If you need information about autorun programs, or suspect that the autorun program is malware, you can use CESAM Startup Items Database.
It is a huge database of autorun programs, categorized by security status if items. All items are labeled according to their risk level.
Go to Autorun items database.
System security is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File exclusivemovie.exe received on 12.31.2008 13:33:56 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.31 | Trojan-Downloader.Win32.Renos!IK |
| AhnLab-V3 | 2008.12.31.0 | 2008.12.31 | - |
| AntiVir | 7.9.0.45 | 2008.12.31 | - |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.30 | - |
| AVG | 8.0.0.199 | 2008.12.31 | - |
| BitDefender | 7.2 | 2008.12.31 | - |
| CAT-QuickHeal | 10.00 | 2008.12.31 | - |
| ClamAV | 0.94.1 | 2008.12.31 | - |
| Comodo | 851 | 2008.12.31 | - |
| DrWeb | 4.44.0.09170 | 2008.12.31 | Trojan.DownLoader.origin |
| eSafe | 7.0.17.0 | 2008.12.30 | - |
| eTrust-Vet | 31.6.6284 | 2008.12.31 | - |
| Ewido | 4.0 | 2008.12.31 | - |
| F-Prot | 4.4.4.56 | 2008.12.30 | - |
| F-Secure | 8.0.14470.0 | 2008.12.31 | - |
| Fortinet | 3.117.0.0 | 2008.12.31 | - |
| GData | 19 | 2008.12.31 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.31 | Trojan-Downloader.Win32.Renos |
| K7AntiVirus | 7.10.572 | 2008.12.31 | - |
| Kaspersky | 7.0.0.125 | 2008.12.31 | - |
| McAfee | 5479 | 2008.12.30 | - |
| McAfee+Artemis | 5479 | 2008.12.30 | - |
| Microsoft | 1.4205 | 2008.12.31 | TrojanDownloader:Win32/Renos.FU |
| NOD32 | 3725 | 2008.12.31 | - |
| Norman | 5.80.02 | 2008.12.30 | - |
| Panda | 9.0.0.4 | 2008.12.31 | - |
| PCTools | 4.4.2.0 | 2008.12.31 | - |
| Prevx1 | V2 | 2008.12.31 | - |
| Rising | 21.10.22.00 | 2008.12.31 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.31 | - |
| Sophos | 4.37.0 | 2008.12.31 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.31 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.31 | Possible_DLDER |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.31 | - |
| VirusBuster | 4.5.11.0 | 2008.12.30 | - |
| Additional information | |||
| File size: 44032 bytes | |||
| MD5…: f975529e11396a52984cecef1c89f9af | |||
| SHA1..: f380faab50b864fd865d75a7cf8a3897a0f892e1 | |||
| SHA256: c0c37870ea22171e78e025551f18f9fd5f3351bb79616c6aa72e7a39c687174d | |||
| SHA512: baf69c259cab1fea5403b1e9c2b13382066d00f38e3eb3de5ba64f2e0326a0b2 92e503abbc975548d50f736c46132051143243068c5546ca6ee7b7ace2bcbae7 |
|||
| ssdeep: 768:dFrGBBBkWsBHDOccg5xdqNk+nBALaBCQjqP0K6j6foKTAzdsG:OBBB0Koxdq NHn2LaBV86mfpTAzF |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
|||
| PEInfo: PE Structure information
( base data ) |
|||
| CWSandbox info: <a href=’http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f975529e11396a52984cecef1c89f9af’ target=’_blank’>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f975529e11396a52984cecef1c89f9af</a> | |||
| File install.exe received on 12.31.2008 13:37:22 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.31 | - |
| AhnLab-V3 | 2008.12.31.0 | 2008.12.31 | - |
| AntiVir | 7.9.0.45 | 2008.12.31 | TR/Dldr.FraudLoad.vfgb |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.30 | - |
| AVG | 8.0.0.199 | 2008.12.31 | Downloader.Generic8.KXU |
| BitDefender | 7.2 | 2008.12.31 | - |
| CAT-QuickHeal | 10.00 | 2008.12.31 | - |
| ClamAV | 0.94.1 | 2008.12.31 | - |
| Comodo | 851 | 2008.12.31 | - |
| DrWeb | 4.44.0.09170 | 2008.12.31 | Trojan.DownLoad.26371 |
| eTrust-Vet | 31.6.6284 | 2008.12.31 | - |
| Ewido | 4.0 | 2008.12.31 | - |
| F-Prot | 4.4.4.56 | 2008.12.30 | - |
| F-Secure | 8.0.14470.0 | 2008.12.31 | - |
| Fortinet | 3.117.0.0 | 2008.12.31 | - |
| GData | 19 | 2008.12.31 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.31 | - |
| K7AntiVirus | 7.10.572 | 2008.12.31 | - |
| Kaspersky | 7.0.0.125 | 2008.12.31 | - |
| McAfee | 5479 | 2008.12.30 | - |
| McAfee+Artemis | 5479 | 2008.12.30 | - |
| Microsoft | 1.4205 | 2008.12.31 | Program:Win32/Winwebsec |
| NOD32 | 3725 | 2008.12.31 | - |
| Norman | 5.80.02 | 2008.12.30 | - |
| Panda | 9.0.0.4 | 2008.12.31 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.12.31 | - |
| Prevx1 | V2 | 2008.12.31 | Malicious Software |
| Rising | 21.10.22.00 | 2008.12.31 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.31 | Trojan.Dldr.FraudLoad.vfgb |
| Sophos | 4.37.0 | 2008.12.31 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.31 | Downloader.MisleadApp |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.31 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.31 | - |
| VirusBuster | 4.5.11.0 | 2008.12.30 | - |
| Additional information | |||
| File size: 63019 bytes | |||
| MD5…: b31c01ac8f06d9ef19fa5b1acac67ee0 | |||
| SHA1..: 8411e84ac747d040cfca5b19490628169160307a | |||
| SHA256: 377008f44c8b75b29e9e8d954da9b490eb76f18f86011fa2d44cde2fda111d68 | |||
| SHA512: ec7397449a46779d37a82846784bf59c6d123bc7dff864c55f17216b66755360 de4ae8d2cf2cc0035daeb901c15078e55aa2d844b2b926f85d1b9d9e99d66745 |
|||
| ssdeep: 1536:X3qCkvQhnmlq+/jJ1bifU9nMDbZnouy83EY5qnXK:X3qsP+dl0out3LInXK | |||
| PEiD..: - | |||
| TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%) |
|||
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 7 imports ) ( 0 exports ) |
|||
| Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=9FFF036C2B257BD9F6140086DCCFB80089A90EDC’ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=9FFF036C2B257BD9F6140086DCCFB80089A90EDC</a> | |||
| packers (Kaspersky): UPX | |||
| packers (F-Prot): UPX_LZMA | |||
Host: 2009happytubes.com
IP: 74.50.117.70
Whois:
OrgName: NOC4Hosts Inc.
