| View previous topic :: View next topic |
| Author |
Message |
sparsha
Trooper
Joined: Nov 06, 2007
Posts: 31
Location: India
|
|
| Back to top |
|
 |
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5878
|
 Posted: Sun Dec 30, 2007 4:45 pm Post subject: |
|
|
When I visited the site it tried to send me to
| Code: | | http://surfonline.2squared01.hop.clickbank.net/?mode=download&tid=cfkj |
which is down for me.
_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.
Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
|
|
| Back to top |
|
|
brewt
SIRT Handler
Premium Member
Joined: May 29, 2007
Posts: 792
Location: USA
|
|
| Back to top |
|
|
MAPKOBKA
Lieutenant
Premium Member
Joined: Jul 04, 2007
Posts: 163
|
| Posted: Sun Dec 30, 2007 5:27 pm Post subject: |
|
|
http://www.virustotal.com/analisis/fb786f4d82aec976bfd58bb88aebd509
Attached to my post.
Setup.exe
When run, usual eula stuff....
adds itself to autostart
HKEY_USERS\user\current\Software\Microsoft\Windows\CurrentVersion\Run
Value: AntiSpywareBot
New data(Unicode null-terminated string):
"C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe" -boot (and does this every time it is launched to keep itself there)
Also drops a scheduled task into C:\windows\tasks\
And the executables are dropped into C:\program files\antispywarebot\
(launcher.exe, antispywarebot.exe, unins000.exe and others)
When run, it finds some imaginary infections
[img]http://i201.photobucket.com/albums/aa269/kaspersky_labs/bs2.jpg[/img]
And obviously, it will not let you do anything until you "register"
[img]http://i201.photobucket.com/albums/aa269/kaspersky_labs/bs1.jpg[/img]
here hxxp://www.antispywarebot.com/register.php
Plus you get the added scare popups in between.
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5878
|
| Posted: Sun Dec 30, 2007 7:36 pm Post subject: |
|
|
Kaspersky have confirmed that this file is malware.
not-a-virus:FraudTool.Win32.AntiSpyware.c (Kaspersky)
_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.
Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
|
|
| Back to top |
|
|
brewt
SIRT Handler
Premium Member
Joined: May 29, 2007
Posts: 792
Location: USA
|
|
| Back to top |
|
|
MAPKOBKA
Lieutenant
Premium Member
Joined: Jul 04, 2007
Posts: 163
|
| Posted: Mon Dec 31, 2007 7:53 pm Post subject: |
|
|
Someone from their company has replied on siteadvisor, anyone got questions for them?
"Hi, Antispywarebot has nothing to do with search-rc .org We are working to get links to our site blocked from search-rc. We did test the site and there are no trojans being used to point to the site. Based on the traffic comming from the link (none), and the fact the person who posted the complaint here (bharath, known here as "sparsha") left our company on bad terms, we are investigating the situation closely."
http://www.siteadvisor.com/sites/antispywarebot.com
_________________
Kaspersky Lab Forum Moderator
KL Cert PSP
Virusinfo.info External Specialist
Alliance of Security Analysis Professionals Member
http://malwarecrawler.com - honeypot@malwarecrawler.com
|
|
| Back to top |
|
|
brewt
SIRT Handler
Premium Member
Joined: May 29, 2007
Posts: 792
Location: USA
|
| Posted: Mon Dec 31, 2007 8:30 pm Post subject: |
|
|
what about dean's comment?
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
