Rogues - AntiAID family

Currently, there are 32 variants (that I know) of the rogue security software known as AntiAID. The applications can be manually downloaded and installed, or if your system is vulnerable (without current, adequate protection), they may be installed by a downloader - without the user's consent. They may seem to be a viable alternative to tools available from respected names in this field such as Kaspersky, Symantec, Trend Micro, McAfee, CA, F-Secure, et al but read on.

The twist here is that when they are installed they create numerous fake program files that are detected by the program as malware - use these fake threats to goad the user into buying a full license for the application to remove these threats - that don't really exist. The fake programs installed are actually harmless and pose no threat to your computer and are just used to validate the fake scan.

Please note that throughout this page I only refer to the HijackThis (or HJT) startup entries and not all associated files - to keep in with the theme of the rest of the site.

AntiAID

AntiAID and it's variants are based upon the WiniGuard family, with the same menus but a modified interface. The following image (© BleepingComputer) shows the scan screen for AntiAID (click on the image for a larger version - applies throughout):

AntiAID

HijackThis (or HJT) log startup entry identified:

• O4 - HKCU\..\Run: [AntiAID] C:\Program Files\AntiAID Software\AntiAID\AntiAID.exe -min

There can also be additional startup entries created for random filenames - see this ThreatExpert report for some examples.

External links:

• CA - rogue description

Any removal guide referred to below uses MalwareBytes Anti-Malware, which incorporates the functionality from their popular (but now discontinued) RogueRemover products:

Variants

Before dealing with the individual variants, here are some screenshots from some of them (© BleepingComputer) showing the common user interface:

AntiAdd	AntiTroy	KeepCop	LinkSafeness	RESpyWare	SecureKeeper

Index

AntiAdd

Main HJT log entry:

• O4 - HKCU\..\Run: [AntiAdd.exe] C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• BleepingComputer - description and removal guide

AntiKeep

Main HJT log entries:

• O4 - HKLM\..\Run: [AntiKeep] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe -min
• O4 - HKCU\..\Run: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

External links:

• BleepingComputer - description and removal guide

AntiTroy

Main HJT log entries:

• O4 - HKLM\..\Run: [AntiTroy] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe -min
• O4 - HKCU\..\Run: [AntiTroy.exe] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe

Other identified HJT log entries:

• O4 - HKLM\..\Run: [<random numbers>.exe] C:\WINDOWS\system32\<random numbers>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

APcDefender

Main HJT log entries:

• O4 - HKLM\..\Run: [APcDefender] C:\Program Files\APcDefender Software\APcDefender\APcDefender.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [4racrju4.exe] C:\WINDOWS\system32\4racrju4.exe

External links:

• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

APCProtect

Main HJT log entries:

• O4 - HKCU\..\Run: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

Other identified HJT log entries:

• O4 - HKLM\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe
• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

APcSafe

Main HJT log entries:

• O4 - HKCU\..\Run: [APCProtect.exe] C:\Program Files\APCProtect Software\APCProtect\APCProtect.exe

Other identified HJT log entries:

• O4 - HKLM\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe
• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• MalwareBytes - description and removal guide

APcSecure

Main HJT log entries:

• O4 - HKLM\..\Run: [APcSecure] C:\Program Files\APcSecure Software\APcSecure\APcSecure.exe -min

External links:

• BleepingComputer - description and removal guide

DefendAPc

Main HJT log entries:

• O4 - HKLM\..\Run: [DefendAPc] C:\Program Files\DefendAPc Software\DefendAPc\DefendAPc.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

GreatDefender

Main HJT log entries:

• O4 - HKCU\..\Run: [GreatDefender] C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe -min
• O4 - HKCU\..\Run: [GreatDefender.exe] C:\Program Files\GreatDefender Software\GreatDefender\GreatDefender.exe

External links:

• MalwareBytes - rogue description and removal guide
• BleepingComputer - description and removal guide

GuardPcs

Main HJT log entries:

• O4 - HKCU\..\Run: [GuardPcs.exe] C:\Program Files\GuardPcs Software\GuardPcs\GuardPcs.exe

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

GuardWWW

Main HJT log entries:

• O4 - HKLM\..\Run: [GuardWWW] C:\Program Files\GuardWWW Software\GuardWWW\GuardWWW.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

IGuardPc

Main HJT log entries:

• O4 - HKCU\..\Run: [IGuardPc.exe] C:\Program Files\IGuardPc Software\IGuardPc\IGuardPc.exe

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

InSysSecure

Main HJT log entries:

• O4 - HKLM\..\Run: [InSysSecure] C:\Program Files\InSysSecure Software\InSysSecure\InSysSecure.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

KeepCop

Main HJT log entry:

