … [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
  • Blogroll

  • Categories