FakeAV – System Progressive Protection

I got this FakeAV few days ago through a website. Of course this was suppose to be something else and not a malware, but you know how life is, shit happens all the time. :O)

This sample has all the main characteristics of a FakeAV, such as very fast scan of the hard disk (than normally takes hours), and of course it detects a lot of viruses (that of course do not really exist) inside the system.

It will also kill every new process from the moment of its installation, with the excuse that it is infected by a virus, and the only way to ‘clean’ and get our PC back to normal is to pay for a serial number in order to register the application.

This FakeAV variant is only detected by 6/41 AV vendors at this time according to virustotal.

 

I performed a little bit of RE in the registration function, so if you have been infected then use the following serial (tested in two different VMs XP SP3 and Win7 SP1) in order to get rid of it.

Serial: AA39754E-715219CE

Enjoy,
kyREcon

All Rights R3v3rs3d