Archive for the 'Antivirus XP 2008' Category

24
Oct

Antivirus XP 2008 morphs to MS Antivirus to Antivirus VIP

By lithium Comments
Categories: Antivirus VIP, Antivirus XP 2008, Database Update, MS Antivirus and Rogue Security Software

It’s no surprise that rogue security software authors have to get creative when trying to infect as many people as possible.  Especially when we work very hard to keep them exposed.  Among many techniques, they use mutilated domain naming schemes, affiliate system abuse, redirection and almost always the last ditch attempt at improving their infection ratio is morphing.  Remember when we talked about XP Antivirus 2008 morphing to MS Antivirus? Today we detected a new morph in the XP Antivirus series.  Antivirus XP 2008 morphed to MS Antivirus on August 21st and today it morphed to Antivirus VIP.

Antivirus VIP

Site: http://antivirus-vip.com
File: Not Available Yet

Server Data

IP Address: 216.32.76.87
IP Location United States - Texas - Plano - Layered Technologies Inc
Response Code: 200
SSL Cert: www.antimalware-pro.com expires in 332 days.
Domain Status: Registered And Active Website
06
Oct

Antivirus xp 2008

By stingner Comments
Categories: Antivirus XP 2008 and Database Update

Database update. Another Antivirus xp 2008 malware. File is available in our repository under /stingner-malware/.

BE ADVISED: These sites may still be live. Proceed at your own risk.

Site: hxxp://antivirus-online-08.com/

File AntivirusXP2008Installer.exe
Result: 6/36 (16.67%)

Virustotal

Malware link:

hxxp://stat.avx08.com/download/16/AntivirusXP2008Installer.exe

Removal:

Remove this threat with MalwareBytes!

22
Sep

Antivirus XP 2008

By stingner Comments
Categories: Antivirus XP 2008 and Database Update

Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.

antivirus xp 2008

Site: hxxp://anti-virus-xp.com/

Redirect to: hxxp://stat.anti-virus-xp.net/download/16/

File: AntivirusXP2008Installer.exe
VirusTotal: Result: 8/37 (21.62%)

File size: 1614861 bytes
MD5…: 1f8b9a781a607afa31722934ac1c07e5
SHA1..: a41fd1955846d43bca49ba458c14111f698f996e
SHA256: 7fe22b141755c92307ce97dea04c70ac7b9f9fb1324432347047bdd8bd21aee1
SHA512: 439c4f0934f959a9a5dbc8972a79f37c82df904b5ce23a791e8c3827ad408678
179cdf88da08083c9955f87cd8875e84badb9acafc96597a76a2e0171fc14ac0

Removal:

Remove this threat with MalwareBytes!

17
Sep

XP Antivirus 2008 Updating Itself

By lithium Comments
Categories: Antivirus XP 2008

Today we caught our pet XP Antivirus 2008 infection telling us that our application was expired and then proceeded to download and start a new Antivirus XP 2008 installation out of nowhere.

Antivirus XP 2008

File: .tt68.tmp.exe (982667C215DD45B95E61EFCD52BA5B2A)
VirusTotal: Result: 8/36 (22.22%)

Removal:

Remove this threat with MalwareBytes!

30
Aug

Rogue Software Removal (VIDEO)

By djpnuemo Comments
Categories: Antivirus XP 2008, MS Antivirus 2008, Malware, Rogue Anti-Malware, Rogue Security Software, Vista Antivirus 08, WinSpywareProtect and Wista Antivirus 2009

This is a special post that will provide some knowledge on how to remove some of the rogue anti-malware software that has become an epidemic (Antivirus 2008, XP Antivirus, MS Antivirus, etc.). AV companies try their best to keep up to date of all the latest incarnations of this rogue software, but in some cases it can be weeks for your AV to detect these. This will show you how you can remove some of these with free utilities. These instructions may not be that easy for the novice user, but we tried to make it as simple as possible. I will say that this process may not work in EVERY case, however most of the ones we’ve come across can be removed this way. Please be careful when attempting to remove this malware. You do not want to delete the wrong file. Try this at your own risk.

