VirusRanger Warning (VirusRanger.com)

[DB]

Found this warning about VirusRanger (VirusRanger.com):

VirusRanger is a rogue anti-spyware program. It usually makes it's way to
users' PCs by way of Trojans. Once active, VirusRanger bombards the user
with annoying popups and system notifications warning him of a supposed
infection. The trial version produces a falsified system scan full of
threats. These threats can supposedly only be removed with the full version
of the program, which is as fake as the trial, only costs money.



Do not trust VirusRanger - it is a scam. Do NOT download or buy it and block
virusranger.com using your HOSTS file.

 

[David H. Lipman]

From: "DB" <[email protected]>

| Found this warning about VirusRanger (VirusRanger.com):
|
| VirusRanger is a rogue anti-spyware program. It usually makes it's way to
| users' PCs by way of Trojans. Once active, VirusRanger bombards the user
| with annoying popups and system notifications warning him of a supposed
| infection. The trial version produces a falsified system scan full of
| threats. These threats can supposedly only be removed with the full version
| of the program, which is as fake as the trial, only costs money.
|
| Do not trust VirusRanger - it is a scam. Do NOT download or buy it and block
| virusranger.com using your HOSTS file.
|

The warning is valid.

However the delivery is not.

Please don't Multi-Post.
Please Cross-Post instead.

Then your one warning will be posted in all the news groups listed.

 

[DB]

From: "DB" <[email protected]>

| Found this warning about VirusRanger (VirusRanger.com):
|
| VirusRanger is a rogue anti-spyware program. It usually makes it's way
to
| users' PCs by way of Trojans. Once active, VirusRanger bombards the user
| with annoying popups and system notifications warning him of a supposed
| infection. The trial version produces a falsified system scan full of
| threats. These threats can supposedly only be removed with the full
version
| of the program, which is as fake as the trial, only costs money.
|
| Do not trust VirusRanger - it is a scam. Do NOT download or buy it and
block
| virusranger.com using your HOSTS file.
|

The warning is valid.

However the delivery is not.

Please don't Multi-Post.
Please Cross-Post instead.

Then your one warning will be posted in all the news groups listed.

VirusRanger has me by the nuts. What's the current method for removal?
Thanks.

DB

 

[David H. Lipman]

From: "DB" <[email protected]>


| VirusRanger has me by the nuts. What's the current method for removal?
| Thanks.
|
| DB
|

I believe SuperAntiSpyware can be used.
http://www.superantispyware.com/definitionupdatehistory.html?iDays=365

 

[DB]

From: "DB" <[email protected]>


| VirusRanger has me by the nuts. What's the current method for removal?
| Thanks.
|
| DB
|

I believe SuperAntiSpyware can be used.
http://www.superantispyware.com/definitionupdatehistory.html?iDays=365

Thanks. I'll try it, although I'm very suspicious of everything right now.
What pricks, scamming people that way.

I posted it the way I did because I couldn't find 1 posting on VirusRanger,
not one! I wanted to be sure those pricks couldn't make mine go away to
easily.

 

[David H. Lipman]

From: "DB" <[email protected]>

| Thanks. I'll try it, although I'm very suspicious of everything right now.
| What pricks, scamming people that way.
|
| I posted it the way I did because I couldn't find 1 posting on VirusRanger,
| not one! I wanted to be sure those pricks couldn't make mine go away to
| easily.
|

They can't make your posts go away.

Now that you know -- Please do NOT Multi-Post.

 

[Fenton]

The trial version produces a falsified system scan full of
threats.

How do you know for sure?

 

[tom]

How do you know for sure?

http://tinyurl.com/2cvemm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.google.com/search?hl=en&q=VirusRanger&btnG=Google+Search

 

[DB]

How do you know for sure?

It happened to my computer. Screwed up my day! I made a mistake by
clicking to download some active-X addition to view some news video. Later,
I knew it wasn't XP giving me those messages about spyware and sending me to
the VirusRanger site. They cause it to get you to by the software.
Rip-off!!!

 

[DB]

From: "DB" <[email protected]>

| Thanks. I'll try it, although I'm very suspicious of everything right
now.
| What pricks, scamming people that way.
|
| I posted it the way I did because I couldn't find 1 posting on
VirusRanger,
| not one! I wanted to be sure those pricks couldn't make mine go away to
| easily.
|

They can't make your posts go away.

Now that you know -- Please do NOT Multi-Post.

Excellent!! Excellent!! Excellent!!
"SuperAntiSpyware" worked great. I'm going to buy it. They deserve the
cash. What a relief. Good advice!
DB

 

[David H. Lipman]

From: "DB" <[email protected]>


| It happened to my computer. Screwed up my day! I made a mistake by
| clicking to download some active-X addition to view some news video. Later,
| I knew it wasn't XP giving me those messages about spyware and sending me to
| the VirusRanger site. They cause it to get you to by the software.
| Rip-off!!!
|

Plaese provide an obfuscated URL of the so-called news video.
The standard motive operandi are porn videos.

You may contact me directly if you don't want to post that information in public.

 

[David H. Lipman]

From: "DB" <[email protected]>


| Excellent!! Excellent!! Excellent!!
| "SuperAntiSpyware" worked great. I'm going to buy it. They deserve the
| cash. What a relief. Good advice!
| DB
|

Thank Nick Skrepetos of SuperAntiSpyware.

I hope you saw my request for information. I was able to assist you. Now if you can
provide me more information it will be brought to the attention of the "right eyes/ears" of
anti malware personnel who are dealing with this problem.

 

[DB]

From: "DB" <[email protected]>


| It happened to my computer. Screwed up my day! I made a mistake by
| clicking to download some active-X addition to view some news video.
Later,
| I knew it wasn't XP giving me those messages about spyware and sending
me to
| the VirusRanger site. They cause it to get you to by the software.
| Rip-off!!!
|

Plaese provide an obfuscated URL of the so-called news video.
The standard motive operandi are porn videos.

