Rogue AV "Antivira AV"

Discussion in 'malware problems & news' started by Franklin, Feb 9, 2011.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    bqmsmowsika.exe - 4/43 - MD5 : d4b2a37845f6b86bc74a72fc8811c068

    A new exe killing Rogue from the Antivirus Soft family.

    I've noticed that if the Windows Instrumentation service isn't running and disabled this rogue family is a toothless tiger and can't kill any exes.

    Renaming mbam.exe to explorer.exe allows a quick scan with Malwarebytes to run fully.

    Bleeping Removal Guide

    AV.JPG
     
    Franklin, Feb 9, 2011
    #1
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Hahaahha, at least they missed the GUI part this time :rolleyes:
     
    Noob, Feb 9, 2011
    #2
  3. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    "Protecting every second"


    Oh, okay thanks. Please stop me from aging then, if you can protect time. :p
     
    tesk, Feb 10, 2011
    #3
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Ran a new sample of this rogue and renaming mbam.exe to explorer.exe isn't working in it being denied execution by the rogue.

    Renaming mbam.exe to firefox.exe gets a scan up and running.
     
    Franklin, Feb 10, 2011
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...