19 replies to this topic

[RubbeR DuckY]

Listed by SpywareWarrior.

AVSystemCare.com (necessary purchase). Can't find a download, perhaps someone else can?

[nosirrah]

I will take a look for it . Have you seen the other crap on their server :

http://Adioserrores.com
http://Allertaminacce.com
http://Alltiettantivirus.com
http://Antivirusaskeladd.com
http://Antivirusordi.com
http://Antiviruspcpakke.com
http://Antiviruspcsuite.com
http://Antiviruspertutti.com
http://Antivirusscherm.com
http://Avsystemcare.com
http://Bedreigingsmonitoor.com
http://Beschermingstool.com
http://Besutohogo.com
http://Bogyotsuru.com
http://Bortmedvirus.com
http://Bugdokter.com
http://Bugsdestroyer.com
http://Discerrorfree.com
http://Discosemerros.com
http://Discosenzaerrori.com
http://Discosinerrores.com
http://Diskfejlfri.com
http://Disqudurprotection.com
http://Dokterfix.com
http://Doraibuhogo.com
http://Drivedefender.com
http://Driveproteccion.com
http://Errclean.com
http://Erro-out.com
http://Errorfri.com
http://Errorout.com
http://Errorskydd.com
http://Errorsoshi.com
http://Fehlerbeseitiger.com
http://Fejlrenser.com
http://Harddiskvakt.com
http://Konsekieraser.com
http://Libresystem.com
http://Maximumantivirus.com
http://Meinbesterschutz.com
http://Mijnantivirus.com
http://Moncontenuassistant.com
http://Nadadevirus.com
http://Nettordinateur.com
http://Norwayvirus.com
http://Nowayvirus.com
http://Offshoresystems.net
http://Pc-prot.com
http://Pcbeskyttelse.com
http://Pcprivacytool.com
http://Pcsegura.com
http://Pcsikkerhed.com
http://Pcvirusless.com
http://Plattefehlerfrei.com
http://Proteccionconfiable.com
http://Protectingtool.com
http://Protejaseudrive.com
http://Protejasudrive.com
http://Protezionesoft.com
http://Regbotemedel.com
http://Regrensere.com
http://Rejishufuku.com
http://Schijfhersteller.com
http://Schutztool.com
http://Semerros.com
http://Senzaerrori.com
http://Sikkerpcvaerktoj.com
http://Sistemaimune.com
http://Skyddsverktyg.com
http://Sletingenvirus.com
http://Softgrand.com
http://Softwarelocus.com
http://Solutionreg.com
http://Spacesafed.com
http://Spychasseur.com
http://Spyschutz.com
http://Spywarealaram.com
http://Spywarecapture.com
http://Ssolsoftware.com
http://Stoltbeskyttelse.com
http://Supashuri.com
http://Sysdepannage.com
http://Syskontroller.com
http://Syslibero.com
http://Systemordnare.com
http://Techtrollsoftware.com
http://Totalsicher.com
http://Tryggdator.com
http://Vacinatotal.com
http://Vaskredskap.com
http://Virenfrierpc.com
http://Virusdeteccion.com
http://Virusdifesa.com
http://Viruseffaceur.com
http://Virusforsvar.com
http://Virusfrittsystem.com
http://Virusgarde.com
http://Virusschlacht.com
http://Virusstopper.net
http://Virusuwadame.com
http://Virusvakt.com
http://Virusvanguard.com
http://Wegvonviren.com
http://Zebraantivirus.com

[nosirrah]

I can't even find a pretend crack for this . Nothing on rapidshare either . These dirt bags don't seem to be affiliated with the usual dirt bags .

[JeanInMontana]

nosirrah, on Apr 23 2007, 09:56 PM, said:

I can't even find a pretend crack for this . Nothing on rapidshare either . These dirt bags don't seem to be affiliated with the usual dirt bags .

LMAO Independent rogues? Thought I had a DL link but you have to buy before you try I guess.

Edited by JeanInMontana, 24 April 2007 - 03:55 PM.
remove useless link

[Neil916]

A customer of mine just reported being urged to buy Antiviruspcsuite from the Antiviruspcsuite.com website via a pop-up ad on her computer that wouldn't go away. She was charged $50 for it. This was around April 26, 2007. It sounds like a rogue program, but all I was able to google was a bunch of supposed "cracks" for this program, and this thread.

[JeanInMontana]

If she is being targeted by Popups it is adware. How did they charge her? Did she agree to buy the program? Or was her PC totally hacked and her credit card info somehow used?

[Neil916]

JeanInMontana, on May 2 2007, 05:00 PM, said:

If she is being targeted by Popups it is adware. How did they charge her? Did she agree to buy the program? Or was her PC totally hacked and her credit card info somehow used?

She agreed to buy the program based upon the recommendations of the popup ad and provided her credit card information.

