System Security another rogue antivirus application

December 30, 2008 | Fake Codec, Malware

System Security is  a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

File TubePlayer_1_.ver.6.exe received on 12.30.2008 12:01:56 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.30	-
AhnLab-V3	2008.12.30.2	2008.12.30	-
AntiVir	7.9.0.45	2008.12.30	-
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.29	-
AVG	8.0.0.199	2008.12.29	-
BitDefender	7.2	2008.12.30	-
CAT-QuickHeal	10.00	2008.12.30	-
ClamAV	0.94.1	2008.12.30	-
Comodo	837	2008.12.29	-
DrWeb	4.44.0.09170	2008.12.30	-
eSafe	7.0.17.0	2008.12.28	-
eTrust-Vet	31.6.6281	2008.12.29	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.29	-
F-Secure	8.0.14470.0	2008.12.30	-
Fortinet	3.117.0.0	2008.12.30	-
GData	19	2008.12.30	-
Ikarus	T3.1.1.45.0	2008.12.30	-
K7AntiVirus	7.10.569	2008.12.29	-
Kaspersky	7.0.0.125	2008.12.30	-
McAfee	5478	2008.12.29	-
McAfee+Artemis	5478	2008.12.29	-
Microsoft	1.4205	2008.12.30	-
NOD32	3723	2008.12.30	-
Norman	5.80.02	2008.12.29	-
Panda	9.0.0.4	2008.12.29	-
PCTools	4.4.2.0	2008.12.29	-
Prevx1	V2	2008.12.30	-
Rising	21.10.12.00	2008.12.30	-
SecureWeb-Gateway	6.7.6	2008.12.30	-
Sophos	4.37.0	2008.12.30	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.30	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.30	-
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.30	-
VirusBuster	4.5.11.0	2008.12.29	-
Additional information
File size: 49156 bytes
MD5…: bfe54ffd8371266827848e6ee4a4ba49
SHA1..: 3ee085a4430368ca747c40ed759985ca16640315
SHA256: 301470f6bddac3d3e32b86161ad4fe3dd3e41557d6e241e35b67e0835952c058
SHA512: f38908bf1efcc872627a30f6c995a4c590be2eca11e891573dfa2c47254ea1bd 7e933184ba99304f0a5ab0a877575b12b8f40a58f46572eb80e990682fd056d7
ssdeep: 384:gw5jhxJxGf91sp9UE2HgqUX8Ip7BwITSzAvqoCJsm:XjpxGf91cU1AqpI5Bw uv/C9
PEiD..: -
TrID..: File type identification Win32 Dynamic Link Library (generic) (55.5%) Clipper DOS Executable (14.7%) Generic Win/DOS Executable (14.6%) DOS Executable Generic (14.6%) VXD Driver (0.2%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×401103 timedatestamp…..: 0×47af8c24 (Sun Feb 10 23:43:32 2008) machinetype…….: 0×14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×1009 0×2000 1.95 9cc790b2704fcfe6106dcd0461e089f3 .data 0×3000 0×6104 0×7000 5.67 9812c319b5a7dbcd5cbdf90dc63d7445 .rdata 0xa000 0xe6c3 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0×19000 0×26d 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 ( 5 imports ) > comctl32.dll: InitCommonControls, ImageList_DragEnter, ImageList_LoadImage, ImageList_DrawIndirect, ImageList_GetImageRect, ImageList_Remove, ImageList_AddMasked, ImageList_DragMove, ImageList_Create, ImageList_DrawEx, ImageList_GetImageCount, ImageList_ReplaceIcon, ImageList_Draw, ImageList_LoadImageA, ImageList_GetIcon, ImageList_GetImageInfo > kernel32.dll: GetModuleFileNameA, SetLastError, GetLastError, GetStringTypeW, Sleep, GetFileSize, GetFullPathNameA, GetStdHandle, lstrcmpiA, GetStringTypeA, HeapAlloc, GetFileAttributesA, GetCommandLineA, GlobalAlloc, GlobalFree, GetCPInfo, lstrcpyA, lstrcatA, lstrlenA > gdi32.dll: AddFontMemResourceEx, GetClipBox, GetCurrentPositionEx, CreateSolidBrush, SetTextColor, GetPixel, ExtTextOutA, CloseFigure, AddFontResourceW, BeginPath, BitBlt, AddFontResourceExW, ClearBitmapAttributes, RestoreDC, AbortPath, CloseMetaFile, ClearBrushAttributes > advapi32.dll: RegQueryValueA, RegQueryInfoKeyW, RegDeleteValueA, RegEnumValueW, RegQueryValueW, RegFlushKey, RegCreateKeyExA, RegOpenKeyExW, RegGetKeySecurity, RegEnumKeyW, RegQueryValueExA, RegCreateKeyExW, RegReplaceKeyA, RegDeleteValueW, RegOpenKeyA, RegReplaceKeyW, RegOpenKeyW > user32.dll: GetDlgItem, GetDC, CreateIcon, GetWindowTextA, AppendMenuW, BlockInput, GetCursor, CopyRect, DrawIcon, DrawTextA, DrawTextW, LoadMenuA, AppendMenuA, GetMenu, EndDialog, CloseWindow, IsWindow, AlignRects, CopyIcon, DialogBoxParamA ( 0 exports )

