new rogue: PCoptimizer 2010

As already stated in my previous post, there are two new rogues (rogue security software, rogueware) lurking around:

PrivacyGuard 2010 and PCoptimizer 2010

You can be presented with either of these GUIs:


PrivacyGuard 2010 (picture: BleepingComputer)



PCoptimizer 2010


If you execute any program, you can be presented with the following pop-up:


PCoptimizer 2010 pop-up


I also made a small video on how you can disable this rogue and access your programs again. In this video I targeted PCoptimizer 2010, but you can also apply these steps on PrivacyGuard 2010.



Direct link to HD video on YouTube


6 easy steps:

1) Go to Start > Run
2) Type in: C:\windows\system32
3) Find taskmgr.exe and make a copy
4) Paste taskmgr.exe on your desktop (for example) and rename to explorer.exe
5) Locate the process for the rogue (in this case, PCoptimizer 2010.exe) and click on End Process
6) You can now execute your Antivirus or Antimalware tools again, or browse the internet and download one :) .

WinMHR: Free Malware Detector

Today I checked out WinMHR brought to you by: Team Cymru

Now, what exactly is WinMHR ? (This is copied from the website)

WinMHR is...

• Free - No ads, reminders, or disabled features - for both non-commercial and commercial use.
• Private - No files or any content is sent across the network.
• Fast - No heavy analysis is done on your PC. Our servers take care of the heavy lifting.
• Accurate - We aggregate results of over 30 anti-virus engines, so we detect a far greater percentage of malware than a single, traditional anti-virus product.
• Up-to-Date - No "definition" or "signature" files need to be downloaded, all updates are done on our servers.
• Easy to Use - A more user-friendly, point-and-click interface for our established and proven MHR service.

WinMHR is NOT...

• intended as a replacement of traditional anti-virus, it is an augmentation of your existing anti-virus.
• a malware removal or blocking tool; it is a malware detection tool.
  
  

I tested WinMHR on 10 samples of the infamous rogue AV 'Security Tool':

2 out of 10 samples are known malware

When you first start WinMHR, it does a scan of your running processes. This makes it very easy to view MD5s of all running processes, as well as which modules are loaded under each process.

Down below you can find an additional video on how to use WinMHR:

Link: http://media.team-cymru.org/WinMHR/movies/introduction.mov

You can download WinMHR from here.

Conclusion:

WinMHR is a good tool for having a second opinion, but if you really want to be sure about the validity of a file (malware/goodware), I advise to also use the VirusTotal Uploader or VT Uploader (http://www.virustotal.com/advanced.html )
Simply right click a file and send it to VirusTotal.

The big difference between WinMHR and VirusTotal is that WinMHR will not upload your file, it will only check the MD5 checksum. If you send a file to VirusTotal, you will upload it to their servers, and they can decide what to do with it.

Keep in mind that WinMHR does not prevent malware nor can it replace a traditonal antivirus. As a supplement it comes in very handy.

Additionally, it would be nice if x64 will be supported in the near future.

Link: http://www.team-cymru.org/Services/MHR/WinMHR/

Note: I did not help or contribute in developing this tool, I simply reviewed it.