Rogue AV "Antivira AV"

Discussion in 'malware problems & news' started by Franklin, Feb 9, 2011.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    bqmsmowsika.exe - 4/43 - MD5 : d4b2a37845f6b86bc74a72fc8811c068

    A new exe killing Rogue from the Antivirus Soft family.

    I've noticed that if the Windows Instrumentation service isn't running and disabled this rogue family is a toothless tiger and can't kill any exes.

    Renaming mbam.exe to explorer.exe allows a quick scan with Malwarebytes to run fully.

    Bleeping Removal Guide

    AV.JPG
     
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Hahaahha, at least they missed the GUI part this time :rolleyes:
     
  3. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    "Protecting every second"


    Oh, okay thanks. Please stop me from aging then, if you can protect time. :p
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Ran a new sample of this rogue and renaming mbam.exe to explorer.exe isn't working in it being denied execution by the rogue.

    Renaming mbam.exe to firefox.exe gets a scan up and running.
     
Loading...
Thread Status:
Not open for further replies.