duminică, 10 noiembrie 2019

System Adware Scanner 2010 - Rogue WinWebSec

System Adware scanner 2010 is a phony rogue which his site template is steal AVG And is installed without a pop up warning.Is a clone from the rogues : Security Tool , Smart Security (Fake) , Windows Smart Security . 2009 , system security 2009 etc.
Is being installer if the user click on a warning pop up :
If we try task manager it saying the following warning :
Affected and blocked exe are taskmgr.exe and the mbam.exe
 Once we click on this warning it installs automatically the system adware scanner 2010 and spawns fake alert about spyware , infected computer etc
The interface of system adware scanner 2010 look like :
Also this pop up will recreate the payload and making them fast itself the malware.
The system adware scanner have a checking and files left from scanning the fake threats once files left 0 all files are scanned and the scan is finished
Unlike this rogueware he have also a CPU Load by his process and GUI.
CPU load from this fake antivirus.
And now after finish all infections are fake but i am still wait for new payloads 
This fake antivirus once running cannot be killed process is behave like a system idle process or access denied to kill the fake antivirus using process explorer
But one more thing is to catch all payloads and other interesting and curious.
Let's try to turn on something
But we cannot enable anything when is activated

Nothing cannot be activated but is still keep to say to activate the aliases : sysadscanner SAS

 
 Continue Unprotected so when i still try to bypass fakealerts but they are more fast right now we cannot also change settings or disable

What about crack or get a license :
 Not too far but we remember attempts and we show more payloads on a infected pc
Lame license check
More payloads i have identifies but more problems and another fake alert 
More payloads i identified but their gui are not applied as system tool and other winwebsec family of rogues
But is blocking only taskmgr.exe nothing interesting from dumb rogueware Few leaks from his html code 
 Pop up ballon messages from taskbar




 Warnings differently any click rediect to payment page.
 SAS?Update maybe is checking around this rogueware

If we try help support there is :
 Saving the report file not too far
We are gonna now to register the software no matter 6 license one year month so here is a serial list dump :

SASNL-LUMUT-AXZCU-JUA55-MANDA
SASNL-LUMUT-AXZUY-JUA51-NBAHD
SASNL-LUMUT-AXUCY-JUA44-90DSA
SASNL-LUMUT-AUZCY-JUA41-20DSA
SASNL-LUMUT-UXZCY-JUA33-YSH2A
SASNL-LUMUT-AXZCU-UHA31-8JSA3
SASNL-LUMUT-AXZUY-UHA22-7HWBA
SASNL-LUMUT-AXUCY-UHA21-1IQBW
SASNL-LUMUT-AUZCY-UHA11-5BDFW
SASNL-LUMUT-UXZCY-UHA01-4JHSQ
SASYL-L2M2T-AXZC2-2HA55-3MDWI
SASYL-L2M2T-AXZ2Y-2HA51-2NJSW
SASYL-L2M2T-AX2CY-2HA44-4NDUW
SASYL-L2M2T-A2ZCY-2HA41-6SBNO
SASYL-L2M2T-2XZCY-2HA33-92NN2
SASYL-L2M2T-AXZC2-2HA31-N27SB
SASYL-L2M2T-AXZ2Y-2HA22-9DIQ9
SASYL-L2M2T-AX2CY-2HA21-72NSB
SASYL-L2M2T-A2ZCY-2HA11-10S9Z
SASYL-L2M2T-2XZCY-2HA01-82NIS
SASYL-L1M1T-AXZC1-JHA55-01KMQ
SASYL-L1M1T-AXZ1Y-JHA51-9W9IX
SASYL-L1M1T-AX1CY-JHA44-NB92M
SASYL-L1M1T-A1ZCY-JHA41-17JS9
SASYL-L1M1T-1XZCY-JHA33-0W9JZ
SASYL-L1M1T-AXZC1-JHA31-MN38D
SASYL-L1M1T-AXZ1Y-JHA22-6DJ93
SASYL-L1M1T-AX1CY-JHA12-P92OC
SASYL-L1M1T-A1ZCY-JHA11-JD72B
SASYL-L1M1T-1XZCY-JHA01-Z1X67
Clipboard check :
 Ok Nice registration but another trick is to create a file with extension .r

 c:\Documents and Settings\All Users\Application Datak4w4x7f7\k4w4x7f7.r
This is an example of trick registration with empty file also serial keys
c:\Documents and Settings\All Users\Application Data\k4w4x7f7
c:\Documents and Settings\All Users\Application Data\k4w4x7f7\k4w4x7f7
c:\Documents and Settings\All Users\Application Data\k4w4x7f7\k4w4x7f7.exe
c:\Documents and Settings\All Users\Application Data\k4w4x7f7\k4w4x7f7.i
c:\WINDOWS\system32\drivers\k4w4x7f7.sys
This is a random character executable you have to use license key but i research this type
of rogue virus antimalware 
 Is said to reboot the pc and the process will be normal after restart
A fake clean up so nothing real i guess.
 Once registred we can enable everything full version


 License type and rogueware warranty
 Enable everything :
 Update registred?Server error maybe online server but last update still change the version
System adware scanner 2010 1.01

Attempts to crack activate rogue and more ways to be smart than rogueav .Video About System Adware Scanner 2010 Here :
                                  

DO NOT TRUST SYSTEM ADWARE SCANNER 2010 ROGUE VIRUS SO A LOT OF WAYS AND ATTEMPTS TO DEFEAT THE FAKE ANTIVIRUS.
                               Thanks to : EnigmaSoft , Emisisoft and Andrew Mickleson
                        All helps to reverse and test the sample of fakeav




1.You can remove the bogus rogue with mbam This rogue will not block the legitimate cleaner
2.The command for uninstaller is buggy
3.Remove any registry entry which is negative and caused by this program

Curious to take the sample? Here is the md5 of the file d9f4025d3ea3cb0a26dabcf6176c45c8

Niciun comentariu:

Trimiteți un comentariu