KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Rogue Antimalware (FakeAV, 2012 year)

https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2414

Page 1 of 46

Rogue Antimalware (FakeAV, 2012 year)

PostPosted:Sun Jan 01, 2012 1:39 pm
by rkhunter
remark start

2010 year FakeAV
2011 year FakeAV

remark end

One more FakeRean.

XP Home Security 2012

VT (3 /43 >> 7.0%)

Image

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Jan 02, 2012 3:05 am
by rkhunter
One More FakeRean - XP Antispyware 2012. Similar to http://www.kernelmode.info/forum/viewto ... 360#p10617.

VT Link (25/41 >> 61.0%)

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Jan 02, 2012 1:46 pm
by Xylitol
System Check

2/43 >> 4.7%
http://www.virustotal.com/file-scan/rep ... 1325458249

1/43 >> 2.3%
http://www.virustotal.com/file-scan/rep ... 1325464008

Image

Korean Rogue [link only]

PostPosted:Wed Jan 04, 2012 1:03 pm
by supermino
This is some fake AV from Korea:

http://www.mediafire.com/?xos4uutvyy1ysj6
http://www.mediafire.com/?badby4a3ahnms08
http://www.mediafire.com/?81t919x9h36q5ia

Have fun :D

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Jan 06, 2012 5:55 am
by rkhunter
FakeRean with XP Internet Security 2012 cover.

21/43 >> 48.8%

Image

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Fri Jan 06, 2012 4:02 pm
by rkhunter
FakeRean - XP Antivirus 2012

2/43 >> 4.7%

MD5: 8841a335c14de9dfecf5e33d44905730

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Jan 09, 2012 3:22 pm
by rkhunter
Security Defender - Rogue:Win32/Defmid.

Image

Image

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Mon Jan 09, 2012 4:34 pm
by RusTocK
rkhunter wrote:Security Defender - Rogue:Win32/Defmid.
When I install it, I get an error message.

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Tue Jan 10, 2012 4:51 am
by rkhunter
RusTocK wrote:
rkhunter wrote:Security Defender - Rogue:Win32/Defmid.
When I install it, I get an error message.
look to outbound traffic

Re: Rogue antimalware (FakeAV, FakeAlert)

PostPosted:Thu Jan 12, 2012 9:13 am
by rkhunter
2 more FakeRean

MD5: da59fec60dca3a767725e2ea9f66cda2

7/43 >> 16.3%

MD5: 83609fb8b7a56d89a6da3c122239655a

4/43 >> 9.3%

Disables firewall notifications and removes windows update service.
All times are UTC
Page 1 of 46
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/