File install.exe received on 12.30.2008 11:56:51 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.30	-
AhnLab-V3	2008.12.30.2	2008.12.30	-
AntiVir	7.9.0.45	2008.12.30	TR/Dldr.FraudLoad.vfee
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.29	-
AVG	8.0.0.199	2008.12.29	Downloader.Generic8.KSW
BitDefender	7.2	2008.12.30	-
CAT-QuickHeal	10.00	2008.12.30	TrojanDownloader.FraudLoad.ve
ClamAV	0.94.1	2008.12.30	-
Comodo	837	2008.12.29	-
DrWeb	4.44.0.09170	2008.12.30	Trojan.DownLoad.26371
eSafe	7.0.17.0	2008.12.28	Suspicious File
eTrust-Vet	31.6.6281	2008.12.29	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.29	-
F-Secure	8.0.14470.0	2008.12.30	-
Fortinet	3.117.0.0	2008.12.30	-
GData	19	2008.12.30	-
Ikarus	T3.1.1.45.0	2008.12.30	-
K7AntiVirus	7.10.569	2008.12.29	-
Kaspersky	7.0.0.125	2008.12.30	-
McAfee	5478	2008.12.29	-
McAfee+Artemis	5478	2008.12.29	-
Microsoft	1.4205	2008.12.30	Program:Win32/Winwebsec
NOD32	3723	2008.12.30	-
Norman	5.80.02	2008.12.29	-
Panda	9.0.0.4	2008.12.29	Suspicious file
PCTools	4.4.2.0	2008.12.29	-
Prevx1	V2	2008.12.30	Malicious Software
Rising	21.10.12.00	2008.12.30	-
SecureWeb-Gateway	6.7.6	2008.12.30	Trojan.Dldr.FraudLoad.vfee
Sophos	4.37.0	2008.12.30	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.30	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.30	PAK_Generic.001
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.30	-
VirusBuster	4.5.11.0	2008.12.29	-
Additional information
File size: 63019 bytes
MD5…: 287ec9491b432387577bfe08ef3fcd53
SHA1..: d5d0da152ab10b8f7fe33c0ab3c203d6c704442d
SHA256: c80828e79cb05226899295deb18ab3e1a589eace36e603a8cd7e21bb5991db33
SHA512: 39a4bf2d36ac5e2f12e57d0224453f4a6238d8f7163d8b306ba491a48d756393 7e6dd5deaed369daa5f38707bc6c537586998b8f5c648ee3a73170e4540c2157
ssdeep: 1536:m3qCkvQhnmlq+/iPCZCBsy1FvEenouy8nEY5qnXK:m3qsP+qNBoutnLInXK
PEiD..: -
TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×427750 timedatestamp…..: 0×4957d90e (Sun Dec 28 19:52:46 2008) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×1a000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×1b000 0xe000 0xd400 7.97 69b44c8cd853168b5b3c9102250d4968 .rsrc 0×29000 0×2000 0×1e00 5.04 9454c4570d66fa71be234ddaa074c1e2 ( 7 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Draw > gdi32.dll: SaveDC > oleaut32.dll: SysFreeString > user32.dll: GetDC > wininet.dll: InternetOpenW ( 0 exports )
Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=E33330252BBD9DBAF60A0067CD698A00A264A711′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=E33330252BBD9DBAF60A0067CD698A00A264A711</a>
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

Host: mybest-pov-tube.com
IP: 69.59.21.247

Whois:

OrgName:    Carolina Internet
OrgID:      CARO
Address:    900 Center Park Drive
Address:    Suite A
City:       Charlotte
StateProv:  NC
PostalCode: 28217
Country:    US

