Anti-Malware Lab

Posted: July 7, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	2

First Seen:	July 7, 2011
OS(es) Affected:	Windows

Anti-Malware Lab is rogue security software that's closely related to previously-known scamware programs. Just likes its relatives, Anti-Malware Lab pretends to offer genuine security services but can only create fake infection warnings about problems that aren't on your PC in the first place. Rogue programs in the Anti-Malware Lab family may also create junk files, disable programs or take over your web browser to redirect you to hostile sites. You should remove Anti-Malware Lab by using an updated and reliable anti-virus application.

The Bitter PC Security Lies That Anti-Malware Lab Slips to You

Anti-Malware Lab is marketed by websites as an independent and powerful security program that can scan your PC for threats and even detect them spontaneously, upon occasion. In reality, Anti-Malware Lab is a clone of other malicious rogue programs like Personal Internet Security 2011, PC Security Guardian, and Best Malware Protection. Neither Anti-Malware Lab nor related rogue applications can find or delete viruses or other PC threats, and purchasing Anti-Malware Lab is an utter waste of your finances.

Anti-Malware Lab's system scans will turn up unpleasant results no matter what your computer's health happens to be, and any PC that's infected with Anti-Malware Lab will suffer through deceitful pop-ups like the following:

Warning
Warning! Virus detected

Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys

System alert
PC Security Guardian has detected potentially harmful software in your system. It is strongly recommended that you register PC Security Guardian to remove all found threats immediately.

System warning
No real-time malware, spyware and virus protection was found. Click here to activate.

ERROR MESSAGE:
Warning
Warning! Virus detected
Threat Detected: Trojans-Spy.HTML.Sunfraud.a

Further Details of Anti-Malware Lab's 'Protection Money' Scam

Anti-Malware Lab's fake errors may fool you if you're unprepared for the sophisticated extremes of Anti-Malware Lab's infection presentation scam. Anti-Malware Lab may utilize these errors messages while blocking programs to make it look as though the programs are being blocked for your own good, but Anti-Malware Lab really is blocking them to make you want to purchase an Anti-Malware Lab registration key.

Another common tactic that's used by Anti-Malware Lab and similar rogue programs is to create dummy files with gibberish names. These files contain no harmful content but can be alarming when Anti-Malware Lab points at them as being infections. Of course, without Anti-Malware Lab on your PC, you wouldn't see these 'infections' appearing at all. They serve no purpose save to clutter up your hard drive and make it look as though there are more attackers on your PC besides just Anti-Malware Lab.

A last attack that Anti-Malware Lab shares with many other rogue products is the ability to hijack your web browser. Hijacks can change your homepage settings, create pop-ups, redirect you from one website to another one and create fake errors. Thankfully, using Safe Mode may allow you to disable all of Anti-Malware Lab's many attacks until you can get around to deleting Anti-Malware Lab.

Since many rogue programs, including Anti-Malware Lab, may use Trojans to install themselves onto your PC, you should be prepared to use a high-quality security program to scan your entire PC for Anti-Malware Lab and any related infections.

File System Modifications

The following files were created in the system:

#	File Name
1	%AppData%\Anti-Malware Lab
2	%AppData%\Anti-Malware Lab\cookies.sqlite
3	%AppData%\Anti-Malware Lab\Instructions.ini
4	%CommonAppData%\[random]
5	%CommonAppData%\[random]\[random]
6	%CommonAppData%\[random]\[random].dll
7	%CommonAppData%\[random]\[random].exe
8	%CommonAppData%\[random]\[random].mof
9	%CommonAppData%\[random]\[random].ocx

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"HKCU\Software\Microsoft\Windows\CurrentVersion\Run "Anti-Malware Lab"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

b1e3d1680706a84630752865c948b451

File name: b1e3d1680706a84630752865c948b451
Size: 2.42 MB (2422272 bytes)
MD5: b1e3d1680706a84630752865c948b451
Detection count: 81
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathAnti-Malware Lab.lnk

One Comment

billy says:

July 12, 2011 at 12:23 am

i just doownloaded the free version of it and it said i had 20 malicious progams, would that be true? and how to they get your internet to download it

Anti-Malware Lab

Threat Metric

The Bitter PC Security Lies That Anti-Malware Lab Slips to You

Further Details of Anti-Malware Lab's 'Protection Money' Scam

File System Modifications

Registry Modifications

Technical Details

File System Modifications

Registry Modifications

One Comment

Leave a Reply