Hey guys,

Just a quick heads up, there's a fake anti-malware program now released causing some rather nasty issues for computer users. It's called "Privacy Protection" and the MD5 checksums are similar in coding to that of Virtumonde.dll / Vundo trojan. I've installed it on a dummy box to start documenting it's cause, alongside with certain fixes to bring it down.. Will probably reverse engineer its programming.

The application will show SOME of the following upon infection:

Quote:

Security Warning Malicious program has been detected. Click here to protect your computer.

Quote:

taskmgr.exe can not start File taskmgr.exe is infected by W32/Blaster.worm. Please activate Spyware Protection to protect your computer.

So, if you do get infected with this program there's a few things to note:
It's polymorphic in process spoofing (changes size and name).
The main malware executable installed is 'privacy.exe'
It will download more viruses to cause you further grief (however they can be removed if you know what you're doing).
Your Anti-virus and Anti-spyware programs will be disabled, preventing their pop-ups in order to spoof itself (Privacy Protection) as an anti-malware application itself.

HijackThis will allow you to identify and remove the privacy.exe lockdown (Normally installed in C:/Users/RoamingData/Apps/.../)
MalwareBytes is one of the better programs to use in order to remove it; as it's using a Virtumonde MD5 checksum, it'll be detected almost immediately after deleting registry keys.

However, if you find yourself infected with this malware and any suggested methods provided DON'T WORK... Give me a quick poke on my email address (vitiosus_phasmatis [at] live [dot] com) and I can remove it via remote access. It's currently identified by MalwareBytes as Rogue.PrvacyProtect