Author Topic: Fake AV  (Read 11771 times)

0 Members and 1 Guest are viewing this topic.

September 03, 2011, 08:16:41 am
Read 11771 times

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://adultqueens.org/twere.exetwere.exe 7 /44  Rogue:Win32/FakeRean
93799bad9a3ce0b1f3b41ab006d86d7c
http://www.virustotal.com/file-scan/report.html?id=eead43b3b20cf5a8542ffb61a70a3dc45ea54bac1573538e7143ea10f0a94660-1315036129

September 05, 2011, 10:45:25 am
Reply #1

DnlMrx

  • Newbie

  • Offline
  • *

  • 9
bustylatinasluts.info/twere.exe
gangteensporno.com/twere.exe
steak-webdesign.com/twere.exe

September 05, 2011, 11:59:20 am
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
bustylatinasluts.info/twere.exe   domain suspended
gangteensporno.com/twere.exe   domain suspended
steak-webdesign.com/twere.exe   doesn't resolve
Ruining the bad guy's day

September 05, 2011, 01:28:54 pm
Reply #3

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
bustylatinasluts.info/twere.exe   domain suspended
gangteensporno.com/twere.exe   domain suspended

Downloads on both URL's are still active.

September 05, 2011, 01:33:14 pm
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
bustylatinasluts.info/twere.exe   domain suspended
gangteensporno.com/twere.exe   domain suspended

Downloads on both URL's are still active.

Downloads still work, because DNS is still cache by your service provider.


whois bustylatinasluts.info
Quote
..
Name Servers:NS1.SUSPENDED-DOMAIN.COM
Name Servers:NS2.SUSPENDED-DOMAIN.COM

Quote
>dig bustylatinasluts.info

; <<>> DiG 9.6.0 <<>> bustylatinasluts.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31550
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bustylatinasluts.info.         IN      A

;; AUTHORITY SECTION:
info.                   900     IN      SOA     a0.info.afilias-nst.info. noc.afilias-nst.info. 2009478133 3600 1800 604800 3600

;; Query time: 95 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep  5 15:32:05 2011
;; MSG SIZE  rcvd: 99



Ruining the bad guy's day

September 05, 2011, 07:36:35 pm
Reply #5

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://fetoce.es/js/a5.exea5.exe  VT 8 /44 (Personal Shield Pro)
MD5: 19be163a18b2207f7663cc37658ef463
http://www.virustotal.com/file-scan/report.html?id=8b15a08d289f0ea8e0346adbed2a015aaca5ab778c143dc7aef78d052e477b90-1315250565

September 07, 2011, 12:41:20 am
Reply #6

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://supercartman3.in/d.php?e=2&f=51contacts.exe  19/ 44 (Personal Shield Pro)
MD5: 3c5bc554c8c5c4b0567ad860abb857db
http://www.virustotal.com/file-scan/report.html?id=a52c87c18e693c6e9bc747f271293e719e0209a7703a35e4ad20985413d9d3a5-1315355700

September 12, 2011, 12:00:18 am
Reply #7

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://178.162.170.235/9eb5a6006dca9e2cecf2d62a7ce0ca65fbf396c8533af2e2anti-malware.exe  3/ 44 (Personal Shield Pro)
MD5: 114765cdcfd0f146dd25836592ef8f58
http://www.virustotal.com/file-scan/report.html?id=4c16aa613e082f070d94f6acf177f8aea23501e60e1c320d8ac178980af85bc4-1315785216

September 20, 2011, 11:40:48 pm
Reply #8

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://downloadmyprog.biz/bestav2.exebestav2.exe  VT 42/ 44 (Security Shield)
MD5: a31da4fa72e277fe8abf298a4aa30d9d
http://www.virustotal.com/file-scan/report.html?id=7d82ab9cda2b6335d502354f21377f29eee78efab18178619b4aad64780fd10c-1316561169

