Website doesn't get auto blocked and I can run and install this Fake AV program. Very nasty one too. Bitfender misses it completely.
http://www.google.com/imgres?q=saw+4+puppe...,r:11,s:0,i:110
This is a google image result that I came across.
I would like to confirm this. I dumped ESET NOD because it didn't detect it, even with a full system scan. So now, I bought BD hoping that it would find the issue.
I came across this today on my main system with NIS 2012 installed. NIS 2012 blocked it right away with no problems. So I decided to do a test on my Laptop (BIS 2013, Windows 7, full MS updates). I browsed to the site, saw that it didn't block the Fake AV...so I downloaded the 'setup.exe' file. I decided to run the file to see if Bitdefender would detect something and to my disappointment, it installed without Bitdefender doing anything. I am disappointed, but hopefully this is one of the few % in detection.
Hello
Could you please send me PM with the download link?
That is not a fake AV, its is a ransomware.
Thank you!
Hello Could you please send me PM with the download link? That is not a fake AV, its is a ransomware. Thank you!
I don't have a download link. The link I have is the one above (if you click on the link, you will see that it leads you to a download for "setup.exe" file). I just assumed it was Fake AV since Symantec named it "Fake AV" when NIS 2012 firewall blocked the connection. Bitdefender IS 2013 missed this file completely (no prompts, no blocking... in user mode).
We are currently investigating this and I will provide an answer ASAP.
This didn't happen on my end. The FakeAV just popped out of nowhere, never needed to install anything.
It was probably because I was using Chrome with Adblock extension. If I was using IE, I probably would have had no download link. Good observation.
We have checked that file, the one that injects the malware and right now is clean.
The malware was probably removed by the owner.
Hello We have checked that file, the one that injects the malware and right now is clean. The malware was probably removed by the owner. Thank you!
I have a hard time believing that Bitdefender will not block this file. I run a PC repair business and would not in anyway want my clients to have a file such as this one: redirect and install stubborn program. I would trust an antivirus company to make a honest claim that this piece of software in no way does honest business work...therefore, block and protect people from shady programs.
After I installed this program for test purposes, multiple malware programs such as Super Anti-Spyware and Malwarebytes detected multiple traces of malware from this file.
I hope others (use these links with caution) would use a test system to verify my complaint that this file and others such as this one 'should' be blocked. If anything, block the redirect.
Original Link:
http://www.google.com/imgres?hl=en&saf...,r:11,s:0,i:110
Here is the link to the actual file: http://www9.zippyshare.com/v/65464951/file.html
Here is the Virus Total results: https://www.virustotal.com/file/3b68fe5ce0c...65980/analysis/
Hi
setup.exe is infected and already detected as Trojan.Generic.KDV.666377
Thank you very muck for the sample.
Have a great weekend!
