AntiVirusTrigger: new fake antivirus
Posted: December 1st, 2008 | Tags: Fake antivirus, Malware, Rogue |AntiVirus Trigger is a new fake antivirus software product.
AntiVirus Trigger is installed by trojans. It loads various security related messages in order to scare people and make them buy the full version of the software. Neither the full version nor the infections exist; AntiVirus Trigger is a rogue to gain money. Some of the generated infection alerts loaded by this malware might be very convincing: it may imitate computer scan and load scan results full of threats, but in fact, all this alerts are fake. Stay away from this product and remove it as soon as possible.
List of sites and ip adresses noticed in distribution of AntiVirus Trigger:
- 74.50.110.184 Systemtrigger.com
- 74.50.110.184 Virtrigger.com
- 74.50.110.184 Virtriggersupport.com
- 74.50.110.184 Virus-trigger.com
- 74.50.110.184 Virus-triggers.com
- 74.50.110.184 Virustrigger2009.com
Virustotal report
File vrt_setup.exe received 2008.12.17 11:00:13 (CET)
Status: Finished
Result: 17/38 (44.74%)
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| AhnLab-V3 | 2008.12.12.2 | 2008.12.12 | - |
| AntiVir | 7.9.0.45 | 2008.12.12 | DR/Fake.AntivirusTrigger.B |
| Authentium | 5.1.0.4 | 2008.12.11 | - |
| Avast | 4.8.1281.0 | 2008.12.11 | - |
| AVG | 8.0.0.199 | 2008.12.12 | FakeAlert.DG |
| BitDefender | 7.2 | 2008.12.12 | Trojan.FakeAlert.ARA |
| CAT-QuickHeal | 10.00 | 2008.12.12 | - |
| ClamAV | 0.94.1 | 2008.12.12 | - |
| Comodo | 733 | 2008.12.11 | - |
| DrWeb | 4.44.0.09170 | 2008.12.12 | - |
| eSafe | 7.0.17.0 | 2008.12.11 | - |
| eTrust-Vet | 31.6.6257 | 2008.12.12 | - |
| Ewido | 4.0 | 2008.12.11 | - |
| F-Prot | 4.4.4.56 | 2008.12.11 | - |
| F-Secure | 8.0.14332.0 | 2008.12.12 | FraudTool.Win32.AntivirusTrigger.b |
| Fortinet | 3.117.0.0 | 2008.12.12 | - |
| GData | 19 | 2008.12.12 | Trojan.FakeAlert.ARA |
| Ikarus | T3.1.1.45.0 | 2008.12.12 | Generic.Win32.Malware.Antispycheck |
| K7AntiVirus | 7.10.551 | 2008.12.11 | - |
| Kaspersky | 7.0.0.125 | 2008.12.12 | not-a-virus:FraudTool.Win32.AntivirusTrigger.b |
| McAfee | 5461 | 2008.12.11 | - |
| McAfee+Artemis | 5461 | 2008.12.11 | potentially unwanted program Generic!Artemis |
| Microsoft | 1.4205 | 2008.12.12 | Program:Win32/SpySheriff |
| NOD32 | 3686 | 2008.12.12 | Win32/Adware.VirusTrigger |
| Norman | 5.80.02 | 2008.12.11 | - |
| Panda | 9.0.0.4 | 2008.12.11 | Adware/VirusTrigger |
| PCTools | 4.4.2.0 | 2008.12.12 | - |
| Prevx1 | V2 | 2008.12.12 | Malicious Software |
| Rising | 21.07.42.00 | 2008.12.12 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.12 | Trojan.Dropper.Fake.AntivirusTrigger.B |
| Sophos | 4.36.0 | 2008.12.12 | Troj/FakeVir-HO |
| Sunbelt | 3.2.1801.2 | 2008.12.11 | - |
| Symantec | 10 | 2008.12.12 | - |
| TheHacker | 6.3.1.2.184 | 2008.12.11 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.12 | - |
| VBA32 | 3.12.8.10 | 2008.12.11 | - |
| ViRobot | 2008.12.12.1515 | 2008.12.12 | Adware.AntivirusTrigger.R.1510594.B |
| VirusBuster | 4.5.11.0 | 2008.12.11 | - |
| Additional information |
|---|
| File size: 1510594 bytes |
| MD5…: 18217c657d38073e8c441a859f8134f4 |
| SHA1..: 64df8cf5fb0315e116de7ebdec4f9e4a0cc6f8ac |
| SHA256: a71a3d92234b621d4a340246bd7e88752edb1ada92bd8001002db9f05d118a31 |
| SHA512: 844ee0782cf8904b23f3260a602c99a01b53f5a7593a707653d6ca9ff9a2aa95 e1af529e55d515cc5bf6bd258b6a74e82328b7a2d715d30c6add85129e990ae8 |
| ssdeep: 24576:1JnDBxzAPo1C9dqNWLALr/93fLXaAmSe9AdOudvK9YkaLdydpD3hnQNgoy Tsb/7I:1JVxzMt0AIJjz2wE9guTJ+gNTK/UBfss |
| PEiD..: - |
| TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) |
| PEInfo: PE Structure information
( base data ) ( 5 sections ) ( 8 imports ) ( 0 exports ) |
| Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=F2C39172C2BD33440CAF17E85B7A9E0063821A56 |
| packers (Kaspersky): Armadillo |
Leave a Reply