Jump to content


Photo

Adware.Rogue.Windefender.C


  • This topic is locked This topic is locked
98 replies to this topic

#21 B-boy/StyLe/

B-boy/StyLe/

    FFreestyleRR

  • Experts
  • PipPipPipPipPip
  • 1,142 posts
  • Gender:Male
  • Location:Bulgaria

Posted 05 June 2009 - 01:26 PM

Hello,

thank you! but I can't access to mediafire (may be my ISP blocked this site) please could you to pack this file with password and send it to me via evloaris@gmail.com


Done.

archive password - infected

All the best,

B-boy
Posted Image
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - Posted Image

#22 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 05 June 2009 - 01:40 PM

Done.

archive password - infected

All the best,

B-boy

:huh:
try to rename this file as zip archive and open it. It contain two files - version (of part DB) and file with signatures (GUID's of malware)
How do you think - is here present threat for you security? ;) want to repeat my first question - why are you didn't ask Loaris about this problem?

#23 B-boy/StyLe/

B-boy/StyLe/

    FFreestyleRR

  • Experts
  • PipPipPipPipPip
  • 1,142 posts
  • Gender:Male
  • Location:Bulgaria

Posted 05 June 2009 - 01:53 PM

:huh:
try to rename this file as zip archive and open it. It contain two files - version (of part DB) and file with signatures (GUID's of malware)
How do you think - is here present threat for you security? ;) want to repeat my first question - why are you didn't ask Loaris about this problem?


Because i was't sure whether the problem comes from your application.

I said that this one could be fp => http://www.malwareby...p...ost&p=79547

That's all.
Posted Image
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - Posted Image

#24 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 05 June 2009 - 02:36 PM

Because i was't sure whether the problem comes from your application.

I said that this one could be fp => http://www.malwareby...p...ost&p=79547

That's all.


Look what do you did!!

http://malwareremova...trojan-remover/
http://siri-urz.blog...over-rogue.html

Am I use trojans for selling Loaris??

you killed my reputation, and killing one more competitor. my congratulations!

month ago AVG was detected Loaris as Heuristic.blabla - I wrote him and get answer during 10 minutes. After one hour the problem was solved. What about you guys? Do you really think that you so good as you writing on your site? You are using dirty strategy!

sure, you can block or remove this post. what can I do??

#25 B-boy/StyLe/

B-boy/StyLe/

    FFreestyleRR

  • Experts
  • PipPipPipPipPip
  • 1,142 posts
  • Gender:Male
  • Location:Bulgaria

Posted 05 June 2009 - 02:55 PM

Look man, my topic was opened on May 9 2009, 10:23 PM only to report this file detetced by Avira.

Your application was added on June 5, 2009.

I am sure that my topic wasn't the cause for the destiny of your product.

There are malware experts, researchers who can decide if Loaris deserve to be classified as rogue.

I am not an expert ...

I am really sorry about the entire situation.

B-boy
Posted Image
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - Posted Image

#26 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 05 June 2009 - 02:56 PM

Look man, my topic was opened on May 9 2009, 10:23 PM only to report this file detetced by Avira.

Your application was added on June 5, 2009.

I am sure that my topic wasn't the cause for the destiny of your product.

There are malware experts, researchers who can decide if Loaris deserve to be classified as rogue.

I am not an expert ...

I am really sorry about the entire situation.

B-boy


I didn't mean you. I wrote all of you guys

#27 bogames

bogames

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male
  • Location:Boston,Ma

Posted 06 June 2009 - 03:19 AM

If will be any abuse from TrendMicro - I'll remove this tool. You are from TrendMicro? not? So write them about Loaris... I tried several times - unsuccess. I don't see any problem with it!

Did you see http://support.loaris.com ? We provide free support for ALL users. Try to find whom we are not responded. We provide free trial key if users ask (and some times it is good tactic - several of this users buy license later ).


Loris,
I work for trendmicro and directly with hjt and I have not given consent at all. You are to immediately remove hjt from your software. I am very surprised you even would think this would be something that is legitimate. Did you not read the EULA? Even with hjt being a free tool it doesn’t give you the right to sublicense the tool or install on all your users computers and that is exactly what you are doing whether it be a trial or full license.

