KernelMode.info

PostPosted:**Wed Jun 08, 2011 6:58 am**

Milestone Antivirus

20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1307516228

for spoof a referrer if you have firefox: download refspoof here ~ https://addons.mozilla.org/en-us/firefo ... /refspoof/ or RefControl: https://addons.mozilla.org/en-us/firefo ... efcontrol/
In case of refspoof, for make it work with firefox 4.* download the .xpi and rename it to .xpi.rar
Extract the install.rdf, open it with notepad and change the line

Code: Select all

<em:maxVersion>3.0.*</em:maxVersion>

by

Code: Select all

<em:maxVersion>4.*.*</em:maxVersion>

After, just repack the file and install.

print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design
redirect me on: hxxp://ziqlrrin.co.cc/?s=sF02x5vHzDPss90cW%2BxIuTF6DEG3BXiqO8QeR%2BBqhq4ii28rS%2Fbop8pxMGQ5VwgEhA%3D%3D

Abuse sent ~ http://www.co.cc/prosecution/prosecution.php
I've ripped the html page of the fake scanner if you guys are interested, btw most interesting fake scanner page i've see for the moment are the security shield one, they use base64 then rsa with a 26 or 27 bits modulo and then again base64, and this just with javascript :D
heavy to load but fun to 'depack'

PostPosted:**Wed Jun 08, 2011 7:54 am**

Xylitol wrote:print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design
redirect me on: hxxp://ziqlrrin.co.cc/?s=sF02x5vHzDPss90cW%2BxIuTF6DEG3BXiqO8QeR%2BBqhq4ii28rS%2Fbop8pxMGQ5VwgEhA%3D%3D

Yes me too. Drops this one (0 at VT), crypted and then packed by UPX. Ms Removal Tool from (c) NecroSoft, lol

http://www.virustotal.com/file-scan/rep ... 1307519223

PostPosted:**Wed Jun 08, 2011 8:53 am**

Windows Troubles Killer

What's next? Windows Problem Assassination?

PostPosted:**Wed Jun 08, 2011 9:33 am**

Windows Monitoring Utility

But Windows Problem Assassination sounds fair enough to me, ngyikp :)

PostPosted:**Wed Jun 08, 2011 9:35 am**

Windows Monitoring Utility (another sample)

9/42 >> 21.4%
http://www.virustotal.com/file-scan/rep ... 1307525147
Fake scanner: hxxp://defender-ptwvd.in/e19b21b55a730253/sa1/0/
hxxp://freetrialmail.com/red0.php
edit: ah, bitx was more fast than me

PostPosted:**Wed Jun 08, 2011 6:56 pm**

Security Essentials Ultimate Pack

They have forget to remove old strings

26/43 >> 60.5%
https://www.virustotal.com/file-scan/re ... 1307325871

----

22/43 >> 51.2%
http://www.virustotal.com/file-scan/rep ... 1307560777

PostPosted:**Thu Jun 09, 2011 2:22 pm**

Security Central

PostPosted:**Thu Jun 09, 2011 3:54 pm**

Rogue:Win32/FakePAV

a.exe
http://www.virustotal.com/file-scan/rep ... 1307634186

PostPosted:**Thu Jun 09, 2011 4:09 pm**

Windows Work Checker

PostPosted:**Thu Jun 09, 2011 4:10 pm**

@bitx

from day to day names become more and more idiotic, don't you think so? :)

KernelMode.info

Rogue Antimalware (FakeAV, 2011 year)

Milestone Antivirus

Re: Rogue antimalware (FakeAV, FakeAlert)

Windows Troubles Killer

Windows Monitoring Utility

Re: Windows Monitoring Utility

Security Essentials Ultimate Pack

Security Central

Rogue:Win32/FakePAV

Windows Work Checker

Re: Rogue antimalware (FakeAV, FakeAlert)