KernelMode.info

PostPosted:**Mon Jan 13, 2014 5:32 pm**

Windows Prime Booster

PostPosted:**Tue Jan 14, 2014 12:21 pm**

Smart Guard Protection - Malware Security Suite

looooool

捕获3.png (86.77 KiB) Viewed 887 times

PostPosted:**Wed Jan 15, 2014 6:57 pm**

Windows Prime Shield

PostPosted:**Fri Jan 17, 2014 10:28 am**

Windows Prime Shield

VT 1 / 47
https://www.virustotal.com/en/file/9275 ... 389954409/

捕获3.png (87.61 KiB) Viewed 807 times

PostPosted:**Sun Jan 19, 2014 10:58 am**

Code: Select all

hxxp://zhnskks.servehttp.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvJheVQzm+YhzfWz1MPnw1S6zBdyf5Nf5Siz6QlCgCm4K+ByoM=

Empty file for me :(

PostPosted:**Mon Jan 20, 2014 4:52 pm**

PostPosted:**Sat Feb 01, 2014 6:21 pm**

Found this on a customer's machine today. Same old variant still using svc-Random.exe. they are really changing the name on these guys a lot this time around

PostPosted:**Sun Feb 02, 2014 2:50 am**

2 Samples of Windows Safety Master

install.exe-VT:https://www.virustotal.com/en/file/b7a7 ... 391307981/

svc-wtis.exe-VT:https://www.virustotal.com/en/file/2c2d ... 391308047/

PostPosted:**Sun Feb 09, 2014 11:05 pm**

Another one of the Windows FakeAV, still using the same components... just changing up the name. Looks like a lot of this is coming from those fake Microsoft Security Essentials pop-ups, at least for the people I have talked to.

PostPosted:**Mon Feb 10, 2014 11:06 pm**

More samples with VT results
https://www.virustotal.com/en/file/164c ... /analysis/
https://www.virustotal.com/en/file/f2cd ... /analysis/

KernelMode.info

Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Re: Rogue Antimalware (FakeAV, 2014 year)

Windows Antivirus Master

Re: Rogue Antimalware (FakeAV, 2014 year)