Hi malware fighters,
A new rogue av threat is out by the name of virusdoctor.exe, which avast as shown below does not detect,
http://www.virustotal.com/nl/analisis/401dcf95d9bd425caea405d4528094d1
Removal instructions: http://malwareinformation.blogspot.com/2009/02/remove-virus-doctor-virus-doctor.html
polonus
Thanks for posting the information, Polonus. 
I think MBAM will remove this,rather than trying to do it manually
http://www.bleepingcomputer.com/malware-removal/remove-virus-doctor
Well, sure avast! doesn’t detect binaries, but has anyone tested if distribution URL is also working?
Lately, loads of rogue links have been cut off by Network Shield.
Hi RejZoR,
I am also enthusiastic of how Webshield and Network Shield are performing lately, and we should compliment the avast developers for the overall security this delivers (they even catch issues where a lot of link checkers fail).
But then, dear RejZoR, you know as well as I do what you include to go into a scanner is a choice, and for broad spectrum security whenever I can find it online I publish the manual removal schemes, and made a lot of friends that way.
I also agree with you that one has to close the vulnerability window as good as it can be closed, using one resident av solution and some other additional protection (in my case I run avast, SAS, MBAM, RUbotted, Comodo BOClean, A-squared, SpywareBlaster, non-resident av DrWebCureIt (once in a while), ClamWin. Full scans I perform every three weeks, and quick or smart scans somewhat more frequent. I use NoScript, ABP, RequestPolicy etc. inside Flock and Firefox, and the only finds I can boast about are a couple of FP’s (came with the OS) or a couple of tracking cookies,
polonus
Zero detection of these files is not uncommon when they first come out: zip, zero, nada, squat, not a sausage or a peep.
Hi FwF,
That is why we report here as soon as we see alerts somewhere, so that they will not longer stay:
“zip, zero albo zera, nic, nada, niets, nothing, not a sausage, not a peep, sausage and mash, meaning c(r)ash,”
polonus
If anybody wants to know what they look like, the Sunbelt blog is a good source of info on the latest scams.
http://sunbeltblog.blogspot.com/2009/02/new-rogue-xpyburner.html
I’ve seen a couple of these in “poisoned” Google results: you click on a search result and an “anti-virus” scan begins. It then tells you you have some serious infections and need to download the program to remove them- it’s a scam of course. Very amusing when it tells you you have a dozen Windows viruses and you’re running Ubuntu.
Hi FwF,
Thanks for the link, and yes the main infection vector now is browsing with full admin rights and a default browser installation without in-browser security. The main route of infections is script code, so if you browse with scripts disabled by the NoScript extension in Firefox or Flock browser you are safe. Using normal user rights in stead of full admin rights (or power user rights as in between) you reduce the impact of most malware drastically (92%).
Rogue av scanner installs are adding to the problem, and yes adlinks are part of the problem here for re-directs,
But it is like you report being online in linux (I with Kqemu) makes you smile at these threat reports,
polonus
Could someone clarify this? According to the Resident task settings, Avast scans all executed programs and binary files. I hope it will be able to detect Virus Doctor soon.
Detection for VirusDoctor was added with today’s VPS update - http://www.virustotal.com/analisis/485a26578c13257119b63057c8a3708e 
Hi XMAS,
Thanks for confirming, that is why we have avast installed, my friend,
polonus
Here are the latest rogues:
http://sunbeltblog.blogspot.com/2009/02/new-rogue-security-products.html
Another source of rogues is ad networks, which can pop-up ads for these scams on legitimate sites: