So who is behind Windows Police Pro Virus / Rogue Security Software?
As I’ve seen the continuing FLOOD of searches for some way to Remove Windows Police Pro, I’ve been starting to wonder at the who is behind this particular piece of junk software. These programs aren’t written by your average ordinary virus writer, there is really too much spit and polish on these and the end result is a racket which resembles a mob shakedown along the lines of “it’d be shame if anything happened to your important data”….. I’m intrigued by some that are speculating that there’s a connection to the Total Security 2009 package. The reason they’re saying that is some of the top sites for removal of Windows Police Pro are actually shilling ANOTHER rogue security program Total Security 2009. If that isn’t moving from the frying pan to the fire. They also suggest a connection with the XP Police Antivirus (which was yet ANOTHER of these wolves in sheeps clothing.)
So, I did some searching and found reference to antispyware-scanner2.com serving up some of this JOY. The site isn’t loading now (and I had the rubber gloves on and EVERYTHING…. darn.) But the domain registration comes up as follows:
Domain name: antispyware-scanner2.com
Status: Active
Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )
Registrant:
Name: Sari J Michelle
Address: 57 Sloane Street
City: Bryanston
Province/state: Johannesburg
Country: GB
Postal Code: 20221
Administrative Contact:
Name: Sari J Michelle
Organization: n/a
Address: 57 Sloane Street
City: Bryanston
Province/state: Johannesburg
Country: GB
Postal Code: 20221
Phone: +2.2711573141
Fax: +2.2711573141
Email: janny.mar123@yahoo.com
Technical Contact:
Name: Sari J Michelle
Organization: n/a
Address: 57 Sloane Street
City: Bryanston
Province/state: Johannesburg
Country: GB
Postal Code: 20221
Nameserver Information:
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net
Create: 2009-08-25 21:07:40
Update: 2009-08-28
Expired: 2010-08-25
QueryTimes: 506
Interesting that it is such a new domain isn’t it?
Right now – the search result at windows-police-pro-removal.kbe-inc.net is a redirect to http://daytedve.xorg.pl/go/?windows%20police%20pro%20removal which is ANOTHER site of ill repute according to firefox….
I was then presented with a windows-ish my computer view and redirect to http://free-scan-here.com/l/13f9896d73n79n6em and was told that my computer was infected and I needed to download smart virus eliminator. It’s all somewhat hilarious to see within Firefox on Linux the spoofed My Computer listing, and spoofed windows themed Security Alert Windows. So…. I’ll continue investigating THAT domain.
Registrars.Registration Service Provided By: ERDOMAIN.COM
Contact: +49.3036741521
Website: http://www.erdomain.com
Domain Name: FREE-SCAN-HERE.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 31-Aug-2009
Expiration Date: 31-Aug-2010
Domain servers in listed order:
ns2.free-scan-here.com
ns1.free-scan-here.com
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Status:ACTIVE
This one (wisely I suppose) chose to make their registration private. I mean AFTER ALL if you’re going to distribute software that is going to have hundreds of thousands of people wanting to punch you in the nose the LEAST you should do is make a private domain name registration!
According to Windowsprotection.net they seem to think that the windows police pro virus is related to Total Security 2009 and say that “Windows Police PRO usually installs through the use of backdoor methods which involve Trojan.Downloader or Zlob trojans”. This sounds like the pathway that XP Police Antivirus took as well.
So, who is behind Windows Police Pro Antivirus (May as well call it a Virus for the headaches it’s causing.)? I don’t know, but I would think that there are many people that would be willing to pay to find out who’s responsible and maybe we can at some point track down a whole nest of these rogue security makers. From what I’ve seen, many of them are just the same crap rebranded. The morale of the story if you are having to remove windows police pro….. Next time you see a popup that claims you have a virus close the window as quick as you can. (At this point I’d be tempted to just yank the power from the wall and risk damage to the hard drive rather than put up with these pests.)