Rogue Antimalware (FakeAV, 2011 year) - Page 16

Topic locked

Milestone Antivirus

#6719 by Xylitol
Wed Jun 08, 2011 6:58 am

Milestone Antivirus

20/42 >> 47.6%
http://www.virustotal.com/file-scan/rep ... 1307516228

for spoof a referrer if you have firefox: download refspoof here ~ https://addons.mozilla.org/en-us/firefo ... /refspoof/ or RefControl: https://addons.mozilla.org/en-us/firefo ... efcontrol/
In case of refspoof, for make it work with firefox 4.* download the .xpi and rename it to .xpi.rar
Extract the install.rdf, open it with notepad and change the line

Code: Select all

<em:maxVersion>3.0.*</em:maxVersion>

by

Code: Select all

<em:maxVersion>4.*.*</em:maxVersion>

After, just repack the file and install.

print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design
redirect me on: hxxp://ziqlrrin.co.cc/?s=sF02x5vHzDPss90cW%2BxIuTF6DEG3BXiqO8QeR%2BBqhq4ii28rS%2Fbop8pxMGQ5VwgEhA%3D%3D

Abuse sent ~ http://www.co.cc/prosecution/prosecution.php
I've ripped the html page of the fake scanner if you guys are interested, btw most interesting fake scanner page i've see for the moment are the security shield one, they use base64 then rsa with a 26 or 27 bits modulo and then again base64, and this just with javascript :D
heavy to load but fun to 'depack'

Attachments

fake scanner.zip

pwd: xylibox
(146.53 KiB) Downloaded 76 times

setup.zip

pwd: infected
(2.16 MiB) Downloaded 85 times

Last edited by EP_X0FF on Mon Oct 31, 2011 6:55 am, edited 1 time in total. Reason: title edited

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Rogue antimalware (FakeAV, FakeAlert)

#6721 by EP_X0FF
Wed Jun 08, 2011 7:54 am

Xylitol wrote:print.graphytop.be/SpryAssets/wp-page.php?k=Olympic-Stadium-Design
redirect me on: hxxp://ziqlrrin.co.cc/?s=sF02x5vHzDPss90cW%2BxIuTF6DEG3BXiqO8QeR%2BBqhq4ii28rS%2Fbop8pxMGQ5VwgEhA%3D%3D

Yes me too. Drops this one (0 at VT), crypted and then packed by UPX. Ms Removal Tool from (c) NecroSoft, lol

http://www.virustotal.com/file-scan/rep ... 1307519223

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Windows Troubles Killer

#6722 by ngyikp
Wed Jun 08, 2011 8:53 am

Windows Troubles Killer

What's next? Windows Problem Assassination?

Attachments

Windows Troubles Killer.7z

password: infected
(1.68 MiB) Downloaded 70 times

Last edited by EP_X0FF on Mon Oct 31, 2011 6:55 am, edited 1 time in total. Reason: title edited

Wait a minute! This is important - we check your device

Username

ngyikp

Posts

18

Joined

Wed Feb 02, 2011 4:23 pm

Windows Monitoring Utility

#6724 by bitx
Wed Jun 08, 2011 9:33 am

Windows Monitoring Utility

But Windows Problem Assassination sounds fair enough to me, ngyikp :)

Attachments

setup.rar

pass=malware
(13.2 KiB) Downloaded 55 times

Last edited by EP_X0FF on Mon Oct 31, 2011 6:57 am, edited 2 times in total. Reason: title edited

Username

bitx

Posts

61

Joined

Thu Mar 17, 2011 9:31 am

Re: Windows Monitoring Utility

#6725 by Xylitol
Wed Jun 08, 2011 9:35 am

Windows Monitoring Utility (another sample)

9/42 >> 21.4%
http://www.virustotal.com/file-scan/rep ... 1307525147
Fake scanner: hxxp://defender-ptwvd.in/e19b21b55a730253/sa1/0/
hxxp://freetrialmail.com/red0.php
edit: ah, bitx was more fast than me