Removed: C:\WINDOWS\PRAGMAetynemqxim\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Program Files\Defense Center\defcnt.exe (FakeAV – Defense Center aka Paladin Antivirus)

June 22, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAetynemqxim\PRAGMAd.sys C:\Documents and Settings\Administrator\Local Settings\Temp\AUTMGR32.EXE C:\Program Files\Defense Center\defcnt.exe —————————————————————————————————————————- Detected by RegRun Warrior: 1. Examiner: – none – 2. RegRun Reanimator: Item Name: PRAGMAetynemqxim Author: Related File: C:\WINDOWS\PRAGMAETYNEMQXIM\PRAGMAD.SYS Type: Drivers Item Name: .exe Author: Unknown Related File: “C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AUTMGR32.EXE” /START “%1″ %* Type: Main File Extensions Item Name: Defense Center Author: Unknown Related [...]

Tags: AUTMGR32.EXE, defcnt.exe, Defense Center, Paladin Antivirus, PRAGMAD.SYS

Removed: PRAGMAd.sys, cntprot.exe, wscsvc32.exe, mscdexnt.exe (FakeAV – Protection Center aka Paladin Antivirus)

June 9, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\ad.exe Removed: C:\WINDOWS\PRAGMAmbitqfwbxt\PRAGMAd.sys C:\Program Files\Protection Center\cntprot.exe C:\Documents and Settings\Administrator\Local Settings\Temp\wscsvc32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\mscdexnt.exe —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: PRAGMAmbitqfwbxt Author: Related File: C:\WINDOWS\PRAGMAMBITQFWBXT\PRAGMAD.SYS Type: Services detected by Partizan Item Name: Protection Center Author: Unknown Related File: C:\PROGRAM FILES\PROTECTION CENTER\CNTPROT.EXE Type: Registry Run Item Name: wscsvc32.exe Author: Microsoft Corporation Related [...]

Tags: cntprot.exe, mscdexnt.exe, Paladin Antivirus, PRAGMAD.SYS, Protection Center, wscsvc32.exe

Removed: sysmon64x.exe (FakeAV – Virus Protection aka Paladin Antivirus)

April 28, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: setup.txt.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\sysmon64x.exe —————————————————————————————————————————- Detected by UnHackMe: Item Name: sysmon64x.exe Author: Microsoft Corporation Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\SYSMON64X.EXE Type: Registry Run Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.28 Trojan.Generic.KD.9034 Kaspersky 7.0.0.125 2010.04.28 Trojan-Downloader.Win32.FraudLoad.xazq Microsoft 1.5703 2010.04.28 Trojan:Win32/FakeCog NOD32 5068 2010.04.28 Win32/Adware.CoreguardAntivirus —————————————————————————————————————————- Additional [...]

Tags: Paladin Antivirus, sysmon64x.exe, Virus Protection

Removed: ..\Digital Protection\digext.dll, ..\Local Settings\Temp\davclnt.exe, ..\Digital Protection\digprot.exe (Fake AV – Digital Protection aka Paladin Antivirus)

April 13, 2010 by NightWatcher · 1 Comment
Filed under: FakeAV 

Malware: C:\sand-box\ be0e191c4124f43fc44575747c295299.exe —————————————————————————————————————————- Removed: C:\Program Files\Digital Protection\digext.dll C:\Documents and Settings\Administrator\ Local Settings\Temp\davclnt.exe C:\Program Files\Digital Protection\digprot.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.12 Gen:Variant.TDss.2 Kaspersky 7.0.0.125 2010.04.12 – McAfee 5.400.0.1158 2010.04.12 DNSChanger.bf Microsoft 1.5605 2010.04.12 Trojan:Win32/FakeCog NOD32 5022 2010.04.12 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 260096 bytes MD5 : [...]

