Jump to content


Photo

http://www.antispyshield.com


  • Please log in to reply
13 replies to this topic

#1 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 11 September 2007 - 05:37 PM

http://www.antispyshield.com

This has replaced malwareburn as one of the top pushed rogues through Zlob .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 11 September 2007 - 06:02 PM

:P :) :) :)

These guys reused way to much on this one and named their rogue way to close to another . I had to add nothing to MBAM on this one , it already completely removes it .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 11 September 2007 - 07:19 PM

Man Google indexes Castlecops fast .

It took less than an hour for google to index my post as the first hit for this rogue .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 AVBMENON

AVBMENON

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male

Posted 12 September 2007 - 04:50 AM

Hey Nosirah !!

The downloaded installer doesn't seem to work, this one reminds me of malwarealarm. Did you manage to get a good installer?

regards
Ak

#5 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 12 September 2007 - 05:20 AM

No installer at this point , just a downloader . That works just fine though . The downloader on their home page connects to 69.50.167.26 and downloads the rest .

I may try a few permission tricks I know to try and trap the actual installer .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 AVBMENON

AVBMENON

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male

Posted 12 September 2007 - 05:25 AM

No installer at this point , just a downloader . That works just fine though . The downloader on their home page connects to 69.50.167.26 and downloads the rest .

I may try a few permission tricks I know to try and trap the actual installer .



But do you get any error messages on using this downloader ?

#7 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 12 September 2007 - 05:38 AM

Nope , installs just fine . I bet you have some security software in place (hosts file , firewall ...) that is giving this a no go for you .

BTW I tried again for the heck of it and it is still installs just fine .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 12 September 2007 - 05:46 AM

Could also be VM aware , if you use that .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 AVBMENON

AVBMENON

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male

Posted 12 September 2007 - 05:47 AM

Nope , installs just fine . I bet you have some security software in place (hosts file , firewall ...) that is giving this a no go for you .

BTW I tried again for the heck of it and it is still installs just fine .



All my firewalls are disabled, host file seems to not redirect/block anything either, I seem to get an error saying the downloader crashed owing to some fault.

File name: AntiSpywareShieldSetup.exe
MD5: 447abed3d2e00a8dddb6b568d768d6b8
Size: 51200


Is it the same one for you? btw thanks for taking the extra effort :P

regards
Ak

#10 AVBMENON

AVBMENON

    New Member

  • Members
  • Pip
  • 6 posts
  • Gender:Male

Posted 12 September 2007 - 05:50 AM

Could also be VM aware , if you use that .


Now thats a possibility !! If you manage to isolate the installer, let me know. thanks for that.

#11 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 12 September 2007 - 06:47 AM

I vote VM aware (any of my fellow experts want to test this , feel free) . Zlob is VM aware and this comes from Zlob so it would not be surprising .

I tried both crippling delete permissions on all temp locations and running process guard , no secondary installer could be found . The small downloader seems to be designed to make automated testing a little harder . The best I can tell the small downloader is an installer , it just grabs its data from the web instead .

@AVBMENON If you can swing the price of a low end PC it would make malware testing a lot more fun . I could not live without my test box .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 12 September 2007 - 10:11 PM

Their home page is down .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 13 September 2007 - 06:18 AM

Now its back .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 SwampDiner

SwampDiner

    True Member

  • Experts
  • PipPipPipPip
  • 419 posts
  • Location:The Internets

Posted 14 October 2007 - 08:40 PM

Added 155




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users