#28 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 03:58 AM

Loris,
I work for trendmicro and directly with hjt and I have not given consent at all. You are to immediately remove hjt from your software. I am very surprised you even would think this would be something that is legitimate. Did you not read the EULA? Even with hjt being a free tool it doesn’t give you the right to sublicense the tool or install on all your users computers and that is exactly what you are doing whether it be a trial or full license.


Already done.


to all: but I have not heard a response from "experts" - where is Loaris Trojan Remover is ROGUE? Because it consist HJ tool?!

#29 TeMerc

TeMerc

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 2,019 posts
  • Gender:Male
  • Location:Phx. AZ. USA
  • Interests:Formula 1 Auto Racing, Computer Security, Entertainment, Sci-Fi, SuperHeroes

Posted 06 June 2009 - 03:59 AM

I've sent a message to them via a private forum linking to this public forum.

Again, you miss my point about the bundling of HJT with your product. I never mentioned your support.

Look at the favor I did you, I got hold them real quick didn't I? All those other times you tried to get hold of them must have gotten caught in spam traps or something, right? :huh:

At least now we know there is no confusion about this.
Tom Mercado
Product Support Team Lead

Posted Image

Follow us: Twitter, Become a fan: Facebook

#30 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 04:19 AM

Look at the favor I did you, I got hold them real quick didn't I? All those other times you tried to get hold of them must have gotten caught in spam traps or something, right? :huh:

At least now we know there is no confusion about this.


in any case this is not be reason for incorrect classification!

I need only one. What would have ceased to haunt me - was removed from the database and wrote a rebuttal about mistake

#31 YoKenny1

YoKenny1

    Forum Deity

  • Honorary Members
  • PipPipPipPipPipPip
  • 1,739 posts
  • Gender:Male
  • Location:Ont. Canada
  • Interests:Using computers for learning.
    Happily retired IBMer after 31 years mainly in hardware maintenance.

Posted 06 June 2009 - 04:44 AM

Loaris, you will have to get Web of Trust (WoT) to remove the bad rating as well:
http://www.mywot.com...l.wordpress.com
http://www.mywot.com...card/loaris.com
E5200 2.5GHZ, 4GB RAM, 320GB HD, Win7 Home Premium 64-bit, avast! V6.0 Free, IE9
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3, 32-bit, avast! V6.0 Pro, Macrium Reflect
with IE8 and Chrome, hpHosts, MVPS HOSTS files, MBAM Full, OpenDNS, SpeedFan, WinPatrol PLUS

#32 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 05:07 AM

Loaris, you will have to get Web of Trust (WoT) to remove the bad rating as well:
http://www.mywot.com...l.wordpress.com
http://www.mywot.com...card/loaris.com


thank you!

And what we get as result:

one:

06/04/2009
hpHosts
Fraud, scam, phishing
Used for the distribution of "rogue" security or other such applications.

follow to link at http://hosts-file.net/?s=loaris.com from this post
and what we see? Classification: FSA from MysteryFCM

second comment:
This trojan remover contains an adware named:ADSPY/Rogue.Windefender.C.10 and is a rogue security product DO NOT INSTALL IT

I think all clear about "Rogue.Windefender.C.10"? or not?



and now going to the http://siri-urz.blogspot.com/

>>hosts-file.net
>>Thanks to MysteryFCM


see to the http://malwareremova...trojan-remover/

just copy past from siri blog.


again and again MysteryFCM! as root of the problem.
One man wrote that is fake and rogue and many others say "YES" without research. Why? Did you try to download and run Loaris? Did you research how it is working?

#33 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 07:31 AM

temerc,
look here: http://www.temerc.co...p...3&start=300

Caption is EXCELENT -- Rogues:Loaris Trojan Remover & XP Deluxe Protector [June 4]

The sourse the same: SIRI

One question: How many people will read big list of this "landfill"?
For most people new pattern will be created: Rogues:Loaris Trojan Remover & XP Deluxe Protector are from one developer or have the same functionality. Do you really guess they are similar?

#34 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 06 June 2009 - 08:11 AM

Since you've not noticed yet, I'll give you a hint.

