Page 2 of 3

Re: PUPs & Rogue software

PostPosted:Sat Jan 12, 2019 7:48 pm
by Fedor22
Perfect PC Cleanup
Creates itself in "Program Files", changes internet settings in the registry, shows false positives and asks to buy a product after scan.
Installer:
MD5: ed1954e40caf59b1335893e156661fef
SHA1: 37c066fcab1f704d8a5de58c3e3ce1942726e396
SHA256: b00129823975a8f54d4c4ff039817038d77690615002571d370180fbc0303a78
VirusTotal (33/69): https://www.virustotal.com/en/file/b001 ... /analysis/
Site: hxxp://perfectpccleanup.com
Screenshot:
Image

Re: PUPs & Rogue software

PostPosted:Sat Feb 09, 2019 7:52 pm
by FakeAVHunter
Personal Antivirus (Internet Antivirus Family)
His Image : Image
Due to problems and errors with this rogue the MD5 CANNOT BE SHOWED DUE TO FILES ERRORS
Personal Antivirus InternetAntivirus.zip
His License Key : 4db8b3bab2b6b5bfb7b1b9b299510a73e34bc42c95f55ec61e87ef50
Sample fixed from password protected installer :D

Re: PUPs & Rogue software

PostPosted:Sun Mar 03, 2019 10:50 am
by FakeAVHunter
InfoPure 2010 Korean Rogue
Image :
9d0445176b2b882a.PNG
Sample :

Re: PUPs & Rogue software

PostPosted:Sat Mar 09, 2019 8:53 am
by FakeAVHunter
WinReanimator Rogue + Fixed Crashes
Image
WinReanimator.zip

Re: PUPs & Rogue software

PostPosted:Fri Mar 29, 2019 5:36 pm
by FakeAVHunter
PC Defender Full Version
Image : Image
Take a look at the sample of cracked version of PC Defender russian without trial version :lol: :lol: :lol:
He is a well known fakeav and here is the sample for trying :D
PC Defender Antivirus Rudoct Russian Crack.zip

Re: PUPs & Rogue software

PostPosted:Thu Jun 06, 2019 6:35 pm
by FakeAVHunter
XP Protector 2009
Image : Image
Full Version After i cracked is similar to Antivirus XP 2008 Simple as a slice of pizza :-)
Image

0043E907 address i found all text strings MOV AL,BYTE PTR DS:[EAX] then i replaced in MOV AL,1
I dumped the debugged process
Code: Select all
LIC�����LIC�����-���0000��������6F740084937EAB76D1A407DE455B5297D1C5047CD79C630E5702B46455E1F2B8
Unfortunately i cannot save the file that i cracked :-( the serial is cryptographic as desktop security 2010.

Live Protection Suite 2019 Rogue Software

PostPosted:Sat Jun 08, 2019 4:34 pm
by FakeAVHunter
I found a fakeav with alive domains and from fake scan sites :
hxxp://protection-suite.totalh.net/index.html
hxxp://protection-suite.totalh.net/scanner/scan.html
Both are working but i cannot dump the executable and i found nice thing :-D
A clone of antivirus 10 :-)
bandicam 2019-06-07 23-34-57-290.jpg
Live Protection Suite 2019.zip
Video Review : https://www.youtube.com/watch?v=xUiWJyw4rqI
Soon i release a removal tool for this fakeav.
Unfortunately i cannot find AntiPCDefender and save the cracked files of XP Protector 2009 and Antivirus XP 2008 i cracked but is not saving executable modifited :-(

Re: PUPs & Rogue software

PostPosted:Fri Jun 14, 2019 9:19 am
by FakeAVHunter
Live Security Vista XP + Vista Gui and Live Enterprise Suite
Image
Image

Live Enterprise Suite
Image
Live Security Suite.zip
Live Security Suite Vista.zip
Live Enterprise Suite.zip
I need a unpacker for dump all those rogues from internetantivirus family for saving a modification i will not post that request so i will do later you can find on topic reverse engineer

Rogue software Rush on my birthday

PostPosted:Fri Jun 28, 2019 2:00 pm
by FakeAVHunter
I Found three rare rogues and one fakeav encrypt your .doc files install a dll that running as a stealth FakeCorr and detect the corrupted file as malware file damaged.
Rogue File repair.
C:\Windows\system32\fpfstb.dll running with csrss.exe and svchost
1.AV Care
Image
Full Version Image
2.FileFix Professional 2009 + Infection Proof
Image
Image
3.Antivira AV FakeSpyPro
Image
The Antivira AV Sample working i tested in all windows :-)
To Activate AVCare A Command line was found
c:\Program Files\AV Care\AVCare.exe /setpaid other command was found -update -setpaid -uninstall -install
So i waited more for unpacking the exe from the KernelMode Reverse Enginner topic so i am not post links so you know already
Last rogue antimalware fakeav i debug with success
VirusRemover2008
VirusRemover2009
VirusIsolator
AntiMalwareGuard
Total Virus Protection and other i am not enumerate all

Re: PUPs & Rogue software

PostPosted:Mon Jul 29, 2019 3:47 pm
by FakeAVHunter
Antivirus Anvi With Serial key Inside notepad
Image
A fakecog and more archive anyway the icons are garbage do not request because them are all about command shortcut
-noscan
-update
-about
-activate
-buy
-scan
-settings
-support
/avt
/customers
Full Version Document
Code: Select all
Thanks for purchasing antivirus software. Your antivirus software is activated successfully.
Your registration key is:
94804860143697233939975370329435970097710202
(PLEASE, SAVE IT SEPARATELY IN CASE YOU NEED TO REBOOT OR REINSTALL ANTIVIRUS SOFTWARE)
The last version of antivirus:
http://checkeds.com/customers/installer.php?pid=AVT_BASIC

You can also find this link in your software HELP & SUPPORT part. Please, use this link in case of reinstallation.
If you have any question, please, pay attention to tickets, Help&Support. You can find out the answer on your question there.
For urgent cases, please, contact us on the phone 
1-866 427 1693.
Thank you!
Have fun with this easy notepad hack fakeav