best-click-scanner.info Antivirus 2010 Rogue AntiSpyware
best-click-scanner.info, av1-click-download.info and av-click-site.info are site that distribute
Antivirus 2010 a new rogue antivirus application
Site screenshot:
hxxp://best-click-scanner.info/scan.php [67.205.75.14]
Fake Microsoft Security Warning Message:
Trojan.Mytob
Trojan.Zlob.z
Worm.Apache.x
Spyware.IEMonster.b
Zlob.PornAdvertiser.Xplisit
Trojan.InfoStealer.Banker.s
Fake messages:
| Harmful and malicious software detected. These programs may damage your computer and steal your private information. Online Security Scanner requires Antivirus 2010 components to protect your computer. Please click OK to download and install Antivirus 2010 components. |
Associated website [70.38.19.206]
av1-click-download.info
av-click-site.info
|
| Analysis: |
|
| | Site URLs: | hxxp://av1-click-download.info/install.php?campaign=&country= | | | | | | | | | | | | | | | | | File info: | AntiVirusInstaller.exe | | | | | | | | | File size | 45588 bytes | | | | MD5 | 4b28cc4e75b9f7d38725e76d05ffdea3 | | | | | | | | | | | | | | | | | ThreatExpert: | Report | | | | VirusTotal: | Report | | | | Sunbelt: | Report | | | | Prevx: | Report | | | | | | | | | First received | 03.23.2009 17:33:31 (CET)
| | | | Results | 14/39 (35.90%) | | | | | | | | | Alias: | Trojan.Win32.Tibs!IK | a-squared | | | | | HEUR/Crypted | Antivir | | | | | Trojan.DownLoad.33135 | DrWeb | | | | | Suspicious File | eSafe | | | | | Trojan.Win32.Tibs | Ikraus | | | | | Trojan-Downloader.Win32.FraudLoad.vmza | Kaspersky | | | | | Generic!Artemis | McAfee+Artemis | | | | | Heuristic.Crypted | McAfee-GW-Edition | | | | | Trojan:Win32/Tibs.IT | Microsoft | | | | | Suspicious File | Panda | | | | | Medium Risk Malware | Prevx1 | | | | | Trojan.DL.Win32.Mnless.cok | Rising | | | | | Trojan.Fakeavalert | Symantec | | | | | Cryp_FakeAV-11 | TrendMicro | |
|
| Analysis of av1-click-download.info/en/PE/svchost.exe: |
|
| | Site URLs: | hxxp://av1-click-download.info/en/PE/svchost.exe | | | | | | | | | | | | | | | | | File info: | svchost.exe | | | | | | | | | File size | 80896 Bytes | | | | MD5 | 9ce49f6f3b41260def0a53a85d95f0d3 | | | | | | | | | | | | | | | | | ThreatExpert: | Report | | | | Anubis: | Report | | | | VirusTotal: | Report - Reanalysed | | | | Sunbelt: | Malware Report for ID: 8064472 | | | | | | | | | First received | 03.24.2009 06:11:38 (CET) | | | | Results | Result: 8/38 (21.05%) | | | | | | | | | Alias: | TR/Fakealert.WW.2 | Antivir | | | | | Suspicious file | eSafe | | | | | Suspicious:W32/Malware!Gemini | F-Secure | | | | | Trojan:Win32/Tibs.IT | Microsoft | | | | | Suspicious file | Panda | | | | | AdWare.Win32.FakeAV.q | Rising | | | | | Trojan.Fakeavalert | Symantec | | | | | PAK_Generic.001 | TrendMicro | |
|
| Result when running: |
| |
Display fake BlueScreen "MALWARE.MONSTER.DX_NEW_0xA21518F0"
|
| Analysis of av1-click-download.info/en/PE/install.exe: |
|
| | Site URLs: | hxxp://av1-click-download.info/en/PE/install.exe | | | | | | | | | | | | | | | | | File info: | install.exe | | | | | | | | | File size | 45568 Bytes | | | | MD5 | e079854d56607f16fb0d5db3b724c0de | | | | | | | | | | | | | | | | | ThreatExpert: | Report | | | | Anubis: | Report | | | | VirusTotal: | Report | | | | | | | | | First received | 03.21.2009 16:00:04 (CET) | | | | Results | 12/39 (66.67%) | | | | | | | | | Alias: | W32/FakeAV.8074!tr | | | | | Trojan-Downloader.Win32.FraudLoad.vmtk | | | | | SHeur2.WXJ | | | | | TR/Crypt.XPACK.Gen | | | | | Sus/FakeAV-A | | | | | Trojan.Win32.Tibs (Sig-Id:470535) [Ikarus Virus Scanner] | |
|
| Result when running: |
| | 
|
Active attacks: LATEST ADDITIONS