Do not Install, I’m malware!


We received an email from ‘Instant Spyware Remover’, saying that Emsisoft Anti-Malware have a false positive, detecting their application as malware. Alright, to prove it, I downloaded the latest installer from www.InstantSpywareRemoval.com as they say, and tested it on a clean machine.

Then, what I found next was very interesting and made me laugh: this ‘security application’ is detecting itself as malware!  In other words it says: “Hey, I’m malware, no need to be checked further!”.

To remove this infection (their own) I have to pay $34.95, with Christmas Special offer. No, thanks! ;)

We found that the files are digitally signed on behalf of Qiwang Computer (or Guangxi Nanning Qiwang Computer Ltd). It’s not really surprising, because Qiwang Computer is also author of these rogue security products: SpywareCease, RegistryEasy, RepairError, etc.

Whois record of InstantSpywareRemoval.com:

Administrative Contact:
BestQi.com
Luo Gang ([email protected])
+86.13768395729
Fax:
Huojulu Yinda Huanyuan 5dong 2danyuan 212#
Nanning, GUANGXI 530000
CN

Technical Contact:
BestQi.com
Luo Gang ([email protected])
+86.13768395729
Fax:
Huojulu Yinda Huanyuan 5dong 2danyuan 212#
Nanning, GUANGXI 530000
CN

Registrant Contact:
BestQi.com
Luo Gang ([email protected])
Fax:
Huojulu Yinda Huanyuan 5dong 2danyuan 212#
Nanning, GUANGXI 530000
CN

Okay, now take a look at this:

Feel deja vu? Yes, that’s same application but using different name and logo. This application is taken from www.BestSpywareScanner.net.

We found another site/company related to Qiwang Computer, there is www.cheesesoft.com (CheeseSoft Ltd.) and www.acautilities.com (ACA Utilities). And the following is whois record for both addresses:

Domain name: cheesesoft.com

Registrant Contact:
Guangxi Nanning Qiwang Computer Ltd
Luo Gang ()
Fax:
Keyuan Dadao Kechuang Dasha 626
Nanning, GUANGXI 530003
CN

Administrative Contact:
Guangxi Nanning Qiwang Computer Ltd
Luo Gang ([email protected])
+1.3768395729
Fax:
Keyuan Dadao Kechuang Dasha 626
Nanning, 530003
CN

Technical Contact:
Guangxi Nanning Qiwang Computer Ltd
Luo Gang ([email protected])
+1.3768395729
Fax:
Keyuan Dadao Kechuang Dasha 626
Nanning, 530003
CN

Domain name: acautilities.com

Administrative Contact:
Luo Gang ([email protected])
+86.13768395729
Fax:
Keyuan Dadao Kechuang Dasha 626
Nanning, Guangxi 540003
CN

Technical Contact:
Luo Gang ([email protected])
+86.13768395729
Fax:
Keyuan Dadao Kechuang Dasha 626
Nanning, Guangxi 540003
CN

Registrant Contact:
Luo Gang ([email protected])
Fax:
Keyuan Dadao Kechuang Dasha 626
Nanning, Guangxi 540003
CN

Looks similar, this is the same guy?

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Emsisoft Anti-Malware detects these rogues as Adware.Win32.InstantSpywareRemover, and Adware.Win23.BestSpywareScanner. To remove this infection, please update your anti-malware, run a full scan on all drives and move all detected items to the quarantine.

Arief Prabowo

What to read next