Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
We discovered a new Total Secure 2009 domain today. The binary the site distributes is only detected by 3 out of 36 AV engines according to VirusTotal. You can find it inside /lithium-malware/ in the repository. Check out the FAQ to get access.
Site: hxxp://total-secure2009.com
File: TotalSecure2009.exe (206D7B4425C01D9B5E839E7604DA5531)
VirusTotal: Result: 3/36 (8.34%)
ThreatExpert: [06fb868-2ce4-4c56-9b2f-19053ec18d08]
SharedNS:
Removal:
Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Sites:
- hxxp://pvrantivirus.com
- hxxp://download.power-avc.com/ploading.php?actually=1&advid=5499
File: PWXSetup.exe (1A8C1DC02C5E80BDA949982981854F55)
VirusTotal: Result: 13/36 (36.11%)
MDB: /lithium-malware/
Removal:
Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Shared NS:
Sites:
- hxxp://online-xp-antivirus-checker.com
File: antivirus.v.1.exe (F639BB01B391FF60AF7D14FD209B7D58)
VirusTotal: Result: 4/36 (11.11%)
File: LcodecPlus.v.1.0.20065.exe
VirusTotal: Result: 5/36 (13.89%)
Removal:
We have been following the progression of the XP Antivirus rogues for quite some time now. We have observed XP Antivirus change to XP Antivirus 2008 and 2009 and then suddenly change to MS Antivirus.
Today we found a new domain (hxxp://microantivirus2009.com) in the classic XP antivirus template but this time it is called Micro Antivirus. Currently the site is dressed as MS Antivirus with the only change being the introduction text and the copyright at the bottom. No malware is being served from the site at the time of this post, but only time will tell. Better to be safe than sorry 
Site: hxxp://microantivirus2009.com
Files: None yet
