A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #5279  by nullptr
 Thu Mar 03, 2011 9:28 am
@egomoo,

Does it run and copy itself to [random named] directory in user Temp directory?
If not, try renaming your file to something like GO.exe and see if it works properly.
 #5291  by 4everyone
 Thu Mar 03, 2011 3:36 pm
egomoo wrote:Is there anyone know why antimalware go virus go dead while I reboot my computer which means antimalware go virus does not add itsself to startup locations in Registery
Hope its the sample uploaded by ME. Anyhow, just for reconfirmation, i've Tested it again .

In my VMware, it just took 2 minutes to Install. Works Good for me . Not sure why it isn't working for you.

Not Sure, whether it checks for Region :(

Regards,
4Everyone
 #5302  by egomoo
 Fri Mar 04, 2011 12:24 am
nullptr wrote:@egomoo,

Does it run and copy itself to [random named] directory in user Temp directory?
If not, try renaming your file to something like GO.exe and see if it works properly.
Thanks.

Yes,it works well when I rename its name as GO.exe.
 #5303  by egomoo
 Fri Mar 04, 2011 12:27 am
4everyone wrote:
egomoo wrote:Is there anyone know why antimalware go virus go dead while I reboot my computer which means antimalware go virus does not add itsself to startup locations in Registery
Hope its the sample uploaded by ME. Anyhow, just for reconfirmation, i've Tested it again .

In my VMware, it just took 2 minutes to Install. Works Good for me . Not sure why it isn't working for you.

Not Sure, whether it checks for Region :(

Regards,
4Everyone
Yes,thanks for your sample.

The sample has worked well when I rename its as Go.exe
 #5388  by Xylitol
 Wed Mar 09, 2011 11:31 pm
Windows Servant System

hXXp://zlvtwfwl.co.cc/scan3/53/freesystemscan.exe

Image
Code: Select all
mshta.exe:
hXXp://soft-store-inc.com/soft-usage/favicon.ico?0=1200&1=XYLITOL-28E1A19&2=i&3=53&4=2600&5=5&6=1&7=62900.5512&8=1036
https://www.virustotal.com/file-scan/re ... 1299686444
Attachments
See archive comment for password
(2.21 MiB) Downloaded 93 times
Last edited by EP_X0FF on Sat Apr 16, 2011 7:40 am, edited 1 time in total. Reason: Title edited
 #5417  by Striker
 Thu Mar 10, 2011 10:34 pm
Some rogues who i've found in the wild..

• Antivirus 360
• Antivirus 2009 Pro Module
• Antivirus 2010 Pro
• Antivirus XP 2008
• CoreGuard Antivirus 2009
• MS Antivirus 2008
• PC antispyware 2010
• Pro Antispyware 2009
• Spywareguard 2008
• Spywareguard 2009
• TrustCop
• Virus Remover 2008
• Windows Antivirus 2008
• XJR Antivirus
• XP Antivirus 2008
• XP Deluxe Protector
• XP Police Antivirus
• XP Protection Module
• XP Security Cleaner
• XpyBurner
• Antivirus XP 2010 + Serial
• Antivirus.XP.2008_CRACKED-Xylitol
• Advanced Virus Remover
• Advanced Defender
• AntiMalware 2009
• AntiMalware Doctor
• AntiMalware Guard
• Antispyware 2008
• AntiSpyware 2008 XP
• Antispyware Guard
• AntiSpyware Pro XP
• AntiSpyware Shield
• Antivir AV
• Antivir Solution Pro
• Antivirus 7
• Antivirus 2008
• Antivirus 2009
• Antivirus 2010
• Antivirus BEST
• Antivirus GT
• Antivirus Number 1
• Antivirus PC 2009
• Antivirus Plus
• Antivirus Security
• Antivirus
• BraveSentry
• CyberSecurity
• Defense Center
• FakeAV
• IE Antivirus 3.2
• Internet Antivirus Pro
• Live Security Suite
• MS Antispyware 2009
• Nano Antivirus
• PC Protect
• Personal Antivirus
• Personal Defender 2009
• Pest Patrol
• RCommander
• Secure Expert Cleaner
• Security Antivirus
• Security Essentials 2010
• Security Master AV
• Smart Virus Eliminator
• Spy Protector
• Spy Shredder
• Spyware Secure
• Spyware Sheriff
• Sysinternals Antivirus
• System Security 2009
• Total PC Defender 2010
• Total Security 2009
• Virus Protector
• Virus ResponseLab 2009
• Win Antivirus Pro 2007
• Win PC Defender
• XP Antivirus 2008

This rogues i've found in the last months:

• ASC AntiSpyCheck
• MalwareMonitor 2.1
• SpyShredder 2.1
• Antivirus Master
• MS Antivirus
• Virus Protect
• Antivir64
• Windows Antivirus
• Awola Anti-Sypware 6.0
• WinXDefender 2.1
• Privacy Components
• Rapid Antivirus 2.7
• Virus Locker 3.3
• MalwareBurn
• Power Antivirus 2009
• WinX Security Center
• Internet Antivirus 2011
• Antivirus Scan
• AntiSpy 2008 incl. zoiT! Patcher
• IE Antivirus Scanner - Antispyware for Windows
• IE Defender 2.4
• IE Antivirus 3.2
• IE Antivirus 3.3
• IE Antivir 3.4
• Files Secure 2.1
• Files Secure 2.2
• Personal Security Sentinel
• Security Shield + Serial
• Privacy Guard 2010
• Ultimate Antivirus 2008
• AntiMalware Pro
• DataDoctor 2010
• Windows Enterprise Defender
• Windows PC Defender
• AntiAdd
• Safety Antispyware
• Personal Protector
• PC Scout
• Additional Guard
• Express Antivirus 2009
• Pro Antispyware 2009
• eAntivirusPro
• VirusRanger
• Micro Antivirus 2009
• Advanced XP Fixer
• Antivirus Pro 2008

Can't attach the file, too big. Download here:

1. http://www.megaupload.com/?d=9GSB1N16

2. http://www.mediafire.com/?3hpxub74as72l1f

Dead link? Just pm me and i will reupload it.
 #5433  by Xylitol
 Fri Mar 11, 2011 4:31 pm
NavaShield

NavaShield, 53,1 Mb when unziped.

Image
Attachments
Archive password: xylibox
(633.56 KiB) Downloaded 157 times
Archive password: xylibox
(5 MiB) Downloaded 161 times
Archive password: xylibox
(5 MiB) Downloaded 168 times
Last edited by Xylitol on Sat Sep 28, 2013 8:54 am, edited 2 times in total. Reason: Title edited
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 34