Tags: davclnt.exe, digext.dll, Digital Protection, digprot.exe, Paladin Antivirus, SimpleShlExt

Removed: ..\Your Protection\urpext.dll, ..\Local Settings\Temp\dbnetlib.exe ..\Your Protection\urpprot.exe, _VOIDd.sys (FakeAV – Your Protection aka Paladin Antivirus)

April 12, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\adobeflashplayerv10.0.45.2.exe —————————————————————————————————————————- Removed: C:\Program Files\Your Protection\urpext.dll C:\Documents and Settings\Administrator\ Local Settings\Temp\dbnetlib.exe C:\Program Files\Your Protection\urpprot.exe C:\WINDOWS\_VOIDpspesecxvd\_VOIDd.sys —————————————————————————————————————————- —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.31 – Kaspersky 7.0.0.125 2010.03.31 – McAfee 5936 2010.03.30 – Microsoft 1.5605 2010.03.30 – NOD32 4986 2010.03.30 – —————————————————————————————————————————- Additional information File size: 21504 bytes MD5   : ead8c61eb0cc0e387dbd4d95c99a4880 SHA1  : 2c04a6a0cf910da45e7c0e8179d4213fac4eeb8a SHA256: [...]

Tags: dbnetlib.exe, Paladin Antivirus, urpext.dll, urpprot.exe, Your Protection, _VOIDd.sys

Removed: urpext.dll, mplay32xe.exe, urpprot.exe (Fake AV – Your Protection aka Paladin Antivirus)

April 7, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\setup.exe Removed: C:\Program Files\Your Protection\urpext.dll C:\Documents and Settings\Administrator\Local Settings\Temp\mplay32xe.exe C:\Program Files\Your Protection\urpprot.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.07 – Kaspersky 7.0.0.125 2010.04.07 – Microsoft 1.5605 2010.04.07 Trojan:Win32/Rundis.gen!A NOD32 5006 2010.04.07 a variant of Win32/Kryptik.DNA —————————————————————————————————————————- Additional information File size: 258560 bytes MD5   : fea7430f242a187b56e569718ebf9044 SHA1  : 530d10948ad38319315bba943f9bb1298acb4e09 SHA256: f77bcb51fcb6bb0b64177f6f561df6d227310c716993aedc19e64cdcf93ce9a2 —————————————————————————————————————————- Installation When the [...]

Tags: mplay32xe.exe, Paladin Antivirus, urpext.dll, urpprot.exe, Your Protection

Removed: asr64_ldm.exe, _VOIDd.sys (Fake AV – Dr. Guard – old name – Paladin Antivirus)

March 8, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\yamba.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\asr64_ldm.exe C:\WINDOWS\_VOIDbvpeqvnmbc\_VOIDd.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.07 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.07 Trojan.Win32.Stuh.amjl McAfee 5912 2010.03.06 – Microsoft 1.5502 2010.03.07 – NOD32 4922 2010.03.07 Win32/TrojanDownloader.FakeAlert.AUS —————————————————————————————————————————- Additional information File size: 20992 bytes MD5 : c63cb744f5c6de056e79b14f2c6174df SHA1 : cf590e302139082cffc6cdd882ea435e00de7beb SHA256: 0b96daeb2a1b37f5cdcab6ad6335f1d65e5b8c3ade7822dc49f26d54bd4e4746 —————————————————————————————————————————- Installation When the program [...]

Tags: asr64_ldm.exe, Dr. Guard, Paladin Antivirus, _VOIDd.sys

Removed: asr64_ldm.exe

March 1, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\setup.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\asr64_ldm.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.01 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.01 Trojan-Downloader.Win32.FraudLoad.gml McAfee 5906 2010.02.28 DNSChanger.at Microsoft 1.5502 2010.02.28 Trojan:Win32/FakeCog NOD32 4903 2010.02.28 a variant of Win32/Kryptik.CQQ —————————————————————————————————————————- Additional information File size: 615424 bytes MD5 : b17fbd42afcf742fc4cb5851b9518267 SHA1 : 663e9db41e763d484919567910df635583eac17b SHA256: dade861360ac997f1ab09c16b1a826754865fde3d0e4ebc56a0bd310bd579fbe —————————————————————————————————————————- Installation When [...]

