[EP_X0FF]

This is fake alert (MSE UI fake) - ThinkPoint.

Install it and try to start iexplore for example. It will block your Windows at restart.

Runs through HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell as "hotfix"

However Windows can be simple unblocked with Task Manager.

[thekillergreece]

Copy-paste GUI clone of Microsoft Security Essential. This is not simple alike clone (like Security Essentials) - this is full UI copy of MSE.
Written on Delphi (cryptor + UPX inside).

VirusTotal
http://www.virustotal.com/analisis/1840 ... 1273465045

GUI / Detections / Give me money dialog

Dropped with legit MSE components to %Documents and Settings%\UserName\Application Data\Microsoft Security Essentials,
autorun through HKCU\Software\Microsoft\Windows\CurrentVersion\Run

That's how all this looking after unpacking :D

hey what is that?at your unpacking image...do you remember what is it?it is an antivirus creator?

[EP_X0FF]

hey what is that?at your unpacking image...do you remember what is it?it is an antivirus creator?

It's CodeGear RAD Studio. Next time, please, do not quote big images, ok? :)

[thekillergreece]

hey what is that?at your unpacking image...do you remember what is it?it is an antivirus creator?

It's CodeGear RAD Studio. Next time, please, do not quote big images, ok? :)

oh sorry :( im new member here -_-