A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #4246  by EP_X0FF
 Mon Jan 03, 2011 1:29 pm
remark start

2010 year FakeAV

remark end

Windows Optimization Center

Remake from ThinkPoint authors, now including all "options", written on Delphi/CBuilder.

http://www.virustotal.com/file-scan/rep ... 1294060771

Image

Runs through HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

While installation displaying fake MSE alike detection dialog, simulates installing/downloading (even without internet connect) and then asking for reboot.

After reboot system owned.

Image
Attachments
pass: malware
(2.34 MiB) Downloaded 143 times
Last edited by EP_X0FF on Thu Feb 19, 2015 9:42 am, edited 1 time in total. Reason: remark
 #4292  by PX5
 Wed Jan 05, 2011 8:21 pm
Antivirus System 2011

Image

http://www.virustotal.com/file-scan/rep ... 1294258502

I have not checked it out closely myself, just did run into while browsing pron lands.

Apologies if its already been posted.
Attachments
pw: infected
(3.67 MiB) Downloaded 95 times
Last edited by Xylitol on Mon Feb 25, 2013 10:12 pm, edited 2 times in total. Reason: Screenshot resized to be more accurate, added password.
 #4422  by EP_X0FF
 Wed Jan 12, 2011 6:19 pm
markusg wrote:wgumvarlajb.exe
http://www.virustotal.com/file-scan/rep ... 1294596944
This is Fake AV "Antivirus Scan".

Image

It permanently scans processes list and terminates all starting programs except few (e.g. "iexplore.exe" process is allowed).
 #4471  by Xylitol
 Sun Jan 16, 2011 7:44 am
Internet Security 2011

Image

internet security 2011
vt: 3 /43 (7.0%)
https://www.virustotal.com/file-scan/re ... 1295158577
Code: Select all
sniffed network
https://secure.exbilling.com/get/process.php?code=333116451&hash=1551bf1f5c0120c40ed0561c248dc488&lang=EN
http://94.75.199.162/verify.js
Attachments
see achive comment fo password
(714.58 KiB) Downloaded 125 times
Last edited by EP_X0FF on Sat Apr 16, 2011 6:48 am, edited 1 time in total. Reason: Screenshot resized to be more accurate
 #4498  by redcodefinal
 Mon Jan 17, 2011 6:13 am
Hi,
I'm new to the forums and I am looking for a specific nasty piece of malware. It is called Antivirus 2010 and usually comes under the name installantivirus2010.exe, USerINIT.exe or AV2010.exe. The actuall malware species is Agent.Antivirus2010SecurityCentre (As reported by MBAM) Any help would be greatly appriciated!

email is redcodefinal@gmail.com

-Ian
 #4500  by Xylitol
 Mon Jan 17, 2011 6:48 am
i dont like guys who request something when he have only one post.

Image
seem he have anti-vm but i'm lazy to find them...
why do you need it?
Attachments
see archive comment for password
(109.35 KiB) Downloaded 122 times
  • 1
  • 2
  • 3
  • 4
  • 5
  • 34