Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Sep 05, 2012 10:10 am
Live Security Platinum.
When u select it you get to see a new icon. ;)
When u select it you get to see a new icon. ;)
KernelMode.info
A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/
Rogue Antimalware (FakeAV, 2012 year)
Page 41 of 46
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Sep 19, 2012 8:17 am
Live Security Platinum
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Sep 22, 2012 2:19 am
System Progressive Protection
VirusTotal
https://www.virustotal.com/file/626e918 ... /analysis/
Main window with embedded detections.
Security status.
Purchase form.
Uses usual autorun reg entry. Terminates running GUI programs with fake alert messages. Another reincarnation of the Security Shield. Thanks for sample to markusg.
VirusTotal
https://www.virustotal.com/file/626e918 ... /analysis/
Main window with embedded detections.
Security status.
Purchase form.
Uses usual autorun reg entry. Terminates running GUI programs with fake alert messages. Another reincarnation of the Security Shield. Thanks for sample to markusg.
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sat Sep 22, 2012 6:55 am
Thanks
One more sample:
One more sample:
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Tue Sep 25, 2012 6:00 pm
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sun Sep 30, 2012 5:36 pm
Hi All, :D
Windows Security 2012
With Necurs Rootkit.
Web Links -
hxxp://scan-av-fis.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11QWjkoL4jZPxOUaKMDkhQ==
hxxp://winsecsys6.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO1wcUi0le4mQcw lMfsTkhQ==
hxxp://great-antispy2012.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11oT30sOsTccyupJI5PkhQ==
Above url carry same file.
Attached file includes rootkit driver and dropper and sandboxie BSA reports.
Regards,
rough_spear. ;)
Windows Security 2012
With Necurs Rootkit.
Web Links -
hxxp://scan-av-fis.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11QWjkoL4jZPxOUaKMDkhQ==
hxxp://winsecsys6.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO1wcUi0le4mQcw lMfsTkhQ==
hxxp://great-antispy2012.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11oT30sOsTccyupJI5PkhQ==
Above url carry same file.
Attached file includes rootkit driver and dropper and sandboxie BSA reports.
Regards,
rough_spear. ;)
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Sun Sep 30, 2012 6:53 pm
Do the rogue produces visible screen for anyone? Or is it VM-protected?
rough_spear wrote:Hi All, :D
Windows Security 2012
With Necurs Rootkit.
Web Links -
hxxp://scan-av-fis.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11QWjkoL4jZPxOUaKMDkhQ==
hxxp://winsecsys6.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO1wcUi0le4mQcw lMfsTkhQ==
hxxp://great-antispy2012.com/?c=RaEMLDkYzTQrhIQYxO3aByW/zb7zW2GSiNy 2HVZf8nAl VQznWWinHO11oT30sOsTccyupJI5PkhQ==
Above url carry same file.
Attached file includes rootkit driver and dropper and sandboxie BSA reports.
Regards,
rough_spear. ;)
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Mon Oct 01, 2012 7:17 am
XP Defender 2013
Low detection on VT: 2/42
https://www.virustotal.com/file/910e1f4 ... /analysis/
MD5: d016624eda407bce8982b029631e7ec8
Low detection on VT: 2/42
https://www.virustotal.com/file/910e1f4 ... /analysis/
MD5: d016624eda407bce8982b029631e7ec8
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Mon Oct 01, 2012 3:28 pm
Key:
Code: Select all
3425-814615-3990Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Mon Oct 01, 2012 5:12 pm
Win32:Virut wrote:Key:Is this for the XP Defender 2013 ?Code: Select all3425-814615-3990