9 replies to this topic

[master131]

I am pretty sure that these websites contain(s) (a) rogue product(s).

LINK:
hxxp://antivirus-live-pro.com/
hxxp://www.Antivirus-Live-Pro.org/antivirus.html

I'm not sure if both of the links are similar but they both seem dangerous to me.
It has fake awards on the site. I checked on softonic (because it claims they softonic rated it excellent) and the software was't on the site.

According to McAfee SiteAdvisor, it has 3 files hosted on it all named Setup.exe
1 of them are safe while the other 2 are detected as Generic PUP.z and Generic PUP.x

More details
Here: http://www.siteadvis...us-live-pro.com
Here: http://www.siteadvisor.com/sites/antivirus...loads/18792768/
Here: http://www.siteadvisor.com/sites/antivirus...loads/18440572/
Here: http://www.siteadvisor.com/sites/antivirus...loads/21071771/

[Maniac]

Thank you master131!

At this moment, only Ikarus detected Antivirus Live Pro:
http://virusscan.jotti.org/en/scanresult/c...14a06d707a40fb7

I send this rogue to 30 antivirus labs through Malwaredatabase.

[Fatdcuk]

Hi i will load up and review software shortly and let you know whether it makes listing etc

[Fatdcuk]

Hi just to feed back the installed software at thoes links is "AntiVirusPro",it has been listed in our DB for unloading as rogue since the first week in June09.

Other clones from the same rogue marketing gang >>>
http://siri-urz.blogspot.com/2009/06/digiw...orp-rogues.html

Protect module would block the install of this rogue for our Pro User's and free version will rip it off a machine where its is installed

Malwarebytes' Anti-Malware 1.40
Database version: 2510
Windows 5.1.2600 Service Pack 2

27/07/2009 13:44:46
mbam-log-2009-07-27 (13-44-46).txt

Scan type: Quick Scan
Objects scanned: 69666
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13

Memory Processes Infected:
C:\Program Files\AntiVirus_Pro\AntiVirus_Pro.exe (Rogue.AntiVirusPro) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\AntiVirus_Pro\EngineAP.dll (Rogue.AntiVirusPro) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AntiVirus_ProNE (Rogue.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antivirus pro_is1 (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus_pronet (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus_Pro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\definitions (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\0wn3r\Local Settings\Temporary Internet Files\Content.IE5\186G8FJW\Setup[1].exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus_Pro\AntiVirus_Pro.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus_Pro\Uninstall AntiVirus_Pro.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\AntiVirus_Pro.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\Cl.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\EngineAP.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\ScheduleAP.txt (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\Task.dat (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\unins000.dat (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\unins000.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus_Pro\definitions\200812.cab (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\0wn3r\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus_Pro.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AntiVirus_Pro.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

[Eriic]

Wow, and do you know what I found while streaming Youtube? Google ads endorsing this website in one of my videos that I was watching saying it's fast, easy and SAFE.

[mountaintree16]

Wait, are you talking about Malwarebytes or Antivirus Live Pro?

Eriic, on Aug 19 2009, 04:42 PM, said:

Wow, and do you know what I found while streaming Youtube? Google ads endorsing this website in one of my videos that I was watching saying it's fast, easy and SAFE.

[Eriic]

mountaintree16, on Aug 20 2009, 12:40 AM, said:

Wait, are you talking about Malwarebytes or Antivirus Live Pro?

It was Antivirus Live Pro.

[mountaintree16]

@ Eriic

Well of course its going to say that

They want you to download the malware onto your system.

Did you download it?

Did you read Fatdcuk's post here?:
http://www.malwarebytes.org/forums/index.p...st&p=103049

[Eriic]

Nope, I was just saying how ridiculous that Google doesn't even check its ads. I mean, I saw the ad in a Youtube video and I almost clicked it by accident. Lol, that's all.

[mountaintree16]

Ohhh, okay, I understand now

Sorry that I misunderstood you before!

I agree, and I am sure that you'll find many others here agree as well; Google really has work to do with its advertisements!!

I almost clicked on an ad before too I think a while back, but I didn't thankfully!

Eriic, on Aug 20 2009, 06:20 PM, said:

Nope, I was just saying how ridiculous that Google doesn't even check its ads. I mean, I saw the ad in a Youtube video and I almost clicked it by accident. Lol, that's all.