Tags: asr64_ldm.exe, Paladin Antivirus

Removed: wnzip32.exe, ihaupd32.exe, edjf.exe, _VOIDvgkodgrltu.sys

February 21, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\loaderadv562.exe Removed: C:\RECYCLER\S-1-5-21-4850036765-5161493756-503297653-1197\wnzip32.exe C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ihaupd32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\edjf.exe C:\WINDOWS\system32\drivers\_VOIDvgkodgrltu.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.19 Trojan-Downloader:W32/Agent.NNT Kaspersky 7.0.0.125 2010.02.17 – McAfee 5897 2010.02.19 – Microsoft 1.5406 2010.02.20 TrojanDownloader:Win32/Harnig NOD32 4881 2010.02.19 Win32/TrojanDownloader.Small.OOT Symantec 20091.2.0.41 2010.02.20 Suspicious.Insight —————————————————————————————————————————- Additional information File size: 20992 bytes MD5 : 782e8afe40c401d59258cf63520fc1de SHA1 [...]

Tags: edjf.exe, ihaupd32.exe, Paladin Antivirus, S-1-5-21-4850036765-5161493756-503297653-1197, taskman, wnzip32.exe, _VOIDd.sys, _VOIDvgkodgrltu.sys

Removed: pav.exe, pavext.dll, msdtctr.exe, drwatson64ex.exe

February 13, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

—————————————————————————————————————————- Malware: setupt.exe Removed: C:\Program Files\Paladin Antivirus\pav.exe C:\Program Files\Paladin Antivirus\pavext.dll C:\Documents and Settings\Administrator\Local Settings\Temp\msdtctr.exe C:\Documents and Settings\Administrator\Local Settings\Temp\drwatson64ex.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.13 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.02.13 – McAfee 5890 2010.02.12 – Microsoft 1.5406 2010.02.13 – NOD32 4863 2010.02.13 – Symantec 20091.2.0.41 2010.02.13 Suspicious.Insight —————————————————————————————————————————- Additional information File size: 790528 [...]

Tags: drwatson64ex.exe, msdtctr.exe, Paladin Antivirus, pav.exe, pavext.dll, SimpleShlExt

Removed: pav.exe, pavext.dll, ddexpshare.exe, cmmon64x.exe

February 11, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\setupt.exe Removed: C:\Program Files\Paladin Antivirus\pav.exe C:\Program Files\Paladin Antivirus\pavext.dll C:\Documents and Settings\Administrator\Local Settings\Temp\ddexpshare.exe C:\Documents and Settings\Administrator\Local Settings\Temp\cmmon64x.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.10 Trojan.FakeAV.ADU Kaspersky 7.0.0.125 2010.02.10 Trojan-Dropper.Win32.FrauDrop.anr McAfee 5887 2010.02.09 – Microsoft 1.5406 2010.02.10 – NOD32 4854 2010.02.10 – Symantec 20091.2.0.41 2010.02.10 Packed.Generic.277 —————————————————————————————————————————- Additional information File size: 790528 bytes [...]

Tags: cmmon64x.exe, ddexpshare.exe, Paladin Antivirus, pav.exe, pavext.dll, SimpleShlExt

Removed: pav.exe, pavext.dll, ddexpshare.exe, cmmon64x.exe, _VOIDbvpyapulno.sys

February 9, 2010 by NightWatcher · Leave a Comment
Filed under: FakeAV, Malware 

Malware: C:\sand-box\load.exe Removed: C:\Program Files\Paladin Antivirus\pav.exe C:\Program Files\Paladin Antivirus\pavext.dll C:\Documents and Settings\Administrator\Local Settings\Temp\ddexpshare.exe C:\Documents and Settings\Administrator\Local Settings\Temp\cmmon64x.exe C:\WINDOWS\system32\drivers\_VOIDbvpyapulno.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.02.08 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.02.08 – McAfee 5885 2010.02.07 – Microsoft 1.5406 2010.02.07 – NOD32 4846 2010.02.08 – —————————————————————————————————————————- Additional information File size: 18432 bytes MD5   : d48fdd99aabcc47b3e1d01fc0fec011a SHA1  : 31029b78efc62a25b16dc6620ad4cfb6b055813b [...]

Tags: cmmon64x.exe, ddexpshare.exe, Paladin Antivirus, pav.exe, pavext.dll, SimpleShlExt, _VOIDbvpyapulno.sys, _VOIDd.sys