September 21, 2011, 06:16:47 am
Reply #9

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://pjivpyfm.cz.cc/w.php?f=28%26e=1calc.exe   31/44  (Security Shield)
MD5: 3ac3f10c544258be4ba70ecb34b8a396
http://www.virustotal.com/file-scan/report.html?id=96c8392451b5add4e36d5d88d8d6cf8d44c616b75bd4a1d3919547d13822b07c-1316585424

September 21, 2011, 06:49:00 am
Reply #10

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://bluemig.de/ana.exeana.exe installs Fake AV's Personal Shield Pro & Total Protect-Professional Antivirus Solution

ana.exe 29 /44  (Trojan.MulDrop)
MD5: f571faca510bffe809c76c1828d44523
http://www.virustotal.com/file-scan/report.html?id=117d7af0deb40b3fe532bb6cbe374884fa55ed7cfe053fe698720cdccb5a59cb-1316579462

September 22, 2011, 08:53:59 pm
Reply #11

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://pages.infinit.net/dufourd/soft.exesoft.exe   6/19   (Security Shield)
MD5: efbd8630b9120995cb864f2f8c39f724
http://virusscan.jotti.org/en/scanresult/0569ae0086e92222d9aff7df0c03e35620b0818d

September 28, 2011, 06:47:43 am
Reply #12

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://selenszx.co.cc/soft.exesoft.exe 6/37 (Personal Shield Pro)
MD5: bc8391364641a2a7deb37bd677a2accd
http://r.virscan.org/82cdf076e38911686bc897767e96b46b

September 28, 2011, 07:29:45 am
Reply #13

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://95.163.66.208/files/27
http://95.163.66.208/files/28
27  6/20  (Personal Shield Pro)
MD5:    01e175fe30aa69abd517346736930cee
http://virusscan.jotti.org/en/scanresult/05a0e4b310dbd3127f56a0780408ae79a042455f

28  7/20   (Personal Shield Pro)
MD5:    1b8dd2120ea40ceef03b22e04beef65a
http://virusscan.jotti.org/en/scanresult/dfef84a6a9a0df9effcf73c81317d314d255a3bb

September 30, 2011, 07:02:43 am
Reply #14

HGPower

  • Full Member

  • Offline
  • ***

  • 60
These URL's download a different Fake AV each day.
Code: [Select]
http://95.163.66.208/files/28
http://95.163.66.208/files/29
http://95.163.66.208/files/30
http://95.163.66.208/files/31
http://95.163.66.208/files/32
http://95.163.66.208/files/33
http://95.163.66.208/files/34
http://95.163.66.208/files/35
http://95.163.66.208/files/36
http://95.163.66.208/files/37
http://95.163.66.208/files/38
http://95.163.66.208/files/39
http://95.163.66.208/files/41
http://95.163.66.208/files/42
http://95.163.66.208/files/43
http://95.163.66.208/files/44
http://95.163.66.208/files/45
http://95.163.66.208/files/46
http://95.163.66.208/files/47
http://95.163.66.208/files/49
http://95.163.66.208/files/50
http://95.163.66.208/files/51
http://95.163.66.208/files/52
http://95.163.66.208/files/53
http://95.163.66.208/files/55
http://95.163.66.208/files/56
http://95.163.66.208/files/57
http://95.163.66.208/files/59
http://95.163.66.208/files/60
http://95.163.66.208/files/61
http://95.163.66.208/files/62
http://95.163.66.208/files/63
http://95.163.66.208/files/65
http://95.163.66.208/files/66
http://95.163.66.208/files/67
http://95.163.66.208/files/70
http://95.163.66.208/files/71
http://95.163.66.208/files/72
http://95.163.66.208/files/74
http://95.163.66.208/files/75
http://95.163.66.208/files/80
http://95.163.66.208/files/81
http://95.163.66.208/files/82
http://95.163.66.208/files/85
http://95.163.66.208/files/86
http://95.163.66.208/files/88
Yesterday it was Advanced PC Shield 2012 (Green Icon in Photo)
Today it is Security Sphere (Orange Icon in Photo)