New Rogue Spyware Program

[robinb]

Secure Veteran is the newest and fake program that hijacks your computer
and tries to force you to buy it. It includes a trojan that blocks you from
running almost all major antivirus products as well as block access to their
websites, mainly because it does not want to be removed.
It is installed without user permission

You go to a website- it pops up a message telling you that your computer is
infected. If you click install or its cancel button it will automatically
install it. You need to use the Red X at the top of the box to close it
down

if it finds its way and installs it will look like this and tell you have
hundreds of spyware and trojans which is not true.

Once Secure Veteran finds itself inside one's system, it immediately makes
itself "comfortable" with the new environment by embedding some of its own
Registry Keys and files into the compromised system. After that, the worst
part starts - the numerous ads will keep popping up with high frequency and
report tons of malicious applications which are on your PC (allegedly).
Secure Veteran will also scan your system for viruses and claim to detect
even more infections. That's the way Secure Veteran tries to win your trust
and make you think you need its commercial software to cure your computer
system. Do not fall for Secure Veteran tricks

robin

 

[Bill Sanderson]

There are waves of fake tweeter accounts sending folks to the sites that are
installing this software, Initially, they were pretty simplistic, but
recent variations make the sending account look reasonably legit.

 

[Randy Knobloch]

Secure Veteran is the newest and fake program that hijacks your computer

<snip>
Google *can* be your friend.
<http://www.google.ca/search?hl=en&source=hp&q=spyware+rogue+"Secure+Veteran"+&meta=>

<http://www.google.ca/search?q=spyware+rogue+"Secure+Veteran"&hl=en&safe=off&tbo=1&tbs=frm:1&filter=0>

 

[1PW]

<snip>
Google *can* be your friend.
<http://www.google.ca/search?hl=en&source=hp&q=spyware+rogue+"Secure+Veteran"+&meta=>

<http://www.google.ca/search?q=spyware+rogue+"Secure+Veteran"&hl=en&safe=off&tbo=1&tbs=frm:1&filter=0>

Hi Randy:

Darn it Randy if some of the URLs in the first group didn't have
rotten reputations in themselves. I know this isn't at all what you
meant.

I see that Robin also posted in the MBAM forum and I'm sure they'll
have something in their latest updates by now.

Respectfully,

 

[Randy Knobloch]

Hi Randy:

Darn it Randy if some of the URLs in the first group didn't have
rotten reputations in themselves. I know this isn't at all what you
meant.

In retropect, I should not have posted search results with filtering off.
I will not do that again.

I see that Robin also posted in the MBAM forum and I'm sure they'll
have something in their latest updates by now.

This is a good thing, that Robin, or anyone, go direct to the Vendor Forum, I do.

Respectfully,

And you.

 

[1PW]

In retrospect, I should not have posted search results with filtering off.
I will not do that again.

Your reputation remains untarnished in my system.

This is a good thing, that Robin, or anyone, go direct to the Vendor Forum, I do.


And you.

Salute...

 

[robinb]

my son wound up with it yesterday. He was surfing the web looking for
interesting places in Italy when this box popped up apparently NOT from
Windows but looked like the Windows Security Panel and told him his computer
is infected and he needs to download this software to fix it- since he
thought it was actually from windows- it actually shows the red shield too
he did what it said and walla! he got infected.
He was able to remove it from add/remove programs but it locked up his
system so bad.
I was able to help him download and install Superantispyware Pro and it
removed it finally from his system.
robin

 

[robinb]

I posted it here since this is a security spyware website so those folks who
come here can be careful and look out for it
robin

 

[1PW]

my son wound up with it yesterday. He was surfing the web looking for
interesting places in Italy when this box popped up apparently NOT from
Windows but looked like the Windows Security Panel and told him his
computer is infected and he needs to download this software to fix it-
since he thought it was actually from windows- it actually shows the red
shield too he did what it said and walla! he got infected.
He was able to remove it from add/remove programs but it locked up his
system so bad.
I was able to help him download and install Superantispyware Pro and it
removed it finally from his system.
robin

Hello Robin:

If possible, it would be helpful if your son could accurately remember
the URL of the site he believe he downloaded the Trojan-Rogue from.

Please use obfuscation in the URL if it's known.

Both MBAM & those services who maintain a HOSTS file, could make good
use of it. If he can't remember, that's OK too.

Respectfully,

 

[Bill Sanderson]

The fact that that pop-up occurred indicates an unpatched vulnerability in
his system--probably not in Windows--but perhaps flash, or some other
third-party application.

You might suggest that he run Secunia's PSI and see what needs updating.