Author Topic: Another fake-av site detected..  (Read 55148 times)

0 Members and 1 Guest are viewing this topic.

iRonzel

  • Guest
Re: Another fake-av site detected..
« Reply #75 on: April 27, 2011, 10:40:23 PM »
Is this a fake av? Scanned here: http://wepawet.iseclab.org/view.php?hash=3387298540e82cf340508865a49b26b8&t=1303856097&type=js

VT url analysis: http://www.virustotal.com/url-scan/report.html?id=3387298540e82cf340508865a49b26b8-1303849006

VT file analysis: http://www.virustotal.com/file-scan/report.html?id=4193f2ef35f027d3947705aab2aa6f8e8aeb84220d9383123d3f48f063ed0da3-1303856209  not detected

See: http://vscan.urlvoid.com/file/bdd6fcfdfc7b324724e5a101c7c3b908/YWxlcnRzLWNsaWVudC1hbGVydHNjbGllbnQtc2gt/

Detected as dangerous site on 3 instances: http://www.urlvoid.com/scan/instantspywareremoval.com

polonus
The Website you listed looks like it wants people to download PCSafeDoctor. I searched google and found a website that has PCSafedoctor on it also. hxxp://www.pcsafedoctor.com/ I wonder if the program is malware or Not

You will never be infect by downloading a malware to your computer, the only way that it can infect your computer is if you executed the application. You can save all malwares you want to one folder in your computer, and you won't be infected. You can visit a exploited web site (fake av warnings in this case) and the site tell you that it found infected files in your computer, but these warnings are fake and your computer is not infected really. Of course, there are exploits that are able to infect you without your concern, this happen when you have your programs and OS out of date. These opportunities are known as "vulnerabilities".

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #76 on: April 27, 2011, 10:58:04 PM »
Hi Llanziek,

Read this here: PCSafeDoctor - http://www.mywot.com/en/forum/11030-pcsafedoctor
The program can detect but for cleansing you need a paid version,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

iRonzel

  • Guest
Re: Another fake-av site detected..
« Reply #77 on: April 28, 2011, 01:23:21 AM »
Hi Llanziek,

Read this here: PCSafeDoctor - http://www.mywot.com/en/forum/11030-pcsafedoctor
The program can detect but for cleansing you need a paid version,

polonus



That's right. I experienced similar situations with AdwareAlert and SpywareCease. The difference among fake av applications is that some are less annoying. And some not take complete control of computer(like above mentioned, convincing people that the application is safe and real). 

Krelnadi

  • Guest
Re: Another fake-av site detected..
« Reply #78 on: April 28, 2011, 02:11:18 AM »
Most of the ones i have been getting are targeted for Windows XP/Vista
« Last Edit: April 28, 2011, 02:15:14 AM by Krelnadi »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #79 on: May 03, 2011, 02:25:09 PM »
See: http://wepawet.iseclab.org/view.php?hash=7ba4727cec0c40dde931c239ccb66e72&t=1304424653&type=js
Nothing detected....
From the same domain: Trojan FakeAlert. Rogue AV ' Security Shield ', see:
VT scan: http://www.virustotal.com/file-scan/report.html?id=8ed62f6f3bed2e23d1eec91ab1d85c9078423bbcea89b3a80b91669444e1e842-1304338934  aka variant of Win32/Kryptik.NGV
see: http://vscan.urlvoid.com/file/3cb045915778215e2fced65afb8434d7/aW5kZXgtcGhw/
decode error on file download....f608b4d5a024e24c409a44da09262497 194 bytes...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: May 16, 2011, 11:24:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #81 on: May 20, 2011, 11:14:38 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #82 on: May 27, 2011, 10:48:37 PM »
Not detected:
VT scan: http://www.virustotal.com/url-scan/report.html?id=2a37a186624613ebfc6eae65b4c50e14-1306520738
VT analysis: http://www.virustotal.com/file-scan/report.html?id=5cfb502b24551e7755dccc39441ea316291a5071936f496e618433b5d1d5f90f-1306528482
SOSWebscan: Main URL: -http://baner-itaddress.tk/scanner15/?afid=156 is suspicious.
See: http://wepawet.iseclab.org/view.php?hash=2a37a186624613ebfc6eae65b4c50e14&t=1306528646&type=js
Fake App Attack: Misleading Application Suspicious Notification, see:
http://www.urlvoid.com/scan/baner-itaddress.tk (dangerous)

Sent to virus AT avast dot com

polonus
« Last Edit: May 27, 2011, 10:53:22 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #83 on: May 31, 2011, 06:58:08 PM »
Another Fake-AV redirect, see attached image of the wepawet scan.
Not detected by VT, flagged here: http://safeweb.norton.com/report/show?name=eikona.info
abuse at godaddy.com 184.168.204.1 (rogue campaign since mid January of this year)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Another fake-av site detected..
« Reply #84 on: May 31, 2011, 07:09:51 PM »
something must be removed as i get no redirect to FakeAV scan with opera/IE8

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #85 on: May 31, 2011, 10:46:37 PM »
Hi Pondus,

Maybe that is why the SOSWebScan came up clean, also this: http://www.google.com/safebrowsing/diagnostic?site=eikona.info
or the download went nowhere?

polonus

But what about the eval div_ hack?

D

« Last Edit: May 31, 2011, 10:52:06 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Coolmario88

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
  • Bronies make the web go round
Re: Another fake-av site detected..
« Reply #86 on: May 31, 2011, 11:09:26 PM »
Avast! Blocks the installer of SystemTool but not the website.
hxxp://systemtoolonline.com/  <--- SystemTool (Avast Detects the Installer as Win32:MalOb-EJ(Cryp)
OS: Windows 11 64-bit
Webbrowser: Mozilla Firefox
PC Specs: Intel i5-12400f, Nvidia RTX 3050, 16gb ram, 1.5TB SSD(s).

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #87 on: May 31, 2011, 11:25:47 PM »
Hi Coolmario88cp,

This concerns a rogue TREND MICRO antivirus site. Presumably malicious,

polonus
« Last Edit: May 31, 2011, 11:42:34 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Another fake-av site detected..
« Reply #88 on: June 04, 2011, 11:15:53 PM »
Fake AV not detected

FastAntivirus2011.exe
http://www.virustotal.com/file-scan/report.html?id=e4c877b4d86b15f3d74bd974cb1abe8d057fb9721bfa34eb146f7bcf7e5fb4d7-1307221293

Detected by Malwarebytes - Trojan.FakeAlert
Not detected by Superantispyware

will be in avast! and SAS inbox soon   ;)
« Last Edit: June 04, 2011, 11:22:11 PM by Pondus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Another fake-av site detected..
« Reply #89 on: June 05, 2011, 12:00:27 AM »
one more

test_severyan_sdhkjwg.exe
http://www.virustotal.com/file-scan/report.html?id=3ef9d4551d97fc72384e53d2b3741c74e44b547ca924be9f57fd1220bf8c8b33-1307223768

Detected by Malwarebytes - Trojan.FakeAlert
Not detected by Superantispyware