OrgID: NOC4H
Address: 400 N Tampa St
Address: #1025
City: Tampa
StateProv: FL
PostalCode: 33602
Country: US
Other sites:
1. All-celebs4you-here.com
2. All-porn-tubes-here.com
3. Scanner-av-here.com
4. Xmassextube.com
5. Xmasssporntube.com
Host: freedownload2009.com
IP: 94.247.3.232
Whois:
role: DATORU EXPRESS SERVISS HostMaster
address: 18. novembra street 319C
address: Daugavpils, LV-5413
address: Latvia
phone: +371 26631339
fax-no: +371 65420725
remarks: Information: http://www.pcexpress.lv
Other sites:
1. 3d-softwareportal.com
2. Becollectionoffiles.com
3. Clickandgetfile.com
4. Downloadexenow.com
5. Downloadfilesportal.com
6. Downloadfilesservice.com
7. Exefileshere.com
8. Exesoftportal.com
9. Extracoolfiles.com
10. Extrafilesonlyhere.com
11. Filesportalhere.com
12. Freepornclips2u.com
13. Jetexestorage.com
14. Pornexearchive.com
15. Secretfilesstoragehere.com
16. Softexeportal.com
17. Strongestarchive.com
18. Viewerarchive.com
19. X-filesstorehere.com
Host: netsecurityonline.com
IP: 91.211.64.31
Whois:
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Other sites:
1. Hitstransfer.com
2. Trafficrelocation.com
3. Webnetworksecurity.com
Host: www.securedigitalpayments.com
IP: 209.8.45.153
Whois:
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
Whois of securedigitalpayments.com :
Registrant:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Administrative Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Technical Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Windefender 2009 is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File c-setup.exe received on 12.31.2008 12:56:54 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.31 | Trojan-Ransom!IK |
| AhnLab-V3 | 2008.12.31.0 | 2008.12.31 | - |
| AntiVir | 7.9.0.45 | 2008.12.31 | TR/Dldr.Renos.FS |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.30 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.199 | 2008.12.31 | SHeur2.HHB |
| BitDefender | 7.2 | 2008.12.31 | Trojan.Generic.1260601 |
| CAT-QuickHeal | 10.00 | 2008.12.31 | TrojanRansom.Hexzone.god |
| ClamAV | 0.94.1 | 2008.12.31 | - |
| Comodo | 851 | 2008.12.31 | - |
| DrWeb | 4.44.0.09170 | 2008.12.31 | - |
| eTrust-Vet | 31.6.6284 | 2008.12.31 | - |
| Ewido | 4.0 | 2008.12.31 | - |
| F-Prot | 4.4.4.56 | 2008.12.30 | - |
| F-Secure | 8.0.14470.0 | 2008.12.31 | - |
| Fortinet | 3.117.0.0 | 2008.12.31 | - |
| GData | 19 | 2008.12.31 | Trojan.Generic.1260601 |
| Ikarus | T3.1.1.45.0 | 2008.12.31 | Trojan-Ransom |
| K7AntiVirus | 7.10.572 | 2008.12.31 | - |
| Kaspersky | 7.0.0.125 | 2008.12.31 | Trojan.Win32.BHO.iyy |
| McAfee | 5479 | 2008.12.30 | - |
| McAfee+Artemis | 5479 | 2008.12.30 | - |
| Microsoft | 1.4205 | 2008.12.31 | TrojanDownloader:Win32/Renos.FS |
| NOD32 | 3725 | 2008.12.31 | - |
| Norman | 5.80.02 | 2008.12.30 | W32/Hexzone.MS |
| Panda | 9.0.0.4 | 2008.12.31 | - |
| PCTools | 4.4.2.0 | 2008.12.31 | - |
| Prevx1 | V2 | 2008.12.31 | - |
| Rising | 21.10.22.00 | 2008.12.31 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.31 | Trojan.Dldr.Renos.FS |
| Sophos | 4.37.0 | 2008.12.31 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.31 | Trojan.Dropper |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.31 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.30 | Trojan-Ransom.Win32.Hexzone.goq |
| ViRobot | 2008.12.30.1540 | 2008.12.31 | - |
| VirusBuster | 4.5.11.0 | 2008.12.30 | - |
| Additional information | |||
| File size: 119303 bytes | |||
| MD5…: 5499dbc91c892fa46b8a03846b994a51 | |||
| SHA1..: c578a372c921f949e2c11bf52e874b019d750b6e | |||
| SHA256: 4f371293c88314f2498f99e790c325509364477dd8c215fefb3a4ce37a08c9a6 | |||
| SHA512: e56b8e39344ce5415f2710383eef113df6ff2f68bf41a65e572dea9224b624ac 58e0cf52b51285988c7aa0bbfcaecd5590ea4141d94da35ea430d3aa1de8a4f5 |
|||
| ssdeep: 1536:LznfWynDYXtilW2DTvOB0rnqm5CGmGXjKkAbcX+pCaFy5YzAT+/vpFvnjfZ V3z:LzuOYdsmsnr2G1AbW+pp4r+frz3z |
|||
| PEiD..: - | |||
| TrID..: File type identification UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda’s Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) |
|||
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 3 imports ) ( 0 exports ) |
|||
| packers (F-Prot): embedded, UPX | |||
| packers (Kaspersky): PE_Patch.UPX, UPX | |||
| File WinDefender2009.exe received on 12.31.2008 13:00:19 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.31 | - |
| AhnLab-V3 | 2008.12.31.0 | 2008.12.31 | - |
| AntiVir | 7.9.0.45 | 2008.12.31 | DR/FakeAlert.FL |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.30 | - |
| AVG | 8.0.0.199 | 2008.12.31 | Downloader.Zlob.AIHE |
| BitDefender | 7.2 | 2008.12.31 | - |
| CAT-QuickHeal | 10.00 | 2008.12.31 | - |
| ClamAV | 0.94.1 | 2008.12.31 | - |
| Comodo | 851 | 2008.12.31 | - |
| DrWeb | 4.44.0.09170 | 2008.12.31 | - |
| eTrust-Vet | 31.6.6284 | 2008.12.31 | - |
| Ewido | 4.0 | 2008.12.31 | - |
| F-Prot | 4.4.4.56 | 2008.12.30 | - |
| F-Secure | 8.0.14470.0 | 2008.12.31 | - |
| Fortinet | 3.117.0.0 | 2008.12.31 | - |
| GData | 19 | 2008.12.31 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.31 | - |
| K7AntiVirus | 7.10.572 | 2008.12.31 | - |
| Kaspersky | 7.0.0.125 | 2008.12.31 | - |
| McAfee | 5479 | 2008.12.30 | - |
| McAfee+Artemis | 5479 | 2008.12.30 | - |
| Microsoft | 1.4205 | 2008.12.31 | - |
| NOD32 | 3725 | 2008.12.31 | - |
| Norman | 5.80.02 | 2008.12.30 | - |
| Panda | 9.0.0.4 | 2008.12.31 | - |
| PCTools | 4.4.2.0 | 2008.12.31 | - |
| Prevx1 | V2 | 2008.12.31 | - |
| Rising | 21.10.22.00 | 2008.12.31 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.31 | Trojan.Dropper.FakeAlert.FL |
| Sophos | 4.37.0 | 2008.12.31 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.31 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.31 | - |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.31 | - |
| VirusBuster | 4.5.11.0 | 2008.12.30 | - |
| Additional information | |||
| File size: 2137235 bytes | |||
| MD5…: 6c4350d53d8e554b67a7be98f25e1e09 | |||
| SHA1..: 158febe4352bbcf2d511249f67610ecc8265c592 | |||
| SHA256: d7265df14b4ec9eb6504e4fe2cbce6645518530f09c867e632822d20aac24cb9 | |||
| SHA512: 708cbcdd0a2f10f826aca6e5d9927d53938dbd46066f5e99837d091d8f8410f0 f51d2b0af29adb3f7ba9179cb9b047118d25822403093b9ef5831dc9d6e73bd4 |
|||
| ssdeep: 49152:HeRrPAZRtSQrCRavmyCYbSMP+PFqLILr1u0AWJHbXKtPq826Yb8:HeRrPA 9PeRFFM503hcPR |
|||
| PEiD..: - | |||
| TrID..: File type identification UPX compressed Win32 Executable (43.8%) Win32 EXE Yoda’s Crypter (38.1%) Win32 Executable Generic (12.2%) Generic Win/DOS Executable (2.8%) DOS Executable Generic (2.8%) |
|||
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 8 imports ) ( 0 exports ) |
|||
| ThreatExpert info: <a href=’http://www.threatexpert.com/report.aspx?md5=6c4350d53d8e554b67a7be98f25e1e09′ target=’_blank’>http://www.threatexpert.com/report.aspx?md5=6c4350d53d8e554b67a7be98f25e1e09</a> | |||
| packers (F-Prot): UPX | |||
| packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX | |||
Host: mybesttube.cn
IP: 216.240.151.112
Whois:
OrgName: ATMLINK, INC.
OrgID: ATMLIN
Address: 600 W. 7th Street
Address: Suite 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: USOrgAbuseHandle: NOC1610-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.comOrgNOCHandle: KJO26-ARIN
OrgNOCName: Joostens, Ken
OrgNOCPhone: +1-213-627-1937
OrgNOCEmail: ken@calpop.comOrgTechHandle: NOC1610-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-213-627-1937
OrgTechEmail: noc@atmlinkinc.com
Other sites:
1. Kococua.com
2. Lovemp3world.cn
3. Mybesttube.cn
4. Ruler-p2p.com
5. Ultimate-downloads.com
Host: webfreescan.cn
IP: 216.240.151.135
Whois:
OrgName: ATMLINK, INC.
OrgID: ATMLIN
Address: 600 W. 7th Street
Address: Suite 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: USOrgAbuseHandle: NOC1610-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.comOrgNOCHandle: KJO26-ARIN
OrgNOCName: Joostens, Ken
OrgNOCPhone: +1-213-627-1937
OrgNOCEmail: ken@calpop.comOrgTechHandle: NOC1610-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-213-627-1937
OrgTechEmail: noc@atmlinkinc.com
Other sites:
1. Secured-software-order.com
2. Webfreescan.cn
3. Windefender2009.cn
Host: windefender2009.cn
IP: 216.240.151.135
Whois:
OrgName: ATMLINK, INC.
OrgID: ATMLIN
Address: 600 W. 7th Street
Address: Suite 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: USOrgAbuseHandle: NOC1610-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.comOrgNOCHandle: KJO26-ARIN
OrgNOCName: Joostens, Ken
OrgNOCPhone: +1-213-627-1937
OrgNOCEmail: ken@calpop.comOrgTechHandle: NOC1610-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-213-627-1937
OrgTechEmail: noc@atmlinkinc.com
Host: secured-software-order.com
IP: 216.240.151.135
Whois:
OrgName: ATMLINK, INC.
