Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Tue May 03, 2011 9:25 am
by Xylitol
Fake scanner pages
PostPosted:Tue May 03, 2011 11:38 am
by ngyikp
You need to spoof the referer in order for most of it to work, if you don't, you either get a fake 404 or redirected to google.com
hxxp://mercadorpersa.com.br/KkxO7pT/
hxxp://www.mypuppylicious.com/xpWSXzT/
hxxp://www.digc.com.mx/zr-guggenheim-museum-wiki/
hxxp://gereedschapwinkelplein.nl/mx-prince-charles-age/
hxxp://www.baraniak.eu/lp-news-channel-9/
hxxp://hailhousecall.com/oqsdd.php?id=fantasy%20baseball%202011%20rankings
hxxp://casaa.net/pnhbd.php?off=jane%20austen%20bio
hxxp://beaconofhopeministry.org/sbxct.php?do=who%20won%20the%20oscars%20in%202011
hxxp://healthylifestylecontest.com/sxhfp.php?on=bocelli%20concert
hxxp://wingsofgoldmc.com/xzjbs.php?t=beads%20of%20courage%20pepsi
hxxp://www.perryogden.com/yjtpx.php?sell=comed%20chicago
hxxp://houseofjoy.info/ugueh.php?go=strangers%20no%20more%20karen%20goodman
hxxp://jimcraigmyle.com/icqdt.php?m=gamespyid.com
hxxp://formmail.zwebsolutions.com/appearance/dish/page.php?k=operation-flashpoint-red-river-ign
hxxp://scaner-ccinf.tk/
hxxp://64.120.250.131
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed May 04, 2011 11:56 am
by Xylitol
AntiVirus Antispyware 2011 / CleanThis / MS Removal Tool
All repack, low detection.
.: AntiVirus Antispyware 2011
VT: 1/42 >> 2.4%
https://www.virustotal.com/file-scan/re ... 1304508668
.: CleanThis
VT: 3/41 >> 7.3%
http://www.virustotal.com/file-scan/rep ... 1304510960
.: MS Removal Tool
VT: 4/41 >> 9.8%
https://www.virustotal.com/file-scan/re ... 1304509604
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Thu May 05, 2011 1:31 am
by Triple Helix
Fake AV! If you go back to the link below it downloads another updated version like in the second VT link!
hxxp://www1.netsmartscanre.0ze.net/bvehfjzat4?o9flwm8=k6%2FU4LTPm97f4%2BLZh%2Bfd16CTpquL36LKqaqTmdDH5rC9tLma39aen6KblajZqe7jb5TH3deqw9G6uYnW09jf43bV1eHRn5TI17Cwopjd46Cap6CXpGuUnbCjZqadmubhwubp5qCH5dvJrHGbpJ3hrNqi2KTOlqWkqJyUp9iL46yjnaqdbKOaraejlZjY4tDC1%2BCi5rDdn6Xgpc%2FX6NrWyNPm4NyP1%2BXM4Z6UzeuTq9nQ3bDR0ujl59bVlOTK1XbO4OvdXaGmmaWzhqS63NzM1tnY6a7H0aXfrZOXuuPS0OLg2IiTtJeYtZO9uuHPa9aZ1crZ0b7hwdnDv5eYs16ZsJs%3D
http://www.virustotal.com/file-scan/rep ... 1304558440
http://www.virustotal.com/file-scan/rep ... 1304559625
TH
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Thu May 05, 2011 6:36 pm
by Triple Helix
thekillergreece wrote:Triple Helix wrote:Fake AV! If you go back to the link below it downloads another updated version like in the second VT link!
hxxp://www1.netsmartscanre.0ze.net/bvehfjzat4?o9flwm8=k6%2FU4LTPm97f4%2BLZh%2Bfd16CTpquL36LKqaqTmdDH5rC9tLma39aen6KblajZqe7jb5TH3deqw9G6uYnW09jf43bV1eHRn5TI17Cwopjd46Cap6CXpGuUnbCjZqadmubhwubp5qCH5dvJrHGbpJ3hrNqi2KTOlqWkqJyUp9iL46yjnaqdbKOaraejlZjY4tDC1%2BCi5rDdn6Xgpc%2FX6NrWyNPm4NyP1%2BXM4Z6UzeuTq9nQ3bDR0ujl59bVlOTK1XbO4OvdXaGmmaWzhqS63NzM1tnY6a7H0aXfrZOXuuPS0OLg2IiTtJeYtZO9uuHPa9aZ1crZ0b7hwdnDv5eYs16ZsJs%3D
http://www.virustotal.com/file-scan/rep ... 1304558440
http://www.virustotal.com/file-scan/rep ... 1304559625
TH
what kind of fake av is it???you should write the name....
I didn't run the file or files!
TH
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Thu May 05, 2011 8:55 pm
by Xylitol
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Thu May 05, 2011 11:14 pm
by Triple Helix
Thanks for the info Xylitol!
TH
PC Security Guardian
PostPosted:Fri May 06, 2011 11:14 am
by bitx
PC Security Guardian
Didn't work on Windows XP for some reasons. Setup+%ProgramData% files included.
Windows Oversight Center
PostPosted:Fri May 06, 2011 7:12 pm
by Meriadoc
Windows Oversight Center
Looks a new rouge, FakeAV, Fraud Tool.
VT -
http://www.virustotal.com/file-scan/rep ... 1304704474 -
4/41
Privacy Protect REALSAFE
PostPosted:Fri May 06, 2011 11:25 pm
by Xylitol
Privacy Protect REALSAFE
