sâmbătă, 22 octombrie 2022

Windows Antivirus Pro fakescanti

 Windows Antivirus pro is a Phony security software in the fakescanti family.

His interface is starting like this : 









When executed and running it start installing and decompress some trojans svchast.exe a fake svchost process while holding it start to block executables not also to make them like corrupted modifying the registry.

The error will result in this :




Not also it install an addon for IE internet Explorer while access some sites even google or yahoo the pop up is :











While Running it start to display on taskbar and windows certain errors :


























When running it extract on tmp an exe called dbinstinit and wipex.html this one it extract its file and make to display a fake security center.Any click will result in activation of this rogue









After 15 minutes of running is copying 2 htmls onhelp and sonhelp.html one of them contain your personal wallpaper and one the spyware warning when perfomed the desktop background will be :



When hijacked also display fake errors that svchost has stopped : 

Those tactics to lure the user that the pc infected by spyware and viruses and to remove the viruses and hijacked wallpaper and run properly the executables it need to be registred.

Test this threat on a vmware or virtual box.
Thanks to OpenMalware.
Filename is Windows Antivirus Pro.exe and md5 is : 3fec8b41a9564c1aa1c3dea03a2e4c97


Publicat de la Niciun comentariu:
Etichete: , , , , , ,
Abonați-vă la: Postări (Atom)