The tools used in this video are Process Explorer and Autoruns both available for free from SysInternals.
Process Explorer
Autoruns

screen
(Click image for video)
(Click here to download video (.wmv))

30
Aug

Antivirus XP 2008 - Updated Domain List

By lithium Comments
Categories: Antivirus XP 2008, DOTM, Database Update and Malicious Domains

The IRVL group seems to think that they will go undetected longer by creating a bunch of new domains over the weekend. Pft! They should know by now that we don’t sleep over here. ;)

avxp08

The files currently being distributed have been passed around quite a bit and I expect for the binaries to be changed within the next few days. One of the new domains (hxxp://antivirused.com) already has an updated file (DEFB61DF4D6A187038FC3725EB431FAB) with only a 5/36 detection ratio at VirusTotal.

None of these new domains have the exploit code we talked about here. (at the time of this post)

Site: hxxp://antivirus5.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirus6.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirused.com
File: scan.exe (DEFB61DF4D6A187038FC3725EB431FAB)
Info: File size: 203776 bytes [VirusTotal 5/36] [ThreatExpert] *new*
MDB Path: /lithium-malware/scan(4).zip

Site: hxxp://antivirusik.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirusol.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirusrf.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirustg.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirusuj.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirusyh.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Site: hxxp://antivirusik.com
File: scan.exe (ACA8B3BF12AF0B652AF5997DB629BDC5)
Info: File size: 203776 bytes [VirusTotal18/36]
MDB Path: /lithium-malware/scan.zip

Removal:

Remove this threat with MalwareBytes!

29
Aug

“exclusive discount” for XP Antivirus

By lithium Comments
Categories: Antivirus XP 2008, DOTM, Database Update and Malicious Domains

Note: This site is advertising Rogue “Fake” Anti-malware software. Do not purchase, download, or install the software!
xp-protections

Sites:

  • hxxp://xp-protections.com
  • hxxp://xp-registration.com
  • hxxps://xpprotectionsoftware.com

Files:

  • XPantivirus2008_v40002.exe
    • MD5: 3A8181353BE69C8FF862BA589C551DE5
    • VirusTotal Result: 19/35 (54.29%)
29
Aug

XP Antivirus 2008 IFRAME update

By lithium Comments
Categories: Antivirus XP 2008, Database Update and IFRAME

While stepping through malicious domains I noticed that the “International Virus Research Lab” (IVRL) pages for XP Antivirus 2008 had changed hashes. I was looking at  hxxp://bestantivirus2009.com at the time and noticed the inclusion of an IFRAME pointing to hxxp://huytegygle.com/index.php.

iframe

I took a look at the IFRAME and found the following obfuscated javascript.

obfuscatedjscode

After attempting a few exploits the code eventually leads us to hxxp://huytegygle.com/bin/file.exe which has a low (7/36 and mostly heuristic) detection rate @ VirusTotal.  The file has been made available inside /lithium-malware/.

File: file.exe [ThreatExpert]
File size: 8192 bytes
MD5…: a2a6455a4da0192fb8efe85e98fd3dfa
SHA1..: a9a65198cf692a306be1e23c9e965549b7294b26
SHA256: 92255343407bf219f094bec01ac7750cf82869741d6fb5c27967624ce0e6bc80
SHA512: 2b9a1c7b33e80bdfc213be9d3dfbeb7491ede790045c5aec15ec55bd686c9787
d2b19420f8058286c286375db2bee84e55d101c42f99a03a92010691e0b8eeb9
PEiD..: -

25
Aug

Antivirus 2008 Pro XP

By ion Comments
Categories: Antivirus 2008, Antivirus XP 2008, E-mail, LOTD, Malicious Domains, Rogue Anti-Malware, Rogue Security Software, Rogue Software and Social Engineering

We came across a new domain name registered at estdomains today. This site may appear seamlessly legitimate, as it sports a support page, affiliate page, terms of service, etc. But we can assure you that it is a bad site. Be aware of this site and do not download any of the files associated with it! Site: hxxp://antivirus2008proxp.com

What it looks like:

Antivirus 2008 Pro XP

Removal:

Remove this threat with MalwareBytes!

