Wednesday, February 29, 2012

Smart Fortress 2012 (FakeAV) - 02.29.2012 - Analysis and Removal


This was performed on a virtual machine
__________________________________________________________________________________
Smart Fortress 2012 is an improvement of Smart Protection 2012.

You may have a difficult time getting Windows Explorer (explorer.exe) to launch if you start out in Normal Mode after a reboot.

I started my removal from Safe Mode because of this.
 __________________________________________________________________________________
RogueKiller





¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] 529C538A0010DF0D671FFFF1D151FC4E.exe -- C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D671FFFF1D151FC4E\529C538A0010DF0D671FFFF1D151FC4E.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILEASSO] HKCR\.exe :  (529C5) -> REPLACED (exefile)

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
 __________________________________________________________________________________
MBAM





Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Rogue.SmartFortress) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\529C538A0010DF0D671FFFF1D151FC4E\529C538A0010DF0D671FFFF1D151FC4E.exe (Rogue.SmartFortress) -> Quarantined and deleted successfully.
 __________________________________________________________________________________
MGtools





"C:\Documents and Settings\All Users\Application Data\"
529C53~1      Feb 29 2012              "529C538A0010DF0D671FFFF1D151FC4E"

"C:\Documents and Settings\thisisu\Desktop\"
smartf~1.lnk  Feb 29 2012        1324  "Smart Fortress 2012.lnk"

"C:\Documents and Settings\thisisu\Start Menu\Programs\"
SMARTF~1      Feb 29 2012              "Smart Fortress 2012"
 __________________________________________________________________________________
Icon comparisons:
1st

2nd

3rd

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)