Skip navigation.
Home

Ang rouge antivirus

|

4/39 detection on VT. Undetected by Eset NOD32 AV v4 RC1. Disappointing. Possibly because the program is just a shell which downloads a rouge security app. Hijacked Hosts file after installation.

Search w/ d6152da67c25a42a2aecf0b156687542

Definition added by Symantec

Definition added by Symantec about 5 hours prior to posting here. Shows their excellent response times. Bet if you uploaded file to VT, >10 AVs would detect it.

This message is an automatically generated reply. This system is designed to analyze and process virus submissions into the Symantec Security Response and cannot accept correspondence or inquiries.
Please contact your Technical Support representative if more detailed
information about your submission is required. Do not reply to this
message.

Below is a status update on your virus submission:

Date: March 3, 2009

C Z
I-Ocean

Dear C Z,

We have analyzed your submission. The following is a report of our
findings for each file you have submitted:

filename: ANGInstall(2).exe
machine: Machine
result: This file is detected as Downloader.Misleadapp.

Customer notes:

Developer notes:
ANGInstall(2).exe is a non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions.

Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created RapidRelease definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest RapidRelease definitions.
Symantec is now building a new set of definitions to include the threat you have submitted. The approximate time to complete this process is one hour. We recommend checking the ftp site periodically over the next 60 to 90 minutes to download these definitions as soon as they are available.

Downloading and Installing RapidRelease Definitions:
1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/
2. Copy and paste the address ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/sequence/ into the address bar of your Web browser and then press Enter.(this could take a minute or so if you have a slow connection)
3. Now select 92424 folder or a higher. Open the folder.
4. Select the file symrapidreleasedefsi32.exe
5. When a download dialog box appears, save the file to the Windows desktop.
6. Double-click the downloaded file and follow the prompts.

Virus definition detail:

Sequence Number: 92424
Defs Version: 110302b`
Extended Version: 03/02/2009 rev.52

Should you have any questions about your submission, please contact
your regional technical support from the Symantec website and give them
the tracking number in the subject of this message.

-----------------------------------------------------------------------
This message was generated by Symantec Security Response automation.

For USA:
For electronic support options, Symantec provides On-Line Services at
http://www.symantec.com/techsupp/

--------------------------------------------
---------------------
Norton AntiVirus 2009

VT report here.

VT report here.

http://www.virustotal.com/analisis/8c90b8d520dfac2c5fa899f7d8f53dac

mmmm...symantec.
---------------------
Norton AntiVirus 2009