Fake Nero Anti-Virus Pro 2009 (AV XP 2008)

This morning we detected another spam campaign with the aim of enticing users into downloading and executing a file they believe is a 6 month trial of a product called “Anti-Virus Nero Advanced Pro 2009“. When analyzed further the file is actually a variation of the rouge antivirus application known as AV XP 2008 which has been seen in earlier attacks this month.

When we look at this further it appears the same group behind the attacks that delivered the fake CNN Alerts and MSNBC alerts could have also been behind this latest round as well. Over the last couple of weeks a large number of emails have been sent that in some degree installed the AV XP 2008 (i.e. fake I.E Update, some of the CNN alerts, celebrity videos).

File size: 194560 bytes
MD5…: 7d9aabd47d2e6253dda74bcb46782007
SHA1..: c1914bf80e9fcff154672254f5c1ca3ce116f869
SHA256: b7bfa0f8e1932f83a746d0f7db131460ccd92b8a0c248d8d3bc0894bf015c39d
SHA512: e802598191365c28be0f94e2aff2cae2e715cd372f8b057115af630240286c08
32f4cb7c834b306e0c501b66252eb7e44862ea8f1731c5ad36401c27be52100d

Advertisements

2 Responses to Fake Nero Anti-Virus Pro 2009 (AV XP 2008)

  1. lauyee says:

    Now that I know what’s haunting my computer may I also know how to remove them safely?

  2. The AV XP 2008 should be able to be removed from the online scanner at http://www.infectedornot.com which contains the latest signature for this threat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: