KernelMode.info

EP_X0FF wrote:

rough_spear wrote:Hi, ;)
One more Fake AV.

This is Total Protect FakeAV written on dot net.

It is aggressive - terminating starting application with fake virus warning alerts - usual behavior for this type of FakeAV.

Runs from X:\Documents and Settings\UserName\Application Data\

via

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Exposed here: http://xylibox.blogspot.com/2011/09/tra ... total.html

Is there a serial number for this one?

I'm looking for samples of the fakeAV (security shield) was hack bittorent website.( 2011/09/14)
follow sophos then the virus name: CXmal/FakeAV-A.
more info:
http://blog.bittorrent.com/2011/09/13/s ... -incident/
http://nakedsecurity.sophos.com/2011/09 ... d-for-p2p/

BTW regarding to previously posted by rough_spear sample. It's actually multiple dropper with 6 different malwares inside.

Alureon.DX (TDL4)
Cycbot.B (GBot)
Harnig.S (AdvLoad)
TotalProtect
Personal Shield downloader
Hosts trojan

hnpl2011 wrote:I'm looking for samples of the fakeAV (security shield) was hack bittorent website.( 2011/09/14)
follow sophos then the virus name: CXmal/FakeAV-A.
more info:
http://blog.bittorrent.com/2011/09/13/s ... -incident/
http://nakedsecurity.sophos.com/2011/09 ... d-for-p2p/

File attached :)

Xylitol said:
"There is no serial form, for this fakeAV."

Thanks.

Striker wrote:Target: about.exe

VT: http://www.virustotal.com/file-scan/rep ... 1317157615

Yamba affil related exe
more infs ~ http://xylibox.blogspot.com/2011/09/tra ... twork.html

Advanced PC Shield 2012

http://www.virustotal.com/file-scan/rep ... 1317324474




s/n: 8945315-6548431

29b9a.sys


Security Sphere 2012
http://www.virustotal.com/file-scan/rep ... 1317326682




s/n: 8945315-6548431

Privacyn

More Security Sphere 2012 samples, VT 2/ 43 (4.7%)

66 files, multipart archive

pass: malware