OrgID: ATMLIN
Address: 600 W. 7th Street
Address: Suite 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: USOrgAbuseHandle: NOC1610-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.comOrgNOCHandle: KJO26-ARIN
OrgNOCName: Joostens, Ken
OrgNOCPhone: +1-213-627-1937
OrgNOCEmail: ken@calpop.comOrgTechHandle: NOC1610-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-213-627-1937
OrgTechEmail: noc@atmlinkinc.com
Whois of secured-software-order.com:
Registrant Contact:
Nexton Limited
Whois Agent ()Fax:
Irpinskaya 69
Kiev, 03142
UAAdministrative Contact:
Nexton Limited
Whois Agent (372382@mywhoisinfo.com)
+380993161649
Fax: +380993161649
Irpinskaya 69
Kiev, 03142
UATechnical Contact:
Nexton Limited
Whois Agent (372382@mywhoisinfo.com)
+380993161649
Fax: +380993161649
Irpinskaya 69
Kiev, 03142
UA
Rapid Antivirus is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
Host: privatetubes09.net
IP: 94.75.235.12
Whois:
inetnum: 94.75.235.0 - 94.75.235.255
netname: LEASEWEB
descr: LeaseWeb
descr: P.O. Box 93054
descr: 1090BB AMSTERDAM
descr: Netherlands
descr: www.leaseweb.com
remarks: Please send email to “abuse@leaseweb.com” for complaints
remarks: regarding portscans, DoS attacks and spam.
remarks: INFRA-AW
country: NL
admin-c: LSW1-RIPE
tech-c: LSW1-RIPE
status: ASSIGNED PA
mnt-by: LEASEWEB-MNT
source: RIPE # Filteredperson: RIP Mean
address: P.O. Box 93054
address: 1090BB AMSTERDAM
address: Netherlands
phone: +31 20 3162880
fax-no: +31 20 3162890
Other sites:
1. Directdownload09.net
2. Privatetubes09.net
3. Quicksoftupdate09.net
Host: rapidantivirus.com
IP: 91.208.0.220
Whois:
org-name: Still Trade Ltd
org-type: OTHER
address: Russian Federation,
address: St. Petersburg, Fedosenko st, 30 liter A, 24-N
mnt-ref: RU-WEBALTA-MNT
mnt-by: STILLTRADE-MNT
source: RIPE # Filteredperson: Perevitskiy Sergey
address: Russian Federation,
address: St. Petersburg, Fedosenko st, 30 liter A, 24-N
mnt-by: STILLTRADE-MNT
Other sites:
1. Agv-antivir.com
2. Antivirus2009plus.com
3. Extraantivir.com
4. Rapid-antivirus-2009.com
5. Rapidantivirus-2009.com
6. Rapidantivirus.com
7. Rapidantivirus2009.com
8. Securityscan2009.com
9. Securityscanner2009.com
Host: secure.vsoftstore.com
IP: 209.8.25.244
Whois:
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
Whois of vsoftstore.com:
Registrant
Christopher Otto
300 E OAKLAND PARK BLVD SUITE 313
33334 WILTON MANORS
United StatesAdministrative Contact
Christopher Otto christopherotto777 (at) gmail dot com
300 E OAKLAND PARK BLVD SUITE 313
33334 WILTON MANORS
United States
Tel: +1.3023707281Technical Contact
Christopher Otto christopherotto777 (at) gmail dot com
300 E OAKLAND PARK BLVD SUITE 313
33334 WILTON MANORS
United States
Tel: +1.3023707281
Other sites:
1. Isoftmart.com
2. Vsoftstore.com
3. Xsoftstore.com
System Security is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File exclusivemovie.exe received on 12.30.2008 15:00:41 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.30 | - |
| AhnLab-V3 | 2008.12.30.2 | 2008.12.30 | - |
| AntiVir | 7.9.0.45 | 2008.12.30 | TR/Dldr.Agent.AWZO |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.29 | - |
| AVG | 8.0.0.199 | 2008.12.29 | - |
| BitDefender | 7.2 | 2008.12.30 | - |
| CAT-QuickHeal | 10.00 | 2008.12.30 | TrojanDownloader.Agent.awyj |
| ClamAV | 0.94.1 | 2008.12.30 | - |
| Comodo | 837 | 2008.12.29 | - |
| DrWeb | 4.44.0.09170 | 2008.12.30 | Trojan.DownLoad.26579 |
| eSafe | 7.0.17.0 | 2008.12.28 | Suspicious File |
| eTrust-Vet | 31.6.6281 | 2008.12.29 | - |
| Ewido | 4.0 | 2008.12.30 | - |
| F-Prot | 4.4.4.56 | 2008.12.29 | - |
| F-Secure | 8.0.14470.0 | 2008.12.30 | - |
| Fortinet | 3.117.0.0 | 2008.12.30 | - |
| GData | 19 | 2008.12.30 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.30 | - |
| K7AntiVirus | 7.10.569 | 2008.12.29 | - |
| Kaspersky | 7.0.0.125 | 2008.12.30 | Trojan-Downloader.Win32.Agent.ayme |
| McAfee | 5478 | 2008.12.29 | - |
| McAfee+Artemis | 5478 | 2008.12.29 | Generic!Artemis |
| Microsoft | 1.4205 | 2008.12.30 | TrojanDownloader:Win32/Renos.FU |
| NOD32 | 3723 | 2008.12.30 | Win32/TrojanDownloader.Zlob.CYA |
| Norman | 5.80.02 | 2008.12.29 | - |
| Panda | 9.0.0.4 | 2008.12.29 | - |
| PCTools | 4.4.2.0 | 2008.12.30 | - |
| Prevx1 | V2 | 2008.12.30 | Cloaked Malware |
| Rising | 21.10.12.00 | 2008.12.30 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.30 | Trojan.Dldr.Agent.AWZO |
| Sophos | 4.37.0 | 2008.12.30 | Troj/DwnLdr-HLR |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.30 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.30 | Possible_DLDER |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.30 | - |
| VirusBuster | 4.5.11.0 | 2008.12.29 | - |
| Additional information | |||
| File size: 71168 bytes | |||
| MD5…: 442afb3012ffc4c34187df7bdd02ab58 | |||
| SHA1..: 5e4ad6767be4cd0cb6881220461802d5f4d3fd77 | |||
| SHA256: 44ed4667665856e84956fd080d1b1ed60e2b0caf563f93894be20310311f7ee2 | |||
| SHA512: 1ebda8ab782e573191f082866ba6098600f41d04c741eff985f30a5d063a0dce 3a0e8810c5b5d446b518b51d6fd16a1034931db1b17520967c71131e9aa8cfcc |
|||
| ssdeep: 768:0eGZ7pXszDhBm8D5aPMoIsyIdItKWz2EkRq7aJ9XmCHuPZHXyOSNTvvP/ZEI tn1w:YZOOE5aDIcl4Kq7ankH8d3Rt1i |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
|||
| PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401fb0 timedatestamp…..: 0×49586dc4 (Mon Dec 29 06:27:16 2008) machinetype…….: 0×14c (I386)( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×2011 0×2200 6.49 4f47b49d94b06a4374cdfcafcfcc7419 .rdata 0×4000 0×784 0×800 4.95 75f2ad9d11318269387ef56e7f57b3d9 .data 0×5000 0xeef4 0xe800 7.92 1f83d4385a2dff4345d9147f707eaa8f ( 5 imports ) ( 0 exports ) |
|||
| Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=0041EA83000955D516530131EF71FE00754B1CC9′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=0041EA83000955D516530131EF71FE00754B1CC9</a> | |||
| File install.exe received on 12.30.2008 15:06:04 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.30 | - |
| AhnLab-V3 | 2008.12.30.2 | 2008.12.30 | - |
| AntiVir | 7.9.0.45 | 2008.12.30 | TR/Dldr.FraudLoad.vffc |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.29 | - |
| AVG | 8.0.0.199 | 2008.12.30 | Downloader.Generic8.KTV |
| BitDefender | 7.2 | 2008.12.30 | - |
| CAT-QuickHeal | 10.00 | 2008.12.30 | - |
| ClamAV | 0.94.1 | 2008.12.30 | - |
| Comodo | 837 | 2008.12.29 | - |
| DrWeb | 4.44.0.09170 | 2008.12.30 | Trojan.DownLoad.26371 |
| eSafe | 7.0.17.0 | 2008.12.28 | Suspicious File |
| eTrust-Vet | 31.6.6281 | 2008.12.29 | - |
| Ewido | 4.0 | 2008.12.30 | - |
| F-Prot | 4.4.4.56 | 2008.12.29 | - |
| F-Secure | 8.0.14470.0 | 2008.12.30 | - |
| Fortinet | 3.117.0.0 | 2008.12.30 | - |
| GData | 19 | 2008.12.30 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.30 | - |
| K7AntiVirus | 7.10.569 | 2008.12.29 | - |
| Kaspersky | 7.0.0.125 | 2008.12.30 | - |
| McAfee | 5478 | 2008.12.29 | - |
| McAfee+Artemis | 5478 | 2008.12.29 | - |
| Microsoft | 1.4205 | 2008.12.30 | Program:Win32/Winwebsec |
| NOD32 | 3723 | 2008.12.30 | - |
| Norman | 5.80.02 | 2008.12.29 | - |
| Panda | 9.0.0.4 | 2008.12.29 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.12.30 | - |
| Prevx1 | V2 | 2008.12.30 | Malicious Software |
| Rising | 21.10.12.00 | 2008.12.30 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.30 | Trojan.Dldr.FraudLoad.vffc |
| Sophos | 4.37.0 | 2008.12.30 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.30 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.30 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.30 | - |
| VirusBuster | 4.5.11.0 | 2008.12.29 | - |
| Additional information | |||
| File size: 63019 bytes | |||
| MD5…: b243f5de4921d8f7b6cf90e9aafe0aef | |||
| SHA1..: 96ecf2d547eeacfb64baeae0d07f39bd4f9f3412 | |||
| SHA256: 7bc387c862fd99f40072ec6899bd2dfc8387d5ecc5e5d2666560ea8330e68973 | |||
| SHA512: 21055584758e48fc48f86a0977a3eed252f02df7b5ec9ce0e70a824bc336f66c 4e0a86de0a336fcdabec9dc968d474a225f6b4d08a1b57bfdc3a2d5d11594956 |
|||
| ssdeep: 1536:z3qCkvQhnmlq+/Vy0×3vyNYOxgbVEgiK6nouy8PEY5qnXK:z3qsP+dy0×3v TVLfioutPLInXK |
|||
| PEiD..: - | |||
| TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%) |
|||
| PEInfo: PE Structure information( base data ) entrypointaddress.: 0×427730 timedatestamp…..: 0×4958cb2f (Mon Dec 29 13:05:51 2008) machinetype…….: 0×14c (I386)( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×1a000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×1b000 0xe000 0xd400 7.97 f948a33dc79908cda9837b1810c8f732 .rsrc 0×29000 0×2000 0×1e00 5.04 4e32022a90b3400984565228a8f09193 ( 7 imports ) ( 0 exports ) |
|||
| packers (Kaspersky): UPX | |||
| packers (F-Prot): UPX_LZMA | |||
| Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=B08F16022B7C0A8AF69300B095652100CAD98BCE’ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=B08F16022B7C0A8AF69300B095652100CAD98BCE</a> | |||
Host: pornxmasstube.com
IP: 64.27.28.225
Whois:
OrgName: Hollywood Interactive, Inc.
