VirusRay/VirusRay.com - New Rogue Anti-Spyware

Discussion in 'other anti-malware software' started by SUPERAntiSpy, Oct 22, 2007.

Thread Status:
Not open for further replies.
  1. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    New rogue anti-spyware product (VirusRay from VirusRay.com) that was installed via a ZLOB/MediaAccess Codec installer from an adult site.

    More information here:
    http://www.superantispyware.com/rogue_virusray.html

    Registry Keys Created

    HKCR\CLSID\{97C6E0E9-1D24-48CA-11E7-DC22C5308ABA}
    HKCR\TypeLib\{1AE427B0-E3B7-4D2E-A6B9-36605B0F214E}
    HKCR\Interface\{1D723C81-2C9F-44DD-8F94-A2D3A06845E9}
    HKCR\Interface\{41FC2EBD-79F5-4FE0-8558-708DCB7FE255}
    HKCR\Interface\{45DB217B-965D-4917-A653-C2A871534B4C}
    HKCR\Interface\{48A95844-A761-4D96-8191-0913D493823E}
    HKCR\Interface\{60FD2747-818B-4242-A041-4C1209F3D3A6}
    HKCR\Interface\{70F731FD-6C5F-4D46-A29C-6B97FABEF0D0}
    HKCR\Interface\{77F6ABAA-C14B-4E0C-975E-0CFFA568B0BE}
    HKCR\Interface\{78AA9209-DED5-4F37-93A0-89FBEE57E4FC}
    HKCR\Interface\{869B656B-142E-47E6-B4F6-973D17E80BBF}
    HKCR\Interface\{89F84A04-F5EF-4F4A-AF97-7DA43DD0371F}
    HKCR\Interface\{8F9C1393-41D7-4BE1-8752-098BC97514D2}
    HKCR\Interface\{9097FA96-8EFD-4D04-8024-C920AB56BBEA}
    HKCR\Interface\{ACD5D550-4481-4F05-B6D8-A78566BD81D3}
    HKCR\Interface\{BE096ECD-D62E-4B2D-BBA5-CBF9BFA4AB23}
    HKCR\Interface\{DDA20808-84A0-48C3-902A-7E31FF47EA6B}
    HKCR\Interface\{E9C4CBEB-7BDF-47FF-8EDF-D72B50BB50EF}
    HKLM\Software\Licenses
    HKLM\Software\VirusRay 3.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRay 3.8
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VirusRay 3.8.exe
    3.8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#VirusRay 3.8

    Files and Folders Created

    %PROGRAMFILES%\VirusRay 3.8
    %PROGRAMFILES%\VirusRay 3.8\blacklist.txt
    %PROGRAMFILES%\VirusRay 3.8\Lang
    %PROGRAMFILES%\VirusRay 3.8\Lang\English.ini
    %PROGRAMFILES%\VirusRay 3.8\Logs
    %PROGRAMFILES%\VirusRay 3.8\msvcp71.dll
    %PROGRAMFILES%\VirusRay 3.8\msvcr71.dll
    %PROGRAMFILES%\VirusRay 3.8\Quarantine
    %PROGRAMFILES%\VirusRay 3.8\uninst.exe
    %PROGRAMFILES%\VirusRay 3.8\VirusRay 3.8.exe
    %PROGRAMFILES%\VirusRay 3.8\VirusRay 3.8.url
    %PROGRAMFILES%\VirusRay 3.8\vra.dat

    Shortcuts and Links

    %CSIDL_APPDATA%\Microsoft\Internet Explorer\Quick Launch\VirusRay 3.8.lnk
    %CSIDL_CONTROLS%\VirusRay 3.8.lnk
    %CSIDL_PROGRAMS%\VirusRay 3.8
    %CSIDL_STARTMENU%\VirusRay 3.8.lnk

    Our latest definitions remove VirusRay as well for those not wanting to do a manual removal.
     
    SUPERAntiSpy, Oct 22, 2007
    #1
  2. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    did you contact Privacyprotect?
     
    ggf31416, Oct 22, 2007
    #2
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Well isn't it hilarious and speaks loudly for their intentions just from the name.

    VirusRay ROLF Don't those guys have a hobby or something better to make with coding apps then junk?
     
    EASTER, Oct 23, 2007
    #3
  4. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    EASTER, the malware writers are just letting us know that they still care about us. Wouldn't it be funny if these guys were actually legit, beginning programmers who were -- like me -- DYSLEXIC!

    Dave
     
    dw2108, Oct 23, 2007
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...