The heritage of Duqu rootkit (alias Rootkit.Duqu.A) malign code is non-trivial. Its forerunner is the worm called Stuxnet discovered in summer 2010 which initially affected industrial systems running 32-bit and 64-bit versions of MS Windows Operating System. Although Duqu rootkit implements a very similar task, it evidently appears to be somewhat more sophisticated than its precursor as it blends backdoor essence with keylogger functions. To cut it short, this parasite aims at spying on users’ computer activities. The scope of such potentially compromised information is large enough for anyone to be cautious. Just a few of such samples are your credit card details, passwords, usernames etc., all being typed by almost anyone on a daily basis. By tracking your keystrokes, Duqu rootkit not only stores these data but succeeds in sending them over to a remote analytic center controlled by the people who can apply the obtained facts for really bad purposes. There is one thing arising no doubt in the context of analysing this issue: Duqu is a terrible digital threat endangering the integral cyber part of your life. Although the pattern of treating this pest is obvious, it’s up to you what conclusions to draw if you got this virus.

System Fix is one of the nastiest fake PC diagnostics utility security analysts have seen during the last month or so. The name of a very similar rogueware that apparently belongs to the same group is Data Restore – this sample was described in a standalone article on this blog in early October. The basic template of this newcomer’s activity is the same: to infect, deceive and get some money in case the victim turns out credulous. This badware came live yesterday and has managed to contaminate thousands of workstations overnight, which can be proven by a lot of new messages for help on security forums. What System Fix looks like can be seen on the image attached to this entry (just click to enlarge it and view it in detail). Just like any random fake software sample, this one looks Ok and even kind of works accordingly. But behind this superficial attraction there’s a lot of bad stuff lurking. The program mimics a scan of your machine after it gets inside the OS. It’s not at all surprising that the scanner returns results that make you muse. It says you have something like 14 critical errors, all representing Operating System malfunctions. The scamware lists hard drive rotational speed decrease, Drive C initializing error, damage program files, RAM memory lack etc. For a gullible prey, all of these claimed issues may be an unambiguous stimulus for action prompted by System Fix itself. It says you need to activate the full-functional version to get protected. In other words, the virus asks you for a payment. You must under no circumstances buy this product as it is counterfeit. A much better way out is to get rid of System Fix fraud.

Is every web search you do redirect you to Neatsearchsystem.com? If your answer is positive, then be careful. The problem is, this symptom denotes a state of a harsh computer infection that affects your Internet activity. A lot has been said on the Google Redirecting Virus on different discussion boards dedicated to cybersecurity during the last months. Well, this is the case, only it’s not just the big G searches that undergo such an awful distortion. No matter what engine you use, you will be having serious issues actually finding the stuff you want online. Here is how this malware works. There are a number of computer parasites currently in rotation known as ZeroAccess rootkit, Sirefef trojan and some others. These contaminants are well aware of methods to infect a PC the easy way, due to the specificity of the code assigned to them by fraudsters. It’s most likely that you won’t even know how exactly and when this little piece of scam intruded on you. What you will definitely notice is its impact on how your machine acts. When a victim enters some sought phrase into the seek bar of a random Search Engine, all links on the results pages will get configured to trigger a rerouting script making him/her end up on Neatsearchsystem.com instead of the right page. That site has no informative merit at all but it contains ads, clicking which will make income to the scammers. The worst part about it is you will keep on experiencing these problems until the core badware is expelled out of your system. This is what the section below is about.

Trojan:Win32/Alureon.FE (aka DNSChanger.cq.a, Troj/FakeAV-EFZ) is a severe-graded computer pest that multiplies probability of your private data being stolen by several times, though there are other possible nasty drawbacks of its activity. This trojan targets sensitive data transmitted or received via the Internet. You must have figured what kind of information is at risk with this infection running on your machine. Those are login details, passwords, financial info etc. Actually, knowing about the above side effects of Trojan:Win32/Alureon.FE doing its wicked job suffices to immediately take action and get this malware out of your system. But there’s more to this issue. Not only can this tiny bug monitor your activity, it may also create a very lucrative environment for other dangerous items to easily access your PC without even letting you know in any way. Possible ‘allies’ of Trojan:Win32/Alureon.FE are rogue antivirus programs, data-compromising keyloggers, rootkits and so on. It therefore makes perfect sense to eliminate the threat being analyzed here as soon as possible. And remember – it’s not the trojan that poses a risk to you, it’s the products of its living on your computer that you should be concerned about.

Unlike legitimate search engines, Nailingsearchsystem.com does not provide any such functions in spite of its claiming to be one. There are several facts any Internet surfer should know about this malware. It does not return any relevant results if you try to look something up there. Due to the activity of a specific virus on one’s computer, it forcibly becomes a default search page to a certain extent. But perhaps these features are not determinative. The greatest problem about Nailing Search System is that you are cut off normal web seeking because each link you push on SERPs gets you to one page loaded with ads. How come that happens? It’s a consequence of a badware code hiding in your computer system. This little pest messes with DNS settings, HOSTS file etc., thus making it a huge nuisance to use your PC right. Taking the above into consideration, it’s obvious that the sole fact of being redirected to Nailingsearchsystem.com means you got some computer cleaning work to do otherwise your browser will definitely keep taking you somewhere you never wanted to go. If you manage to bust the rootkit threat lurking deep inside the OS, chances are you never visit Nailingsearchsystem.com against your wish again. What you need to do is outlined below, so make sure you take your chance to rid yourself of this obnoxious bug.

Considering an increasing number of uncontrolled browser redirects to Eminentsearchsystem.com fake search page, it makes sense narrating in detail about this particular hijacker. This is one of those situations when a site that scammers direct traffic to is not dangerous by itself. If you like, you can just go ahead and visit it, and nothing bad will happen nor will any script on Eminentsearchsystem.com actually infect your computer. The real problem is when your Search Engine results reroute your navigation to the above page because it simply means there is a malware code on your PC stealthily substituting various URLs with others that are beneficial to them. Say, you are going to google some information and as usual type your query in the Search box. The correct results will actually appear but then you will be totally upset about what happens. Pushing a random link on the list of returned items will automatically trigger a rule superimposed by an infection that settled down in your system. This pattern presupposes visiting the wrong websites instead of the desired ones. Does it suit you to hit Eminentsearchsystem.com domain whenever you do a search via any of the world renowned engines? Of course not. Therefore it’s more than reasonable to find and delete the virus. The section below this description provides manual and automatic cleaning tips. However, manual method doesn’t always do the trick because the files and Reg keys provided may vary in each case. Anyway, do try this fix and get your good old malware-free machine back.

It’s no secret that most of the present-day fake security applications borrow main principles of their looks from legitimate AV clients. Speaking of System Protection 2012 fraud, this pattern is stuck to as well. The family whose member this malware is produced several other rogues bearing very similar external traits. All these clones (AV Security 2012, System Security 2011) were once quite disastrous and have now been replaced by this latest sample. System Protection 2012 stuffs up your computer’s screen with false popup notifications appearing all over the place. It always runs a scan once you turn on your computer. This scanner reports anything but actual security threats. Security researchers have no doubt at all that all the potentially ‘harmful’ items returned in these scan results are just some fabricated or dummy objects that pose no risk to your Operating System at all. A lot of users don’t know that though, so they do what the scareware tells them to, i.e. buy its full version and get all the previously spotted viruses gone. Money is the key in every rogue antivirus scheme. This case is not exclusion. Hopefully now you know what is to be done about System Protection 2012.