KernelMode.info

Grinler wrote:That first image really makes it looks like its a product by returnil.

I send EP_X0FF a PM with a new link of an image of these malicious program whitout a Returnil logo.

Grinler wrote:After looking at it more, I remember this prog from a while back.

I was already surprised when MBAM detects this (semi)-rogue-program as well with a comment 'Antivirus 2008'.
So far as I know this program is back in circulation i guess.

IMHO it is more a (semi)-rogue-program like Nava-Shield, or am I wrong?

Quite honestly the nava shield was just a bizarre app. I really have no idea how to classify that program as it was/is truly unique in the weird crap it did.

AntiSpyware, to me, is more of rogue due to the business practices of the company rather than the program itself. The program can easily be removed, does not offer an overt amount of scammy and deceptive false positives, and does not hijack any functionality on the computer.

Xylitol,

Can you attach a copy of the Security Defender that you posted? http://xylibox.blogspot.com/2011/10/sec ... ender.html

It appears to download the installer from the internet but my sample will not connect. Do you have a working sample that will connect, or even better a full installer? Thanks.

Attached is the sample I have.

rsav wrote:Xylitol,

Can you attach a copy of the Security Defender that you posted? http://xylibox.blogspot.com/2011/10/sec ... ender.html

It appears to download the installer from the internet but my sample will not connect. Do you have a working sample that will connect, or even better a full installer? Thanks.

Attached is the sample I have.

here you go ~ http://www.kernelmode.info/forum/viewto ... =290#p9421

Xylitol wrote:

rsav wrote:Xylitol,

Can you attach a copy of the Security Defender that you posted? http://xylibox.blogspot.com/2011/10/sec ... ender.html

It appears to download the installer from the internet but my sample will not connect. Do you have a working sample that will connect, or even better a full installer? Thanks.

Attached is the sample I have.

here you go ~ http://www.kernelmode.info/forum/viewto ... =290#p9421

I have tried running the installer, dll and shortcut. But nothing. Any suggestions?

Maxstar wrote:I send EP_X0FF a PM with a new link of an image of these malicious program whitout a Returnil logo.

Image replaced.

Security Defender's website was up and down in an hour. What can you expect? The rundll32 does not work, by the way. Running Windows 7 without Antivirus also does not work. Any suggestions?

And by the way, anyone can upload the semi-rogues (full package, not installer, preferred.) ?

Security Defender

hxxp://yourowndefence.net
hxxp://scan60.neosit.in/index.php?Q33hFdRQbe1GhHqjMxNONixvAH+7RGMorWX+3BAL5zeCtyBYiGI+ZQM74p/sPVgUs9+nDCsSHboxL5l/o6LCMVWgO96M2uDLP+JRKxdGu1QP9BolRQLnvq0V4KOHqQ==#9

Adds registry key:

BB532651-A56C-A774-FA64-E01E2314869B, "C:\Windows\system32\rundll32.exe" "C:\Users\XWXProductions\AppData\Roaming\BB532651-A56C-A774-FA64-E01E2314869B.avi", start minimized

Fake scanner running on my mobile:
http://imageshack.us/photo/my-images/805/img5468d.jpg/

http://imageshack.us/photo/my-images/843/img5464y.jpg/

Uploaded full package when install.
(Files)

nevermind.

Security Defender. Working installer. Works right now, might not work later on.