A forum for reverse engineering, OS internals and malware analysis 

Rogue Antimalware (FakeAV, 2011 year)

Forum for analysis and discussion about malware.
 Topic locked

Windows Security Suite

 #5932  by Meriadoc
 Thu Apr 14, 2011 2:05 pm
Windows Security Suite

VT - http://www.virustotal.com/file-scan/rep ... 1302788152 4/41

hxxp://www1.top1scanerna.mx.am/a7118l?0lg4c=VN7Tqc3urOmq28TO0dyY48qUqZlsl5rf2ZWwlofPx9TgnnK5t1rP56yiV%2BLWnuXbyr6HktXLccXTuLVpmcza09Gv28Kg395axtest3OZzNGrnqSclV6hn2KWpJXjpdTX1uGio5TYmdCkbJipleSl36DFn5ynpJGUo5psx5rj426klpGgnKqmkWOcjZjS4dDZn7Da2OWYoNjWo%2BDKoMjV3eOg2deP292gz85Wz9%2BmoOzm2anUhw%3D%3D

Image

Image Image

no vm or test machine atm so old pic
Image
Attachments
pass=malware
(250.26 KiB) Downloaded 76 times
Last edited by EP_X0FF on Sat Apr 16, 2011 8:07 am, edited 2 times in total. Reason: Screenshot resized to be more accurate

Internet Protection

 #5933  by Meriadoc
 Thu Apr 14, 2011 3:23 pm
Internet Protection

VT - http://www.virustotal.com/file-scan/rep ... 1302792450 5/42

hxxp://scan60.olch.cz.cc/index.php?Q3Dh5tSBbR1GO3r+M/9LKyg+EzX4LjezoSfyqAcspJbV/S8KhOEpJFHiq47gNlrBsPCn3CyPEPE1c5xbogzNfkQMZb3Jre3FKeMCXkRJ#9

Image

Image Image Image

Image
Attachments
pass=malware
(108.21 KiB) Downloaded 80 times
Last edited by EP_X0FF on Sat Apr 16, 2011 8:08 am, edited 1 time in total. Reason: Screenshot resized to be more accurate

Antivirus Protection Trial

 #5935  by bitx
 Fri Apr 15, 2011 8:05 am
Antivirus Protection Trial

Image
Attachments
password=malware
(354.66 KiB) Downloaded 76 times
Last edited by EP_X0FF on Sat Apr 16, 2011 8:05 am, edited 1 time in total. Reason: Screenshot resized to be more accurate

Windows Recovery

 #5939  by bitx
 Fri Apr 15, 2011 3:28 pm
Windows Recovery

Image
Attachments
password=malware
(497.23 KiB) Downloaded 67 times
Last edited by EP_X0FF on Sat Apr 16, 2011 8:04 am, edited 1 time in total. Reason: Screenshot resized to be more accurate

Re: Rogue antimalware (FakeAV, FakeAlert)

 #5941  by EP_X0FF
 Sat Apr 16, 2011 7:43 am
Some post were edited:

- added titles for each unique rouge
- huge images were replaced with small icons (not everybody happy download numerous 800x600 pictures of fakeav while browsing this thread).

Re: Rogue antimalware (FakeAV, FakeAlert)

 #5944  by Xylitol
 Sat Apr 16, 2011 1:26 pm
ngyikp wrote:Best Malware Protection

Can't download the payload file, keeps disconnecting for me
same crap for me

i got it from sofeqadro.ru
fake scanner page
hxxp://helpimoma.ru/coockeusage/skla.php?&uid=2230

stuff attached

Image

Image

vt: https://www.virustotal.com/file-scan/re ... 1302960297
deco11 wrote:is there any serial for antivirus system? if so post one :)
sample link ?
deco11 wrote:i need a licence key for interent protection =)
serial is the same as AntiMalware Tool: D13F-3B7D-B3C5-BD84

Edit: added two Braviax sample (XP Anti-Spyware 2011 and all his names)
Attachments
See archive comment for password
(538.93 KiB) Downloaded 65 times
See archive comment for password
(2.73 MiB) Downloaded 85 times

Re: Rogue antimalware (FakeAV, FakeAlert)

 #5955  by Xylitol
 Sun Apr 17, 2011 10:21 pm
scanner.exe of the page 12 crash for a obscure reason in my vm

Anyway fakeav campaign on Twitter running right nao

Image

Image

hXXp://www.pcfixinfection.com/
hXXp://www.pcfixinfection.com/remove-malware/B ... .aomq.html
hXXp://www.pcfixinfection.com/download-tools.php?id=3
hXXp://www.pcfixinfection.com/download-tools.php?id=2
hXXp://www.pcfixinfection.com/download-tools.php?id=1
Downloaded stuff seem legit (pc tool, health advisor downloaded directly from ParetoLogic server etc..)
marketing campaign ?
Last edited by Xylitol on Sun Apr 17, 2011 10:32 pm, edited 2 times in total.

Re: Rogue antimalware (FakeAV, FakeAlert)

 #5965  by bitx
 Mon Apr 18, 2011 10:43 am
Xylitol wrote:scanner.exe of the page 12 crash for a obscure reason in my vm

Anyway fakeav campaign on Twitter running right nao

Image

Image

hXXp://www.pcfixinfection.com/
hXXp://www.pcfixinfection.com/remove-malware/B ... .aomq.html
hXXp://www.pcfixinfection.com/download-tools.php?id=3
hXXp://www.pcfixinfection.com/download-tools.php?id=2
hXXp://www.pcfixinfection.com/download-tools.php?id=1
Downloaded stuff seem legit (pc tool, health advisor downloaded directly from ParetoLogic server etc..)
marketing campaign ?
Xylitol, yes I think it is. However, they clearly didn't read the Affiliate Terms and Conditions of PC Tools affiliate program. They can be dropped out of PC Tools affiliate network very easily. Where as the folks from ParetoLogic don't care too much and allow you to do pretty much everything. Once, I found a website pushing ParetoLogic software that was almost identical to one of Microsoft's websites and they said that it's OK to use Microsoft logo, etc. to promote their software, although, it looked like it was a Microsoft page/product at first glance.
 Topic locked
  • 1
  • 7
  • 8
  • 9
  • 10
  • 11
  • 34
 Return to “Malware”