Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below. See how to remove AntiMalware 2009 below.
We came across a new domain today pushing AntiMalware 2009 (Web Spy Shield). The site automatically reduces to a popup and then goes directly to a fake scan. This leads us to believe that this domain will be used in ad affiliate abuse similar to the motigo incident.
Site: http://www.online-antivirus.net/
Related: http://scanner-protection.com/
The site is reduced to the following popup:
Fake scan page:
Shared NS:
File: AntiMalware2009Installer.exe
VirusTotal: Result: 24/36 (66.67%)
File size: 185856 bytes
MD5…: 8034e6173dc96d06af86d40fd3b5210d
SHA1..: 7d01d523950bb9e574d46676597b15730f68ae09
SHA256: 440539c77605e1fbc8b4d62b7f552a9875d609b06860a0dbbf10bfb07db7c450
SHA512: 7086dc8f48469cbe8945b0123db77ea063cf74452476bf5221575a6675fe690e
ed2b3ddc68d378fe988030a6797dc494981068746a92323eff749d279725327e