21
Aug

Malicious Domains of the Month

By lithium Comment
Categories: Antivirus XP 2008, DOTM, Malicious Links and Rogue Security Software

Here are some of the malicious domains we have seen this month.  There are more but we’ll have to go through our lists.   I’ll keep updating this post till the end of August.  *Updated* 8/22/08

Please keep in mind that these are malware sites and you should not visit them unless you know exactly what you are doing.

bestantivirus2008.com
bestantivirus2009.com
antivirus-2088-new.com
antivirusxp-2009.com
antivirusq.net
antivirus2008b.net
antivirus2008m.net
antivirus2008n.net
antivirus2008v.net
antivirus777.com
antivirusq.net
antivirusr.net
antivirust.net
antivirusw.net
antivirusu.net
expressantivirus2009.com
main-scanner.com
antivirusfreescan2009.com
antivirus-2008-noadware.com
antivirusonline-2009.com
antispydeluxe2009.com
antivirus-noadware-2008.com
antivirus-2008.org
antivirus2009online.com
antivirusxp2009.com
wista-antivirus2009.com
powerantivirus-2009.com
antivir2008.us
antivirus-2009-pro.com
antivirus2009free.com
xp-2008-antivirus.com
xp-2008-antivirus.net
2antivirus2008.com
3antivirus2008.com
5antivirus2008.com
6antivirus2008.com
8antivirus2008.com
antivirussolution2008.com
antispyware2008sales.com
antivir2009.com
antivirus-best-2008.com
antivirusxp-2008.net
antivirus-download-2008.net
antivirusxp2008.org
powerantivirus2009.com
2008-antivirus-free.com
2008-antivirus-free.net
2008-antivirus-software.com
2008-antivirus-software.net
2008-antivirus.net
2008-free-antivirus.com
2008-free-antivirus.net
2008-software-antivirus.com
2008-software-antivirus.net
2008-xp-antivirus.com
2008antivirusfree.com
2008antivirusfree.net
2008antivirussoftware.com
2008antivirussoftware.net
2008antivirusxp.net
2008freeantivirus.com
2008freeantivirus.net
2008softwareantivirus.com
2008softwareantivirus.net
2008xpantivirus.com
2008xpantivirus.net
antivirus-2008-free.com
antivirus-2008-free.net
antivirus-2008-software.com
antivirus-2008-software.net
antivirus-free-2008.com
antivirus-free-2008.net
antivirus-software-2008.com
antivirus-software-2008.net
antivirus2008free.com
antivirus2008free.net
antivirus2008software.com
antivirus2008software.net
antivirus2008xp.net
antivirus2009-software.com
antivirusfree2008.com
antivirusfree2008.net
free-2008-antivirus.com
free-2008-antivirus.net
free-antivirus-2008.com
free-antivirus-2008.net
free2008antivirus.com
free2008antivirus.net
freeantivirus2008.net
software-2008-antivirus.com
software-2008-antivirus.net
software-antivirus-2008.com
software-antivirus-2008.net
software2008antivirus.com
software2008antivirus.net
softwareantivirus2008.com
softwareantivirus2008.net
xp2008antivirus.net
2008antivirusxp.com
2008antivirus.net
antivirus-2008-xp.com
antivirus-xp-2008.net
antivirussoftware2008.net
antivirussofware2008.com
antivirusxp2008.net
xp-2008-antivirus.com
xp-antivirus-2008.com
xp2008antivirus.com
xpantivirus2008.net
antitrojan-2008.com
antivirus-pro-2008.com
antivirus-protection2008.com
windows-antispyware-2008.com
antivirus2009-freeverscan.com
freeantivirus2009.com
norton2009antivirus.com
nortons2009antivirus.com
nortonsantivirus2009.com
antispyware2008scanner.com
antivirus-2009pro.com
myantivirusprotection2009.com
power-antivirus-2009.com

Malware Database Forum



Click for

Malware Removal Information



Special Deals


$20 Off Panda Internet Security 2009

 

December 2008
M T W T F S S
« Nov    
1234567
891011121314
15161718192021
22232425262728
293031  

Support Malware Database!


Security Engineering: A Guide to Building Dependable Distributed Systems

Reversing: Secrets of Reverse Engineering

Crimeware: Understanding New Attacks and Defenses (Symantec Press)

Security Power Tools

IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job

Windows Command-Line Administrator's Pocket Consultant, 2nd Edition

CompTIA Security+ Certification Kit