KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2011 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2233

Page 1 of 34

Rogue Antimalware (FakeAV, 2011 year)

PostPosted:Mon Jan 03, 2011 1:29 pm
by EP_X0FF
remark start

2010 year FakeAV

remark end

Windows Optimization Center

Remake from ThinkPoint authors, now including all "options", written on Delphi/CBuilder.

http://www.virustotal.com/file-scan/rep ... 1294060771

Image

Runs through HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

While installation displaying fake MSE alike detection dialog, simulates installing/downloading (even without internet connect) and then asking for reboot.

After reboot system owned.

Image

Antivirus System 2011

PostPosted:Wed Jan 05, 2011 8:21 pm
by PX5
Antivirus System 2011

Image

http://www.virustotal.com/file-scan/rep ... 1294258502

I have not checked it out closely myself, just did run into while browsing pron lands.

Apologies if its already been posted.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Sun Jan 09, 2011 6:40 pm
by markusg
wgumvarlajb.exe
http://www.virustotal.com/file-scan/rep ... 1294596944

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Jan 10, 2011 3:12 pm
by markusg
http://www.virustotal.com/file-scan/rep ... 1294671248

Antivirus Scan

PostPosted:Wed Jan 12, 2011 6:19 pm
by EP_X0FF
markusg wrote:wgumvarlajb.exe
http://www.virustotal.com/file-scan/rep ... 1294596944
This is Fake AV "Antivirus Scan".

Image

It permanently scans processes list and terminates all starting programs except few (e.g. "iexplore.exe" process is allowed).

Internet Security 2011

PostPosted:Sun Jan 16, 2011 7:44 am
by Xylitol
Internet Security 2011

Image

internet security 2011
vt: 3 /43 (7.0%)
https://www.virustotal.com/file-scan/re ... 1295158577
Code: Select all
sniffed network
https://secure.exbilling.com/get/process.php?code=333116451&hash=1551bf1f5c0120c40ed0561c248dc488&lang=EN
http://94.75.199.162/verify.js

Antivirus 2010

PostPosted:Mon Jan 17, 2011 6:13 am
by redcodefinal
Hi,
I'm new to the forums and I am looking for a specific nasty piece of malware. It is called Antivirus 2010 and usually comes under the name installantivirus2010.exe, USerINIT.exe or AV2010.exe. The actuall malware species is Agent.Antivirus2010SecurityCentre (As reported by MBAM) Any help would be greatly appriciated!

email is redcodefinal@gmail.com

-Ian

Re: Any1 have Antivirus 2010

PostPosted:Mon Jan 17, 2011 6:48 am
by nullptr
Look through the following thread http://www.kernelmode.info/forum/viewto ... ?f=16&t=75

Re: Any1 have Antivirus 2010

PostPosted:Mon Jan 17, 2011 6:48 am
by Xylitol
i dont like guys who request something when he have only one post.

Image
seem he have anti-vm but i'm lazy to find them...
why do you need it?

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Jan 20, 2011 4:25 pm
by Xylitol
Windows Security&Control
http://www.virustotal.com/file-scan/rep ... 1295540710
All times are UTC
Page 1 of 34
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/