XP Antivirus rogue antivirus

August 19, 2008 | Malware, Rogues

XP Antivirus is a rogue antivirus. Stay away from following domains and IPs of XP Antivirus .

File install_v2.exe received on 08.19.2008 15:07:20 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.8.19.0	2008.08.19	Win-Trojan/Fraudload.38912
AntiVir	7.8.1.23	2008.08.19	SPR/FakeAntiv.73216
Authentium	5.1.0.4	2008.08.19	W32/Downldr2.BCKL
Avast	4.8.1195.0	2008.08.18	Win32:FraudLoad-E
AVG	8.0.0.161	2008.08.19	Downloader.Generic6.AILN
BitDefender	7.2	2008.08.19	Trojan.Downloader.XPAntiVirus.C
CAT-QuickHeal	9.50	2008.08.18	TrojanDownloader.FraudLoad.i
ClamAV	0.93.1	2008.08.19	Trojan.Downloader-25473
DrWeb	4.44.0.09170	2008.08.19	Trojan.Fakealert.446
eSafe	7.0.17.0	2008.08.18	Win32.FraudLoad.i
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.19	Downloader.FraudLoad.i
F-Prot	4.4.4.56	2008.08.18	W32/Downldr2.BCKL
F-Secure	7.60.13501.0	2008.08.19	Trojan-Downloader.Win32.FraudLoad.i
Fortinet	3.14.0.0	2008.08.19	W32/FraudLoad.I!tr.dldr
GData	2.0.7306.1023	2008.08.19	Trojan-Downloader.Win32.FraudLoad.i
Ikarus	T3.1.1.34.0	2008.08.19	Trojan-Downloader.Win32.FraudLoad.i
K7AntiVirus	7.10.420	2008.08.18	Trojan-Downloader.Win32.FraudLoad.i
Kaspersky	7.0.0.125	2008.08.19	Trojan-Downloader.Win32.FraudLoad.i
McAfee	5363	2008.08.18	Downloader.gen.a
Microsoft	1.3807	2008.08.19	Program:Win32/XPAntiVirus
NOD32v2	3367	2008.08.19	Win32/Adware.XPAntivirus
Norman	5.80.02	2008.08.19	W32/DLoader.FNEV
Panda	9.0.0.4	2008.08.19	Application/XPAntivirus2008
PCTools	4.4.2.0	2008.08.19	Trojan-Downloader.FraudLoad!sd5
Prevx1	V2	2008.08.19	Malware Downloader
Rising	20.58.12.00	2008.08.19	-
Sophos	4.32.0	2008.08.19	Troj/FakeVir-CJ
Sunbelt	3.1.1546.1	2008.08.15	XPAntivirus
Symantec	10	2008.08.19	XPAntivirus
TheHacker	6.3.0.5.054	2008.08.19	Trojan/Downloader.FraudLoad.i
TrendMicro	8.700.0.1004	2008.08.19	TROJ_DLOADE.FX
VBA32	3.12.8.3	2008.08.19	Trojan-Downloader.Win32.FraudLoad.i
ViRobot	2008.8.19.1341	2008.08.19	Trojan.Win32.Downloader.38912.K
VirusBuster	4.5.11.0	2008.08.19	Trojan.DL.FraudLoad.FU
Webwasher-Gateway	6.6.2	2008.08.19	Riskware.FakeAntiv.73216
Additional information
File size: 38912 bytes
MD5…: c09d45ac642d3dc718c2d3b5468ccb39
SHA1..: 766b97fb4cbdf03c79063b41d6dd6c2659a8f9f3
SHA256: 575b2aace9e772a15fe5b4832c1aa5bc6cb211c85d2afab2dc0f02c19bfdf63b
SHA512: 63836d5bcf8e07b8caaed4c23ab932cd98e8e8c0197154934567551f44e72ef3 c3ac498242a4ae13874e7bdd7813c336ebc6c34e1fa5ab6d4f7631f6eda310d0
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×419c00 timedatestamp…..: 0×2a425e19 (Fri Jun 19 22:22:17 1992) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×10000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×11000 0×9000 0×8e00 7.90 6ddd5716043f070b2c20ace08ce308e5 .rsrc 0×1a000 0×1000 0×600 2.87 b41eb2c77b13e07c62c74a5d361fd93f ( 8 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_DrawEx > gdi32.dll: SetROP2 > oleaut32.dll: VariantClear > shell32.dll: ShellExecuteA > user32.dll: GetDC > wininet.dll: InternetOpenA ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3F47ACD6003486DF988100873445F90029D7143E
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=c09d45ac642d3dc718c2d3b5468ccb39
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Authentium): UPX
packers (F-Prot): UPX

Host: systemscanner2009.com
IP: 89.18.189.44

Whois of IP 89.18.189.44 distributing rogue antivirus XP Antivirus:

netname:        PCEXTREME
descr:          PCextreme BVV
country:        NL
admin-c:        PB8076-RIPE
tech-c:         PB8076-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-PCEXTREME
mnt-by:         MNT-REASONNET
mnt-routes:     MNT-REASONNET
source:         RIPE # Filtered

role:           PCextreme BV
address:        Londensekaai 1
address:        4331JG Middelburg
address:        The Netherlands
abuse-mailbox:  abuse@pcextreme.nl

Other sites  of IP 89.18.189.44 distributing rogue antivirus XP Antivirus:

1.  Updatesantivirus.com 
2.  Xpantivirus.com 
3.  Xpdownloadserver.com 

Host: secure.software-payment.com
IP: 216.195.56.160

Whois:

OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv:  OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle:  NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone:  +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Related Posts :

• Antivirus PRO XP rogue antivirus application
• Antivirus 2009 rogue antivirus application
• SpyGuarder rogue antivirus application
• Power Antivirus 2009 rogue antivirus application
• Antivirus 2009 rogue antivirus application

Tags: 3FN, PCEXTREME, PCextreme BVV, rogue antivirus, XP Antivirus
Posted in Malware, Rogues |

CleanThe.Net Recommends - Kaspersky Antivirus. Remove Virus Now!