KernelMode.info

Hi,

here sample for Windows Custom Safety

- maddy

Just me thats gets tired on Fake.Vimes fakeavs? Because there is so many versions of them:/

devstaff wrote:Just me thats gets tired on Fake.Vimes fakeavs? Because there is so many versions of them:/

It because they all basically the same. Only redesigned GUI and randomized names. I remember 3 year ago I could go on MDL and download bunch of FakeAV's and most of them were totally different - different design (not only GUI), different distribution group etc. All ended in 2010. Now boring crap mostly from Severa and ko.

EP_X0FF wrote:Now boring crap mostly from Severa and ko.

Severa isn't in spam/pharma business ?

Xylitol wrote:

EP_X0FF wrote:Now boring crap mostly from Severa and ko.

Severa isn't in spam/pharma business ?

Security Shield type FakeAV associates for me only with this guy as it initial promoter. Dont really know if he still promotes it distribution directly like before. But yes you right, last time I saw it was speaking about spam services based on his own mailer :)

Kaspersky Internet Security 2013

tre.exe - Trojan.Win32.FakeAV.oddg

New malicious software was found in this file. It's
detection will be included in the next update. Thank you for your help.

XP/Vista/Win 7 Antivirus Pro 2013



VT 11/42:
https://www.virustotal.com/file/6b81b3a ... /analysis/

Puts file association in HKCU\Software\Classes\.exe to start itself

Hello,

XP/Vista/Win 7 Antispyware Pro 2013

File attached.

Win32:Virut wrote:Hello,

XP/Vista/Win 7 Antispyware Pro 2013

It launches antivirus Pro 2013 version for me, not antispyware ?

gied wrote:

Win32:Virut wrote:Hello,

XP/Vista/Win 7 Antispyware Pro 2013

It launches antivirus Pro 2013 version for me, not antispyware ?

This one has random names. Sometimes may be slightly different than what was originally posted. Still same infection though.