OrgID: HLWD
Address: 600 W. 7th Street, Ste. 360
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US
RNOCHandle: CNO4-ARIN
RNOCName: CalPOP Network Operations
RNOCPhone: +1-213-627-1937
RNOCEmail: noc@calpop.com
Other sites:
1. Allbesttubeshere.com
2. Allpornotubeshere.com
3. Bestporntubehere.com
4. Megasupertubes.com
5. Onlybesttubesstorage.com
6. Porntube-cool.com
7. Pornxmasstube.com
Host: netsecurityonline.com
IP: 91.211.64.31
Whois:
netname: Ural-NET
descr: Ural Industrial Limited Company
country: RU
org: ORG-UICL2-RIPE
admin-c: UIM1-RIPE
tech-c: UIM1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: URALCOMP-MNT
mnt-routes: URALCOMP-MNT
mnt-domains: URALCOMP-MNT
source: RIPE # Filteredorganisation: ORG-UICL2-RIPE
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Other sites:
1. Hitstransfer.com
2. Trafficrelocation.com
3. Webnetworksecurity.com
Host: securedownloadsoftware.com
IP: 91.211.65.21
Whois:
netname: Ural-NET
descr: Ural Industrial Limited Company
country: RU
org: ORG-UICL2-RIPE
admin-c: UIM1-RIPE
tech-c: UIM1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: URALCOMP-MNT
mnt-routes: URALCOMP-MNT
mnt-domains: URALCOMP-MNT
source: RIPE # Filteredorganisation: ORG-UICL2-RIPE
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
Other sites:
1. Safesoftwaretransfer.com
2. Securedownloadsoftware.com
Host: www.securedigitalpayments.com
IP: 209.8.45.153
Whois:
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
Whois of securedigitalpayments.com :
Registrant:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Administrative Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Technical Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Spyware Guard 2008 is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File SpywareGuard2008.exe received on 12.30.2008 14:33:18 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.30 | Rootkit.Win32.TDSS!IK |
| AhnLab-V3 | 2008.12.30.2 | 2008.12.30 | - |
| AntiVir | 7.9.0.45 | 2008.12.30 | BDS/Hupigon.Gen |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.29 | - |
| AVG | 8.0.0.199 | 2008.12.29 | - |
| BitDefender | 7.2 | 2008.12.30 | - |
| CAT-QuickHeal | 10.00 | 2008.12.30 | (Suspicious) - DNAScan |
| ClamAV | 0.94.1 | 2008.12.30 | - |
| Comodo | 837 | 2008.12.29 | - |
| DrWeb | 4.44.0.09170 | 2008.12.30 | - |
| eSafe | 7.0.17.0 | 2008.12.28 | Suspicious File |
| eTrust-Vet | 31.6.6281 | 2008.12.29 | - |
| Ewido | 4.0 | 2008.12.30 | - |
| F-Prot | 4.4.4.56 | 2008.12.29 | - |
| F-Secure | 8.0.14470.0 | 2008.12.30 | Suspicious:W32/Malware!Gemini |
| Fortinet | 3.117.0.0 | 2008.12.30 | - |
| GData | 19 | 2008.12.30 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.30 | Rootkit.Win32.TDSS |
| K7AntiVirus | 7.10.569 | 2008.12.29 | - |
| Kaspersky | 7.0.0.125 | 2008.12.30 | - |
| McAfee | 5478 | 2008.12.29 | - |
| McAfee+Artemis | 5478 | 2008.12.29 | - |
| Microsoft | 1.4205 | 2008.12.30 | - |
| NOD32 | 3723 | 2008.12.30 | a variant of Win32/Kryptik.DR |
| Norman | 5.80.02 | 2008.12.29 | - |
| Panda | 9.0.0.4 | 2008.12.29 | - |
| PCTools | 4.4.2.0 | 2008.12.30 | - |
| Prevx1 | V2 | 2008.12.30 | - |
| Rising | 21.10.12.00 | 2008.12.30 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.30 | Trojan.Backdoor.Hupigon.Gen |
| Sophos | 4.37.0 | 2008.12.30 | Mal/FakeVirPk-A |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.30 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.30 | - |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.30 | - |
| VirusBuster | 4.5.11.0 | 2008.12.29 | - |
| Additional information | |||
| File size: 68101 bytes | |||
| MD5…: 1e8c81071f8c89bdf1e6e6fa7ac8b74a | |||
| SHA1..: b339246475ab885c4a456a38a83b9d049a2a571d | |||
| SHA256: 0031f10e24bed59fb737626417ba4fa58234d4a9915ad46db3c6c4cce5968102 | |||
| SHA512: 30c456ab3d85bc8e6fc4d8c6ffe485b43a597ab470cbb33d772008da30ab6baa d3b337ba4d89f4f42228159574653b1c52372e18cde6dc71302a7527f8a2d013 |
|||
| ssdeep: 1536:5RvDhDtWl1wwM2yI9p2YGvkTutt6Ug8m+IvJET:vDhxWl1wwDy2kYGkTutt 6vEIhU |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) |
|||
| PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401536 timedatestamp…..: 0×49587329 (Mon Dec 29 06:50:17 2008) machinetype…….: 0×14c (I386) ( 4 sections ) ( 1 imports ) ( 0 exports ) |
|||
Whois: sgviralscan.com
IP: 94.247.2.31
Whois:
netname: ZLKON
descr: ZlKon
country: LV
admin-c: ZK508-RIPE
tech-c: DES31-RIPE
status: ASSIGNED PA
mnt-by: PCEXPRESS-MNT
mnt-lower: ZLKON-MNT
mnt-routes: ZLKON-MNT
source: RIPE # Filteredrole: ZlKon HostMaster
address: Lilijas iela 4-74
address: Riga, LV-1055
address: Latvija
phone: +371 26330593
Other sites:
1. Dlsgd2.com
2. Dlsgd3.com
3. Getsgd2.com
4. Getsgd3.com
5. Gosgd2.com
6. Gosgd3.com
7. Scannersg.com
8. Scansguard.com
9. Sgproduct.com
10. Sgproductm.com
11. Sgscanner.com
12. Sguardscan.com
13. Sgviralscan.com
Whois: sgproduct.com
IP: 78.26.179.253
Whois:
netname: RENOME-SERVICE
descr: Renome-Service: Joint Multimedia Cable Network
country: UA
admin-c: RSM-RIPE
tech-c: RSM-RIPE
status: ASSIGNED PA
mnt-by: RENOME-MNT
mnt-lower: RENOME-MNT
mnt-routes: RENOME-MNT
source: RIPE # Filteredrole: Renome Service Tech Staff
address: Kosvennaya str., 78, Odessa, Ukraine, 65000
org: ORG-RA159-RIPE
phone: +380487597596
fax-no: +380487597596
mnt-by: RENOME-MNT
Whois of sgproduct.com:
Registrant:
Maksi Jelacic
Email: MaksiJelacic77az@yahoo.com
Organization: Private person
Address: Turjaska 51
City: Lasko
State: Lasko
ZIP: Sl1357
Country: SI
Phone: +386.49764122
Administrative Contact:
Maksi Jelacic
Email: MaksiJelacic77az@yahoo.com
Organization: Private person
Address: Turjaska 51
City: Lasko
State: Lasko
ZIP: Sl1357
Country: SI
Phone: +386.49764122
Technical Contact:
Maksi Jelacic
Email: MaksiJelacic77az@yahoo.com
Organization: Private person
Address: Turjaska 51
City: Lasko
State: Lasko
ZIP: Sl1357
Country: SI
Phone: +386.49764122
Billing Contact:
Maksi Jelacic
Email: MaksiJelacic77az@yahoo.com
Organization: Private person
Address: Turjaska 51
City: Lasko
State: Lasko
ZIP: Sl1357
Country: SI
Phone: +386.49764122
Antivirus 2009 is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File Install.exe received on 12.30.2008 14:12:58 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.30 | Virus.Win32.Ups!IK |
| AhnLab-V3 | 2008.12.30.2 | 2008.12.30 | - |
| AntiVir | 7.9.0.45 | 2008.12.30 | TR/Crypt.CFI.Gen |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.29 | Win32:Ups |
| AVG | 8.0.0.199 | 2008.12.29 | - |
| BitDefender | 7.2 | 2008.12.30 | - |
| CAT-QuickHeal | 10.00 | 2008.12.30 | - |
| ClamAV | 0.94.1 | 2008.12.30 | - |
