ガンマグループspywareとは一体、何だったのだ？ 2013.09.24 今朝、Firefox Setup 23.0.exeをかけた。必要ない行為だが結果として １．norton power eraserがmalwareを１つ検出した ２．SuperANTISpywareがTrojan Gen-FraudPackを検出した このTrojan Gen-FraudPackが実質的なガンマグループspywareだと考えるようになった。 英語ソース 引用 http://www.enigmasoftware.com/trojanfraudpackgen-removal/ Trojan.FraudPack.Gen Description Trojan.FraudPack.Gen is packed with a packer that is used extensively by several other malware infections. This is used to make detection or removal much more difficult than normal. Trojan.FraudPack.Gen has two main components, one that is associated with rogue security programs and one that is associated with adware pop-ups. Trojan.FraudPack.Gen makes changes to the Windows Registry that can be unsafe to the infected computer. It also requests files from a remote server. ESG security researchers strongly recommend removing Trojan.FraudPack.Gen with an anti-malware application. Because of the packer that this Trojan uses, make sure that the anti-malware program that is used is updated, or it will not be able to detect these kinds of components. You should also make sure that you have not downloaded and installed a fake security program as a result of Trojan.FraudPack.Gen infection. Trojan.FraudPack.Gen has two main components: one that is associated with rogue security applications, and one that is associated with adware. The first component is designed to change the Internet Explorer homepage and security settings. It also displays fake error messages that claim that the computer has been infected. Trojan.FraudPack.Gen will attempt to convince you to download a specific rogue security program, such as the Security Scanner fake anti-virus. Rogue security programs are fake computer security applications that are used as part of a scam to steal a victim’s money. Instead of fixing problems on the infected computer, they cause the computer to behave erratically and crash frequently. They also spam the victim with constant fake security alerts. This is all done to convince the victim to pay for a “full version” of the fake security application in order to fix these problems – the very problems Trojan.FraudPack.Gen is causing itself. Trojan.FraudPack.Gen is also associated with a number of different registry entries and adware components. ESG security researchers strongly advise removing these immediately. These belong to several different, unrelated malware programs and can cause a whole series of different problems on the infected computer. Trojan.FraudPack.Gen may also include components designed to monitor your online activity, track your keystrokes and send your personal information to a remote party. It is because of this that ESG security researchers consider that removal of Trojan.FraudPack.Gen should be a top priority. Type: Trojans How Can You Detect Trojan.FraudPack.Gen? Are you unable to open programs in Windows? Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Advice: Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner. 引用終わり これは結局、SpyHunterというセキュリティー・ソフトの売り込みなのだが、説明に思いあたる部分があり、ダウンロードしてみた。そのデモ版を走らせていると、終わりにかけて急にOSが終了した。勝手に再起動した。つまり セキュリティー・ソフトがmalwareに負けたのだ そこで考えたのだが、実際のところ、ガンマグループspywareとはTrojan.FraudPack.Genでは無いのか？特徴がそっくりだ。特徴とは １．圧縮されているために検出しにくい(pack - unpack) ２．改竄されたセキュリティー・ソフトと広告ポップアップソフトからなる ３．registryに書き込み、外部サーバーからファイルを呼び込む ４．個人情報を盗み、キー入力を盗み、自分たちのサーバーに情報を送る 何故、セキュリティー・ソフトがmalwareに負けるのか？実はこの部分でマイクロソフト社を疑っている。何らかの高い次元のアクセス権限をOSがmalwareにあたえるために、OSがmalware削除を妨害してしまう。 非常に乱暴な結論だが （ここまで書いたところでPCがフリーズしました。残りは明日以降）