What is a rogue?

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing.

Propagation

Rogue security software mainly relies on social engineering in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers.

Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:

  • A browser plug-in or extension (typically toolbar)
  • An image, screensaver or archive file attached to an e-mail message
  • Multimedia codec required to play a certain video clip
  • Software shared on peer-to-peer networks
  • A free online malware scanning service

Some rogue security software, however, propagate onto users computers as drive-by downloads which exploit security vulnerabilities in web browsers or e-mail clients to install themselves without any manual interaction.

Operation

Once installed, the rogue security software may then attempt to entice the user into purchasing a service or additional software by:

  • Alerting the user with the fake or simulated detection of malware or pornography.
  • Displaying an animation simulating a system crash and reboot.
  • Selectively disabling parts of the system to prevent the user from uninstalling them. Some may also prevent anti-malware programs from running, disable automatic system software updates and block access to websites of anti-malware vendors.
  • Installing actual malware onto the computer, then alerting the user after "detecting" them. This method is less common as the malware is likely to be detected by legitimate anti-malware programs.

Some rogue security software overlaps in function with scareware by also:

  • Presenting offers to fix urgent performance problems or perform essential housekeeping on the computer.
  • Scaring the user by presenting authentic-looking pop-up warnings and security alerts, which may mimic actual system notices. These are intended to leverage the trust of the user in vendors of legitimate security software.

Sanction by the FTC and the increasing effectiveness of anti-malware tools since 2006 have made it difficult for spyware and adware distribution networks already complex to begin with to operate profitably. Malware vendors have turned instead to the simpler, more profitable business model of rogue security software, which is targeted directly at users of desktop computers.

Rogue security software is often distributed through highly-lucrative affiliate networks, in which affiliates supplied with Trojan kits for the software are paid a fee for every successful installation, and a commission from any resulting purchases. The affiliates then become responsible for setting up infection vectors and distribution infrastructure for the software. An investigation by security researchers into the Antivirus XP 2008 rogue security software found just such an affiliate network, in which members were grossing commissions upwards of $USD150,000 from tens of thousands of successful installations per month.

Preventing Infection

Rogues are some of the easiest of malwares to prevent as they are fairly obvious. Knowing the definition of one is usually enough to prevent them. If you happen to find a website "scanning" you computer and reporting multiple infections, you have most likely run into a rogue's website. The installer that these websites demand you to download is the rogue. Sometimes the website will prevent you from closing the browser window. If you find yourself in one of these situations:

  1. Right click on your taskbar and select "task manager".
  2. Click the processes tab and find the process relating to the browser you encountered the rogue in. The process is usually the same name as the browser, i.e. iexplore.exe, firefox.exe, chrome.exe, opera.exe.
  3. Click on the process and then click the end process button. If you did this right, the browser window should close.

Another extremely important means of preventing rogues and all other malware is using an antivirus. Although antiviruses do not detect all malware and you still have to be careful, antiviruses will help prevent most infections including rogues. If you don't have an antivirus, download and install one of these excellent free ones.

You can only run one antivirus on your computer at a time because two can and will cause problems. In this case more is not better!

One other highly recommened program is sandboxie. This free program is probably the easiest and most effective malware and rogue prevention out there.

To understand what Sandboxie does and how to use it, read this tutorial.

If a rogue shows up on your computer when you didn't download it, you most likely have other malware and need to remove it. I recommend following the steps in the removal section and then posting in the Infection Help section of the forum to make sure you are clean.

Removing Infection

The best way of removing rogues is using these two great free scanners. They will not only remove rogues but many other types of malware. They may not remove all rogues or malware but they are a great start before getting help in the forums.

user posted image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please download SuperantiSpyware from Here.

Double Click superantispyware.exe to install the application.

  • An Icon will be created on the desktop, double click that icon to start the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked)
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\ Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

 

If Malwarebytes and SUPERantispyware fail to run, you have very deeply rooted malware and I highly recommend you visit the Infection Help section of the forum.

If you have any questions the forums are a great place to ask.

Welcome to RogueDatabase.net

Your database for rogue security software and other internet threats.


The biggest problem with the internet is the lack of knowledge that many users have of the malicious tricks that malware writers and hackers use. There are so many people that fall for these tricks and pay the price of an infected computer, identity theft or spending money on false software.

This site is about education, mainly of rogue software, but the same rules that apply to rogue software apply to any malware. You have to be cautious on the web but don't be paranoid. The web is not something you should fear, and knowing the web better will help you understand it and stay safe on it. Also remember that if you ever get infected there is always a fix even if that is reinstalling the operating system.

The rogue list page is a dedicated list of rogue security applications. Many of those rogues can not be found in the wild anymore and they are a blast from the past. You will find a bit of history on that page within screenshots, registry modifications and file modifications. That page is constantly updating for new rogues and new rogues as well as old rogues can be found there. Take a look at the screenshots and get used to the way a rogue looks. Once you get the idea you will be able to identify almost any rogue.

A+ a-