| Comodo | 837 | 2008.12.29 | - |
| DrWeb | 4.44.0.09170 | 2008.12.30 | - |
| eSafe | 7.0.17.0 | 2008.12.28 | - |
| eTrust-Vet | 31.6.6281 | 2008.12.29 | - |
| Ewido | 4.0 | 2008.12.30 | - |
| F-Prot | 4.4.4.56 | 2008.12.29 | - |
| F-Secure | 8.0.14470.0 | 2008.12.30 | - |
| Fortinet | 3.117.0.0 | 2008.12.30 | - |
| GData | 19 | 2008.12.30 | Win32:Ups |
| Ikarus | T3.1.1.45.0 | 2008.12.30 | Virus.Win32.Ups |
| K7AntiVirus | 7.10.569 | 2008.12.29 | - |
| Kaspersky | 7.0.0.125 | 2008.12.30 | Trojan-Downloader.Win32.FraudLoad.vffa |
| McAfee | 5478 | 2008.12.29 | - |
| McAfee+Artemis | 5478 | 2008.12.29 | - |
| Microsoft | 1.4205 | 2008.12.30 | Trojan:Win32/FakeXPA |
| NOD32 | 3723 | 2008.12.30 | - |
| Norman | 5.80.02 | 2008.12.29 | - |
| Panda | 9.0.0.4 | 2008.12.29 | - |
| PCTools | 4.4.2.0 | 2008.12.30 | - |
| Prevx1 | V2 | 2008.12.30 | Fraudulent Security Program |
| Rising | 21.10.12.00 | 2008.12.30 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.30 | Trojan.Crypt.CFI.Gen |
| Sophos | 4.37.0 | 2008.12.30 | Mal/FakeAV-I |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.30 | AntiVirus2009 |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.30 | TROJ_RENOS.ARM |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.30 | - |
| VirusBuster | 4.5.11.0 | 2008.12.29 | - |
| Additional information | |||
| File size: 122880 bytes | |||
| MD5…: fdf71fb76f20c333c814b42bbe78e770 | |||
| SHA1..: 4bde41ab62a907176c2a7127a300d322d53b0ebf | |||
| SHA256: 0a33393cb255aaaaebd9bd7485e3e572ffe359372d96c75d8a2378bb012d7255 | |||
| SHA512: b7a188d39f053691477f3ed425d33d477b2e959460aa16fb2e7aa44e49a52c81 a8e099ba1287d63e074d355c9f8236a21f5b4ed9ed5c8d0acac932feb4ebe4c2 |
|||
| ssdeep: 1536:2mo51WDrfKXKNaJXjiea/062TVOlBSVil0tHgCGxROrAE3q7VoagHh:2n51 W/Sa4jieYXPwilgHvQONa7Voa |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%) |
|||
| PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401285 timedatestamp…..: 0×461c692a (Wed Apr 11 04:50:50 2007) machinetype…….: 0×14c (I386) ( 7 sections ) ( 6 imports ) ( 0 exports ) |
|||
| Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=FA1F4A450036D329E00A012DDDE82A0007534F54′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=FA1F4A450036D329E00A012DDDE82A0007534F54</a> | |||
| ThreatExpert info: <a href=’http://www.threatexpert.com/report.aspx?md5=fdf71fb76f20c333c814b42bbe78e770′ target=’_blank’>http://www.threatexpert.com/report.aspx?md5=fdf71fb76f20c333c814b42bbe78e770</a> | |||
Host: securedwwwclicks.com
IP: 91.211.64.68
Whois:
netname: Ural-NET
descr: Ural Industrial Limited Company
country: RU
org: ORG-UICL2-RIPE
admin-c: UIM1-RIPE
tech-c: UIM1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: URALCOMP-MNT
mnt-routes: URALCOMP-MNT
mnt-domains: URALCOMP-MNT
source: RIPE # Filteredorganisation: ORG-UICL2-RIPE
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Host: antivirusprofessionalscan.com
IP: 91.211.64.68
Whois:
netname: Ural-NET
descr: Ural Industrial Limited Company
country: RU
org: ORG-UICL2-RIPE
admin-c: UIM1-RIPE
tech-c: UIM1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: URALCOMP-MNT
mnt-routes: URALCOMP-MNT
mnt-domains: URALCOMP-MNT
source: RIPE # Filteredorganisation: ORG-UICL2-RIPE
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Host: systemprotectionupdates.com
IP: 212.95.37.241
Whois:
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filteredperson: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
Host: updatedeliverysystems.com
IP: 91.211.64.68
Whois:
descr: Ural Industrial Limited Company
country: RU
org: ORG-UICL2-RIPE
admin-c: UIM1-RIPE
tech-c: UIM1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: URALCOMP-MNT
mnt-routes: URALCOMP-MNT
mnt-domains: URALCOMP-MNT
source: RIPE # Filteredorganisation: ORG-UICL2-RIPE
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Host: systemprotectiondownloads.com
IP: 78.159.119.52
Whois:
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filteredperson: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
Host: protectedonlinepayments.com
IP: 91.211.64.68
Whois:
descr: Ural Industrial Limited Company
country: RU
org: ORG-UICL2-RIPE
admin-c: UIM1-RIPE
tech-c: UIM1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: URALCOMP-MNT
mnt-routes: URALCOMP-MNT
mnt-domains: URALCOMP-MNT
source: RIPE # Filteredorganisation: ORG-UICL2-RIPE
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Whois of protectedonlinepayments.com:
Registrant Contact:
Privat person
Igor Popov stats2damains@lycos.com
+33491858954 fax: +33491858954
Rue la produit 642
Marseille Marseille 13002
frAdministrative Contact:
Igor Popov stats2damains@lycos.com
+33491858954 fax: +33491858954
Rue la produit 642
Marseille Marseille 13002
frTechnical Contact:
Igor Popov stats2damains@lycos.com
+33491858954 fax: +33491858954
Rue la produit 642
Marseille Marseille 13002
frBilling Contact:
Igor Popov stats2damains@lycos.com
+33491858954 fax: +33491858954
Rue la produit 642
Marseille Marseille 13002
fr
System Security is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File TubePlayer_1_.ver.6.exe received on 12.30.2008 12:01:56 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.30 | - |
| AhnLab-V3 | 2008.12.30.2 | 2008.12.30 | - |
| AntiVir | 7.9.0.45 | 2008.12.30 | - |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.29 | - |
| AVG | 8.0.0.199 | 2008.12.29 | - |
| BitDefender | 7.2 | 2008.12.30 | - |
| CAT-QuickHeal | 10.00 | 2008.12.30 | - |
| ClamAV | 0.94.1 | 2008.12.30 | - |
| Comodo | 837 | 2008.12.29 | - |
| DrWeb | 4.44.0.09170 | 2008.12.30 | - |
| eSafe | 7.0.17.0 | 2008.12.28 | - |
| eTrust-Vet | 31.6.6281 | 2008.12.29 | - |
| Ewido | 4.0 | 2008.12.30 | - |
| F-Prot | 4.4.4.56 | 2008.12.29 | - |
| F-Secure | 8.0.14470.0 | 2008.12.30 | - |
| Fortinet | 3.117.0.0 | 2008.12.30 | - |
| GData | 19 | 2008.12.30 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.30 | - |
| K7AntiVirus | 7.10.569 | 2008.12.29 | - |
| Kaspersky | 7.0.0.125 | 2008.12.30 | - |
| McAfee | 5478 | 2008.12.29 | - |
| McAfee+Artemis | 5478 | 2008.12.29 | - |
| Microsoft | 1.4205 | 2008.12.30 | - |
| NOD32 | 3723 | 2008.12.30 | - |
| Norman | 5.80.02 | 2008.12.29 | - |
| Panda | 9.0.0.4 | 2008.12.29 | - |
| PCTools | 4.4.2.0 | 2008.12.29 | - |
| Prevx1 | V2 | 2008.12.30 | - |
| Rising | 21.10.12.00 | 2008.12.30 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.30 | - |
| Sophos | 4.37.0 | 2008.12.30 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.30 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.30 | - |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.30 | - |
