The Installer will look like this :
He have a license agreement and the user cannot cancel the installation.
And it takes to be installed in a minute or 3 early :
Once installed his Interface will look like this and scan is in action.
He will not drop files to be scanned as malwares so he scan only high risk cookies or temp files.
And after scan finished or cancelled stopped this warning will be applied like this :
By continue Unprotected or something we are pushed to buy this software.
Once we are cancelling or exit this program we are warning that we are in danger :
Also we are meeting the following pop ups in our taskbar
And if we close the interface or minisize will show a popup again like that
Clicking on Clean Disinfect activate and License Key will rediects to activate window.
Update This is not free but still to activate window.
The Firewall add rule option lead to a same fake alert
Anyway he still annoy the users with fake task manager a bluescreen and other malicious stuff.
He also have glitches or mistakes
No any zaxar program will try to have a update by proxy
And Desktop Security ? Is a great mistake in a clone !
And the firewall add edit and default delete rule :
This threat is disguising so fast and he install it self and files to appdata roaming and registry key folder is Antivirus Solution 2010
The filename is security.exe and the installer is 2.64 MB
Results and hashes
MD5
458f9b649dd20ae32415aa27e00e55cc
SHA-1
55951c1f7bcd526cbdc405eac34817ba152b21c0
SHA-256
62bcd987079315a69099bb743d7f123d71f8d84c43d501daa543226b40c76db7
34 / 41 found this threat AV Results.
Microsoft
VirTool:Win32/Obfuscator.JY (FakeRean Rogue)
NOD32
Kryptik.HMY
Avira
TR/FakeAV.ZI
And many more...
Once activated this software is updating and remove threats.
REMOVAL THREATS :
After disinfection no threats found and Auto protection is ON And updating database :
After update finished i got this notification
And full access to everything on this fake antivirus.
And the uninstall is free without a uninstall key but debug require.
Uninstall process will look like this :
Videos about this rogue are Here
Rogue video Review :
And Cookie Detection
Niciun comentariu:
Trimiteți un comentariu