[JeanInMontana]

She must have been infected with some sort of adware though to get the popups. Do you do PC work is that how she is you customer? If you can give us any kind of proof they infected her it would be great.

[Neil916]

JeanInMontana, on May 2 2007, 05:11 PM, said:

She must have been infected with some sort of adware though to get the popups. Do you do PC work is that how she is you customer? If you can give us any kind of proof they infected her it would be great.

Yes, presumably she was already infected, and knew it, so she thought this would fix her problems. As of today, the computer won't even get into Windows any more (leading to her calling us), so I am assuming it's a pretty significant infestation. I run a computer repair center and she contacted me via the yellow pages to arrange service. (she was not previously a customer of ours). We will be picking up the system from her tomorrow morning.

[JeanInMontana]

Wow, please keep us posted on your findings.

[MysteryFCM]

Neil916, on May 3 2007, 01:17 AM, said:

Yes, presumably she was already infected, and knew it, so she thought this would fix her problems. As of today, the computer won't even get into Windows any more (leading to her calling us), so I am assuming it's a pretty significant infestation. I run a computer repair center and she contacted me via the yellow pages to arrange service. (she was not previously a customer of ours). We will be picking up the system from her tomorrow morning.

If you've not wiped the system yet;

1. If you can get into Safe Mode, grab a HiJack This, Gmer and AVGAS logs

2. If you can not get into Safe Mode, can you boot up the machine with a Linux Live CD and grab both a directory listing, and a copy of the machines registry for us?

As far as her paying for the program, I'd strongly advise telling her to get in touch with her CC company and file a dispute/cancel the payment .... SHE WAS SCAMMED!

[nosirrah]

There is also a way to do a parallel XP install into a second windows folder that will preserve all evidence and make recovering the corrupted registry easy .

[SwampDiner]

Closed for organization.

[nosirrah]

hxxp://avsystemcare.com/data/?450801071357510a5501&mpt=1181125634&gai=swg_av&gli=3948&gff=pp_1084837492&ax=4&wqbp=7484-46197-7784-0

The download on this pages works .

[nosirrah]

/data/?450801071357510a5501&mpt=1181125634&gai=swg_av&gli=3948&gff=pp_1084837492&ax=4&wqbp=7484-46197-7784-0

Add this to any of the sites I got off of their server (that are live) and it should pop up a downloader .

[nosirrah]

STATUS: FINISHEDComplete scanning result of "installer.exe", received in VirusTotal at 06.06.2007, 14:00:35 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.05.2007 no virus found
AntiVir 7.4.0.32 06.06.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.06.2007 no virus found
AVG 7.5.0.467 06.05.2007 no virus found
BitDefender 7.2 06.06.2007 no virus found
CAT-QuickHeal 9.00 06.05.2007 no virus found
ClamAV devel-20070416 06.06.2007 no virus found
DrWeb 4.33 06.06.2007 no virus found
eSafe 7.0.15.0 06.05.2007 no virus found
eTrust-Vet 30.7.3696 06.06.2007 no virus found
Ewido 4.0 06.06.2007 no virus found
FileAdvisor 1 06.06.2007 no virus found
Fortinet 2.85.0.0 06.06.2007 no virus found
F-Prot 4.3.2.48 06.05.2007 no virus found
F-Secure 6.70.13030.0 06.05.2007 no virus found
Ikarus T3.1.1.8 06.06.2007 no virus found
Kaspersky 4.0.2.24 06.06.2007 no virus found
McAfee 5046 06.05.2007 no virus found
Microsoft 1.2503 06.06.2007 no virus found
NOD32v2 2312 06.06.2007 no virus found
Norman 5.80.02 06.05.2007 no virus found
Panda 9.0.0.4 06.06.2007 no virus found
Prevx1 V2 06.06.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 06.04.2007 no virus found
Symantec 10 06.06.2007 no virus found
TheHacker 6.1.6.129 06.04.2007 no virus found
VBA32 3.12.0 06.06.2007 suspected of Downloader.Agent.1
VirusBuster 4.3.23:9 06.05.2007 no virus found
Webwasher-Gateway 6.0.1 06.06.2007 no virus found


Aditional Information
File size: 152064 bytes
MD5: 15372f09dd1b7c9786bcaf6883fb26b3
SHA1: 7e0f48451bd8253b22aa7fda9629433577d56279

Not good so far .

[nosirrah]

@ambercromby

I moved your post the the correct forum .

http://www.malwarebytes.org/forums/index.php?showtopic=1704

@ fellow mods

Feel free to delete this post once ambercromby has responded to the moved post .

[RubbeR DuckY]

We are working on a fix for AVSystemCare and should have one by tomorrow morning.

[JeanInMontana]

I gave this one enough to keep them busy till the fix is done......they have plenty to fix.

[SwampDiner]

Added 135.