Is it just me, or are they pushing rogues at download.com? hxxp://www.download.com/Anti-Spyware/3000-8022_4-10852406.html?tag=mncol&cdlPid=10852407

Virus Total analysis of installer http://www.virustotal.com/analisis/e3498d5...9c28b794a77667b

Hmm, it is removed now. I will upload the installer setupxv.exe

according to this article, yes, malware was being distributed through ads at "download.com":

http://malwaredatabase.net/blog/index.php/...ownloadcom-ads/

Saw it yesterday. They were advertising XP Antispyware 2009 at the time.

This was not the ad. Google translated from danish language http://translate.google.com/translate?u=ht...sl=da&tl=en

I've been monitoring several urls for 0day samples of that particular named setupxv.exe file. I wonder if it's the same. Either of you still have it? If so, please attach it here.

"Upload failed. The file was larger than the available space".

I emailed it to Marcin right after my first post.

Hello Dustin

I will pm you a site, where you can pickup the google ads for the setupxv.exe! you'll be very suprise.

Uploaded it here http://up-it.dk/dl/q9p/

It is definately a rogue. This is the one:

http://camas.comodo.com/cgi-bin/submit?fil...dd7b818de3bc74d

http://www.emsisoft.com/en/malware/?Adware....AntiSpywareApp

is malware bytes effective enough to remove the rogue programme antispyware 2009 or do i have to access the registry to remove it?