Can someone of Avast folks check this out? Not detected by anyone on VT. (They bundle 200megs of .Net installers crap with it, the thing itself is just ~7MiB)
needs to be run in a VM to see what it does after a couple of hours or days. My guess is obviously yes, that’s rogue. Again, remains to find out what it does. I wouldn’t risk an install ;D We need Polonus here and also Pondus is after rogue AVs…they’ll probably see that thread. Thanks for posting that’s interesting.
well to sum it up: malicious software includes 74 trojans, 5 backdoors, 2 viruses.
Successful infection resulted in an average of 2 new processes on the target machine
yeah… ;D >>> I checked only two pages, the main one with the ads about the sites providing the download, and the main download page. Okay this said all you found is that sites providing the download are infected (including CNet), but you didn’t find anything related to this particular download, and its publisher >>> hxxp://www.preedasoftware.com and System Defend Antivirus 2010 ??? doesn’t seem easy but I’m sure that’s a rogue, no possible doubt (intuitively yes…).
With a behaviour like that, it’s beyond doubt that it’s not only useless, but definitely rogue as well. Those forced-to-be-clicked ads will point you to a malware-infested site sooner rather than later.
It’s a worthless crap and surely it may lead to drive-by-downloads for sure. I had collected few screenshot but all deleted because now I have deleted the VM. Testing this crap have spoiled my evening. >:(
why did you delete the screen shots, that’s exactly what we need ??? you could have taken them from the host system : anyway, can you describe the behavior of that crap, assuming you tested it in a VM? some say it prompts for a first system check before installing…(mentioned either on wilders or another site…)
FWIW, there are a couple of screenshots on Wilders thread. Basically, it’s a Kaspersky GUI rip-off flooded with ads, even the logo is stolen from Kaspersky. :
this I knew I saw them >>> what I meant is screen shots showing the “software” and system behavior, i.e. dialog boxes, prompts etc…anything suspicious or very obviously rogueware like.
okay >>> please post screen shots not just of the interface of the program, but first of all of suspicious behavior if any, like prompts to remove malware, system behavior change etc…
Okay, but please don’t ask me to test with any viruses…Lol.
Okay, before that let me to inform me few things that I remember
After installation I saw my security centre service has been disabled. I manually turned it on and it is not registered there.
No right click scan support.
When I clicked on a brontok worm, it warns with old Avast v4 sound “caution a virus has been detected” and showed a default windows alert box that it has blocked something.exe to copy to system32 folder.
okay, I really didn’t mean that you had to do all that all over again in my fist answer, so I won’t ask you to test any virus either ;D thanks for testing anyway I cannot do it myself since the VM software I use sometimes for Linux doesn’t support 64 bit systems, although it says it does :
Hi
I have tested it again and collected 34 screenshots. So please pardon me because it will be hard for me to attach them all one by one. I uploaded all in a zip to mediafire.
The link is
http://www.mediafire.com/?jmmwvmm2jyn
file name crap.zip
I tested it in WinXP pro 32bit OS in VMWare, 512mb RAM.
Few things I noticed.
It disabled Security centre service. May be because it doesn’t register itself to security centre.
It changed my IE homepage to Blank and also changed some security settings. May be to ease the pop-ups.
Lots of spelling mistakes and bad grammer. Bad Thai translation.
Installation guide tells to disable UAC in win7.
Installation is smooth and so is uninstallation.
After installation is pops up with a window to register with a serial auto-inserted. Unless registration you are entitled to use the program 92times after registration (no email address reqd) upto 31st dec 2014.
The progran frequently hangs and can be turned off easily with or withour taskmanager. memory usage ~64mb.
Lots of tools are there in the interface.
In my opinion it is not rogue but the crappiest AV ever seen by me. The only problem may be the pop-ups that may lead to drive-by-download.