Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro

24 Jun 2010   #11
bludgard69

MS Windows 7 Home Premium 64-bit
 
 

Can you give me an example of a share sitr?Thanks.

UPDATE:MSE seems to be holding it at bay.Restarted a couple of times and everything is cool runnings-so far.

EDIT:AV Security Suite is exactly the name of the "scanner" that came with it.


My System SpecsSystem Spec
.
24 Jun 2010   #12
Jaxryley

 
 

My System SpecsSystem Spec
24 Jun 2010   #13
bludgard69

MS Windows 7 Home Premium 64-bit
 
 

OK.
My System SpecsSystem Spec
.

24 Jun 2010   #14
bludgard69

MS Windows 7 Home Premium 64-bit
 
 

My System SpecsSystem Spec
24 Jun 2010   #15
Jaxryley

 
 

kfsuiwvtssd.exe - Result: 14/41 (34.15%
Virustotal. MD5: e86fe76999d536d68199241e8de64235 Trojan.FakeAV Trojan.Generic.KD.17354 Win32/Adware.SpywareProtect2009
Installed into a VM where MBAM is used as on demand.

After the rogue is installed mbam.exe is blocked from starting so I use opera.exe to get mbam up and running.

Updated MBAM and quick scan found and deleted this rogue which was a goner on reboot.

Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro-one.jpg

Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro-two.jpg

Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro-three.jpg

Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro-four.jpg


My System SpecsSystem Spec
24 Jun 2010   #16
bludgard69

MS Windows 7 Home Premium 64-bit
 
 

Scanning............


Quote   Quote: Originally Posted by Jaxryley View Post
kfsuiwvtssd.exe - Result: 14/41 (34.15%
Virustotal. MD5: e86fe76999d536d68199241e8de64235 Trojan.FakeAV Trojan.Generic.KD.17354 Win32/Adware.SpywareProtect2009
Installed into a VM where MBAM is used as on demand.

After the rogue is installed mbam.exe is blocked from starting so I use opera.exe to get mbam up and running.

Updated MBAM and quick scan found and deleted this rogue which was a goner on reboot.

Attachment 80681

Attachment 80683

Attachment 80684

Attachment 80685
My System SpecsSystem Spec
24 Jun 2010   #17
bludgard69

MS Windows 7 Home Premium 64-bit
 
 
WORD!

Much apreciated.
Repped.

About 15 hours of this.The main thing was getting my laptop up and running so I could get help with this.What a B****!I don't have another rig,so.........

See ya again,Jaxryley.Good Job.


Quote   Quote: Originally Posted by bludgard69 View Post
Scanning............


Quote   Quote: Originally Posted by Jaxryley View Post
kfsuiwvtssd.exe - Result: 14/41 (34.15%
Virustotal. MD5: e86fe76999d536d68199241e8de64235 Trojan.FakeAV Trojan.Generic.KD.17354 Win32/Adware.SpywareProtect2009
Installed into a VM where MBAM is used as on demand.

After the rogue is installed mbam.exe is blocked from starting so I use opera.exe to get mbam up and running.

Updated MBAM and quick scan found and deleted this rogue which was a goner on reboot.

Attachment 80681

Attachment 80683

Attachment 80684

Attachment 80685


Attached Thumbnails
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro-h.png  
My System SpecsSystem Spec
24 Jun 2010   #18
Jaxryley

 
 

Great stuff, glad you got it sorted!
My System SpecsSystem Spec
24 Jun 2010   #19
Jaxryley

 
 

I've just reran the microjoin exploit that downloads heaps including an installer for the rogue AV Security Suite and this new morphed installer goes zero day over Jottis.
ouyuerdtssd.exe - Scan finished. 0 out of 19 scanners reported malware.
ouyuerdtssd.exe - Jotti's malware scan

So in effect this one would bypass just about every major AV/AM until they get a hold of it and added to their definitions. And yes, MBAM doesn't hit this one as yet either but will within the next update or two.

When most AV's start hitting this exe the rogue authors will release a new morphed version making sure it's not detected by most.

Dunno what's up with Virus Total but seems to be playing up a bit lately?
My System SpecsSystem Spec
24 Jun 2010   #20
bludgard69

MS Windows 7 Home Premium 64-bit
 
 
Sleepy

Very interesting stuff.First time Anything has taken control of my lappy.Glad I have some support.I'll be back on later.Thing's got my eyes gritty.No monies to pay ransome fees.

See ya later!



Quote   Quote: Originally Posted by Jaxryley View Post
I've just reran the microjoin exploit that downloads heaps

including an installer for the rogue AV Security Suite and this new morphed installer goes zero day over Jottis.
ouyuerdtssd.exe - Scan finished. 0 out of 19 scanners reported malware.
ouyuerdtssd.exe - Jotti's malware scan

So in effect this one would bypass just about every major AV/AM until they get a hold of it and added to their definitions. And yes, MBAM doesn't hit this one as yet either but will within the next update or two.

When most AV's start hitting this exe the rogue authors will release a new morphed version making sure it's not detected by most.

Dunno what's up with Virus Total but seems to be playing up a bit lately?
My System SpecsSystem Spec
Reply

 Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro




Thread Tools




Similar help and support threads
Thread Forum
Trojan.Win32.Jorik.Midhos.axf
I let SuperAntivirus and then Microsoft Security essentials try and take care of the problem. I suspect something is still wrong and I am wondering if some files are missing as the computer is not behaving normally. Any ideas to find out if I am missing part of windows 7 now and if this is...
System Security
Trojan:Win32/FakeSysdef
This computer again: https://www.sevenforums.com/browsers-mail/214851-ie9-32bit-context-menu-fails-w7-pro-64bit.html Here is some of what I know about the box build. I was asked to cleanup the aftermath of this: Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about malware -...
System Security
Trojan:Win32/Comroki!rts
Downloaded and ran the Microsoft Safety Scanner and it found this. Trojan:Win32/Comroki!rts Safety Scanner removed so it says. All I found with Google besides sales pitches to buy things is this at MS. Encyclopedia entry: Trojan:Win32/Comroki - Learn more about malware - Microsoft Malware...
System Security
trojan downloader:win32/cutwail.ba HELP!
Microsoft Security Essentials discovered this trojan virus today and three times it said I needed to restart to clean computer yet, it never leaves and is caught again on returning to Desktop. I've looked this up on Microsoft KB and that document says to keep MSSE up to date however, the problem...
System Security
Trojan-Downloader.Win32.VB.bbl
I found this awesome virus "Trojan-Downloader.Win32.VB.bbl" and analyzed its behaviour in a VirtualBox and quickly found a weaknes :p It is very hard to remove, it closes antivirus setups and then deletes them, closes all windows containg anything about antivirus tools (even if you google anything...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:09.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App