• O4 - HKCU\..\Run: [KeepCop] "C:\Program Files\KeepCop Software\KeepCop\KeepCop.exe" -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• BleepingComputer - description and removal guide

LinkSafeness

Main HJT log entry:

• O4 - HKCU\..\Run: [LinkSafeness] C:\Program Files\LinkSafeness Software\LinkSafeness\LinkSafeness.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [t5bgc2co.exe] C:\WINDOWS\system32\t5bgc2co.exe

External links:

• BleepingComputer - description and removal guide

MyPcSecure

Main HJT log entries:

• O4 - HKLM\..\Run: [MyPcSecure] C:\Program Files\MyPcSecure Software\MyPcSecure\MyPcSecure.exe -min

External links:

• BleepingComputer - description and removal guide

PCprotectar

Main HJT log entry:

• O4 - HKCU\..\Run: [PCprotectar.exe] C:\Program Files\PCprotectar Software\PCprotectar\PCprotectar.exe

PcSecureNet

Main HJT log entries:

• O4 - HKLM\..\Run: [AntiTroy] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe -min
• O4 - HKCU\..\Run: [AntiTroy.exe] C:\Program Files\AntiTroy Software\AntiTroy\AntiTroy.exe

Other identified HJT log entries:

• O4 - HKLM\..\Run: [<random numbers>.exe] C:\WINDOWS\system32\<random numbers>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

PcsProtector

Main HJT log entries:

• O4 - HKCU\..\Run: [PcSecureNet] C:\Program Files\PcSecureNet Software\PcSecureNet\PcSecureNet.exe -min

External links:

• BleepingComputer - description and removal guide

PcsSecure

Main HJT log entries:

• O4 - HKLM\..\Run: [PcsSecure] C:\Program Files\PcsSecure Software\PcsSecure\PcsSecure.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

ProtectPcs

Main HJT log entries:

• O4 - HKCU\..\Run: [ProtectPcs.exe] C:\Program Files\ProtectPcs Software\ProtectPcs\ProtectPcs.exe

Other identified HJT log entries:

• O4 - HKLM\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

REAnti

Main HJT log entry:

• O4 - HKCU\..\Run: [REAnti.exe] C:\Program Files\REAnti Software\REAnti\REAnti.exe

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• BleepingComputer - description and removal guide

RESpyWare

Main HJT log entry:

• O4 - HKCU\..\Run: [RESpyWare.exe] C:\Program Files\RESpyWare Software\RESpyWare\RESpyWare.exe

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

SafePcAv

Main HJT log entry:

• O4 - HKLM\..\Run: [SafePcAv] C:\Program Files\SafePcAv Software\SafePcAv\SafePcAv.exe -min

External links:

• BleepingComputer - description and removal guide

SecureKeeper

Main HJT log entry:

• O4 - HKCU\..\Run: [SecureKeeper] C:\Program Files\SecureKeeper Software\SecureKeeper\SecureKeeper.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• BleepingComputer - description and removal guide

SecurePcAv

Main HJT log entry:

• O4 - HKLM\..\Run: [SecurePcAv] C:\Program Files\SecurePcAv Software\SecurePcAv\SecurePcAv.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• BleepingComputer - description and removal guide

SiteAdware

Main HJT log entry:

• O4 - HKCU\..\Run: [SiteAdware.exe] C:\Program Files\SiteAdware Software\SiteAdware\SiteAdware.exe

External links:

• BleepingComputer - description and removal guide

SiteVillain

Main HJT log entry:

• O4 - HKCU\..\Run: [SiteVillain] D:\Program Files\SiteVillain Software\SiteVillain\SiteVillain.exe -min

SysDefence

Main HJT log entries:

• O4 - HKCU\..\Run: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe

External links:

• CA - rogue description
• BleepingComputer - description and removal guide

SysDefenders

Main HJT log entry:

• O4 - HKLM\..\Run: [SysDefenders] C:\Program Files\SysDefenders Software\SysDefenders\SysDefenders.exe -min

Other identified HJT log entries:

• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• BleepingComputer - description and removal guide

SysProtector

Main HJT log entry:

• O4 - HKLM\..\Run: [SysProtector] C:\Program Files\SysProtector Software\SysProtector\SysProtector.exe -min

External links:

• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

TheDefend

Main HJT log entries:

• O4 - HKCU\..\Run: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe

Other identified HJT log entries:

• O4 - HKLM\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe
• O4 - HKCU\..\Run: [<random>.exe] C:\WINDOWS\system32\<random>.exe

External links:

• CA - rogue description
• MalwareBytes - description and removal guide
• BleepingComputer - description and removal guide

Back to Rogues - Overview

Copyright © Pacman's Portal, 2001 - 2013
Powered by Malwarebytes
All rights reserved