Jump to content

Malwarebytes

MS Antivirus 2008

Started by Jaxryley, Aug 21 2008 11:03 AM

14 replies to this topic

#1
Jaxryley
Posted 21 August 2008 - 11:03 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
Clone of XP Antivirus 2008 maybe?

Quote

MS Antivirus 2008 an award-winning spyware removal utility will help you fighting all kinds of spyware and adware including keyloggers, trojan horses, password thieves and on.
hxxp://msantivirusxp.com/

#2
nosirrah
Posted 21 August 2008 - 01:39 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
http://xpertantivirus.com/ <- Another new one from the same IP range , and its live .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
JeanInMontana
Posted 21 August 2008 - 02:18 PM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

Quote

Registrar: ESTDOMAINS, INC.
Status: clientTransferProhibited
Dates: Created 20-aug-2008 Updated 20-aug-2008 Expires 20-aug-2009
DNS Servers: NS1.MSANTIVIRUSXP.COM NS2.MSANTIVIRUSXP.COM

I was referred to whois.estdomains.com; I'm looking it up there.


Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: MSANTIVIRUSXP.COM

Registrant:
Sawert Alliance ltd.
Peltonen Martti **********@gmail.com)
Jeledoroznaya str. 14
Volovoso
Leningradskaya oblast,188410
RU
Tel. +7.9218901266

Creation Date: 20-Aug-2008
Expiration Date: 20-Aug-2009

Domain servers in listed order:
ns2.msantivirusxp.com
ns1.msantivirusxp.com


Administrative Contact:
Sawert Alliance ltd.
Peltonen Martti **********@gmail.com)
Jeledoroznaya str. 14
Volovoso
Leningradskaya oblast,188410
RU
Tel. +7.9218901266

Technical Contact:
Sawert Alliance ltd.
Peltonen Martti **********@gmail.com)
Jeledoroznaya str. 14
Volovoso
Leningradskaya oblast,188410
RU
Tel. +7.9218901266

Billing Contact:
Sawert Alliance ltd.
Peltonen Martti **********@gmail.com)
Jeledoroznaya str. 14
Volovoso
Leningradskaya oblast,188410
RU
Tel. +7.9218901266

Status:ACTIVE

If EST is involved no question it's bad.

#4
CleanThe.net
Posted 21 August 2008 - 02:59 PM

    New Member

  • Members
  • Pip
  • 5 posts
hxxp://cleanthe.net/2008/08/21/xpert-antiv...us-application/ and hxxp://cleanthe.net/2008/08/21/ms-antiviru...fake-antivirus/

#5
JeanInMontana
Posted 21 August 2008 - 05:55 PM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

View PostCleanThe.net, on Aug 21 2008, 08:59 AM, said:

hp://cleanthe.net/2008/08/21/xpert-antiv...us-application/ and hp://cleanthe.net/2008/08/21/ms-antiviru...fake-antivirus/


I really hope your not trying to say you had this out first. Borderline spam IMO. Everyone of your posts is a link back to your site, after the rogue has been identified and posted here. I think it needs to stop.

Edited by JeanInMontana, 21 August 2008 - 06:01 PM.
break the spammy links

#6
Guest_remixed_*
Posted 21 August 2008 - 09:03 PM

  • Guests
Sharing Nameservers
anvimaster.com
malware-alarm.com
malwarealarm.com
malwscan.com
pwrantivirus.com
shredder-scan.com
shredderscan.com
softtraf.com
softtrafik.com
spyshredder-scanner.com

#7
nosirrah
Posted 21 August 2008 - 11:31 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA

View PostJaxryley, on Aug 21 2008, 07:03 AM, said:

Clone of XP Antivirus 2008 maybe?

hxxp://msantivirusxp.com/

http://www.malwarebytes.org/malwarenet.php...gue.MSAntivirus

^^It has already started hitting in the wild^^
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8
Burak
Posted 03 September 2008 - 12:06 PM

    New Member

  • Members
  • Pip
  • 31 posts
  • Gender:Male
These registry entries and files Not removed by MBAM

