VX Heavens forum - Virus eXchange

New variant of BKA trojan (FakePoliceAlert/Ransomware)

dummy@example.com (debojyotip) — Mon, 26 Dec 2011 18:35:56 +0000

This trojan blocker prevents all software execution. The fake warning message pretends that your computer has been blocked because you brought german law. Victims are asked to pay a 250 euros fine to unlock the machine.

I named this variant 'BRD-Trojaner' because there's no BKA (Federal Criminal Police Office) or Bundespolizei (German Federal Police) logo used.

Screenshot: [Register or log in to view the URL]

Download:
[Register or log in to view the URL]
PW: evild3ad.com

Trojan Winlock

dummy@example.com (inniyan) — Mon, 26 Dec 2011 07:37:27 +0000

[Register or log in to view the URL]

Lock windows

[Register or log in to view the URL]
pass: 123

Fake Snuxnet Cleaner Request

dummy@example.com (cuttingedge) — Sat, 24 Dec 2011 04:51:45 +0000

Hello Brothers,

The only reference I can see was found here:

http://vx.netlux.org/forum/viewtopic.php?id=890

The link is dead and so is the one found on offensivecomputing here:

[Register or log in to view the URL]

Take care,

Got a Virus site ? Post it here

dummy@example.com (Nima SSto) — Fri, 23 Dec 2011 15:46:07 +0000

Hey guys in this thread you can post all sites from where u can get viruses for download:
Here's one
[Register or log in to view the URL]

d_p's collections [daily updates]

dummy@example.com (Hecktor) — Fri, 23 Dec 2011 11:49:30 +0000

Hi,

I will try to upload samples in my collection. I hope you guys will enjoy it.

Today: (150 samples - from Aug 2011)

[Register or log in to view the URL]

MBR Rootkit Request

dummy@example.com (icr) — Thu, 22 Dec 2011 19:08:27 +0000

I have looked everywhere and just found dead links. Anybody have this that was offered on these 2 sites?

[Register or log in to view the URL]

Thanks for looking!

Some Zimuse samples

dummy@example.com (minodal95) — Thu, 22 Dec 2011 10:33:32 +0000

I have found some zimuse samples (A-B-C-D)

This is a Worm-Rootkit, and after 40-20 days he delete the MBR!

[Register or log in to view the URL] [all info here]

PSW: zoit

Found virus? Post it here!

dummy@example.com (goffi) — Thu, 22 Dec 2011 01:05:00 +0000

AFAIK, herm1t uploads samples to collection isn't very often. Coz why I provide to everybody: if you have founded a virus in wild (it is detected by Kaspersky or not - it doesn't matter), upload it and post here a link.
To my mind, it'll be useful 4 everybody, and 4 herm1t too - it's new free samples

trojan winlock

dummy@example.com (Sotherbee) — Wed, 21 Dec 2011 17:48:44 +0000

Searching

xblocker
pinkblocker
PornoBlocker

and so on.

malware samples

dummy@example.com (Kobayashi) — Wed, 21 Dec 2011 17:14:05 +0000

94 mb malware samples

[Register or log in to view the URL]

AntiAV KillAV and MRBLockBuilder

dummy@example.com (minodal95) — Wed, 21 Dec 2011 13:50:26 +0000

Executable code:

Anti AntiVirus, Kill Antivirus Scanner, and MasterBootLock builder.

I have contributed a lot to this forum. I hope I can receive karma.

Cidox!

dummy@example.com (minodal95) — Wed, 21 Dec 2011 13:49:10 +0000

I have found Cidox (or Vundo?)
VirusTotal tells me that it is Vundo, while Fortinet tells me that it Cidox

VT: [Register or log in to view the URL] (9.3%)

The best AV

dummy@example.com (ithurricane) — Wed, 21 Dec 2011 01:06:34 +0000

I also rate and test antiviruses did you know. I rated pctools products, bitdefender's, kaspersky's, symantec, mcafee, eset, F-secure, panda, webroot, microsoft. I rated Kaspersky and bitdefender the best. Panda had the overall best detection and does a great job at thoroughness, but kaspersky just is more thorough like bitdefender. Bitdefender has more features too. The scoring of my malware:

Kaspersky:88 out of 89 threats blocked(zero day)
removes 70% of an infected system

Bitdefender: 85 out of 89 threats blocked (zero day)
removes 75% of an infected system with repairing of damaged components and antiphishing(great features)

Panda: 85 out 89 threats blocked(zero day)
removes 80% of an infected system.

Norton: 80 out 89 threats throughly blocked(zero day)
removes 76% of an infested system throughly with sonar, intrusion prevention (great features)

Threatfire: 84 out 89 threats throughly blocked(zero day)
removes 40% of an infested system

Webroot: 79 out of 89 threats blocked throughly(zero day)
removes 79% of an infested system

Mcafee: 73 out of 89 threats blocked (zero day)
removes 50% of an infested system.

Eset: 70 out of 89 threats blocked (zero day)
removes 80% of an infested system.(leaves traces)

Please write down your opinion below.
Can I get a Karma? I need a Karma

Carberp

dummy@example.com (cOrRuPt G3n3t!x) — Tue, 20 Dec 2011 23:59:41 +0000

I got infected with the carberp virus seen as the zeus upgrade! fuck lol before i reinstall here's the sample

password corruptgenetix

Trojans I got on My PC

dummy@example.com (cOrRuPt G3n3t!x) — Tue, 20 Dec 2011 22:31:50 +0000

I started to notice when every time my damn google browser redirected me to adverts, looked in my registry and found 3 suspicious entries as shown in regeditscreenshot.png attachment and when analysed on virustotal.com got a 6/43 as seen in
virustotalshot.png. macfee named it Artemis. there are 3 differrent samples of possibly similar trojan family.

password for rar is corruptgenetix

on further analysis of taskmanager found these two fucked up processes 4DE.exe and 5165A.exe which stored themselves in my program files and was accompanied by files with no extension which seems to be there dat files for saving config and data!!!!!

when i put it on virus total got a 19/42 and came up as GBot ,kryptik or Cycbot so yeah i hope this helps others atleast i removed the fucker

password is also corruptgenetix

heres a topic on the malware shown here well atleast the bots not the tojans
[Register or log in to view the URL]

you cant infect a vxer