Beware Setup.exe Installing PcsSecure Onto Your PC!

News

Contributed by: Aurelija
Date: February 1, 2010

	5 Vote 0	Beware Setup.exe Installing PcsSecure Onto Your PC!

Welcome the final part of the PcsSecure analysis! I've already provided you with the most important information regarding its malicious activities and website. Today the time has come to analyze PcsSecure installation file. What has to be known about this file? And can reliable anti-virus vendors detect this file as malicious?

I've already mentioned in my previous articles that PcsSecure is one of the most recent Winisoft applications. This fake security program can secretly sneak into victimized systems or be downloaded from malicious websites. When on the system, PcsSecure starts performing fake system scans that generate falsified results. After that, it starts displaying security warnings and system notifications prompting you to purchase a full version of the program. All this not only annoys victims but also can destroy computer systems and corrupt important information.

Let's now find out if PcsSecure installation file and the entire program are really malicious. According to VirusTotal - an online service providing free malware scanning for individual files - nine out of forty one anti-virus vendors detected the PcsSecure installation file as malicious or potentially harmful. The name of the analyzed file was setup.exe. The size of the file is 360960 bytes and it comes with the MD5 c96ad331c6eb30ea6508e794a3de4c57. Have a look at the following table that provides all the alias names of the analyzed threat.

Anti-virus vendor	Alias name
a-squared	Trojan.Win32.FakeSmoke!IK
CAT-QuickHeal	(Suspicious) - DNAScan
Comodo	TrojWare.Win32.TrojanDownloader.Fraudload.~GGI
DrWeb	Trojan.Fakealert.8498
Ikarus	Trojan.Win32.FakeSmoke
Microsoft	Trojan:Win32/FakeSmoke
Panda	Suspicious file
Prevx	Medium Risk Malware
Sophos	Sus/UnkPack-C

Table 1. PcsSecure alias names

The analyzed installation file is not the only file related to this malicious program. As is the case with any other rogues, PcsSecure is associated with several distinct files that help to distinguish it from other rogue applications and that need to be deleted in order to remove PcsSecure from an infected system. Have a look at the following table with the most important files, their distinct sizes and MD5 signatures:

File Name	File Size	MD5
PcsSecure.exe	1635328	5209634f7af8fe65c84c40d2b0fcb085
setup[1].exe	360960	8ec27e7fb2bd95184b9711314a05b571
setup[1].exe	1734436	a0d3bda1e61d9e9e0b0f10d4d9ba9971

Table 2. PcsSecure files

I would highly recommend you to be cautious when browsing the web and downloading any files. Don't click on unknown links and attachments. Besides, don't forget to use a reliable and up-to-date anti-virus application. All these actions may reduce the possibility of catching PcsSecure and other rogue security applications.

Resources:
VirusTotal analysis
Description and removal
Rogueware details

User Comments

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now