| VirusBuster | 4.5.11.0 | 2008.12.29 | - |
| Additional information | |||
| File size: 49156 bytes | |||
| MD5…: bfe54ffd8371266827848e6ee4a4ba49 | |||
| SHA1..: 3ee085a4430368ca747c40ed759985ca16640315 | |||
| SHA256: 301470f6bddac3d3e32b86161ad4fe3dd3e41557d6e241e35b67e0835952c058 | |||
| SHA512: f38908bf1efcc872627a30f6c995a4c590be2eca11e891573dfa2c47254ea1bd 7e933184ba99304f0a5ab0a877575b12b8f40a58f46572eb80e990682fd056d7 |
|||
| ssdeep: 384:gw5jhxJxGf91sp9UE2HgqUX8Ip7BwITSzAvqoCJsm:XjpxGf91cU1AqpI5Bw uv/C9 |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Dynamic Link Library (generic) (55.5%) Clipper DOS Executable (14.7%) Generic Win/DOS Executable (14.6%) DOS Executable Generic (14.6%) VXD Driver (0.2%) |
|||
| PEInfo: PE Structure information
( base data ) ( 4 sections ) ( 5 imports ) ( 0 exports ) |
|||
| File install.exe received on 12.30.2008 11:56:51 (CET) | |||
| Antivirus | Version | Last Update | Result |
| a-squared | 4.0.0.73 | 2008.12.30 | - |
| AhnLab-V3 | 2008.12.30.2 | 2008.12.30 | - |
| AntiVir | 7.9.0.45 | 2008.12.30 | TR/Dldr.FraudLoad.vfee |
| Authentium | 5.1.0.4 | 2008.12.30 | - |
| Avast | 4.8.1281.0 | 2008.12.29 | - |
| AVG | 8.0.0.199 | 2008.12.29 | Downloader.Generic8.KSW |
| BitDefender | 7.2 | 2008.12.30 | - |
| CAT-QuickHeal | 10.00 | 2008.12.30 | TrojanDownloader.FraudLoad.ve |
| ClamAV | 0.94.1 | 2008.12.30 | - |
| Comodo | 837 | 2008.12.29 | - |
| DrWeb | 4.44.0.09170 | 2008.12.30 | Trojan.DownLoad.26371 |
| eSafe | 7.0.17.0 | 2008.12.28 | Suspicious File |
| eTrust-Vet | 31.6.6281 | 2008.12.29 | - |
| Ewido | 4.0 | 2008.12.30 | - |
| F-Prot | 4.4.4.56 | 2008.12.29 | - |
| F-Secure | 8.0.14470.0 | 2008.12.30 | - |
| Fortinet | 3.117.0.0 | 2008.12.30 | - |
| GData | 19 | 2008.12.30 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.30 | - |
| K7AntiVirus | 7.10.569 | 2008.12.29 | - |
| Kaspersky | 7.0.0.125 | 2008.12.30 | - |
| McAfee | 5478 | 2008.12.29 | - |
| McAfee+Artemis | 5478 | 2008.12.29 | - |
| Microsoft | 1.4205 | 2008.12.30 | Program:Win32/Winwebsec |
| NOD32 | 3723 | 2008.12.30 | - |
| Norman | 5.80.02 | 2008.12.29 | - |
| Panda | 9.0.0.4 | 2008.12.29 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.12.29 | - |
| Prevx1 | V2 | 2008.12.30 | Malicious Software |
| Rising | 21.10.12.00 | 2008.12.30 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.30 | Trojan.Dldr.FraudLoad.vfee |
| Sophos | 4.37.0 | 2008.12.30 | - |
| Sunbelt | 3.2.1809.2 | 2008.12.22 | - |
| Symantec | 10 | 2008.12.30 | - |
| TheHacker | 6.3.1.4.202 | 2008.12.30 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.30 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.30 | - |
| ViRobot | 2008.12.30.1540 | 2008.12.30 | - |
| VirusBuster | 4.5.11.0 | 2008.12.29 | - |
| Additional information | |||
| File size: 63019 bytes | |||
| MD5…: 287ec9491b432387577bfe08ef3fcd53 | |||
| SHA1..: d5d0da152ab10b8f7fe33c0ab3c203d6c704442d | |||
| SHA256: c80828e79cb05226899295deb18ab3e1a589eace36e603a8cd7e21bb5991db33 | |||
| SHA512: 39a4bf2d36ac5e2f12e57d0224453f4a6238d8f7163d8b306ba491a48d756393 7e6dd5deaed369daa5f38707bc6c537586998b8f5c648ee3a73170e4540c2157 |
|||
| ssdeep: 1536:m3qCkvQhnmlq+/iPCZCBsy1FvEenouy8nEY5qnXK:m3qsP+qNBoutnLInXK | |||
| PEiD..: - | |||
| TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%) |
|||
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 7 imports ) ( 0 exports ) |
|||
| Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=E33330252BBD9DBAF60A0067CD698A00A264A711′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=E33330252BBD9DBAF60A0067CD698A00A264A711</a> | |||
| packers (Kaspersky): UPX | |||
| packers (F-Prot): UPX_LZMA | |||
Host: mybest-pov-tube.com
IP: 69.59.21.247
Whois:
OrgName: Carolina Internet
OrgID: CARO
Address: 900 Center Park Drive
Address: Suite A
City: Charlotte
StateProv: NC
PostalCode: 28217
Country: USNetRange: 69.59.16.0 - 69.59.31.255
CIDR: 69.59.16.0/20
NetName: CARO-NET-ARIN-1
NetHandle: NET-69-59-16-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CARO.NET
NameServer: NS2.CARO.NET
NameServer: NS3.CARO.NET
Comment:
RegDate: 2006-08-10
Updated: 2006-08-10RAbuseHandle: NOC240-ARIN
RAbuseName: NOC
RAbusePhone: +1-704-643-8330
Other sites:
1. Av-scan-soft.net
2. Bestmytubeonilne1.com
3. Bestmytubeonilne2.com
4. Bestmytubeonilne3.com
5. Fast-xxx-tube.net
6. Fen-tube.com
7. My-bestpov-tube.com
8. Mybest-pov-tube.com
9. Mybestpov-tube.com
10. Scanner-pc-toolz.net
11. Tube-4-free-center.com
12. Tube-chick.net
13. Tube-free-4-adult.net
14. Tube-hu.com
15. Tube-more-sex.com
16. Tubeger.com
17. U-tube-verse.com
18. Uni-tube-911.com
Host: downloabsecurehere1.com
IP: 94.247.3.228
Whois:
role: DATORU EXPRESS SERVISS HostMaster
address: 18. novembra street 319C
address: Daugavpils, LV-5413
address: Latvia
phone: +371 26631339
fax-no: +371 65420725
remarks: Information: http://www.pcexpress.lv
Other sites:
1. Best-ps-download-4pc.com
2. Downloabsecurehere1.com
3. Downloabsecurehere2.com
4. Downloabsecurehere3.com
5. Downloabsecurehere4.com
6. Download-all4free.com
7. Download-allsoftnow.com
8. Download-files-bak.net
9. Download-files-plus.net
10. Download-fls.com
11. Download-softarch.com
12. Download-top-software.com
13. Download-top-software.net
14. Downloadall-soft-now.com
15. Downloadallsoft-now.com
16. Downloadallsoftnow.com
17. Dwnld-files.com
18. Fast-download-base-free.com
19. Files-download-arch.net
20. Files-upload-21.com
21. Get-files-4free.net
22. Get-frsh-files.com
23. Go-downloadz-pc-soft.com
24. Soft-4-you-download.net
25. Top-best-software-area.net
Host: netsecurityonline.com
IP: 91.211.64.31
Whois:
org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Other sites:
1. Hitstransfer.com
2. Trafficrelocation.com
3. Webnetworksecurity.com
Host: securedownloadsoftware.com
IP: 91.211.65.21
Whois:
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filteredrole: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61
Other sites:
1. Safesoftwaretransfer.com
2. Securedownloadsoftware.com
Host: www.securedigitalpayments.com
IP: 209.8.45.153
Whois:
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
Whois of securedigitalpayments.com :
Registrant:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Administrative Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Technical Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Antivirus 2009is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File exclusivemovie.1212.exe received on 12.09.2008 17:22:30 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.12.10.0 | 2008.12.09 | - |
