Page 32 of 34
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Fri Dec 16, 2011 7:18 pm
by Cody Johnston
XP AntiSpyware 2012
http://imgur.com/hYupd
http://www.virustotal.com/file-scan/rep ... 1324000564
Very low detection rate: 2 /42 (4.8%)
Also, there is no place to enter serial on this one.
EDIT: Picture link corrected
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Dec 17, 2011 4:51 am
by BachMinuetInG
TeamRocketOps wrote:XP AntiSpyware 2012
http://imgur.com/hYupd
http://www.virustotal.com/file-scan/rep ... 1324000564
Very low detection rate: 2 /42 (4.8%)
Also, there is no place to enter serial on this one.
EDIT: Picture link corrected
That is a 'registered' version of an 'unregistered' software. Weird though...
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Fri Dec 23, 2011 12:33 am
by BachMinuetInG
WHAT IS THIS?
hxxp://malwarebytesdownload1.org/
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Fri Dec 23, 2011 1:24 am
by Grinler
Looks like someone is trying to capitalize on MBAM's name.
Not familiar with what they are peddling, but looks like standard crapware.
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Fri Dec 23, 2011 3:24 pm
by Xylitol
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Dec 24, 2011 2:30 am
by BachMinuetInG
Security Defender
Security Defender files... This seem to be very rapidly spreading. :o :o
Large collection. :)
No password. Plus:
Posting up photos of the different browsers 'fake scanner' interface here:
http://xwxprod.tk/
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sun Dec 25, 2011 10:51 am
by Xylitol
Home Security Solutions
xmas fakeav
16/43 >> 37.2%
http://www.virustotal.com/file-scan/rep ... 1324809754
That won't extract payload for me, if someone can provid (HSf48_7.exe or something like this)
edit: alright it's in attach
http://www.virustotal.com/file-scan/rep ... 1324818695
Code: Select allc:\mvelbaneim11\ncipnaiareu.kla
$report=%s&appType=%1d&mid=%s&ls=%s&uid=%s&wv=%s&pid=%s&isStart=%d$
D:\Work\AdwareProjects\DeskTopWork\Cleaners\VirusDoctor
SOFTWARE\BitDefender\
SOFTWARE\KasperskyLab\
SOFTWARE\4\
SOFTWARE\3\
SOFTWARE\Zone Labs\ZoneAlarm\
SOFTWARE\Eset\Nod\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebrootDesktopFirewall.exe\
SOFTWARE\Symantec\Norton AntiVirus\
SOFTWARE\Sophos\SAVService\Application\
SOFTWARE\rising\Rav\
SOFTWARE\KasperskyLab\InstalledProducts\Kaspersky Anti-Virus Personal\
SOFTWARE\Data Fellows\F-Secure\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E58B329B-FB28-4874-90DE-0D7CB2709267}\
SOFTWARE\BitDefender\BitDefender Antivirus 2008\
SOFTWARE\AVG\
SOFTWARE\ComodoGroup\CDI\
SOFTWARE\Agnitum\Security Suite\
Virus1Doctor1Installer1Mutex1
ls;bid;uid;"http://trdatasft.com;trdatasft.com
SetupRelease.cab
SetupReleaseXP.cab
http://76.73.19.182/
TMainWindowHSS!HOME_SECURITY_SOLUTIONS_UNINSTALL
HomeSS.exe
HOME_SECURITY_SOLUTIONS_APP0http://www5.thebest-av-foryou.com/uninstall.php?
SetupReleaseXP.cab
Setup.exe
Home Security Solutions!HOME_SECURITY_SOLUTIONS_APP_CLOSE/http://save-secure.com;http://securityearth.net
reports/get_install_file.php
/index.php
/index.php
WDC WD3200AAJS-00YZCA0
WD-WCAYU4523231
• dns: 1 ›› ip: 76.73.19.180 - adresse: WWW5.THEBEST-AV-FORYOU.COM
• dns: 1 ›› ip: 76.73.19.178 - adresse: SECURE1.SMARTWASUITE.COM
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Tue Dec 27, 2011 6:31 am
by rkhunter
XP Antispyware 2012
Blocked programs to run, process explorer, for example.
VT (5/42, 11.9%)
Responce to kigutohigazem.com.
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Tue Dec 27, 2011 11:40 am
by BachMinuetInG
FakeAV Please wait! This is important we check your device, VClean_Setup.exe
hxxp://onlinescanner.ru/scanner/?param=158#9
Attachment will be posted later on.
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Dec 28, 2011 5:17 am
by rkhunter
XP Antispyware 2012 -> Rogue:Win32/FakeRean (MS)
Full description
http://www.microsoft.com/security/porta ... 2fFakeRean.
