Jump to content

Malwarebytes

AntiSpywareBot

Started by JoleFindsTheRogues, Dec 20 2008 01:14 PM

9 replies to this topic

#1
JoleFindsTheRogues
Posted 20 December 2008 - 01:14 PM

    Advanced Member

  • Malware Hunters
  • PipPipPip
  • 213 posts
  • Gender:Male
  • Location:Velika Plana, Serbia. 
hxxp://antispywarebot.com/

Posted Image

#2
sho-dan
Posted 20 December 2008 - 03:32 PM

    कैंसर योद्धा

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,022 posts
  • Gender:Not Telling
  • Location:Jah Jersey Shore
ah one of the easier one to remove, MBAM flags and deletes. Thanks
http://www.malwarebytes.org/malwarenet.php....AntiSpywareBot
"Don't worry about a thing,
'Cause every little thing gonna be all right!"

#3
Jaxryley
Posted 20 December 2008 - 03:44 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
The installers are morphing all the time and MBAM isn't flagging this one.

setupxv.exe

#4
sho-dan
Posted 20 December 2008 - 08:44 PM

    कैंसर योद्धा

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,022 posts
  • Gender:Not Telling
  • Location:Jah Jersey Shore
antispywarebot/MalwareRemovalBot have same installer setupxv.exe 5.21mb
MBAM didnt flag spywarebot, nor did it install in due to testing MalwareRemovalBot which was flag awhile back. Had to disable PM to install spywarebot.

Edit:
got these 2 bot buggers mixed up. oops :)
"Don't worry about a thing,
'Cause every little thing gonna be all right!"

#5
suadnovic
Posted 21 December 2008 - 12:48 AM

    New Member

  • Members
  • Pip
  • 26 posts

View PostJoleFindsTheRogues, on Dec 20 2008, 02:14 PM, said:

hxxp://antispywarebot.com/

What is this xx in your link? Is this some error, I think it must stand http?
I really don't know differences, if it's possable to stand so.

#6
Jaxryley
Posted 21 December 2008 - 12:53 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.

View Postsuadnovic, on Dec 21 2008, 08:48 AM, said:

What is this xx in your link? Is this some error, I think it must stand http?
I really don't know differences, if it's possable to stand so.
See here which should explain it. :)

#7
suadnovic
Posted 21 December 2008 - 12:57 AM

    New Member

  • Members
  • Pip
  • 26 posts

View PostJaxryley, on Dec 21 2008, 01:53 AM, said:

See here which should explain it. :)

Thanks.

#8
Raid
Posted 21 December 2008 - 02:19 AM

    Malware Researcher

  • Experts
  • PipPipPipPipPipPip
  • 1,549 posts
  • Gender:Male
  • Location:United States

View PostJaxryley, on Dec 20 2008, 07:53 PM, said:

See here which should explain it. :)

Clarification... We already detect this right?

If not, I'll disect it..

#9
Jaxryley
Posted 21 December 2008 - 03:52 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.

View PostRaid, on Dec 21 2008, 10:19 AM, said:

Clarification... We already detect this right?

If not, I'll disect it..
Installer not being flagged here.

Quote

Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 6.0.6000

12/21/2008 12:53:42 PM
mbam-log-2008-12-21 (12-53-42).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10
sho-dan
Posted 21 December 2008 - 04:34 AM

    कैंसर योद्धा

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,022 posts
  • Gender:Not Telling
  • Location:Jah Jersey Shore
I ran Quick scan in Developers mode and rebooted, it didnt remove the installer on desktop or in Add/Remove programs. Had to manually remove them

Malwarebytes' Anti-Malware 1.31
Database version: 1526
Windows 5.1.2600 Service Pack 3

12/20/2008 2:19:05 PM
mbam-log-2008-12-20 (14-19-05).txt

Scan type: Quick Scan
Objects scanned: 48763
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 16

Memory Processes Infected:
C:\Program Files\AntispywareBot\AntispywareBot.exe (Rogue.AntiSpywareBot) -> Unloaded process successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]

Memory Modules Infected:
C:\Program Files\AntispywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Delete on reboot. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntispywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Delete on reboot. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntispywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Delete on reboot. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]

Registry Keys Infected:
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\2dda3201767c34b46a72671d26d39178 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [4054423730518072867015347985745281908866837035808513011969696620191718242324682
021672123662419232418691923692026182425]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2dda3201767c34b46a72671d26d39178 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [4054423730518072867015347985745281908866837035808513011969696620191718242324682
021672123662419232418691923692026182425]
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3857535134305180728670153479857452819088668370358085130141443858643654515138475
36454523851615248395356345138613479857484819088668370358085]

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\antispywarebot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3857535134305180728670153479857452819088668370358085130141443858644548363445644
63436414247386152483953563451386146746883808480718561567479698088846136868383707
9
85557083847480796142798485667777708361398077697083849311667985748481908866837067
8
08511]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\antispywarebot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3857535134305180728670153479857452819088668370358085130141443858644548363445644
63436414247386152483953563451386146746883808480718561567479698088846136868383707
9
85557083847480796142798485667777708361398077697083849311667985748481908866837067
8
08511]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3857535134305180728670153479857452819088668370358085130141443858643654515138475
36454523851615248395356345138614674688380848071856156747969808884613686838370798
5
5570838474807961518679933479857452819088668370358085]

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284613477770154847083846152856683850146707986614983807283667
8
84613479857452819088668370358085]
C:\Program Files\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntispywareBot on the Web.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284613477770154847083846152856683850146707986614983807283667
8
84613479857452819088668370358085]
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntispywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284613477770154847083846152856683850146707986614983807283667
8
84613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\AntispywareBot.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\AntispywareBot.url (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\DataBase.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\vistaCPtasks.xml (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Program Files\AntiSpywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761498380728366780139747
77084613479857452819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\Log\2008 Dec 20 - 02_06_29 PM_640.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\Log\2008 Dec 20 - 02_06_44 PM_125.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\Log\2008 Dec 20 - 02_07_39 PM_453.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\shogun\Application Data\AntispywareBot\Settings\ScanResults.pie (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3742513051807286701534798574528190886683703580851301362761378068867870798584016
67969015270858574797284618473807286796134818177746866857480790137668566613479857
4
84819088668370358085]
C:\Documents and Settings\All Users\Desktop\AntispywareBot.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. [3857535134305180728670153479857484819088668370130136276137806886787079858401667
96901527085857479728461347777015484708384613770847685808161347985748481908866837
0
11]
C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. [3857535134305180728670153479857452819088668370358085130136276156424737485652615
36684768461347985748481908866837035808511]
"Don't worry about a thing,
'Cause every little thing gonna be all right!"
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us