Power Antivirus 2009 rogue antivirus application
Thursday, August 28th, 2008Power Antivirus 2009 is a rogue antivirus application. Here are some fake scanning pages of Power Antivirus 2009.
| File setup_1096_MTIzNHwzNXww_.exe received on 08.28.2008 16:21:02 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.8.29.0 | 2008.08.28 | - |
| AntiVir | 7.8.1.23 | 2008.08.28 | DR/Fraud.Antivir64 |
| Authentium | 5.1.0.4 | 2008.08.28 | - |
| Avast | 4.8.1195.0 | 2008.08.27 | Win32:FraudTool-GL |
| AVG | 8.0.0.161 | 2008.08.28 | - |
| BitDefender | 7.2 | 2008.08.28 | - |
| CAT-QuickHeal | 9.50 | 2008.08.26 | - |
| ClamAV | 0.93.1 | 2008.08.28 | - |
| DrWeb | 4.44.0.09170 | 2008.08.28 | Trojan.Fakealert.1227 |
| eSafe | 7.0.17.0 | 2008.08.27 | Suspicious File |
| eTrust-Vet | 31.6.6054 | 2008.08.28 | - |
| Ewido | 4.0 | 2008.08.28 | - |
| F-Prot | 4.4.4.56 | 2008.08.28 | - |
| F-Secure | 7.60.13501.0 | 2008.08.28 | - |
| Fortinet | 3.14.0.0 | 2008.08.28 | - |
| GData | 19 | 2008.08.28 | Win32:FraudTool-GK |
| Ikarus | T3.1.1.34.0 | 2008.08.28 | Generic.Win32.Malware.Antivirus2009 |
| K7AntiVirus | 7.10.428 | 2008.08.25 | - |
| Kaspersky | 7.0.0.125 | 2008.08.28 | - |
| McAfee | 5371 | 2008.08.27 | - |
| Microsoft | 1.3807 | 2008.08.25 | Program:Win32/Antivirus2009 |
| NOD32v2 | 3395 | 2008.08.28 | a variant of Win32/Adware.PowerAntivirus |
| Norman | 5.80.02 | 2008.08.28 | TXT/Antivirus2008.B.dropper |
| Panda | 9.0.0.4 | 2008.08.27 | - |
| PCTools | 4.4.2.0 | 2008.08.28 | - |
| Prevx1 | V2 | 2008.08.28 | - |
| Rising | 20.59.31.00 | 2008.08.28 | - |
| Sophos | 4.33.0 | 2008.08.28 | Troj/FakeAv-BM |
| Sunbelt | 3.1.1582.1 | 2008.08.26 | - |
| Symantec | 10 | 2008.08.28 | - |
| TheHacker | 6.3.0.6.064 | 2008.08.27 | - |
| TrendMicro | 8.700.0.1004 | 2008.08.28 | - |
| VBA32 | 3.12.8.4 | 2008.08.28 | - |
| ViRobot | 2008.8.28.1353 | 2008.08.28 | - |
| VirusBuster | 4.5.11.0 | 2008.08.27 | - |
| Webwasher-Gateway | 6.6.2 | 2008.08.28 | Trojan.Dropper.Fraud.Antivir64 |
| Additional information | |||
| File size: 707072 bytes | |||
| MD5…: 4dd5ddffce225652b4da2aa02bdc93ca | |||
| SHA1..: 4a778949e74f85e330ef748acefc37c068725ed0 | |||
| SHA256: 2089af34c212ab720bce6944622c7cb4dbdbd4c0075a19d6cbd348c481f68b2b | |||
| SHA512: 1913b63859242e3b56d249a2f9a297516b9136c5e42c0ee2ea5fe1a10ead2a39 75db28602ee344903d54ae7e9125cf6a86cd722c9359db41fcce210aa3a9e040 |
|||
| PEiD..: - | |||
| TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%) |
|||
| PEInfo: PE Structure information( base data ) entrypointaddress.: 0×58eb70 timedatestamp…..: 0×2a425e19 (Fri Jun 19 22:22:17 1992) machinetype…….: 0×14c (I386) ( 3 sections ) ( 12 imports ) ( 0 exports ) |
|||
