This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/FakeAV-CLJ

Hi there,

here's more information:

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavclq.html

http://www.sophos.com/security/analyses/viruses-and-spyware/trojfakeavclj.html

Just in case I have blocked already 91.217.162.99 which should be repoiury.com even though the site was already taken down by authorities i guess.

Are there any honeypot operators in here who could tell the source of this malware? We get swamped with it and I would like to have the sites blocked from where it originates.

Thanks for any insight given. I appreciate it.

Edit

Sophos blocked files with the following names/keywords:

%random%.htm

bugguardpc.htm
coverlightswitch.htm
annefrankbio.htm
blocklightreach.htm

GandhiAntivirus.htm

This thread was automatically locked due to age.

Parents

0 RRR over 13 years ago

Here's a new hint:
11:07:41 -> detection of anti-m-alware.htm (FakeAV-CLJ)
11:08:21 -> detection of AntiSpyWareSetup.exe (FakeAV-IS)
:9857
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RRR over 13 years ago

Here's a new hint:
11:07:41 -> detection of anti-m-alware.htm (FakeAV-CLJ)
11:08:21 -> detection of AntiSpyWareSetup.exe (FakeAV-IS)
:9857
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data