Antivirus XP 2008 rogue antivirus application

September 13, 2008 | Malware, Rogues

Antivirus XP 2008 is a rogue antivirus application. Stay away from it!

To remove Antivirus XP 2008 use Cesam Anti-Malware http://cleanthe.net/how-to-remove-virus/

Some screenshot of fake scanning by  Antivirus XP 2008

Antivirus XP 2008

File scan.exe received on 09.13.2008 13:18:10 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.13.0 2008.09.12 -
AntiVir 7.8.1.28 2008.09.12 -
Authentium 5.1.0.4 2008.09.12 -
Avast 4.8.1195.0 2008.09.12 -
AVG 8.0.0.161 2008.09.12 -
BitDefender 7.2 2008.09.13 -
CAT-QuickHeal 9.50 2008.09.13 Win32.Backdoor.Frauder.dk.4
ClamAV 0.93.1 2008.09.13 -
DrWeb 4.44.0.09170 2008.09.13 -
eSafe 7.0.17.0 2008.09.11 Suspicious File
eTrust-Vet 31.6.6087 2008.09.12 -
Ewido 4.0 2008.09.13 -
F-Prot 4.4.4.56 2008.09.12 -
F-Secure 8.0.14332.0 2008.09.13 -
Fortinet 3.113.0.0 2008.09.13 -
GData 19 2008.09.13 -
Ikarus T3.1.1.34.0 2008.09.13 -
K7AntiVirus 7.10.453 2008.09.12 -
Kaspersky 7.0.0.125 2008.09.13 -
McAfee 5383 2008.09.12 Downloader-ASH.gen.b
Microsoft 1.3903 2008.09.13 -
NOD32v2 3439 2008.09.13 -
Norman 5.80.02 2008.09.12 -
Panda 9.0.0.4 2008.09.12 -
PCTools 4.4.2.0 2008.09.12 -
Prevx1 V2 2008.09.13 -
Rising 20.61.42.00 2008.09.12 -
Sophos 4.33.0 2008.09.13 Mal/EncPk-EU
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.13 -
TheHacker 6.3.0.9.080 2008.09.13 -
TrendMicro 8.700.0.1004 2008.09.12 -
VBA32 3.12.8.5 2008.09.12 -
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.12 -
Webwasher-Gateway 6.6.2 2008.09.13 -
 
Additional information
File size: 51200 bytes
MD5…: 8c8b5714e326852f8708567c1debdf0d
SHA1..: b71ae5816cb15ecf047a8b175a4c4e34bb357274
SHA256: b07dbb291476bb81c4f1952ab2e548828c19cb8f609cdc4bbf56ce2ea746d162
SHA512: e23441bfddfb8b5a0f11215c800140defcd87dfc2e63b4d607060a6d45498dc2
f5e583faf9b4c0f2ab8faeee345d6f0dba2e99783cdeba4fbb1a887392c80418
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (35.2%)
Win32 Dynamic Link Library (generic) (31.3%)
Win16/32 Executable Delphi generic (8.5%)
Clipper DOS Executable (8.3%)
Generic Win/DOS Executable (8.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0×402442
timedatestamp…..: 0×48c918bd (Thu Sep 11 13:10:21 2008)
machinetype…….: 0×14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0×1000 0xa933 0×7a00 7.99 d901af2e812530c70b8935245d666890
.rdata 0xc000 0×3860 0×1800 7.97 e29edd560a3dd13bc717ef5edec59871
.data 0×10000 0xc1a 0×200 7.59 ebe3895aae5feb4833dd04b66d164548
.rsrc 0×11000 0xf000 0×3000 6.96 3f90eb599c8c48cd1e257dbc50208baa

( 4 imports )
> gdi32.dll: SaveDC, TextOutW, SetRelAbs, StretchBlt, SetICMMode, ResetDCW, UpdateColors, SetDIBColorTable
> wsock32.dll: closesocket, WSAStartup, listen
> kernel32.dll: CreatePipe, TerminateProcess, VirtualProtect
> shell32.dll: SHAppBarMessage, StrRChrIA, StrStrIA

( 0 exports )

Antivirus XP 2008

Host: www.av-xp2008.com
IP: 200.63.45.19

Whois Record of IP 200.63.45.19 distributing rogue antivirus application Antivirus XP 2008:

status:      reallocated
owner:       Ricardo Carreras
ownerid:     HN-RICA-LACNIC
responsible: Honduras Web
address:     P.O.Box: 1142 La Ceiba, #37 street., 1142, 37
address:     00000 - Tegucigalpa - TE
country:     HN

Other sites of IP 200.63.45.19 distributing rogue antivirus application Antivirus XP 2008:

1.  Antivirxp.net  
2.  Axp2008.com 
3.  Onine-antivirus-09.com 
4.  Online-security-guide.com 
5.  Xpprotector.net 
6.  Anti-virusxp2008.net 
7.  Icardprocessor.com 
8.  Youpornzztube.com 

