Top 10 Malware Applications

digging deep into windows 7 defrag

Welcome to all PC Matic and Super Shield users. Someone asked me the other day, “How many viruses are running around out there?” That’s a great question. If you read all the press, there are millions and millions of viruses out there constantly trying to attack our computers and get our credit cards. I usually take all of those reports with a grain of salt, since the people making these reports want us to buy more of their security software. Then it occurred to me. We actually know the answer to this exact question based on the experience of our Super Shield installed base.

Super Shield is a very different protection than any of the other security solutions (free or not) on the market. Super Shield does two things 1) Super Shield employs a white list and blocks all things not on the white list and 2) Super Shield records everything to our servers enabling PC Pitstop to have an unprecedented view on the state of malware.

Here’s the Super Shield data for the days between June 14-20, 2012

Unique Computers 17,136

Bad Good Unknown Total
Hits 23,884 8,320,391 1,656 8,345,931
Percent 0.29% 99.69% 0.02% 100.00%

Based on this data, there is only a .05% chance that a process is indeed a malware. This is not a very good measure of malware because there are a lot of legitimate processes that run literally dozens of times per day per computer. This is not necessarily good, but it is not evil either. Examples of these out of control legitimate processes are wmpnscfg.exe by Microsoft and GoogleUpdate by Google. Another way to analyse prevalence is what % of the unique files and the picture changes dramatically.

Bad Good Unknown Total
Files 5,644 170,036 796 176,476
Percent 3.2% 96.4% .4% 100.0%

The chance goes up to 3.2%. This means if you are running a file on your computer that you have not seen before, then there is a 3.2% chance that it is bad. That’s a pretty high number and certainly reason for caution. Essentially, one out of thirty files downloaded from the internet are bad.

A note to all PC Matic users. If you are not using Super Shield, please use it. Super Shield blocks a lot more bad files than any other product on the market. It is included as part of PC Matic, so you might as well take advantage and the more people that use Super Shield, the more data we have to analyze the trends in PC security.

Here are the top 10 bad software in the last week. The top 10 represent well over 1/2 of all the bad software blocked in the last week.

Top 10 Malware June 14-20, 2012
Rank Name Product Author Signed Hits
1 MyWebSearch.J (v) MindSpark Toolbar Platform SearchScope Monitor MindsPark signed 4463
2 F0C7.exe Unknown Unknown unsigned 1726
3 485E.exe Unknown Unknown unsigned 1350
4 8ECAA.exe Unknown Unknown unsigned 1324
5 64CB.exe Unknown Unknown unsigned 1093
6 GamePlayLabs (v) I Want This 215 Apps signed 609
7 1DE1.exe Unknown Unknown unsigned 490
8 I Want This.exe I Want This 215 Apps signed 383
9 Trojan.Win32.Generic!BT Unknown Unknown unsigned 342
10 Ocl.exe Unknown Sun Microsystems, Inc. unsigned 326

The Top 10 list gives us a surprisingly interesting look into the world of malware. The #1 malware for the week is made by a company called Mindspark. They write games for the internet. The problem is that they also have started making shady toolbars that surreptitiously install without much user knowledge, qute similar to the really bad stuff. This is a key point. Not all malware is the same. The really bad stuff is trying to hijack your computer, and hold it hostage until you fork over your credit card. MindSpark’s stuff is not in that category but it should be removed immediately because at the very least it is slowing down your computer and using disk space plus they are just plain slimey.

The other easily identifiable application is called I Want This written by 215 Apps. This is very reminiscent of the early days of spyware with companies such as Gator and When U (both now defunct). I Want This pops coupons and other special offers on your screen. It is kind of like if GroupOn had a spyware party. Obviously this type of software is constantly monitoring your activity and makes your computer alarmingly slow and at times unstable.

#10 on the list is written by Sun Microsystems. That’s a shock. Sun? The makers of Java? You will also notice that the application is not signed. This is a common trick by malware coders. It is actually quite simple to fake being a different author. The key point is whether it is signed or not. My buddy, Bill Pytlovany, openly speculated whether it is worth the money to digitally sign his totally legitimate application. That’s a really good question. The reason that we pay money to sign our applications is to distinguish ourselves from all the slimey applications out there. The problem, as you can see in the case of Mindspark and also 215 Apps, it is entirely possible to sign your applications and still be slimey. On top of that, lots of perfectly good applications even by companies such as Microsoft and Adobe do NOT sign their applications.

All the rest of the top 10 follow a familiar pattern. They do NOT populate the name of the product nor the author and it is not signed. Although Mindspark and 215 Apps are bad, it is safe to say that they are not nearly as malicious as the ones that leave no sign of the software’s intention.

One last blatant plug for Super Shield to PC Matic users. Perhaps the largest problem in the security industry is that the malware is morphing. We all read these astonishing reports on the number of viruses in the wild. The reason the number is escalating so quickly is because each malware morphs into another executable, to make it almost impossible to defend using the old style “black-list” methods. Super Shield is the only real time protection that uses both a white list and a black list allowing it to block morphed executables.

(Visited 121 times, 1 visits today)

34 thoughts on “Top 10 Malware Applications

  1. I apparently have the funmoods malware on my desktop & have tried to remove it but it keeps coming back. Any suggestions? I’ve read that it’s more of an annoyance than destructive but it just shouldn’t be there…

    • I had the same thing. You might have to reboot from an earlier date. Try that first. If not remove it manually. I have Firefox so it was pretty easy to disable it then delete it.

  2. “Shield blocks a lot more bad files than any other product on the market.” Based on what? Verification please….

  3. I was going to leave a comment but your website requires that I have a Facebook account. I do not like Facebook nor do I recommend any one else to use it. Bad news! My comment about your article should include any if not all Malware programs that a PC user should have on their computer. There are free ones for those of us that are on a tight budget.

  4. I spent 200 bucks yesterday to have my laptop cleaned out, as I was on google trying to figure out how to watch movies online for free and somehow picked up a nasty thing called Incredibar. It hijacked my browser, took over my home page and was directing me to alternate sites on the net. I did find an icon on the desktop which I put into recycle bin for the tech guy to look at, and it appeared there as Vgrabber. Who makes this dam thing? Id sure like to know.

    • @Pat Carlson:

      Funny same thing happened to me and everyone associates with yahoo could fix it for $200.00 and I pay for my yahoo account. I suspect that all these people are in the same room. Call Yahoo for assistance and you get sit and a phone number to someone in Bank-cock whose engineers show step by step what is wrong with my computer and 5 hackers that were using my computer. Passwords were changed etc.

  5. I cannot get rid of the following pop-up window on my desk top. The window says: "There is a new up-date of Super Shield available. Would you like to install it now?"

  6. Don´t forgget the new plague Babylon that infests the computer and is so difficult to remove that it is easier to make a reinstallation! Beware!!!

  7. What about Rogue Malware like “Open Cloud Security” and all those similar to it? I have had to remove many of these with great difficulty. What do you know about preventing them from getting in your system?

  8. Whay about winhgeq.exe? Searching the web only give some vague results about removing, but no comments about source or associated application. Please give us some clue

  9. I would pay good money to know how to get rid of MyStart Incredibar! Every time I open a tab it jumps to this: mystart.incredibar.com/mb128?a=6PQBrTXzlu&loc=FF_NT

    VERY annoying! grr.

    • You might go to msconfig tab and uncheck the program. Then go to the services tab and put a check on “hide Microsoft services and find your program that’s annoying you and uncheck it too. Hope that helps.

Leave a Reply

Your email address will not be published. Required fields are marked *