Windows Police Pro Malware is one of the more recent rogue Ransomware or Crimeware threats on the scene these days. While it is not new and has been around a few months, it is constantly evolving and bringing other more serious Malware along with it. This article will focus mainly on this area.

Windows Police Pro is part of the Windows Antivirus Pro family of Malware. For many of these rogues, the most common and concerning issue are the pop-ups, redirects, and constant “reminders” to buy their product and steal your money. While this is certainly a serious issue and quite annoying, there are more serious threats that come along with some of these rogues.

The particular sample that is analyzed here goes by the name of load.exe. Here are the results from Virus Total (a scanner that analyzes the file with about 40 different scanners in one shot).

Virus Total Results

As you can see from the results, only 1 in 4 scanners identified the file as bad on the day it was scanned (note that this will change over time as the security vendors update their definitions). So chances are your Antivirus or security program will not detect this file is bad if downloaded.

Once the file has been run, after a few seconds you will start to see the usual pop-ups, nags, and redirects that come with these rogues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

These are what I would consider the annoyances with this Malware and we certainly don’t want to give the crooks our credit card number. But more serious is what comes along with this Malware. Here is the analysis from Threat Expert.

Threat Expert Analysis

If you look carefully through that analysis you will see some pretty concerning functions of the Malware. Several of the files that are installed once the Malware has run, such as sdra64.exe and svohost.exe, have backdoor keylogging capabilities. This Malware has the ability to:

• Log all keystrokes (including passwords and account numbers)
• Capture screen shots
• Download more Malware
• Installs a bot that allows the attacker complete administrative control over your computer
• Rootkit technology to hide itself

Folks, it really doesn’t get much worse than this. One of the first things we advise people who come for our help in forums when we see Malware this serious is to contact all of your banks, credit cards, Paypal, ect…. (whatever services you use online that you don’t want others to have) from a clean computer. Do not use the infected computer to contact them or make any changes.

Next thing to do is get to one of the Malware removal help forums for an expert opinion on what to do next. You may be advised to wipe the drive clean and re-install. Or the expert may be able to help you get cleaned up if you don’t have the resources to re-install or the infection is not that serious. But depending on the Malware found this can be a risk.

There are many ways this Malware can be picked up. Through file sharing, fake video codecs, poisoned web pages, and many more. Simply avoiding the high risk activities like file sharing and not downloading “unknown” files, will go a long way toward staying clean. This along with a good prevention plan provides the safest online experience.

Regards and I look forward to your comments,

Dave aka IndiGenus

Well, this is the first post that my blogging software, WordPress, puts in by default. Considering the fact that I’m in the process of learning software coding I figured I would leave the title as is. As any coder knows that Hello World! is typically the first new program introduced when learning any new language. So the title stays…

Hope you enjoy the articles here and feel free to leave feedback.