Dustin Cook <bughunter.dustin@gmail.com> wrote in
news:Xns9B19A6B3041BAHHI2948AJD832@69.16.185.250:

> "Lil' Abner" <blvstk@dogpatch.com> wrote in
> news:Xns9B192E8583ADbutter@wefb973cbe498:
>
>> This may appear as kind of a rant. As far as I'm concerned, it's the
>> best thing that has come along yet. I have probably cleaned up 100
>> instances of the AntivirusXP2008(2009) variants. MalwareBytes and
>> Smitfraudfix are my top two tools.
>> I installed XP in a virtual machine and have tried every which way to
>> infect it with one of those variants. So I went to the warez groups
>> and looked for obvious stuff. They all have different names, of
>> course, but the last one, for instance, is Wise Disk Cleaner Pro v3
>> 61 Keygen.zip. It unzips into an .exe file of the same name and is
>> 130kb. This file gets 12 hits at Virus Total. Malwarebytes doen't
>> detect anything. So I ran the exe file. It didn't do anything visible
>> but I noticed in task manager that Wise Disk Cleaner and another file
>> called file.exe were running. I didn't stop them but then ran
>> MalwareBytes on the VM and it found 10 objects. 5 files (3 were
>> dll's) and 2 were file.exe. The other 5 were in the registry. It
>> cleaned them perfect and on reboot there was no evidence left
>> except.... Wise Disk Cleaner Pro v3 61 Keygen.exe, the one that
>> installed it. I use an ISP provided antivirus and antispyware app
>> called Secureit. It doesn't identify it. I have another machine with
>> Norton on it and it didn't tag it either. According to VirusTotal,
>> this file has been scanned before. So that means it's been around a
>> while. What takes the antivirus companies and the antispyware people
>> so long to get them on their lists? Oh yeah... how do I infect myself
>> with AntivirusXP? :-)
>>
>
> Hi There.
>
> If you'd like to send that file to us at
> http://uploads.malwarebytes.org, I'll be sure it is added to a future
> database update.
>

Done.


--
- The bible was written by the same people who said the earth was flat -