Author Topic: Another fake-av site detected..  (Read 55150 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #90 on: June 05, 2011, 12:24:01 AM »
Hi Pondus,

That is a rather new one with two detections, ViCheck.ca has it
It is a revival of malware last seen 2010-10-29 now at Portlane dot network
MD5 hash e5c2bcdaf4efec616469d1f307ac5c49
VT results then: http://www.virustotal.com/file-scan/report.html?id=ddd41cb48e8d132e081dcfa04d77369dfd2827d75cba6d14fd92f32aa819675f-1288376959
New detections from 193 dot 105 dot 134 dot 192  IP=on
ever so many versions, most recent : md5=1b3a4d15224fbc89b05accea481f1e7e
md5=158336212ed8607fd1b73921b8d7d8e9
md5=3e53b7a015b5be059393f38ca71216d7

They launch three new ones every day, see also: http://info.prevx.com/aboutprogramtext.asp?PX5=1DEFB0A300A1DC14AAB7034A9D84B5004CDB5185


polonus
« Last Edit: June 05, 2011, 12:55:13 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Another fake-av site detected..
« Reply #92 on: June 08, 2011, 09:43:10 PM »
that is our friend Freesystemscan again...he have been very active for the last weeks


 
freesystemscan.exe - 6/43
http://www.virustotal.com/file-scan/report.html?id=8e6e3ef280e00b3cff1f5117d185407d4660c20adc2345d93d8f05ccae6d1856-1307561903

Malwarebytes detect as - Rogue.FakeMSE

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Another fake-av site detected..
« Reply #93 on: June 08, 2011, 11:21:01 PM »
Hi Pondus,

Here is the ThreatExpert report for the one you mentioned: http://www.threatexpert.com/report.aspx?md5=6a98f83a7b1e05af8235d9b407fce86f

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!