Privacy & Security
Roguefix

Plague of the rogue scanners
Antispyzone, AntiVirGear, AntispyStorm, SpyLocked, SpywareLocked, Security toolbar, Surf sidekick, TitanShield Antispyware, TrustCleaner, VirusProtectPro, WebSpyShield, XP antivirus and many others ....

• System Performance monitor: Warning
• Critical system error
• Adware.W32.ExpDwnldr
• PSW.x-Vir trojan
• Trojan.W32.Looksky detected on you machine
• trojan-spy.win32@mx
• Spyware.CyberLog-X
• iworm_attck_v122.02a
• Trojan TJ/BZ
• Trojan.Virus.Z.32.exe
• C:\windows\system\keylogger.exe#CR#
• W32sinika.A
• OHPE ver.4.12_23/
• Trojan-Spy.HTML.Smitfraud.c
• W32Myzor.FK@yf
• Networm-i.Virus@fp
• spy-win32@mx
• Internet attack attempt detected...
• Credit card hijacking attempt detected...
• DETECTED SPYWARE! SYSTEM ERROR #384
• Alert: You are receiving spam!
• Danger! Spyware activity detected on your computer...
• Warning! Your computer is not protected against spyware...
• Your data is being transmitted to another computer...
• Warning: Your security and privacy are at risk!
• Danger: Potential spyware operation!'
• Somebody's trying to gain access to your PC using DATA MINER program.
• Your computer is working slowly!'
• System alert:'
• Windows had detected spyware infection
• Alert! A minimum of 7 spyware entries found
• The page you are looking for is blocked by spyware
• Local Security Authority Service ('lsass.exe') has encountered a serious problem (possible spyware infection).
• "Microsoft windows - security alert", "SERIOUS SECURITY VULNERABILITY HAS BEEN FOUND!".


These trojans sneak into your computer by-

• WMF exploit. An image vulnerability in un-patched Windows systems



• Codec. Codecs usually for Windows Media player to allow a short movie clip.
  
  
• DigiKeygen, Digipass, PornMag Pass, x password manager, various utilities to allow porn sites to be viewed



• Java exploit. A vulnerability in out dated versions of Java software.



• Visiting cool web search web sites



• P2P file sharing programs



• Deceptive advertisements and Sponsored ads displayed on Search engine results.


Other side effects may include

• Windows features disabled.
• Security settings lowered or disabled.
• Pop ups for sub-standard security products, gambling or Adult websites


.

Notice It has come to my attention that a poster on various help forums, under the name of PCBUTTS1 has stolen the code for roguefix, renamed it Superfix, Spyerase and Removeit, claiming it to be his work. He also offers other copied/unauthorised downloads and publishes explicit/offensive images claiming them to be of people who expose his plagiarism. He displays ethics and morals equal to those of the fake/fraudulent scanners that roguefix removes and should not be trusted.

To clean an infected computer (Windows XP only)

1)Download Roguefix.bat from HEREand save it to your desktop.
(Click Saveon the 'File download' box, then select Desktopin the box marked Save in)
This tool is regularly updated, current version 2.98(updated 18th October 07)

Note -Some users are reporting seeing a text page as opposed to the download box when using this link, (particularly with Firefox browser) if this happens to you, try one of the following -
-Click your browsers back button and try again,
-Use different browser e.g. Internet Explorer,
-Right click the 'download link, select Save Asfrom the drop down list and Save to your desktop.

2)A new feature of the Zlob trojans seen with the Antivirgearvariant is that it hooks into the Layered service Provider (LSP), this requires a special tool to repair as improper removal can cause problems with connecting to the internet, download LSPFix.exefrom here http://cexx.org/lspfix.htmand save it to your desktop to use if prompted by Roguefix

3)A disk and registry cleaner, I recommend either of the applications below-
Ccleaner, A variety of free cleaning utilities
Ace Utilities, a comprehensive disk and registry cleaner. (Free trial)


Removal procedure

a)Set Windows to 'Show hidden files and folders How to.

b)Restart your PC in Safe Mode How to.

c)Double click on the roguefix.baticon on your desktop and allow the tool to run. Follow the onscreen prompts, you will be given the option of resetting your Desktop background and your Homepage back to the Windows default settings.



d)If prompted, remove laf1.dll(note, the number 1 could be any number between 1 and 5) with LSPfix by highlighting the item in the left panel, use the >>button to move it into the right panel and click the Finish button.
DO NOT SELECT ANY OTHER ENTRY FOR REMOVAL



Close LSPFix to allow Roguefix to continue and complete its functions.

e)Restart your PC in 'normally' (not in safe mode).

To complete the clean up of your pc, run the registry cleaner you downloaded earlier, and whilst Roguefix targets the Rogue scanners and their installing trojans, it is likely other malware will present in your system, download, update and run one of the following-
AVG Anti-spyware, a free version is available.
Superantispyware, a free version is available.

And run one of the following online scans-
Panda Active scan
Trendmicro

To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java Update

The Nextbutton will take you to our Clean up after a malware infectionpage.

You are welcome to send comments. Feedback@internetinspiration.co.uk
Still having problems after this clean up process?



---

Roguefix is protected against Piracy for profit or reputation by Intellectual property rights and privileges.
Copying, in full or part and unauthorised distribution is strictly prohibited.


---

If Roguefix has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.