Security Expert Cleaner

July 28, 2008 | Malware, Rogues

Security Expert Cleaner is a rogue Antispyware application. Stay away from following IP and hosts!

Host: www.secureexpertcleaner.com
IP: 89.149.227.50
Whois:

inetnum:        89.149.226.0 - 89.149.227.255
netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Other sites on this IP:

1.  Registrydoctor2008.com
2.  Secureexpertcleaner.com
3.  Securefileshredder.com
4.  Virusremover2008.com

File CleanerInstaller.exe received on 07.28.2008 13:53:08 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.7.26.0 2008.07.28 -
AntiVir 7.8.1.12 2008.07.28 -
Authentium 5.1.0.4 2008.07.28 -
Avast 4.8.1195.0 2008.07.27 -
AVG 8.0.0.130 2008.07.28 Agent_r.H
BitDefender 7.2 2008.07.28 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.28 -
DrWeb 4.44.0.09170 2008.07.28 -
eSafe 7.0.17.0 2008.07.27 Suspicious File
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.28 -
F-Prot 4.4.4.56 2008.07.28 -
F-Secure 7.60.13501.0 2008.07.28 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.28 -
Ikarus T3.1.1.34.0 2008.07.28 -
Kaspersky 7.0.0.125 2008.07.28 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3302 2008.07.28 -
Norman 5.80.02 2008.07.28 -
Panda 9.0.0.4 2008.07.28 Suspicious file
PCTools 4.4.2.0 2008.07.27 -
Prevx1 V2 2008.07.28 -
Rising 20.55.02.00 2008.07.28 -
Sophos 4.31.0 2008.07.28 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.28 SecureExpertCleaner
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.28 -
VBA32 None 2008.07.27 -
ViRobot 2008.7.26.1311 2008.07.28 -
VirusBuster 4.5.11.0 2008.07.27 -
Webwasher-Gateway 6.6.2 2008.07.28 -
 
Additional information
File size: 92944 bytes
MD5…: 710b55fd6d22d33e60d086f4960cf6d7
SHA1..: f0deebaa3a30fe43d5c60c5fda649234b5443200
SHA256: 7cf7a76d5c647ffef0472c16695140e156ea7cd503a7e78d0a30f4138d8e96e5
SHA512: 24bc17934f16d61fe04d57df1b680185ec36241fc5c46e55c21e1e0f7af22cb2
e1326205a04f4862709e031a507115482083568fd13d49a023c4a60fc45025dc
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information( base data )
entrypointaddress.: 0×42f500
timedatestamp…..: 0×487d8e56 (Wed Jul 16 05:59:50 2008)
machinetype…….: 0×14c (I386)( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0×1000 0×1b000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0×1c000 0×14000 0×13800 7.92 b60cd27468e4e064e77723a8c2303672
.rsrc 0×30000 0×2000 0×1a00 4.60 58bc9f71b3702139f666ea238af48cec( 11 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
> ADVAPI32.dll: RegFlushKey
> COMCTL32.dll: ImageList_Draw
> GDI32.dll: DPtoLP
> iphlpapi.dll: GetAdaptersInfo
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> SHLWAPI.dll: PathAppendA
> USER32.dll: GetDC
> WININET.dll: InternetOpenA

( 0 exports )
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

Host: download.secureexpertcleaner.com
IP: 88.198.8.15

Whois:

inetnum:        88.198.0.0 - 88.198.15.255
netname:        HETZNER-RZ-NBG-NET
descr:          Hetzner Online AG
descr:          Datacenter Nuernberg
country:        DE
admin-c:        HOAC1-RIPE
tech-c:         HOAC1-RIPE
status:         ASSIGNED PA
mnt-by:         HOS-GUN
mnt-lower:      HOS-GUN
mnt-routes:     HOS-GUN
source:         RIPE # Filtered

role:           Hetzner Online AG - Contact Role
address:        Hetzner Online AG
address:        Stuttgarter Stra?e 1
address:        D-91710 Gunzenhausen
address:        Germany
phone:          +49 9831 61 00 61
fax-no:         +49 9831 61 00 62
abuse-mailbox:  abuse@hetzber.de

Host: dwnld1.com
IP: 67.228.177.143

Whois:

OrgName:    SoftLayer Technologies Inc.
OrgID:      SOFTL
Address:    1950 N Stemmons Freeway
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US
NetRange:   67.228.0.0 - 67.228.255.255
CIDR:       67.228.0.0/16
OriginAS:   AS36351
NetName:    SOFTLAYER-4-5
NetHandle:  NET-67-228-0-0-1
Parent:     NET-67-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment:    abuse@softlayer.com