Your program was tested by S!Ri, a well known and well respected researcher and analyst. Further to this, I did some quick research, and what did I find - your association with other crapware, courtesy of your own site;

loaris.com/download.php?trojanremover

HTTP/1.1 302 Found
Date: Thu, 04 Jun 2009 13:16:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/4.4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=d71757e64e9a29b13c22a7c5c0942a5f; path=/; domain=loaris.com
Set-Cookie: ref=deleted; expires=Wed, 04 Jun 2008 13:16:07 GMT
Set-Cookie: request=%2Fdownload.php%3Ftrojanremover; expires=Sat, 04 Jul 2009 13:16:08 GMT
location: http://88.214.197.165/download/loaristrojanremover.exe
Connection: close
Content-Type: text/html

http://hosts-file.ne...=88.214.197.165

http://hphosts.blogs...n-blackhat.html
http://cleanthe.net/...us-application/
http://www.dslreport...alware-takeover
http://www.malwareby...?showtopic=5164

Care to explain this? Coincidence? I think not.

Care to further explain the following?

http://gridinsoft.com/trojankiller.php

Whilst the UI may be different, it is indeed the same program as yours ..... up to and including, having the same F/P's

Info for other researchers, gridinsoft.com is owned by Dmitry Gridin from the Ukraine, who also owns remoteinspector.com (also valid as remote-inspector.com) and monitoringengine.com (also valid as monitoring-engine.com). All domains are hosted at 88.214.197.165.

Attached Files


Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#35 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 08:27 AM

MysteryFCM,

my hoster is lunarpages. and it has very slow chanel!
4 month ago I buy dedikated server from here http://hqhost.net/en/index.html
with 3 ips

I DON'T KNOW ABOUT WHATS HAPPEN!!!!!!!
if they sell me this IP from spyware developers I will abuse and get maneyback!!!
But I can't understand why I MUST responsible for this!

About ASPACK it is heuristic module. perhaps it is not perfect, but mistakes happen to all including you. You can check off this.
Anyway it was not proposing to remove them by default.

BTW. MBAM have signatures by folder names, so if I placed something into threat folder that files will marked as threat! And what? MBAM is fake tool?

#36 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 06 June 2009 - 08:30 AM

Re-read what I posted, then read those I linked to ......

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#37 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 09:06 AM

Re-read what I posted, then read those I linked to ......


YES IT IS СOINCIDENCE!

I'm and my friend have started developing of TrojanRemover product together. It is our business how to sell software and what name it should have. And this can't be the reason for classification this product as malware. As for Ips I mentioned before that I have purchased them a few monthes ago and didn't check them for previous usage (OK, may be this was my serious fault). But, guys! I really can't understand why do you make such investigation for my tool!!!! I am the developer. I am here and I am ready for discussion, I am ready to give answers to all your questions (and I am doing this). What concretely actions I have to do to get refutation on this site?

I asked my hosters and they says they don't care any responsibility for the previous usage of those ips. What can I do?

#38 Loaris

Loaris

    New Member

  • Members
  • Pip
  • 37 posts
  • Gender:Male

Posted 06 June 2009 - 09:23 AM

We have several guys who works with us. They each day search the internet for new malware, research them anf fill our database. Yes, the products are similar and they have the suimilar database. BUT! We never use such methods as malware use. Our software users can download from our sites ONLY. We supports our users and helps them even if they are not registered users, I mentioned this earlier. I am developer with tens years of expirience and will never use dirty methods to sell my software. I don't know how I can to affect at your decision.

Just get answer from hqhost:
"it's serious violation of our AUP: [url="http://hqhost.net/en/aup.html""]http://hqhost.net/en/aup.html"[/url]
and they propose to change ips.

#39 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 06 June 2009 - 09:24 AM

It is a coincidence that your program is identical in files, functions and F/P's, to a program you say you are not related to?

It is a coincidence that both programs, are hosted on an IP block that is known for criminal activity?

It is a coincidence that VT shows several legit anti-malware programs, detecting your program as a WinDefender variant? (yet another known rogue)

This is alot of coincidences - and I'm afraid there are far too many suspicions surrounding yourself, your site, your program, and the IP's/sites/programs it has been found to be related to.

... and all of this is without our getting into the fact you require payment via systems that are potentially infected - something NO legit company should be doing.

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#40 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 06 June 2009 - 09:26 AM

Just get answer from hqhost:
"it's serious violation of our AUP: [url="http://hqhost.net/en/aup.html""]http://hqhost.net/en/aup.html"[/url]
and they propose to change ips.


What is a "serious violation"? why did they propose changing IP's? And to what were they answering?

/edit

Oh and btw, hqhost IS "Real Internet Business Corp" ...... a little research will show you a plethora of evidence against them that documents their activity

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users