| AntiVir | 7.9.0.43 | 2008.12.09 | TR/Dldr.Zlob.imk |
| Authentium | 5.1.0.4 | 2008.12.08 | - |
| Avast | 4.8.1281.0 | 2008.12.08 | - |
| AVG | 8.0.0.199 | 2008.12.09 | - |
| BitDefender | 7.2 | 2008.12.09 | - |
| CAT-QuickHeal | 10.00 | 2008.12.09 | - |
| ClamAV | 0.94.1 | 2008.12.09 | - |
| Comodo | 713 | 2008.12.09 | - |
| DrWeb | 4.44.0.09170 | 2008.12.09 | - |
| eSafe | 7.0.17.0 | 2008.12.09 | Suspicious File |
| eTrust-Vet | 31.6.6252 | 2008.12.09 | - |
| Ewido | 4.0 | 2008.12.09 | - |
| F-Prot | 4.4.4.56 | 2008.12.08 | - |
| F-Secure | 8.0.14332.0 | 2008.12.09 | Trojan-Downloader.Win32.Agent.atlu |
| Fortinet | 3.117.0.0 | 2008.12.09 | - |
| GData | 19 | 2008.12.09 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.08 | - |
| K7AntiVirus | 7.10.549 | 2008.12.09 | - |
| Kaspersky | 7.0.0.125 | 2008.12.09 | Trojan-Downloader.Win32.Agent.atlu |
| McAfee | 5458 | 2008.12.08 | - |
| McAfee+Artemis | 5458 | 2008.12.09 | - |
| Microsoft | 1.4205 | 2008.12.09 | - |
| NOD32 | 3676 | 2008.12.09 | - |
| Norman | 5.80.02 | 2008.12.09 | - |
| Panda | 9.0.0.4 | 2008.12.09 | - |
| PCTools | 4.4.2.0 | 2008.12.09 | - |
| Prevx1 | V2 | 2008.12.09 | Malware Dropper |
| Rising | 21.07.12.00 | 2008.12.09 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.09 | Trojan.Dldr.Zlob.imk |
| Sophos | 4.36.0 | 2008.12.09 | Troj/DwnLdr-HLR |
| Sunbelt | 3.1.1832.2 | 2008.12.01 | - |
| Symantec | 10 | 2008.12.09 | - |
| TheHacker | 6.3.1.2.180 | 2008.12.09 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.09 | Possible_DLDER |
| VBA32 | 3.12.8.10 | 2008.12.09 | - |
| ViRobot | 2008.12.9.1509 | 2008.12.09 | Dropper.Agent.66560.D |
| VirusBuster | 4.5.11.0 | 2008.12.09 | - |
| Additional information | |||
| File size: 66560 bytes | |||
| MD5…: e24b67c9e5f7bb2c9d1e15eafee9f329 | |||
| SHA1..: 0b3c238fc6bdf8cd469bc377b4f5bfa3e23a705f | |||
| SHA256: 1df0e73f40d49e9497e39bb1931dab84606ba0e309b3a10b03e858ba029d194b | |||
| SHA512: 7ab32711fa2ab4a614248eb1e2e2d9a2887b3efddef261f85dea2caf9c0f063f 001231816f8d59687827d35163dc832e5df6d1d5e7c57b00fcb13636fd3eab60 |
|||
| ssdeep: 1536:b9/+qo7X7Q1N4PpQ2iHzNb3vSkdaZcPvQRcCefymztRe:blJ0EIRQ2iJ5da iPvQR6qmhR |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
|||
| File InstallAVv_77100106.exe received on 12.09.2008 17:22:36 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.12.10.0 | 2008.12.09 | - |
| AntiVir | 7.9.0.43 | 2008.12.09 | - |
| Authentium | 5.1.0.4 | 2008.12.08 | - |
| Avast | 4.8.1281.0 | 2008.12.08 | - |
| AVG | 8.0.0.199 | 2008.12.09 | Win32/Heur |
| BitDefender | 7.2 | 2008.12.09 | - |
| CAT-QuickHeal | 10.00 | 2008.12.09 | - |
| ClamAV | 0.94.1 | 2008.12.09 | - |
| Comodo | 713 | 2008.12.09 | - |
| DrWeb | 4.44.0.09170 | 2008.12.09 | - |
| eSafe | 7.0.17.0 | 2008.12.09 | Suspicious File |
| eTrust-Vet | 31.6.6252 | 2008.12.09 | - |
| Ewido | 4.0 | 2008.12.09 | - |
| F-Prot | 4.4.4.56 | 2008.12.08 | - |
| F-Secure | 8.0.14332.0 | 2008.12.09 | - |
| Fortinet | 3.117.0.0 | 2008.12.09 | - |
| GData | 19 | 2008.12.09 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.08 | - |
| K7AntiVirus | 7.10.549 | 2008.12.09 | - |
| Kaspersky | 7.0.0.125 | 2008.12.09 | - |
| McAfee | 5458 | 2008.12.08 | - |
| McAfee+Artemis | 5458 | 2008.12.09 | - |
| Microsoft | 1.4205 | 2008.12.09 | Trojan:Win32/FakeXPA |
| NOD32 | 3676 | 2008.12.09 | - |
| Norman | 5.80.02 | 2008.12.09 | - |
| Panda | 9.0.0.4 | 2008.12.09 | - |
| PCTools | 4.4.2.0 | 2008.12.09 | - |
| Prevx1 | V2 | 2008.12.09 | - |
| Rising | 21.07.12.00 | 2008.12.09 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.09 | - |
| Sophos | 4.36.0 | 2008.12.09 | Sus/Behav-297 |
| Sunbelt | 3.1.1832.2 | 2008.12.01 | - |
| Symantec | 10 | 2008.12.09 | - |
| TheHacker | 6.3.1.2.180 | 2008.12.09 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.09 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.09 | - |
| ViRobot | 2008.12.9.1509 | 2008.12.09 | - |
| VirusBuster | 4.5.11.0 | 2008.12.09 | - |
| Additional information | |||
| File size: 90112 bytes | |||
| MD5…: c5135fdf2bd0cf512b034607cdaf3bde | |||
| SHA1..: 303bd94d484830cd729fb58bd7979152d13ab788 | |||
| SHA256: bb22d1f01e882196c820cb6d528ecabde3fc23f6bbfe2b93477893022956402e | |||
| SHA512: a8d0cc17a38f9fb5e6fbfd0bce6df2780a6e6c154d4997455cf842c5fb93caaf fa8d22902e6e3c8f89d39ce2418f98dd557ac927040f83977b9a22f4818082bb |
|||
| ssdeep: 1536:M3q7VoagHfSTDFHVs9aur8It+Ah83mOxHIRp21OaBreBbMzXH8MV:Ma7Voa N/FHVQao88+wpT8MID |
|||
| PEiD..: - | |||
| TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%) |
|||
| PEInfo: PE Structure information | |||
Host: allcooltubeshere.com
IP: 89.149.228.200
Whois:
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filteredperson: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: info@netdirekt.de
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered
Other sites:
1) 69-tube-69.com
2) Megasexytube.com
3) Super-av-scanner.com
Host: codecdownload.allcleanfileshere.com
IP: 91.203.93.81
Whois:
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filteredperson: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: info@netdirekt.de
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered
Other sites:
1) 3d-softportal.com
2) 3d-softportal.net
3) Allfilesherefordownload.com
Host: advancedproscan.com
IP: 69.10.44.207
Whois:
Interserver, Inc INTERSERVER
Host: protectedpaymentsite.com
IP: 209.8.45.117
Whois:
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
Host: microsoft.protectionsoftwaredownload.com
IP: 89.149.241.106
Whois:
inetnum: 89.149.241.0 - 89.149.244.255
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filteredperson: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
Host: softwareservicebilling.com
IP: 63.219.177.214
Whois:
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
Windefender 2009 is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/
| File c-setup.exe received on 12.08.2008 17:57:01 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.12.6.0 | 2008.12.06 | - |
| AntiVir | 7.9.0.42 | 2008.12.08 | TR/Dldr.JLBO.1 |
| Authentium | 5.1.0.4 | 2008.12.08 | - |
| Avast | 4.8.1281.0 | 2008.12.08 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.199 | 2008.12.07 | SHeur2.FIQ |
| BitDefender | 7.2 | 2008.12.07 | Trojan.Downloader.JLBO |
| CAT-QuickHeal | 10.00 | 2008.12.08 | - |
| ClamAV | 0.94.1 | 2008.12.07 | - |
| Comodo | 708 | 2008.12.08 | - |
| DrWeb | 4.44.0.09170 | 2008.12.07 | - |
| eSafe | 7.0.17.0 | 2008.12.08 | Suspicious File |
| eTrust-Vet | 31.6.6246 | 2008.12.05 | - |
