Wednesday, January 9, 2008

MalwareCrush is a Rogue Security application. From the SSH Family (As termed by Webhelper). Well a bit late on writing about this Rogue security application :-)

Does this icon look familiar, Bingo!!! yes this is the same old icon used by the predecessor of MalwareCrush. The application is a clone of VirusBurst, SpywareQuake, SpyAxe, and so on.

Screenshot of MalwareCrush Website:

Fake Scan Page

Fake Scan Page

Screenshot of MalwareCrush Application

Site name:
IP Address:
Name Servers:
Registrant: Hidden behind
I scanned the setup file from

VirusTotal Scan Result: 1/32 (3.13%)
Kaspersky - -not-a-virus:FraudTool.Win32.MalwareCrush.a

I also scanned the Installer file from (fake scan page)

VirusTotal Scan Result: 14/32 (43.75%)

AntiVir - - DR/FakeAlert.PG.4
AVG - - SHeur.AKJJ
BitDefender - - Dropped:Trojan.FakeAlert.PG
ClamAV - - Trojan.Downloader-19777
Ewido - - Downloader.Agent.eyv
Fortinet - - Misc/Renos
F-Prot - - W32/Downldr2.AUXO
Ikarus - - Trojan.Fakealert.PG
Kaspersky - - Trojan-Downloader.Win32.Agent.hat
Prevx1 - - Heuristic: Suspicious Self Modifying File
Sunbelt - - ContraVirus (v)
Symantec - - ExpertAntiVirus
VBA32 - - Trojan-Downloader.Win32.Agent.gyl
Webwasher-Gateway - - Trojan.Dropper.FakeAlert.PG.4

Stay away from this rogue security application.

Bharath M N

blog comments powered by Disqus