File FreeCleaner.exe received on 07.28.2008 16:54:11 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.7.26.0 2008.07.28 -
AntiVir 7.8.1.12 2008.07.28 -
Authentium 5.1.0.4 2008.07.28 -
Avast 4.8.1195.0 2008.07.28 -
AVG 8.0.0.130 2008.07.28 -
BitDefender 7.2 2008.07.28 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.28 -
DrWeb 4.44.0.09170 2008.07.28 -
eSafe 7.0.17.0 2008.07.28 -
eTrust-Vet 31.6.5989 2008.07.28 -
Ewido 4.0 2008.07.28 -
F-Prot 4.4.4.56 2008.07.28 -
F-Secure 7.60.13501.0 2008.07.28 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.28 -
Ikarus T3.1.1.34.0 2008.07.28 -
Kaspersky 7.0.0.125 2008.07.28 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3303 2008.07.28 -
Norman 5.80.02 2008.07.28 -
Panda 9.0.0.4 2008.07.28 -
PCTools 4.4.2.0 2008.07.28 -
Prevx1 V2 2008.07.28 -
Rising 20.55.02.00 2008.07.28 -
Sophos 4.31.0 2008.07.28 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.28 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.28 -
VBA32 3.12.8.1 2008.07.28 -
ViRobot 2008.7.26.1311 2008.07.28 -
VirusBuster 4.5.11.0 2008.07.28 -
Webwasher-Gateway 6.6.2 2008.07.28 -
 
Additional information
File size: 1619512 bytes
MD5…: 49f3964b3510ebc29a50fecfe7fa82c2
SHA1..: ab95014fb39c8635ca8d378773b14a96c8b2a9a1
SHA256: 8564a7b521e98bd70bf59745e919a1b7eccfd183a5e40210ac33c15d20214970
SHA512: e837591991aec6a21f2b400e118556ff75e24f3d168685083f0452eee05c1ebd
a5c525e5859cfe2a308910e4afcbdcda8b117caf5a98061379284bfe023aa796
PEiD..: -
PEInfo: PE Structure information( base data )
entrypointaddress.: 0×409a54
timedatestamp…..: 0×2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…….: 0×14c (I386)( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0×1000 0×916c 0×9200 6.56 f9c9dd3f4dceede0add0e7309253e897
DATA 0xb000 0×24c 0×400 2.73 4a56e30ca4646e6369d96abeacb0e6f0
BSS 0xc000 0xe48 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0×950 0xa00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0×8 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0×18 0×200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0×10000 0×8b4 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0×11000 0×2a00 0×2a00 4.44 cd9160cb7b5b1d16df3f0d1cba2fe6b7

( 8 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
> kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
> comctl32.dll: InitCommonControls
> advapi32.dll: AdjustTokenPrivileges

( 0 exports )

Host: secure.bestpaymentsolution.net
IP: 84.243.253.220

Whois:

inetnum:        84.243.253.0 - 84.243.253.255
netname:        GFX-CUST-WORLDSTREAM
descr:          WorldStream ip-block 3
org:            ORG-WS14-RIPE
country:        NL
admin-c:        GFX-RIPE
tech-c:         GFX-RIPE
status:         ASSIGNED PA
mnt-by:         GFX-MNT
source:         RIPE # Filtered

organisation:   ORG-WS14-RIPE
org-name:       WorldStream2
org-type:       OTHER
address:        Dijkweg 127c
address:        2675 AC  Honselersdijk
address:        The Netherlands
phone:          +31 70 755 1131
abuse-mailbox:  abuse@worldstream.nl

Other sites on this IP:

1.  Anonymbrowser.com
2.  Best-payments.net
3.  Bestpaymentsolution.net
4.  Billingbit.com
5.  Billingbridge.com
6.  Blablahost.com
7.  Direct-billing.com
8.  Errordigger.com
9.  Errorinspector.com
10. Internetsupernanny.com
11. Passwordinspector.com
12. Pctotaldefender.com
13. Sellmosoft.net
14. Softwarepayments.net
15. Statsgod.com

Related Posts :

Tags: , , , , ,
Posted in Malware, Rogues |

CleanThe.Net Recommends - Cesam Anti-Malware. Remove Virus Now!

Download Cesam Anti-Malware

Post a Comment

© 2009 - CleanThe.Net  Remove Virus |  Contact US |  Advertising |  Report Malware/Virus |  Glossary