E-Set Antivirus 2011 uses some graphics to mislead users (AVG Logo and some other stuff in the rogue website).
This rogue is from the same family as Antivirus 8.
Previous Family skin was: Fake AVG Anti-Virus, Antivirus GT, Antivirus 7, Antivir 2010
According to VirusTotal this file is full undetect: http://www.virustotal.com/file-scan/report.html?id=17ff6c426e58e53a9436c05d187b6bb3ad46640fe2e5f337118592a62fbf7192-1300308889
E-Set Antivirus 2011 detects and display fake infections to scare users pushing them into buying a license, This rogue hijacks Internet Explorer, Firefox, Opera, Google Chrome and Safari via Image File Execution Options and display "Internet Explorer Emergency Mode"
He steals AVG logo and interface, rips off ESET's name AND copies Norton and Panda (and probably BitDefender as well) to fill the web site.
Website:
Once registered, applications are not blocked anymore.
Serial for register the rogue (and help removal): ABC12-DEF34-GHI56-JKL789
If your PC is infected with the E-Set Antivirus 2011 use MBAM to remove the infection.
First key "=" is a launch protection and "<" mean the rogue is registered, another key defind also if we active the "Internet Explorer Emergency Mode" or if we deactive it but i was bored to search in the junk for find the good one.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\A88B44]
"fhgbcglanhmbignajg"="<"
"chacffld"="="
badboy:
Anti-analyzes (and just a tiny part):
The original binary "setup.exe" make a copy of himself in \%systemroot%\System32 with the name "msiexecs.exe"
No comments:
Post a Comment