So who is behind Windows Police Pro Virus / Rogue Security Software?



As I’ve seen the continuing FLOOD of searches for some way to Remove Windows Police Pro, I’ve been starting to wonder at the who is behind this particular piece of junk software. These programs aren’t written by your average ordinary virus writer, there is really too much spit and polish on these and the end result is a racket which resembles a mob shakedown along the lines of “it’d be shame if anything happened to your important data”….. I’m intrigued by some that are speculating that there’s a connection to the Total Security 2009 package. The reason they’re saying that is some of the top sites for removal of Windows Police Pro are actually shilling ANOTHER rogue security program Total Security 2009. If that isn’t moving from the frying pan to the fire. They also suggest a connection with the XP Police Antivirus (which was yet ANOTHER of these wolves in sheeps clothing.)


So, I did some searching and found reference to antispyware-scanner2.com serving up some of this JOY. The site isn’t loading now (and I had the rubber gloves on and EVERYTHING…. darn.) But the domain registration comes up as follows:

Domain name: antispyware-scanner2.com
Status: Active

Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )

Registrant:
Name: Sari J Michelle
Address: 57 Sloane Street
City: Bryanston
Province/state: Johannesburg
Country: GB
Postal Code: 20221

Administrative Contact:
Name: Sari J Michelle
Organization: n/a
Address: 57 Sloane Street
City: Bryanston
Province/state: Johannesburg
Country: GB
Postal Code: 20221
Phone: +2.2711573141
Fax: +2.2711573141
Email: janny.mar123@yahoo.com

Technical Contact:
Name: Sari J Michelle
Organization: n/a
Address: 57 Sloane Street
City: Bryanston
Province/state: Johannesburg
Country: GB
Postal Code: 20221

Nameserver Information:
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net

Create: 2009-08-25 21:07:40
Update: 2009-08-28
Expired: 2010-08-25
QueryTimes: 506

Interesting that it is such a new domain isn’t it?

Right now – the search result at windows-police-pro-removal.kbe-inc.net is a redirect to http://daytedve.xorg.pl/go/?windows%20police%20pro%20removal which is ANOTHER site of ill repute according to firefox….

I was then presented with a windows-ish my computer view and redirect to http://free-scan-here.com/l/13f9896d73n79n6em and was told that my computer was infected and I needed to download smart virus eliminator. It’s all somewhat hilarious to see within Firefox on Linux the spoofed My Computer listing, and spoofed windows themed Security Alert Windows. So…. I’ll continue investigating THAT domain.

Registrars.Registration Service Provided By: ERDOMAIN.COM
Contact: +49.3036741521
Website: http://www.erdomain.com

Domain Name: FREE-SCAN-HERE.COM

Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Creation Date: 31-Aug-2009
Expiration Date: 31-Aug-2010

Domain servers in listed order:
ns2.free-scan-here.com
ns1.free-scan-here.com

Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Status:ACTIVE

This one (wisely I suppose) chose to make their registration private. I mean AFTER ALL if you’re going to distribute software that is going to have hundreds of thousands of people wanting to punch you in the nose the LEAST you should do is make a private domain name registration!

According to Windowsprotection.net they seem to think that the windows police pro virus is related to Total Security 2009 and say that “Windows Police PRO usually installs through the use of backdoor methods which involve Trojan.Downloader or Zlob trojans”. This sounds like the pathway that XP Police Antivirus took as well.

So, who is behind Windows Police Pro Antivirus (May as well call it a Virus for the headaches it’s causing.)? I don’t know, but I would think that there are many people that would be willing to pay to find out who’s responsible and maybe we can at some point track down a whole nest of these rogue security makers. From what I’ve seen, many of them are just the same crap rebranded. The morale of the story if you are having to remove windows police pro….. Next time you see a popup that claims you have a virus close the window as quick as you can. (At this point I’d be tempted to just yank the power from the wall and risk damage to the hard drive rather than put up with these pests.)

Related Posts

Blog Traffic Exchange Related Posts
  • Makers of fake security software settle lawsuit The security fix has some news today on some bogus security software makers (the wolves in sheeps clothing as I tend to think of them...) Anyway, they're settling deceptive trade practice chargers that were brought by the FTC. SpywareAssassin and Spykiller were facing a civil suit over their ads which......
  • Network Security - Arp spoofing So.... what is arp spoofing (poisoning).... and what are it's implications? ARP spoofing involves tricking a machine into thinking that you're machine is, yet another. Let's put this in IP address terms. Let's say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are......
  • How to Remove Internet Security 2010 | Internet Security 2010 Removal Guide Internet Security 2010 is the name of a rogue antivirus application that is one of the more recent to be making the rounds. It will typically install itself on your system through the use of other malware. These rogue antivirus applications typically will pop up warnings and alerts about the......
Blog Traffic Exchange Related Websites
  • Alameda Marina Alameda Marina is located in Alameda, CA Phone Number: 510.521.1133 Website: http://www.alamedamarina.net/ Email: info@alamedamarina.net Marina Features 530 Wet Berths Pricing for Standard Berths: BOAT LENGTH (LOA)PRICE PER FOOT 22' - 24' $6.50 28' - 32' $7.50 36' - 45 '$8.00 50' Plus $9.00 End Ties & Side Ties $9.00 Covered......
  • $1 Domain on GoDaddy.com Discount Code - December 2011 It's holiday + shopping season & here's a good news for webmasters. GoDaddy is offering domains for $1 only ($1.18 including ICANN fees). If you're a new webmaster and want to start your blog/website, then here's your chance to register a domain name for just $1. GoDaddy $1 domain registration......
  • Comparison Between Free Of Charge And Paid Web Comparison between free of charge and paid Web security software has turn into a main subject of discussion amongst probably the most of all computer users recently. Numerous people who have employed both free of charge as well as paid Web security software place their strong opinions. Although many people......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site