Host: stat.av-xp2008.com
IP: 77.244.220.134

Whois Record of IP 77.244.220.134 distributing rogue antivirus application Antivirus XP 2008:

netname:        PRIMENET1
descr:          Allocation for our customer PrimeNet
country:        RU
admin-c:        RZT1-RIPE
tech-c:         RZT1-RIPE
status:         ASSIGNED PA
mnt-by:         RZT-MNT
mnt-lower:      RZT-MNT
mnt-routes:     RZT-MNT
source:         RIPE # Filtered

person:         Network Admins  RZT-SERVICE
address:        191011 Saint-Petersburg, Russia
address:        Lomonosova sq. 1
phone:          +78123142643

Other sutes of IP 77.244.220.134 distributing rogue antivirus application Antivirus XP 2008:

1.  Online-security-systems.com 
2.  Xpprotector.com 
3.  Av-xp2008.net 

Host: www.anti-virusxp2008.net
IP: 218.106.90.227

Whois Record of IP 77.244.220.134 distributing rogue antivirus application Antivirus XP 2008:

netname:      hefei-qingyi-jiayuan-corp
country:      cn
descr:        hefei city
admin-c:      TC254-AP
tech-c:       TC254-AP
status:       ASSIGNED NON-PORTABLE
changed:       20020924

Other sutes of IP 218.106.90.227 distributing rogue antivirus application Antivirus XP 2008:

1.  Antivirusxp-2008.net 
2.  Antivirusxp2008.net 
3.  Axpdefender08.com 
4.  Axpfixer.com 
5.  Easyspywarecleaner.com 
6.  Ekerberos.com 
7.  Infestop.com 
8.  Malwareprotector08.com 
9.  Spy-rid.com 
10.  Wap2007.com 
11.  Xusony.com 
12.  Youpornztube.biz 
13.  Youpornztube.net 
14.  Youpornztube.org 
15.  Av-xp08.com 
16.  Av-xp08.net 
17.  Av-xp2008.com 

Host: standardpay.com
IP: 69.20.102.224

Whois Record of IP 69.20.102.22 selling rogue antivirus application Antivirus XP 2008:

OrgName:    Rackspace.com, Ltd.
OrgID:      RSPC
Address:    9725 Datapoint Drive
Address:    Suite 100
City:       San Antonio
StateProv:  TX
PostalCode: 78229
Country:    US

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName:   Abuse Desk
OrgAbusePhone:  +1-210-892-4000
OrgAbuseEmail:  abuse@rackspace.com

 

Other sutes of IP 69.20.102.224 selling rogue antivirus application Antivirus XP 2008:

1.  Standardpay.com 0 listings 
2.  Standartpay.com 0 listings 
3.  Urbangestdesarrollos.com 

Antivirus XP 2008

Antivirus XP 2008

Related Posts :

Tags: , , , ,
Posted in Malware, Rogues |

CleanThe.Net Recommends - Cesam Anti-Malware. Remove Virus Now!

Download Cesam Anti-Malware

  1. 4 Responses to “Antivirus XP 2008 rogue antivirus application”

  2. WALTER P STEELE said on Sep 15, 2008:

    I HAVE YOUR ANTI-VIRUS ON MY COMPUTER AND IT IS LOCKING EVERYTHING UP. I CAN’T GET IT OFF AND I PAID $39.95 THROUGH MY M/C CREDIT CARD. YOU BOST ABOUT 24/7 TECH SERVICE, I HAVE BEEN CONTACTING YOU SINCE FRIDAY WITH NO HELP FROM YOU. I WANT YOUR GARBAGE OFF MY COMPUTER.

    [Reply]

  3. Job Taylor said on Sep 18, 2008:

    I signed up but my card was denied.
    I repeated thinking I had made an error and now I may have signed up twice.
    Please confirm I will be billed just one time.
    I have emails indicating two lic. numbers.
    Thank You
    J E Taylor Jr

    [Reply]

  4. CleanThe.net said on Sep 19, 2008:

    Cleanthe.net is *security site about fake antiviruses* that you probable got on your PC. *It have nothing in common with antivirus XP* and other fake malware.
    Please read carefully any post on the site http://cleanthe.net.

    If you have problems with antivirus XP or other fake antiviruses you could install normal - clean antivirus like Kaspersky Lab review link here - http://cleanthe.net/how-to-remove-virus/

    Antivirus XP 2008 - is rogue antivirus application, you have no need to pay for it.

    Try to make refound.

    [Reply]

  5. ClenThe.NEt said on Sep 23, 2008:

    Cleanthe.net is *security site about fake antiviruses* that you probable got on your PC. *It have nothing in common with antivirus XP* and other fake malware.
    Please read carefully any post on the site http://cleanthe.net.

    If you have problems with antivirus XP or other fake antiviruses you could install normal - clean antivirus like Kaspersky Lab review link here - http://cleanthe.net/how-to-remove-virus/

    [Reply]

Post a Comment

© 2009 - CleanThe.Net  Remove Virus |  Contact US |  Advertising |  Report Malware/Virus |  Glossary