Home Security Solutions
xmas fakeav
16/43 >> 37.2%
http://www.virustotal.com/file-scan/rep ... 1324809754
That won't extract payload for me, if someone can provid (HSf48_7.exe or something like this)
edit: alright it's in attach
http://www.virustotal.com/file-scan/rep ... 1324818695
Code: Select allc:\mvelbaneim11\ncipnaiareu.kla
$report=%s&appType=%1d&mid=%s&ls=%s&uid=%s&wv=%s&pid=%s&isStart=%d$
D:\Work\AdwareProjects\DeskTopWork\Cleaners\VirusDoctor
SOFTWARE\BitDefender\
SOFTWARE\KasperskyLab\
SOFTWARE\4\
SOFTWARE\3\
SOFTWARE\Zone Labs\ZoneAlarm\
SOFTWARE\Eset\Nod\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebrootDesktopFirewall.exe\
SOFTWARE\Symantec\Norton AntiVirus\
SOFTWARE\Sophos\SAVService\Application\
SOFTWARE\rising\Rav\
SOFTWARE\KasperskyLab\InstalledProducts\Kaspersky Anti-Virus Personal\
SOFTWARE\Data Fellows\F-Secure\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E58B329B-FB28-4874-90DE-0D7CB2709267}\
SOFTWARE\BitDefender\BitDefender Antivirus 2008\
SOFTWARE\AVG\
SOFTWARE\ComodoGroup\CDI\
SOFTWARE\Agnitum\Security Suite\
Virus1Doctor1Installer1Mutex1
ls;bid;uid;"http://trdatasft.com;trdatasft.com
SetupRelease.cab
SetupReleaseXP.cab
http://76.73.19.182/
TMainWindowHSS!HOME_SECURITY_SOLUTIONS_UNINSTALL
HomeSS.exe
HOME_SECURITY_SOLUTIONS_APP0http://www5.thebest-av-foryou.com/uninstall.php?
SetupReleaseXP.cab
Setup.exe
Home Security Solutions!HOME_SECURITY_SOLUTIONS_APP_CLOSE/http://save-secure.com;http://securityearth.net
reports/get_install_file.php
/index.php
/index.php
WDC WD3200AAJS-00YZCA0
WD-WCAYU4523231
• dns: 1 ›› ip: 76.73.19.180 - adresse: WWW5.THEBEST-AV-FORYOU.COM
• dns: 1 ›› ip: 76.73.19.178 - adresse: SECURE1.SMARTWASUITE.COM
