Quantcast
Channel: Malware Analysis and Removal
Browsing latest articles
Browse All 28 View Live

Windows 8 Consumer Preview - Windows Smart Partner (FakeAV) - 03.03.2012 -...

This is the new Metro UI in Windows 8 I figured I should start experimenting with Windows 8. What better way to learn Windows 8 than infecting the OS with a Fake Antivirus and then removing it? :-D I...

View Article


ZeroAccess Authors Are Now Faking Company Name: Iomega

In a previous post I mentioned that ZeroAccess authors were faking the Company name: Oak Technologies Inc. Well, they have changed who they want to disguise their malicious .dll files to the company...

View Article


Best Virus Protection (FakeAV) bundled with RLoader (Rootkit) - 03.08.2012 -...

This was performed on a virtual machine.  __________________________________________________________________________________ Looks similar to Microsoft Security Essentials, a legitimate antivirus. It...

View Article

Panda Security Creates ZeroAccess Cleaning Tool (Yorkyt.exe) - Removes Abnow...

Panda Security has created an AntiZeroAccess tool that works very well compared to others I have tested in the past. In fact, it practically removed every trace of ZeroAccess minus 2-3 dormant files....

View Article

GEMA - Germany (Ransom Trojan) - 03.29.2012 - Analysis and Removal

   Once you are infected with GEMA, you will be prompted a white screen with text that reads: "Please wait while the connection is beeing established." and then the German translation......

View Article


Gimemo - France - Gendarmerie Nationale (Ransom Trojan) - 04.01.2012 -...

__________________________________________________________________________________ HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|Load...

View Article

Tobfy - Germany (Ransom Trojan) - 04.07.2012 - Analysis and Removal

Hijacks HKCU\Software\Microsoft\Windows\CurrentVersion\Run "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "(Default)" "" "" "File not found: C:\Documents and...

View Article

WindowsSecurity (Ransom Trojan) - 04.13.2012 - Analysis and Removal

Creates this registry value: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell points to the malicious that was run. Creates a bad value under this key:...

View Article


GVU - Germany (Ransom Trojan) - 04.16.2012 - Analysis and Removal

__________________________________________________________________________________ FRST HKLM\...\Run: [5kS43ADO0bzprWo] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe [x]...

View Article


Rannoh - Canada (Ransom Trojan) - 05.04.2012 - Analysis and Removal

Figure 1.a __________________________________________________________________________________ This is very similar to Gendarmerie Nationale (French) in the sense that the bad files are practically...

View Article

ZeroAccess CLSID variant versus OTL

http://www.youtube.com/watch?v=e0th5R3PFTM

View Article

Police Nationale Francaise - France (Ransom Trojan) - 05.14.2012 - Analysis...

 __________________________________________________________________________________ Easy way to defeat: If on XP: Press F8 upon boot to get to the Windows Advanced Options Menu From the list, choose...

View Article

Gimemo Ransom - Germany - "Please wait while the connection is beeing...

This list will be maintained. I will try to organize them in chronological order ______________________________________________________________________________   flint4ytw.exe -...

View Article


Weelsof - Metropolitan Police - United Kingdom (Ransom Trojan) - 05.22.2012 -...

________________________________________________________________________________ FRST HKLM\...\Run: [voitjxghtvngqbu] C:\Documents and Settings\All Users\Application Data\jhdmxqskgvmtxilxyiwh.exe...

View Article

Live Security Platinum (FakeAV) - 06.02.2012 - Analysis and Removal

Proceeds Security Sphere 2012, Smart Protection 2012, and Smart Fortress 2012 _______________________________________________________________________________ RogueKiller ¤¤¤ Bad processes: 1 ¤¤¤ [SUSP...

View Article


ZeroAccess CLSID variant versus ComboFix

 http://www.youtube.com/watch?v=B0sY_1ZXxTU http://youtu.be/B0sY_1ZXxTU

View Article

CrapRemover - Introduction and Demonstration

CrapRemover will remove unwanted browser hijacks such as Babylon, Facemoods, Funmoods, Searchqu, iClaro and many others that I see populating forums of the anti-malware community. See the following...

View Article


Junkware Removal Tool (JRT) Released - Freeware

About Many of the infections we see on the forums and in the work environment nowadays involve a user that has an unwanted program, toolbar, or browser helper object (BHO) on their computer. Some...

View Article

Inside a laptop hard drive

View Article

File Restore - Fake.HDD - Removal

View Article

Remove stubborn files/folders with OTL

View Article


Malware Removal and PC TuneUp Guide

Hello, I'm going to provide you a free guide to perform malware removal and a basic PC tuneup on practically any PC provided that it at least boots to the Windows desktop. You may be wondering, why a...

View Article


FakeRean 2013 gets wrecked

FakeRean pwnage

View Article

Junkware Removal Tool - Module Check Testing

http://www.youtube.com/watch?v=ubG5Lq-JPb8 This was beta, current version is 4.1.4 includes Modules check for all OS ;)

View Article

MacBook Keyboard Replacement Pictures

View Article

Browsing latest articles
Browse All 28 View Live