[FakeAVHunter]

MalwareRemovalBOT

MalwareRemoval BOT.zip

pass : infected
(6.4 MiB) Downloaded 27 times

[Fedor22]

Best Antivirus

[FakeAVHunter]

Windows Paramount Protection

He is same as windows expert console aka fakevimes.

I Am a youtuber , have fun with this sample from virusshare.

Windows Paramount Protection.zip

pass : infected
(883.22 KiB) Downloaded 17 times

[FakeAVHunter]

Security Guard 2012 found sample by me.
Images :

Screenshot (999).png (384.26 KiB) Viewed 303 times

Screenshot (1003).png (673.13 KiB) Viewed 303 times

AV Results : AhnLab-V3 = Trojan/Win32.Jorik
AntiVir = TR/Crypt.ZPACK.Gen
Antiy-AVL = Backdoor/Win32.Gbot.gen
Avast = Win32:Cycbot-MS [Trj]
AVG = Generic25.SSN
BitDefender = Trojan.Generic.KD.371604
CAT-QuickHeal = Backdoor.Cycbot.B
Commtouch = W32/Goolbot.N.gen!Eldorado
Comodo = Heur.Suspicious
DrWeb = Trojan.DownLoader5.840
Emsisoft = Trojan.Win32.FakeAV!IK
eSafe = Win32.TRCrypt.ZPACK
eTrust-Vet = Win32/FraudSecurity.B!generic
F-Prot = W32/Goolbot.N.gen!Eldorado
F-Secure = Rogue:W32/OpenCloud.A
Fortinet = W32/FakeAV.ISS!tr
GData = Trojan.Generic.KD.371604
Ikarus = Trojan.Win32.FakeAV
K7AntiVirus = Backdoor
Kaspersky = Backdoor.Win32.Gbot.pld
McAfee-GW-Edition = BackDoor-EXI.gen.t
McAfee = BackDoor-EXI.gen.t
Microsoft = Rogue:Win32/FakeScanti
NOD32 = a variant of Win32/Kryptik.TOL
Norman = W32/Cycbot.EH
nProtect = Trojan/W32.Agent.2407424.H
Panda = Trj/Cycbot.gen
PCTools = Trojan.Gen
Sophos = Mal/FakeAV-IS
Symantec = Trojan.Gen.2
TheHacker = Trojan/Kryptik.tol
TrendMicro-HouseCall = TROJ_SPNR.15L411
TrendMicro = TROJ_SPNR.15L411
VBA32 = Backdoor.Gbot.pld
VIPRE = Trojan.Win32.FakeAV.IS (v)
VirusBuster = Trojan.Cycbot.Gen!Pac.5
Size of malware : 2.29 mb 2,351 kb
MD5 66613048c0761907dbf89e63a3c2b060
SHA1 508d73343ad03ea9bb16dc240afa45dbfd7e6fc3
SHA256 12b9716fee979c9f803b760b330973ea69a9d69292461beee0906c70b68e20ec
Thanks Virusshare.I Make a youtube video about this soon.
The activation code and kill code are : 9972665267 9992665263
Download sample :

Security Guard 2012.zip

pass : infected
(2.14 MiB) Downloaded 21 times

[FakeAVHunter]

My attempts to make w32/fakevimes working
Screenshot (346).png (371.04 KiB) Viewed 238 times

I Dont need unpack fixvm sometimes so fakevimes was created to work only on host pc
Renaming the folder and file that fakevimes accept and /s /d command can work

[FakeAVHunter]

Upon this topic which is my favorite i like to say i am the single user when is best at FakeAV / Rogue Cracking session i think for all users from kernelmode do not feel bad. about this.I Had to say this post is or not off topic.Fraud Rogue Software will try to be closed because is dead topic but is a new topic if someone is interested about me and my builded activators / registry hacks etc.In the present year i am so interesting at reverse the old Rogue Antimalware and i am not flex my sentences about this.I'm not supposed to post attachments and patches to my favorite type of malware i did not wanna to break a rule or suffering so there is too much to explain so i am 50 % best at unpacking is not a problem but sometimes i request some tools for fun and test purposes.I Am not understand sometimes but if you wanna to post interesting and never seen fakeav and activated version Go to the new kernelmode topic.
New topic to post : viewtopic.php?f=16&t=5258
Fraud Fakeav topic dead.
Regards from Alin.We are sorry