Page 2 of 15
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Wed Mar 20, 2013 9:20 am
by ColdCristal
AVASoft Antivirus Professional (new member of Disk Antivirus Professional family)
Code: Select allSHA256: de3d5a0132cfb24a7832ac4c4ff513a49914bea93e39ca1471183c9ad56fc429
SHA1: fd232853bbd3114f07d0e1057da31ca442e8288c
MD5: 0d6b3c31468f2e9254bcb7c1f9752b97
File size: 539.5 KB ( 552448 bytes )
File name: 343F2DE99DB732750000343EF9AF3708.exe
VirusTotal:
https://www.virustotal.com/en/file/de3d ... 363770398/
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Thu Mar 21, 2013 1:40 am
by BachMinuetInG
Antivirus Security 2013
hxxp://tech-ava-soft.org/
Uses a great load of memory to 'scan'
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Thu Mar 21, 2013 9:28 pm
by Cody Johnston
xwxproductions wrote:Antivirus Security 2013
hxxp://tech-ava-soft.org/
Uses a great load of memory to 'scan'
How is this malware? This is AV using ClamAV signatures and detecting only legit malware (and removing successfully). It is installed in %programfiles% just like any other legit software. I agree that it looks like a rogue and takes a great deal of resources during scanning, but I don't see how this could be classified as a rogue AV if it does what it claims and nothing else (even if it does not work as well as others). I had it pick up infections in my zip archives as well so it even scans zip files by default. It removed any infections found without asking for money or payment of any kind and can be removed completely using Add/Remove programs in Windows.
Connections point to: 207.57.106.31
which resolves to: hxxp://database.clamav.net (legit URL for ClamAV definition updates)
download size from hxxp://tech-ava-soft.org is ~53MB - hardly the size of a usual rogue dropper
I would not use it to protect my own PC but I would not say this is program has malicious intent. Please correct me if I am wrong.
EDIT: spelling
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Fri Mar 22, 2013 2:50 am
by Xylitol
GUI, site, payement page remind alot the BestAV work.
anyway there is ethical issue if they use free ClamAV database to sell this.
TeamRocketOps wrote:download size from hxxp://tech-ava-soft.org is ~53MB - hardly the size of a usual rogue dropper
navashield was ~52 mb
edit:
http://siri-urz.blogspot.fr/2013/03/ava ... virus.html
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Fri Mar 22, 2013 7:02 am
by gied
The payment page used for Antivirus Security 2013 ( hxxps://tech-ava-soft.org:455/p/tn/ava/ ) shows boxshot of Avasoft Professional Antivirus. Maybe this Antivirus Security 2013 is used to reduce risk of payment shut down or to download for unhappy "customers" of APA. I do not see a way for many people to choose Antivirus security 2013 without looking info on Avasoft...
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Fri Mar 22, 2013 12:18 pm
by BachMinuetInG
It's bascially half-legit.
Helps payment for FakeAV, but provides legit software. :o
The webpage also has a title 'AVASoft Professional Antivirus.
So Antivirus Security 2013 is only a 'cover-up'.
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Sat Mar 23, 2013 2:37 am
by hx1997
4 AVASoft Antivirus Professional
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Sun Mar 24, 2013 3:08 am
by hx1997
3 AVASoft Antivirus Professional
One of the VT reports
https://www.virustotal.com/en/file/3d59 ... 364094389/
Re: Rogue Antimalware (FakeAV, 2013 year)
PostPosted:Sun Mar 24, 2013 8:34 am
by hx1997
AVASoft Antivirus Professional Downloader with valid digital sign :)
捕获2.png (42.53 KiB) Viewed 639 times
Downloader 4/46
https://www.virustotal.com/file/3e9d6db ... 364112183/
Downloaded FakeAV 3/46
https://www.virustotal.com/en/file/8f93 ... 364113465/
Trojan.Ransom.Win32.Foreign.avwi.AMN
PostPosted:Wed Apr 10, 2013 8:19 am
by gied
Hello,
I am looking for MD5 BF37091630764B6D75364DA2C6C9CA1B, more info here :
http://www.isthisfilesafe.com/sha1/AEC7 ... tails.aspx
