Rogue ... antivirus 2009

Thanks aigle. Maybe it would have been a user friendly app if it wasn't a rogue

 

Hmmm... it,s stiull friendly.

 

Thanks for testing aigle. I didn't expected GesWall to fail.
Different GUI, different name, same old rogue....

 

Now that you mentioned it yes confirmed.Same experience wth sandboxie.

 

You very well may be correct. I get this with Java applet,when I close java sits in tray and when I move pointer over its gone.

 

And On that note, I can see why people fall for it the pretty eye candy.

 

This has been a nice discussion with everyone voicing their observations of this particular piece of malware. I have been pretty busy lately and had no time to play with it anymore myself. Thanks for all the input

 

Tried with HauteSecure. It blocks most of these link by its black list..... Strangely real time protection of HAuteSecure works even with Opera.

 

Superantispyware Pro real time blocks the executable now.

 

aigle, thanks again for all your tests, they really are appreciated. It might be worth you keeping an eye on the RSS feed that follows - http://www.hosts-file.net/rss.asp

 

intersting. i could not get this rogue to install through Defensewall.

http://pix.nofrag.com/0/c/0/adb22ec5ece1ea186a5758121c283.jpg

i'm jealous! i am trying to decide if i want to run this with just Returnil to observe how my other security measures kick-in or not.


Mike

 

Jealous? LOL It just proves that DefenseWall is one of the best, if not the best, at protecting you. I bet Returnil works too. Lots of bad stuff out there, although this antivirus 2008 or 2009 is more of a nuisance. There's lots of good security out there too. geswall, Returnil, Sandboxie are a few of the good ones.

 

For those who are interested,

To satisfy my curiosity, I personally tested this malware sample against DefenseWall(DW). Fortunately, whether I let the program run it's full course or terminate it's process earlier in the sequence, DW successfully blocks and contains it. Before rolling back and deleting the associated malicious files and registry entries, I created two logs for one to review as proof. Keep in mind that these logs were taken when I allowed the program to run it's full course.


Peace & Gratitude,

CogitoErgoSum

 

Thanks Mapson!