You may contact me directly if you don't want to post that information in
public.

If I was pursuing porn, I'd say it was porn. I was reading about a "news"
anchor who died. Went to
site: http://journals.aol.com/regarewvbme/suzanne-wangler/ listed on
Google. Clicked on name.
Was sent to: http://gt-movies.com/freemovie/476/0/ It does seem to be a
porn site I was redirected to, but I stopped the download, too late as it
were. Was long enough to get that spyware crap on my hard drive.

 

[David H. Lipman]

From: "DB" <[email protected]>


| If I was pursuing porn, I'd say it was porn. I was reading about a "news"
| anchor who died. Went to
| site: hxxp://journals.aol.com/regarewvbme/suzanne-wangler/ listed on
| Google. Clicked on name.
| Was sent to: hxxp://gt-movies.com/freemovie/476/0/ It does seem to be a
| porn site I was redirected to, but I stopped the download, too late as it
| were. Was long enough to get that spyware crap on my hard drive.
|

Got it, albeit I did ask for *obfuscated URLs*. :-(

Actual source of the ZLob Trojan is; hot-sextubecodec.com

Domain Name: HOT-SEXTUBECODEC.COM

Registrant:
PrivacyProtect.org
Domain Admin ([email protected])
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Creation Date: 20-Feb-2008
Expiration Date: 20-Feb-2009


File WebSoftCodecSetup.exe received on 02.25.2008 03:14:56 (CET)

Antivirus Version Last Update Result
CAT-QuickHeal 9.50 2008.02.22 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.02.21 Suspicious File
Microsoft 1.3204 2008.02.24 Trojan:Win32/Tibs.gen!G
Sophos 4.26.0 2008.02.24 Mal/EncPk-CG


Additional information
File size: 86032 bytes
MD5: daaf9596c7e83a79f58afb42b5cbcca0
SHA1: 21e142ae454d942e8f8be8e79bb047ec5c4a4771
PEiD: -


File WebSoftCodecSetup.exe.1 received on 02.25.2008 03:15:04 (CET)

AVG 7.5.0.516 2008.02.24 Downloader.Zlob.UEM
ClamAV 0.92.1 2008.02.25 Trojan.Zlob-961
Microsoft 1.3204 2008.02.24 TrojanDropper:Win32/Zlob.gen!A
Sophos 4.26.0 2008.02.24 Mal/EncPk-CG
TheHacker 6.2.9.228 2008.02.23 Backdoor/PcClient.bfs


Additional information
File size: 138814 bytes
MD5: 2fd6b3cba6e360aa245b355e674b42df
SHA1: 601fda60a45cb7fbdeb46027d6f3a833ac3cfc9e
PEiD: -

{ Surprise, surprise - Microsoft recognizes these samples }

Information reported, files submitted.

 

[DB]

From: "DB" <[email protected]>


| If I was pursuing porn, I'd say it was porn. I was reading about a
"news"
| anchor who died. Went to
| site: hxxp://journals.aol.com/regarewvbme/suzanne-wangler/ listed on
| Google. Clicked on name.
| Was sent to: hxxp://gt-movies.com/freemovie/476/0/ It does seem to
be a
| porn site I was redirected to, but I stopped the download, too late as
it
| were. Was long enough to get that spyware crap on my hard drive.
|

Got it, albeit I did ask for *obfuscated URLs*. :-(

Actual source of the ZLob Trojan is; hot-sextubecodec.com

Domain Name: HOT-SEXTUBECODEC.COM

Registrant:
PrivacyProtect.org
Domain Admin ([email protected])
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Creation Date: 20-Feb-2008
Expiration Date: 20-Feb-2009


File WebSoftCodecSetup.exe received on 02.25.2008 03:14:56 (CET)

Antivirus Version Last Update Result
CAT-QuickHeal 9.50 2008.02.22 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.02.21 Suspicious File
Microsoft 1.3204 2008.02.24 Trojan:Win32/Tibs.gen!G
Sophos 4.26.0 2008.02.24 Mal/EncPk-CG


Additional information
File size: 86032 bytes
MD5: daaf9596c7e83a79f58afb42b5cbcca0
SHA1: 21e142ae454d942e8f8be8e79bb047ec5c4a4771
PEiD: -


File WebSoftCodecSetup.exe.1 received on 02.25.2008 03:15:04 (CET)

AVG 7.5.0.516 2008.02.24 Downloader.Zlob.UEM
ClamAV 0.92.1 2008.02.25 Trojan.Zlob-961
Microsoft 1.3204 2008.02.24 TrojanDropper:Win32/Zlob.gen!A
Sophos 4.26.0 2008.02.24 Mal/EncPk-CG
TheHacker 6.2.9.228 2008.02.23 Backdoor/PcClient.bfs


Additional information
File size: 138814 bytes
MD5: 2fd6b3cba6e360aa245b355e674b42df
SHA1: 601fda60a45cb7fbdeb46027d6f3a833ac3cfc9e
PEiD: -

{ Surprise, surprise - Microsoft recognizes these samples }

Information reported, files submitted.

Well I don't know what obfuscated URLs are, nor do I expect to remember.
:-(.

 

[James Morrow]

Well I don't know what obfuscated URLs are, nor do I expect to remember.
:-(.

Example:

aol dot com. Never post unobfuscated URLs. Some noobe may just click
the link.

 

[David H. Lipman]

From: "DB" <[email protected]>


| Well I don't know what obfuscated URLs are, nor do I expect to remember.
| :-(.
|

Obfuscated URL example:
hxxp://gt-movies.com/freemovie/476/0/