Home Malware Programs Rogue Anti-Spyware Programs Bogema Security

Bogema Security

Posted: July 22, 2011

ScreenshotThe fake security program, Bogema Security, claims to offer anti-spyware and other threat-removal services, but our SpywareRemove.com malware researchers have found that Bogema Security only offers trouble. Those who attempt to use Bogema Security for its stated purposes will find that the only infections that Bogema Security can warn you about are falsified ones and that all system errors that Bogema Security reports are lies. This simple scam is a not-so-subtle attempt to steal your credit card and the money linked to it, so it's strongly encouraged that your guard your finances from Bogema Security and use an advanced anti-malware product to wipe Bogema Security out of your hard drive.

A Review of Bogema Security's Less-Than-Stellar Past

Bogema Security doubles as the name of the company that markets the Bogema Security 2011 rogue program, as well as the name of the rogue program itself. The Bogema Security company, unfortunately, has been confirmed to trade in fraudulent credit card bills instead of providing real security software. If you've purchased Bogema Security or a similar product, the most urgent priority on your mind should be canceling your credit card to stop any more unwarranted expenses.

A second but almost equally-important goal should be to avoid Bogema Security's arsenal of attacks on your computer. Our malware team has noted that Bogema Security 2011 has the capability to:

  • Launch itself without your permission.
  • Remain active in the form of a concealed memory process even after you've tried to shut down Bogema Security.
  • Create fake spyware alerts and other infection warnings that present dishonest information about your computer's health, especially with regards to security-related programs and basic Windows utilities.
  • Alter your file-viewing settings to hide files, particularly its own.
  • Block anti-virus and security applications. Bogema Security may also use this in coordination with its fake errors to make it look as though it's blocking these applications for your own good.
  • Redirect your web browser to the Bogema Security website bogemasecurity.com, or to a similar malicious website. Websites that may be linked to the same criminal company include ultimate-scan.com, clean-security.com, unlimguard.com, unlimdefender.com and ultimate-guard.com. These websites sell similar rogue security applications, such as lean Security, Ultimate Scan and Ultimate Guard. Other rogue security programs associated with Bogema Security are XP Internet Security 2012, Personal Shield Pro Version 2.20, XP Security 2011, Windows 7 Fix, and Vista Home Security 2012. All of these programs and even Bogema Security may also be marketed with the '2011' suffix; for example, as Bogema Security 2011.

Defeating Bogema Security or Better Yet, Keeping Bogema Security Off Your PC

The easiest way to keep Bogema Security 2011 from infecting your PC in the first place is to avoid the aforementioned sites, which may use Flash or Java exploits to install Bogema Security even if you don't want it. Our malware team has also seen instances of rogue applications that are very similar to Bogema Security being installed by Zlob and Fake Microsoft Security Essentials Alert trojans. These trojans are often downloaded by mistake while they pretend to be codecs and other updates for media players.

Removing Bogema Security by deleting its files personally isn't recommended and may cause damage to your computer. Since many of Bogema Security's attacks can make changes to the Windows Registry, you should use a reliable anti-malware product to delete Bogema Security if you have access to such software.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS]
    2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
    3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS]
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'