NetRange:   69.59.16.0 - 69.59.31.255
CIDR:       69.59.16.0/20
NetName:    CARO-NET-ARIN-1
NetHandle:  NET-69-59-16-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.CARO.NET
NameServer: NS2.CARO.NET
NameServer: NS3.CARO.NET
Comment:   
RegDate:    2006-08-10
Updated:    2006-08-10

RAbuseHandle: NOC240-ARIN
RAbuseName:   NOC
RAbusePhone:  +1-704-643-8330

Other sites:

1.  Av-scan-soft.net 
2.  Bestmytubeonilne1.com 
3.  Bestmytubeonilne2.com 
4.  Bestmytubeonilne3.com 
5.  Fast-xxx-tube.net 
6.  Fen-tube.com 
7.  My-bestpov-tube.com 
8.  Mybest-pov-tube.com 
9.  Mybestpov-tube.com 
10.  Scanner-pc-toolz.net 
11.  Tube-4-free-center.com 
12.  Tube-chick.net 
13.  Tube-free-4-adult.net 
14.  Tube-hu.com 
15.  Tube-more-sex.com 
16.  Tubeger.com 
17.  U-tube-verse.com 
18.  Uni-tube-911.com 

Host: downloabsecurehere1.com
IP: 94.247.3.228

Whois:

role:           DATORU EXPRESS SERVISS HostMaster
address:        18. novembra street 319C
address:        Daugavpils, LV-5413
address:        Latvia
phone:          +371 26631339
fax-no:         +371 65420725
remarks:        Information: http://www.pcexpress.lv

Other sites:

1.  Best-ps-download-4pc.com 
2.  Downloabsecurehere1.com 
3.  Downloabsecurehere2.com 
4.  Downloabsecurehere3.com 
5.  Downloabsecurehere4.com 
6.  Download-all4free.com 
7.  Download-allsoftnow.com 
8.  Download-files-bak.net 
9.  Download-files-plus.net 
10.  Download-fls.com 
11.  Download-softarch.com 
12.  Download-top-software.com 
13.  Download-top-software.net 
14.  Downloadall-soft-now.com 
15.  Downloadallsoft-now.com 
16.  Downloadallsoftnow.com 
17.  Dwnld-files.com 
18.  Fast-download-base-free.com 
19.  Files-download-arch.net 
20.  Files-upload-21.com 
21.  Get-files-4free.net 
22.  Get-frsh-files.com 
23.  Go-downloadz-pc-soft.com 
24.  Soft-4-you-download.net 
25.  Top-best-software-area.net 

Host: netsecurityonline.com
IP: 91.211.64.31

Whois:

org-name:       Ural Industrial Company
org-type:       OTHER
address:        Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c:        AP10609-RIPE
mnt-ref:        URALCOMP-MNT
mnt-by:         URALCOMP-MNT
source:         RIPE # Filtered

role:           UralNet IP Master
address:        Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone:          +38 050 577 65 61

Other sites:

1.  Hitstransfer.com 
2.  Trafficrelocation.com 
3.  Webnetworksecurity.com 

Host: securedownloadsoftware.com
IP: 91.211.65.21

Whois:

org-type:       OTHER
address:        Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c:        AP10609-RIPE
mnt-ref:        URALCOMP-MNT
mnt-by:         URALCOMP-MNT
source:         RIPE # Filtered

role:           UralNet IP Master
address:        Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone:          +38 050 577 65 61

Other sites:

1.  Safesoftwaretransfer.com 
2.  Securedownloadsoftware.com 

Host: www.securedigitalpayments.com
IP: 209.8.45.153

Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv:  VA
PostalCode: 20170
Country:    US

Whois of securedigitalpayments.com :

Registrant:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540
Administrative Contact:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540
Technical Contact:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540

Related Posts :

• System security fake antivirus application
• Rapid Antivirus rogue antivirus application
• System Security rogue antivirus application
• Antivirus 2009 rogue antivirus application
• Antivirus 2009 rogue antivirus application

Tags: Beyond The Network America, Carolina Internet, DATORU EXPRESS SERVISS HostMaster, rogue antivirus, System Security, Ural Industrial Company, UralNet IP Master, Whois:
Posted in Fake Codec, Malware |

CleanThe.Net Recommends - Cesam Anti-Malware. Remove Virus Now!

Download Cesam Anti-Malware