FYI...

- http://www.theregister.com/2006/04/07/unspypc/
7 April 2006
"A rogue anti-spyware application is falsely identifying popular security products and file system tools as spyware. Security firm SurfControl advises users not to touch the application, UnSpyPC, with a barge pole. False-positive reporting is hardly unknown across many supposed anti-spyware applications, as SurfControl notes, but this case is particularly severe since UnSpyPC could disable critical security and business applications... Programs that were falsely identified as spyware by UnSpyPC include an anti-virus tool, a well known anti-spyware application, and a system management tool. SurfControl has added detection for UnSpyPC, which it identifies as malicious code, to its security products. We submitted a request for UnSpyPC to comment on SurfControl's criticism via its download site on Thursday. At the time of writing, we've received no response."

* http://www.surfcontrol.com/ViewHandler.aspx?id=332&newsid=800&mnuid=6.2.1
05 Apr 06

- http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
"UnSpyPC... false positives work as goad to purchase... inadequate/flawed scan/detection scheme; same app as Safe & Clean..."

thanks for shearing this information colonel

I have got some more for people who might be already infected which this pest and would like to know more about it help themselves remove it.


Here are some more companies talkied about it

STOP BADWARE
http://www.stopbadware.org/reports/reportdisplay?reportname=unspypc

Symantec
http://www.symantec.com/smb/security_response/writeup.jsp?docid=2005-121614-4828-99&tabid=1

SpywareGuide
http://www.spywareguide.com/product_show.php?id=2813

Sophos
http://www.sophos.com/security/analyses/unspypc.html

F-Secure
http://www.f-secure.com/sw-desc/unspypc.shtml

i have summoned up some information as mentioned below


*****************************************************************

UnSpyPC
The UnSpyPC is an anti-spyware program that can block the popups also. The UnSpyPC uses flase, inadequate detections schemes. The program show false warnings and slows the system. 0
General Information:
Malware Name:
UnSpyPC
Malware Type:
Adware
Company Name: Stratex international
Company URL: htt****************
Threat Level: High
Operating System: WIN XP
Installation Type: Installed through EXE
Operation: Time of After Installation.
Download URL: *************

Company Description:
The UnSpyPC is an anti-spyware program that can block the popups also. The UnSpyPC uses flase, inadequate detections schemes. The program show false warnings and slows the system.

Spyware Description:
The UnSpyPC is an anti-spyware program that can block the popups also. The UnSpyPC uses flase, inadequate detections schemes. The program show false warnings and slows the system. 0

Characteristics/Symptoms:

-> Collects browsing information
-> Shows false results
-> Slows the system
-> Can even detect files that are not associated to any malware0

******************************************************************************


Incase you would like to see entire details about this crap you can have a look at this page for total information

http://www.spywaresignatures.com/details.php?spyware=unspypc

Incase anyone would like to know more about this... feel free to PM me or mail me anytime.


Thanks again for this news from SurfContrl.

I am currently looking for clones of this piece of crap . This is what I have come up with so far .

Do NOT download these apps unless you are a researcher .

hxxp://scanandclean.com/
hxxp://www.killandclean.com/

KillAndClean and UnSpyPc are both listed at malwarebytes (RogueRemover) and Spywarewarrior but I do not see mention of ScanAndClean .

I will look into this further but Scan and Clean looks to be another new rogue .

KillAndClean
It is a Rogue Security Program that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits. It includes High risk threats are typically installed without user interaction through security exploits, and can severely compromise system security. Such threats may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These threats may also collect and transmit personally identifiable information (PII) without our consent and severely degrade the performance and stability of our computer. 0
General Information:
Malware Name:
KillAndClean
Malware Type:
Rogue Security Program
Company Name: KillAndClean
Company URL: http://killan*******
Threat Level: High Risk
Operating System: WIN XP
Installation Type: Installed through EXE
Operation: Time of After Installation.
Download URL: http://killand**********

URLs destroyed coz i dont wanna get blocked .. if you know more lemme know.

Company Description:
KillAndClean ensures the system stability. It frees up hard disk by removing the unnecessary data from the hard disk. It also removes unnecessary programs being loaded at startup to allow for faster system booting. It boosts system performance by removing device drivers that are no longer in use. Blocks the spyware. Detect and remove spyware or adware from the PC.

Spyware Description:
It is a Rogue Security Program that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits. It includes High risk threats are typically installed without user interaction through security exploits, and can severely compromise system security. Such threats may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These threats may also collect and transmit personally identifiable information (PII) without our consent and severely degrade the performance and stability of our computer. 0

Characteristics/Symptoms:

-> False positives work as goad to purchase
-> False scan results
-> Uses inadequate scan/detection scheme
-> Uses out of date ref database


Here is more information
Sunbelt
http://research.sunbelt-software.com/threatdisplay.aspx?name=KillAndClean&threatid=44619

CA
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453098991

SpywareSignatures
http://www.spywaresignatures.com/details.php?spyware=killandclean

lemme know if you wish to know more.

I have its orignal setup and a detailed doc.

PLease commnet and post if you did some research on it...

Thanks