| Norman Sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 707072 bytes.[ Changes to filesystem ] * Creates directory C:\documen~1\sandbox\Programdata\. * Creates directory C:\documen~1\sandbox\Programdata\sample\. * Creates file C:\documen~1\sandbox\Programdata\sample\Desc.dat. * Creates file C:\documen~1\sandbox\Programdata\sample\base.dat. * Creates file C:\documen~1\sandbox\Programdata\sample\base2.dat. [ Changes to registry ] [ Process/window information ] [ Signature Scanning ] |
|||
| packers (Kaspersky): PE_Patch.UPX, UPX | |||
| packers (F-Prot): UPX | |||
| packers (Avast): UPX | |||
Host:traff-drive.com
IP: 78.157.143.251
Whois of IP 78.157.143.251 distibuting rogue antivirus Power Antivirurus 2009 :
netname: VDHOST
descr: VdHost Ltd.
descr: abuse@vdhost.biz
country: LV
admin-c: AV2990-RIPE
tech-c: UNHM-RIPE
status: ASSIGNED PA
mnt-by: UN-MNT
source: RIPE # Filteredrole: UltraNet Hostmaster
address: UltraNet SIA
Aizkraukles 23
Riga, LV-1006
Latvia
phone: +371 67543003
fax-no: +371 67594435
e-mail: hostmaster@ultranet.lv
Other sites of IP 78.157.143.251 distibuting rogue antivirus Power Antivirurus 2009 :
1. Antispyware2008b.com
2. Antivir–2008.com
3. Directnameservice2008.com
4. Mediatubeforme1.com
5. Onsafepro2008.com
6. Traff-drive.com
7. Viruswebprotect2008.com
8. Antivirus2008proxp.com
Host: scanner.pwrantivir2009.com
IP: 91.208.0.233
Whois of IP 91.208.0.233 distibuting rogue antivirus Power Antivirurus 2009 :
org-name: Still Trade Ltd
org-type: OTHER
address: Russian Federation,
address: St. Petersburg, Fedosenko st, 30 liter A, 24-N
mnt-ref: RU-WEBALTA-MNT
mnt-by: STILLTRADE-MNT
source: RIPE # Filteredperson: Perevitskiy Sergey
address: Russian Federation,
address: St. Petersburg, Fedosenko st, 30 liter A, 24-N
mnt-by: STILLTRADE-MNT
abuse-mailbox: abuse@still-trade.com
Other sites of IP 91.208.0.233 distibuting rogue antivirus Power Antivirurus 2009 :
1. Powerantivirus-2009.com
2. Powerantivirus2009.com
3. Pwrantivirus2009.com
Host: e-statistic.com
IP: 207.226.175.78
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US
OrgAbuseHandle: PAD13-ARIN
OrgAbuseName: PCCW AUP Department
OrgAbusePhone: +1-703-621-1637
OrgAbuseEmail: probinson@pccwglobal.com
Host: secure.paymentbit.net
IP: 216.195.56.175
Whois of IP 216.195.56.175 domain secure.paymentbit.net selling rogue antivirus Power Antivirurus 2009 :
OrgID: APSTE
Address: 8130 SW BEAVERTON-HILLSDALE HWY
City: PORTLAND
StateProv: OR
PostalCode: 97225
Country: USNetRange: 216.195.32.0 - 216.195.63.255
CIDR: 216.195.32.0/19
NetName: APS-EPSI
NetHandle: NET-216-195-32-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment: send abuse issues to abuse@3fn.net , send networkRTechHandle: NSW-ARIN
RTechName: Swen, Nash
RTechPhone: +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com
