Skip to main content

Technoviking I am not amused

Technoviking I am not amused


So yesterday I was looking on Google Images for the Technoviking. Im sure most of you know the guy/meme but just to be sure:


http://knowyourmeme.com/memes/technoviking

In case youre wondering, I do not remember why he flashed in my mind all of a sudden, but I was listening to some music on Youtube and I suppose there was a Suggested Video wink .

Either way, some of the Google Images were in fact redirecting to a scareware page, urging you to download a file to "clean" your computer. Some of the images that were infected:



Some infected Google Image results


If you click on any of them, you would get the following message:


"Windows Security" will perform a fast scan of system files


... and when clicking on "OK" youll get the well-known fake scanning page:



Fake Scanning page finding numerous infections


The following file was downloaded:

BestAntivirus2011.exe
Result: 18/41 (43.9%)
MD5: e705b657f5830eb2a43eee3a32f549c3
VirusTotal Report
ThreatExpert Report
Anubis Report

Today I checked again and the scareware/rogueware campaign is still active. I was now presented with another file that has a very low detection rate on VirusTotal:

BestAntivirus2011.exe
Result: 2/41 (4.9%)
MD5: 56ce5479183913f2082bf0fd790dbaea
VirusTotal Report


The payload is a rogueware called MS Removal Tool.

When executing the dropped file (BestAntivirus2011.exe) :


MS Removal Tool fake scanning screen


It is interesting to note that you would only get redirected when using Internet Explorer or Google Chrome. Neither on Firefox 3.6 or Firefox 4.0 the redirect would commence.


Prevention

- Be careful when visiting any webpage. A useful trick is to check the real URL behind the image. Most of the times you can verify this by checking in the left corner of your browser:

Clicked on a picture and started loading this website instead of the original one

- Use browser extentions to verify the integrity of an image or URL. Useful add-ons for Google Chrome are for example VTchromizer, NotScripts and WOT .

- Keep your Antivirus and browser, as well as your browser add-ons up-to-date.

- If it is too late and a scan is already starting, immediately close your browser by bringing up Task Manager (CTRL + ALT + DEL) and killing your browsers process:
  • a) For Google Chrome: chrome.exe or chrome.exe *32
  • b) For Mozilla Firefox: firefox.exe or firefox.exe *32
  • c) For Microsofts Internet Explorer: iexplore or iexplore.exe *32


Desinfection

If the harm is already done and you are getting warnings, messages or pop-ups stating you are infected and you need to take immediate action to clean your computer, follow the guide below at BleepingComputers to rid yourself of this malware:

Remove MS Removal Tool



Conclusion

Dont be fooled by Googles preview of images, you can still get infected even though the site appears to be safe.

Follow the above prevention tips to decrease the chance of your computer becoming infected.

download file now

Labels:

Popular posts from this blog

Ragnos1997 Low Specs Patches for low PC Download

Ragnos1997 Low Specs Patches for low PC Download Ragnos1997 Low Specs Patches for Low PC Full Download "Let your system breathe, and enjoy even the latest games on your low end hardware. Only with Low Specs Experience�" Which games are affected ? ALAN WAKE ALAN WAKE�S AMERICAN NIGHTMARE ALIEN: ISOLATION ALIEN: COLONIAL MARINES 7 DAYS TO DIE AMERICAN TRUCK SIMULATOR ANNO 2205 ARMA III ASSASSIN�S CREED ASSASSIN�S CREED II ASSASSIN�S CREED BROTHERHOOD ASSASSIN�S CREED REVELATIONS ASSASSIN�S CREED III ASSASSIN�S CREED III LIBERATION HD ASSASSIN�S CREED IV BLACK FLAG ASSASSIN�S CREED UNITY ASSASSIN�S CREED ROGUE ASSASSIN�S CREED SYNDICATE BATMAN ARKHAM ORIGINS BATMAN ARKHAM ORIGINS BATTLEFIELD BAD COMPANY 2 BATTLEFIELD 3 BATTLEFIELD 4 BATTLEFIELD HARDLINE BATTLEFIELD 1 BIOSHOCK INFINITE BORDERLANDS BORDERLANDS 2 BORDERLANDS THE PRE-SEQUEL CALL OF DUTY BLACK OPS CALL OF DUTY BLACK OPS II CALL OF DUTY BLACK OPS III CALL OF DUTY GHOSTS CALL OF DUTY ADVANCED WARFARE CALL OF DUTY INFIN...
Read more

Prominence Poker Download Free PC Game Torrent

Prominence Poker Download Free PC Game Torrent Prominence Poker Download Free - PC Game (Torrent) Prominence Poker Download Free Full Version PC Game Torrent Without Surveys, Re-directions, Ads And No Waiting Time To Download. Overview Of Prominence Poker PC Game Genre : Simulation, Strategy Platform : PC Language : English, Multi 5 Cracked By PROPHET Release Date: Comming Soon In This Year Developer: Pipeworks Studio Publisher: 505 Games Language : English, French, Italian, German, Spanish About Prominence Poker PC Game Welcome to Prominence Poker, a game that pits players from around the world against each other and devious AI to build the rep, prestige, and bankroll needed to be, and beat, the best of the best.  Rich World: Set in the city of Prominence, a gambling Mecca founded by crooked folks looking to go straight, players will face down four factions as they play their way solo to a final showdown with "The Mayor" the mysterious town founder who will guide the player...
Read more

The Last Guardian Keygen Serial Key for Full Game Download

The Last Guardian Keygen Serial Key for Full Game Download The Last Guardian Keygen Serial Key for Full Game Download Right now we have small sum of cd-keys to The Last Guardian. Are you trying to find a supply of a free of charge multi player cd-key generator but devoid of results? Nevertheless on this web you can obtain primarily operating key generators. And we are happy to highlight our new current  The Last Guardian. Just simply utilising this unique brand new key generator you may receive superb game without charge. This excellent keys generator perform competently at just about all machines. You can aquire a massive amount of serials by employing this specific app. Anybody who exactly would want to have fun with playing in The Last Guardian series with no having to pay a real authentic serial codes for this, now we supplying you possibility to find game merely for free of charge. You can certainly perform with one hundred p . c no charge and additionally complete The La...
Read more