Windefender 2009 rogue antispyware application
Posted: December 2nd, 2008 | Tags: Fake antivirus, Malware, Rogue |WinDefender 2009 is a rogue antispyware program. It only looks similar to the program intended for removal of viruses, trojans, and spyware programs, but in fact it uses a trojan for penetration on your computer itself. After infection, you start to receive pop-up messages in which it is told that the computer is infected and it is offered to download and establish WinDefender 2009 to cure the computer.
At the first start WinDefender 2009 adjusts the computer so that to be started each time when you start the computer. After the start the program carries out computer scanning, thus result always one - your computer is infected by set of trojans, spyware and advertising programs. Scaring user this way the developers are tryiing to persuade you to purchase the software.
Virustotal report
File c-setup.exe received on 11.18.2008 18:08:03 (CET)
Current status: finished
Result: 18/36 (50.00%)
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| AhnLab-V3 | 2008.11.18.2 | 2008.11.18 | - |
| AntiVir | 7.9.0.31 | 2008.11.18 | TR/BHO.Gen |
| Authentium | 5.1.0.4 | 2008.11.18 | - |
| Avast | 4.8.1281.0 | 2008.11.18 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.199 | 2008.11.18 | Downloader.Zlob_r.DQ |
| BitDefender | 7.2 | 2008.11.18 | Trojan.BHO.Agent.AL |
| CAT-QuickHeal | 10.00 | 2008.11.18 | - |
| ClamAV | 0.94.1 | 2008.11.18 | - |
| DrWeb | 4.44.0.09170 | 2008.11.18 | Trojan.MulDrop.23099 |
| eSafe | 7.0.17.0 | 2008.11.18 | Suspicious File |
| eTrust-Vet | 31.6.6210 | 2008.11.14 | - |
| Ewido | 4.0 | 2008.11.18 | - |
| F-Prot | 4.4.4.56 | 2008.11.18 | - |
| F-Secure | 8.0.14332.0 | 2008.11.18 | Trojan-Dropper.Win32.Agent.zsl |
| Fortinet | 3.117.0.0 | 2008.11.18 | - |
| GData | 19 | 2008.11.18 | Trojan.BHO.Agent.AL |
| Ikarus | T3.1.1.45.0 | 2008.11.18 | - |
| K7AntiVirus | 7.10.527 | 2008.11.18 | - |
| Kaspersky | 7.0.0.125 | 2008.11.18 | Trojan-Dropper.Win32.Agent.zsl |
| McAfee | 5437 | 2008.11.17 | - |
| Microsoft | 1.4104 | 2008.11.17 | TrojanDownloader:Win32/Renos.DU |
| NOD32 | 3622 | 2008.11.18 | a variant of Win32/Adware.IeDefender.NHN |
| Norman | 5.80.02 | 2008.11.18 | W32/DLoader.KWIR |
| Panda | 9.0.0.4 | 2008.11.17 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.11.18 | - |
| Prevx1 | V2 | 2008.11.18 | - |
| Rising | 21.04.12.00 | 2008.11.18 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.11.18 | Trojan.BHO.Gen |
| Sophos | 4.35.0 | 2008.11.18 | - |
| Sunbelt | 3.1.1801.2 | 2008.11.14 | - |
| Symantec | 10 | 2008.11.18 | Downloader |
| TheHacker | 6.3.1.1.157 | 2008.11.18 | - |
| TrendMicro | 8.700.0.1004 | 2008.11.18 | PAK_Generic.001 |
| VBA32 | 3.12.8.9 | 2008.11.18 | - |
| ViRobot | 2008.11.18.1474 | 2008.11.18 | Dropper.Agent.57351 |
| VirusBuster | 4.5.11.0 | 2008.11.18 | Trojan.Renos.Gen.16 |
| Additional information |
|---|
| File size: 57351 bytes |
| MD5…: 1a9583d617ff88abc9545a3900236157 |
| SHA1..: 4094537a779cf871c5093cc56db6cfc026ea72f6 |
| SHA256: 9f98c152410921131b66771f600b719b4719d4b715d09668f85ea60ac77f133d |
| SHA512: da13cd6ed92b20e0d448f93267a40a12b7f663ade1e2be7f3cdc188058a0d58c 36e34f0243a7213ee6ce347e3e4753d36a2fcdaefad4e5706a9cf2c050beeb5f |
| PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
| TrID..: File type identification UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda’s Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) |
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 3 imports ) ( 0 exports ) |
| packers (Kaspersky): PE_Patch.UPX, UPX |
| packers (F-Prot): UPX |
Leave a Reply