Jump to content


Photo

Smart antivirus 2009


  • Please log in to reply
5 replies to this topic

#1 Burak

Burak

    New Member

  • Members
  • Pip
  • 31 posts
  • Gender:Male

Posted 04 September 2008 - 06:04 PM

hxxp://Smartantivirus2009.com
hxxp:/Smartantivirus-2009.com
hxxp:/Smart-antivirus2009.com
hxxp:/Smart-antivirus-2009.com
hxxp:/Smartantivirus2009buy.com
hxxp:/Smart-antivirus2009buy.com
hxxp:/Smart-antivirus-2009-buy.com
hxxp:/Smart-antivirus-2009buy.com
hxxp:/Smart-antivirus2009-buy.com
hxxp:/Smartantivirus-2009-buy.com
hxxp:/Smartantivirus-2009buy.com
hxxp:/Smartantivirus2009-buy.com

#2 Jaxryley

Jaxryley

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.

Posted 04 September 2008 - 06:46 PM

Smart Antivirus 1.4 and a few other sus downloads?
hxxp://advancetech.losshe.net/

Virus Total

#3 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 04 September 2008 - 07:56 PM

Malwarebytes' Anti-Malware 1.25
Database version: 1116
Windows 5.1.2600 Service Pack 1

8:55:50 PM 9/4/2008
mbam-log-2008-09-04 (20-55-48).txt

Scan type: Quick Scan
Objects scanned: 38650
Time elapsed: 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 9

Memory Processes Infected:
C:\Documents and Settings\Bruce\Desktop\MBAM\samples to test\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart antivirus-2009.exe (Rogue.Installer) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Infected (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Suspicious (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.

Files Infected:
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Desktop\MBAM\samples to test\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Local Settings\Temp\setup[1].ver1_1000.0_.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Bruce\Local Settings\Temp\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Bruce\Desktop\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\zlib.dll (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Start Menu\Programs\Smart Antivirus 2009\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.


assimilated
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 04 September 2008 - 08:09 PM

http://www.malwareby....SmartAntivirus

and it begins .....
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 Guest_remixed_*

Guest_remixed_*
  • Guests

Posted 04 September 2008 - 08:22 PM

http://www.threatexp...63-b84928ce5377
>https://support.estdomains.com<
Let's see if they pull it...
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS1.SMART-ANTIVIRUS2009.COM
Name Server: NS2.SMART-ANTIVIRUS2009.COM
Status: clientTransferProhibited
Updated Date: 30-aug-2008
Creation Date: 22-aug-2008
Expiration Date: 22-aug-2009
<ip address/hostname>
91.203.92.25
smart-antivirus2009.com
Host reachable, 75 ms. average
<net block>
91.203.92.0 - 91.203.95.255
<owner>
ISP UATelecom
EU
* For spam/abuse/security issues please contact *
* abuse@uatelecom.com.ua *
<administrative contact>
Mark Liberman
Kiev, Ukraine
phone: +380963801326
<technical contact>
UATelecom NOC manager
Voznesensk, Ukraine
<additional data>
BASTION-NET
Source: whois.ripe.net

#6 Suzi

Suzi

    New Member

  • Experts
  • Pip
  • 19 posts

Posted 05 September 2008 - 12:52 AM

The site is still live right now.

Here's all the domains on the same IP:

1. Antispyware2008b.com
2. Antivir--2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com

It looks like they area all registered with Estdomains.

The IP is currently blacklisted.
http://whois.domaint.../78.157.143.251
Suzi

Microsoft MVP Windows Security 2005 - 2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users