O4 - HKLM\..\Run: [\VIE6D.exe] C:\Windows\System32\VIE6D.exe
O4 - HKLM\..\Run: [\VIE71.exe] C:\Windows\System32\VIE71.exe
O4 - HKLM\..\Run: [\VIE72.exe] C:\Windows\System32\VIE72.exe
O4 - HKLM\..\Run: [\VIE73.exe] C:\Windows\System32\VIE73.exe
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe

#9
Raid
Posted 03 September 2008 - 09:58 PM

    Malware Researcher

  • Experts
  • PipPipPipPipPipPip
  • 1,549 posts
  • Gender:Male
  • Location:United States

View PostBurak, on Sep 3 2008, 08:06 AM, said:

These registry entries and files Not removed by MBAM

O4 - HKLM\..\Run: [\VIE6D.exe] C:\Windows\System32\VIE6D.exe
O4 - HKLM\..\Run: [\VIE71.exe] C:\Windows\System32\VIE71.exe
O4 - HKLM\..\Run: [\VIE72.exe] C:\Windows\System32\VIE72.exe
O4 - HKLM\..\Run: [\VIE73.exe] C:\Windows\System32\VIE73.exe
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe

If you still have these files, mind zipping them up into a file called.. checkthese1.zip and uploading them to

uploads.malwarebytes.org

#10
nosirrah
Posted 04 September 2008 - 12:11 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA

View PostBurak, on Sep 3 2008, 08:06 AM, said:

These registry entries and files Not removed by MBAM

O4 - HKLM\..\Run: [\VIE6D.exe] C:\Windows\System32\VIE6D.exe
O4 - HKLM\..\Run: [\VIE71.exe] C:\Windows\System32\VIE71.exe
O4 - HKLM\..\Run: [\VIE72.exe] C:\Windows\System32\VIE72.exe
O4 - HKLM\..\Run: [\VIE73.exe] C:\Windows\System32\VIE73.exe
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe


All of these are fully detected , please update MBAM , run a quick scan and post a log please , something is wrong here .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11
Marty111
Posted 04 September 2008 - 01:37 AM

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:United kingdom
  • Interests:computers,games,ipod,ps3,tv
sites reported to estdomains ( lets seebif what they say about taking these sites down is true)
Helping take rogue sites down since 2004

#12
JeanInMontana
Posted 04 September 2008 - 08:29 PM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

View PostMarty111, on Sep 3 2008, 07:37 PM, said:

sites reported to estdomains ( lets seebif what they say about taking these sites down is true)

:angry: EST is the leader in hosting malware, I wouldn't hold your breath.

#13
tommydunn
Posted 07 September 2008 - 09:22 PM

    New Member

  • Members
  • Pip
  • 1 posts
Hi there folks. I'm not new to the forum scene but is there some help here? Have recently installed this MS Antivirus 2008 on one of my other computers and need some specifics on how to use this program to get rid of it. The stationary MS Antivirus screen cannot be moved or minimized and the popups keep-a-comin'. Anything I have started is subordinate to the stationary screen and cannot be correctly run. Can I run Malwarebytes Anti-Malware on a network? Or possibly in safe mode. If this is not the proper thread to post this in please advise. TIA for your help ;)

Tom

#14
estMate
Posted 08 September 2008 - 12:09 PM

    New Member

  • Members
  • Pip
  • 15 posts
One of the domains isn't registered with us: http://whois.domaint.../anvimaster.com
All the other domains are now suspended, but it would've been done earlier if you had filled in a support ticket at https://support.estdomains.com

#15
JeanInMontana
Posted 08 September 2008 - 10:34 PM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

View Posttommydunn, on Sep 7 2008, 03:22 PM, said:

Hi there folks. I'm not new to the forum scene but is there some help here? Have recently installed this MS Antivirus 2008 on one of my other computers and need some specifics on how to use this program to get rid of it. The stationary MS Antivirus screen cannot be moved or minimized and the popups keep-a-comin'. Anything I have started is subordinate to the stationary screen and cannot be correctly run. Can I run Malwarebytes Anti-Malware on a network? Or possibly in safe mode. If this is not the proper thread to post this in please advise. TIA for your help :unsure:

Tom


Hi there your in the wrong forum for help with your problem. Cruise over here follow the instructions and start your own topic in that forum.
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us