| Ewido | 4.0 | 2008.12.07 | - |
| F-Prot | 4.4.4.56 | 2008.12.04 | - |
| F-Secure | 8.0.14332.0 | 2008.12.08 | Trojan-Downloader.Win32.Agent.atgo |
| Fortinet | 3.117.0.0 | 2008.12.07 | - |
| GData | 19 | 2008.12.07 | Trojan.Downloader.JLBO |
| Ikarus | T3.1.1.45.0 | 2008.12.08 | - |
| K7AntiVirus | 7.10.548 | 2008.12.08 | - |
| Kaspersky | 7.0.0.125 | 2008.12.07 | - |
| McAfee | 5456 | 2008.12.06 | - |
| McAfee+Artemis | 5456 | 2008.12.06 | - |
| Microsoft | 1.4205 | 2008.12.08 | TrojanDownloader:Win32/Renos.FS |
| NOD32 | 3670 | 2008.12.08 | - |
| Norman | 5.80.02 | 2008.12.05 | - |
| Panda | 9.0.0.4 | 2008.12.07 | - |
| PCTools | 4.4.2.0 | 2008.12.08 | - |
| Prevx1 | V2 | 2008.12.08 | - |
| Rising | 21.07.02.00 | 2008.12.08 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.08 | Trojan.Dldr.JLBO.1 |
| Sophos | 4.36.0 | 2008.12.07 | - |
| Sunbelt | 3.1.1832.2 | 2008.12.01 | - |
| Symantec | 10 | 2008.12.07 | Trojan.Dropper |
| TheHacker | 6.3.1.2.179 | 2008.12.06 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.08 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.07 | - |
| ViRobot | 2008.12.6.1504 | 2008.12.06 | - |
| VirusBuster | 4.5.11.0 | 2008.12.08 | - |
| Additional information | |||
| File size: 63495 bytes | |||
| MD5…: 06772f1d4e28d4538a55be97d2ed4d5c | |||
| SHA1..: e7cd8823c0aaa03d179b62118d7f01bcddc39258 | |||
| SHA256: 5593d8490c53d0dfd2d61b5228cd568aa279b1e8c40ee6eee04ce09756392bbf | |||
| SHA512: 1e86cf6ac3a729ed074bbaaf4ee13f10c01dcee84f642a6bc68a254869acbc09 9c2e204f8c671cc06c6cd3f2b4b9637a6ba09004642b1ac33f562efee4de57d3 |
|||
| ssdeep: 1536:/fjQtATi+FDfXsKA2p2v97RybohyjWgX5PtXhSMImX8/nld:/fkaFTjMtRy DjR5PtVXGL |
|||
| PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser | |||
| TrID..: File type identification UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda’s Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) |
|||
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 4 imports ) ( 0 exports ) |
|||
| packers (Kaspersky): PE_Patch.UPX, UPX | |||
| packers (F-Prot): UPX | |||
| File WinDefender2009.exe received on 12.08.2008 17:59:01 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.12.6.0 | 2008.12.06 | - |
| AntiVir | 7.9.0.42 | 2008.12.08 | - |
| Authentium | 5.1.0.4 | 2008.12.08 | - |
| Avast | 4.8.1281.0 | 2008.12.08 | - |
| AVG | 8.0.0.199 | 2008.12.07 | - |
| BitDefender | 7.2 | 2008.12.07 | - |
| CAT-QuickHeal | 10.00 | 2008.12.08 | - |
| ClamAV | 0.94.1 | 2008.12.07 | - |
| Comodo | 708 | 2008.12.08 | - |
| DrWeb | 4.44.0.09170 | 2008.12.07 | - |
| eSafe | 7.0.17.0 | 2008.12.08 | Suspicious File |
| eTrust-Vet | 31.6.6246 | 2008.12.05 | - |
| Ewido | 4.0 | 2008.12.07 | - |
| F-Prot | 4.4.4.56 | 2008.12.04 | - |
| F-Secure | 8.0.14332.0 | 2008.12.08 | - |
| Fortinet | 3.117.0.0 | 2008.12.07 | - |
| GData | 19 | 2008.12.07 | - |
| Ikarus | T3.1.1.45.0 | 2008.12.08 | - |
| K7AntiVirus | 7.10.548 | 2008.12.08 | - |
| Kaspersky | 7.0.0.125 | 2008.12.07 | - |
| McAfee | 5456 | 2008.12.06 | - |
| McAfee+Artemis | 5456 | 2008.12.06 | - |
| Microsoft | 1.4205 | 2008.12.08 | Trojan:Win32/Delflob.I |
| NOD32 | 3670 | 2008.12.08 | - |
| Norman | 5.80.02 | 2008.12.05 | - |
| Panda | 9.0.0.4 | 2008.12.07 | - |
| PCTools | 4.4.2.0 | 2008.12.08 | - |
| Prevx1 | V2 | 2008.12.08 | Malicious Software |
| Rising | 21.07.02.00 | 2008.12.08 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.08 | - |
| Sophos | 4.36.0 | 2008.12.07 | - |
| Sunbelt | 3.1.1832.2 | 2008.12.01 | - |
| Symantec | 10 | 2008.12.07 | - |
| TheHacker | 6.3.1.2.179 | 2008.12.06 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.08 | - |
| VBA32 | 3.12.8.10 | 2008.12.07 | - |
| ViRobot | 2008.12.6.1504 | 2008.12.06 | - |
| VirusBuster | 4.5.11.0 | 2008.12.08 | - |
| Additional information | |||
| File size: 4230473 bytes | |||
| MD5…: 54c9b9d46c347e8fb8bec5219e2c86d3 | |||
| SHA1..: 5e8861adb6e895a8b1d6f8305d264e49600fb666 | |||
| SHA256: 971c63bb70a3e205c39ee4182eeaf4df51e29ec61e046587e5c519a70708ca56 | |||
| SHA512: eb849356568b4b1d20068e29f81b9f2bc73c9b918c8e5f808cd0bef75f47e427 2374645b722adfa8cc8b4f36d5c37cbccc05a601b92d76b31c9d65ed1a719af6 |
|||
| ssdeep: 98304:7QnfsjcEWUHTIByH9KUWR6+wM/0o7z1i/q2Fe:7TBWUkMH9ew7szvOe | |||
| PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser | |||
| TrID..: File type identification UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda’s Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) |
|||
| PEInfo: PE Structure information
( base data ) ( 3 sections ) ( 8 imports ) ( 0 exports ) |
|||
| Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=4F9577C849C502658DBC40F2671E0B00DF87BB08′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=4F9577C849C502658DBC40F2671E0B00DF87BB08</a> | |||
| packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch | |||
| packers (F-Prot): UPX | |||
Host: videopreviewshow.com
IP: 91.203.93.25
Whois:
inetnum: 91.203.93.1 - 91.203.93.128
netname: ZHITOMIR-NET
descr: pool for co-location customers
country: UA
admin-c: ML7676-RIPE
tech-c: ML7676-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
source: RIPE # Filteredperson: Mark Liberman
address: Kiev, Ukraine
e-mail: m.liberman@uatelecom.com.ua
phone: +380963801326
nic-hdl: ML7676-RIPE
source: RIPE # Filtered
Other sites on this ip:
1. Archiveviewsoftware.com
2. Gensoftdownload.com
3. Softwareformyvideo.com
4. Videopreviewshow.com
Host: lookfornewsoftware.com
IP: 91.203.92.99
Whois:
netname: BASTION-NET
descr: ISP UATelecom
country: EU
org: ORG-TG39-RIPE
admin-c: ML7676-RIPE
tech-c: UNm3-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT
Other sites on this ip:
1. Lookfornewsoftware.com
2. Megauplinkbindinstaller.com
3. Systemerroronline.com
4. Theupdatedownload.com
Host: megauplinkbindinstaller.com
IP: 91.203.92.99
Whois:
netname: BASTION-NET
descr: ISP UATelecom
country: EU
org: ORG-TG39-RIPE
admin-c: ML7676-RIPE
tech-c: UNm3-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT
Host: win-defender-2009.com
IP: 91.203.92.100
Whois:
netname: BASTION-NET
descr: ISP UATelecom
country: EU
org: ORG-TG39-RIPE
admin-c: ML7676-RIPE
tech-c: UNm3-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT
remarks: *************************************************
remarks: * For spam/abuse/security issues please contact *
remarks: * abuse@uatelecom.com.ua *
remarks: *************************************************
Other sites on this ip:
1. Thesystemcheck.com
2. Win-defender-2009.com
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Apr | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||