Especially their program Smart Scan, apparently a modded Woron Scan version, is sending your IMSI, ICCID and Ki to a third party,
using the Lydra Trojan.

If you already installed software from them, check your Windows Dir and look for files like syswin.exe, lsassv.exe, regedit2.exe (the changed file regedit.exe is a trojan file).
Also in the directory: servicew.exe, calc.exe and calc2.exe (both trojan files),
If you don't have a software firewall, you'll in trouble since these programs connect to a certain IP address.

An easy way to find out if the files mentioned are trojans is to look for the string "johnhayward843@yahoo.co.uk" in it.
Caution: most antivirus/antitrojan programs DO NOT find this trojan once it is in place. Deleting the files doesn't work either,
even if you "unlock" and delete them. They're back as soon as you restart Windows.

Beware of TROJANS and MALWARE, DO NOT download from them, also DO NOT buy from them since some of the claims they make are false.

Don't say you haven't been warned!

Here is a "proof", how vicious this trojan is (only one scanner found it):

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.8.3.0 2007.08.08 -
AntiVir 7.4.0.57 2007.08.08 -
Authentium 4.93.8 2007.08.08 -
Avast 4.7.1029.0 2007.08.08 -
AVG 7.5.0.476 2007.08.08 -
BitDefender 7.2 2007.08.08 -
CAT-QuickHeal 9.00 2007.08.08 -
ClamAV 0.91 2007.08.08 -
DrWeb 4.33 2007.08.08 Trojan.LydraSpy.1205
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5043 2007.08.08 -
Ewido 4.0 2007.08.08 -
FileAdvisor 1 2007.08.08 -
Fortinet 2.91.0.0 2007.08.08 -
F-Prot 4.3.2.48 2007.08.08 -
F-Secure 6.70.13030.0 2007.08.08 -
Ikarus T3.1.1.12 2007.08.08 -
Kaspersky 4.0.2.24 2007.08.08 -
McAfee 5093 2007.08.08 -
Microsoft 1.2704 2007.08.08 -
NOD32v2 2444 2007.08.08 -
Norman 5.80.02 2007.08.08 -
Panda 9.0.0.4 2007.08.08 Suspicious file
Prevx1 V2 2007.08.08 -
Rising 19.35.22.00 2007.08.08 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.07 -
Symantec 10 2007.08.08 -
TheHacker 6.1.7.164 2007.08.08 -
VBA32 3.12.2.2 2007.08.07 -
VirusBuster 4.3.26:9 2007.08.08 -
Webwasher-Gateway 6.0.1 2007.08.08 -

Thank you for the information!!

How did you remove it?

Thank you for the appreciated advice

Analysed trojan! Thanks for that notice 997TT !!

1. Download: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
2. Run it!
3. Open a "Run Application" and type in "msconfig"
4. Under "systemstart" delete the entry "lsassv.exe".
5. Wait until the scanner finished.
6. Reboot
7. scan agan and delete all files which infected.

Try Max Spyware Detector, a very good detection/cleaning program.
The Detection engine is FREE, download it from their site: www.maxpcsecure.com .
Sometimes it gives false alarms but only sometimes.
If it finds the Trojan Lyra...well...

You can buy this program, you can buy others (Spysweeper from Webroot is very good too) or you can try to find freeware which works.

Only one hint: after a "removal process", double check if the trojan really has been removed. Another problem: it may "sense" that you're using a anti-spyware program, crashing your Windows installation. If you're lucky, you can restart, if not, you need the recovery console to repair your Windows installation.

I was lucky enought that I read about the www.kiscan.net website on another IT Security website and I used an old PC (my "honeypot" ) for testing www.kiscan.net and some of the programs offered there . It is definetely TRUE, this site should be AVOIDED!!!

Thank you guys! Removed perfectly!

i downloaded the program they had and saved it so that i can try it when i went to work ( where i have access on a wintel machine ) thank god im on a mac and thank god i never ran that program ! would have been screwed at work !

Wow 997TT. How did you generate this huge list of antivirus programs and their failure to detect the trojan? You have them all installed on your PC?

In net we have some multiscanner systems, you can submit a file and its scanned by lot's of scanners. I do the same with the suspecting files.

Precisely.

A little addition:

if you cracked your KI with that better watch out for abuse on your bill.