Malwarebytes Anti-Malware

Giganews Newsgroups
Subject: Malwarebytes Anti-Malware
Posted by:  Lil' Abner (blvs…@dogpatch.com)
Date: Sun, 14 Sep 2008

This may appear as kind of a rant. As far as I'm concerned, it's the best
thing that has come along yet. I have probably cleaned up 100 instances of
the AntivirusXP2008(2009) variants. MalwareBytes and Smitfraudfix are my
top two tools.
I installed XP in a virtual machine and have tried every which way to
infect it with one of those variants. So I went to the warez groups and
looked for obvious stuff. They all have different names, of course, but the
last one, for instance, is Wise Disk Cleaner Pro v3 61 Keygen.zip. It
unzips into an .exe file of the same name and is 130kb. This file gets 12
hits at Virus Total. Malwarebytes doen't detect anything.
So I ran the exe file. It didn't do anything visible but I noticed in task
manager that Wise Disk Cleaner and another file called file.exe were
running. I didn't stop them but then ran MalwareBytes on the VM and it
found 10 objects. 5 files (3 were dll's) and 2 were file.exe. The other 5
were in the registry. It cleaned them perfect and on reboot there was no
evidence left except.... Wise Disk Cleaner Pro v3 61 Keygen.exe, the one
that installed it. I use an ISP provided antivirus and antispyware app
called Secureit. It doesn't identify it. I have another machine with Norton
on it and it didn't tag it either. According to VirusTotal, this file has
been scanned before. So that means it's been around a while. What takes the
antivirus companies and the antispyware people so long to get them on their
lists?
Oh yeah... how do I infect myself with AntivirusXP?  :-)

--
- The bible was written by the same people who said the earth was flat -

Replies