It is a clone of System Care Antivirus, AVASoft Professional Antivirus, Disk Antivirus Professional, System Progressive Protection, Live Security Platinum, Smart Fortress 2012, Smart Protection 2012, Personal Shield Pro.
This one is multilanguage:
Main windows:
Very funny broken language in French for example when you enter a bad serial:
English translation: You have entered a valid registration code!
To register (and help removal), copy paste this code: AF03E-DC96946D-23696B92-EF870D7C-67F6978A or AA39754E-715219C
Psychedelic art:
Note for reverse engineers ~
• dns: 1 ›› ip: 95.211.229.159 - adresse: SYS-DOCTOR.COM
The file is named 'scarav' and install currently System Care Antivirus.
Payement processor for FakeAV:
smt-sps.com.tn/clicktopay/Avasoft/pay.aspx - 193.95.113.157
The art frightens me. Confusing...
ReplyDeleteMaybe a signature or "tag"?
Nice work btw! What's that on 0012FD48?
T'es un putain de chevalier blanc du net, je lis tout tes articles en écoutant cette musique, ça me met plus dans l'ambiance ^^
ReplyDeletehttp://www.youtube.com/watch?v=oijunPaCRZo
Bonne continuation !
Should it be "vous devez", right?
ReplyDeleteIs the download of System care antivirus on the site an activated copy?
ReplyDeleteIt actually found legit malwares(other rogues and trojans) on my VM and removed them for me.
There is even an uninstall button.
because they use (steal) the ClamAV database.
Deleteif the payment process link was to paypal, will say that paypal should be blacklisted ?
ReplyDeletePaypal would take care to remove them, but this one absolutely don't care.
DeleteAnd it's not the first time that this payement processor is used for malware.