VirusRay/VirusRay.com - New Rogue Anti-Spyware

Discussion in 'other anti-malware software' started by SUPERAntiSpy, Oct 22, 2007.

Thread Status:
Not open for further replies.
  1. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    New rogue anti-spyware product (VirusRay from VirusRay.com) that was installed via a ZLOB/MediaAccess Codec installer from an adult site.

    More information here:
    http://www.superantispyware.com/rogue_virusray.html

    Registry Keys Created

    HKCR\CLSID\{97C6E0E9-1D24-48CA-11E7-DC22C5308ABA}
    HKCR\TypeLib\{1AE427B0-E3B7-4D2E-A6B9-36605B0F214E}
    HKCR\Interface\{1D723C81-2C9F-44DD-8F94-A2D3A06845E9}
    HKCR\Interface\{41FC2EBD-79F5-4FE0-8558-708DCB7FE255}
    HKCR\Interface\{45DB217B-965D-4917-A653-C2A871534B4C}
    HKCR\Interface\{48A95844-A761-4D96-8191-0913D493823E}
    HKCR\Interface\{60FD2747-818B-4242-A041-4C1209F3D3A6}
    HKCR\Interface\{70F731FD-6C5F-4D46-A29C-6B97FABEF0D0}
    HKCR\Interface\{77F6ABAA-C14B-4E0C-975E-0CFFA568B0BE}
    HKCR\Interface\{78AA9209-DED5-4F37-93A0-89FBEE57E4FC}
    HKCR\Interface\{869B656B-142E-47E6-B4F6-973D17E80BBF}
    HKCR\Interface\{89F84A04-F5EF-4F4A-AF97-7DA43DD0371F}
    HKCR\Interface\{8F9C1393-41D7-4BE1-8752-098BC97514D2}
    HKCR\Interface\{9097FA96-8EFD-4D04-8024-C920AB56BBEA}
    HKCR\Interface\{ACD5D550-4481-4F05-B6D8-A78566BD81D3}
    HKCR\Interface\{BE096ECD-D62E-4B2D-BBA5-CBF9BFA4AB23}
    HKCR\Interface\{DDA20808-84A0-48C3-902A-7E31FF47EA6B}
    HKCR\Interface\{E9C4CBEB-7BDF-47FF-8EDF-D72B50BB50EF}
    HKLM\Software\Licenses
    HKLM\Software\VirusRay 3.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRay 3.8
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VirusRay 3.8.exe
    3.8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#VirusRay 3.8

    Files and Folders Created

    %PROGRAMFILES%\VirusRay 3.8
    %PROGRAMFILES%\VirusRay 3.8\blacklist.txt
    %PROGRAMFILES%\VirusRay 3.8\Lang
    %PROGRAMFILES%\VirusRay 3.8\Lang\English.ini
    %PROGRAMFILES%\VirusRay 3.8\Logs
    %PROGRAMFILES%\VirusRay 3.8\msvcp71.dll
    %PROGRAMFILES%\VirusRay 3.8\msvcr71.dll
    %PROGRAMFILES%\VirusRay 3.8\Quarantine
    %PROGRAMFILES%\VirusRay 3.8\uninst.exe
    %PROGRAMFILES%\VirusRay 3.8\VirusRay 3.8.exe
    %PROGRAMFILES%\VirusRay 3.8\VirusRay 3.8.url
    %PROGRAMFILES%\VirusRay 3.8\vra.dat

    Shortcuts and Links

    %CSIDL_APPDATA%\Microsoft\Internet Explorer\Quick Launch\VirusRay 3.8.lnk
    %CSIDL_CONTROLS%\VirusRay 3.8.lnk
    %CSIDL_PROGRAMS%\VirusRay 3.8
    %CSIDL_STARTMENU%\VirusRay 3.8.lnk

    Our latest definitions remove VirusRay as well for those not wanting to do a manual removal.
     
  2. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    did you contact Privacyprotect?
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Well isn't it hilarious and speaks loudly for their intentions just from the name.

    VirusRay ROLF Don't those guys have a hobby or something better to make with coding apps then junk?
     
  4. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    EASTER, the malware writers are just letting us know that they still care about us. Wouldn't it be funny if these guys were actually legit, beginning programmers who were -- like me -- DYSLEXIC!

    Dave
     
Loading...
Thread Status:
Not open for further replies.