Beyond The Network America | Tag | Clean The Net

Posts Tagged ‘Beyond The Network America’

System security fake antivirus application

Wednesday, December 31st, 2008

System security is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

System Security

File exclusivemovie.exe received on 12.31.2008 13:33:56 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.31	Trojan-Downloader.Win32.Renos!IK
AhnLab-V3	2008.12.31.0	2008.12.31	-
AntiVir	7.9.0.45	2008.12.31	-
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.30	-
AVG	8.0.0.199	2008.12.31	-
BitDefender	7.2	2008.12.31	-
CAT-QuickHeal	10.00	2008.12.31	-
ClamAV	0.94.1	2008.12.31	-
Comodo	851	2008.12.31	-
DrWeb	4.44.0.09170	2008.12.31	Trojan.DownLoader.origin
eSafe	7.0.17.0	2008.12.30	-
eTrust-Vet	31.6.6284	2008.12.31	-
Ewido	4.0	2008.12.31	-
F-Prot	4.4.4.56	2008.12.30	-
F-Secure	8.0.14470.0	2008.12.31	-
Fortinet	3.117.0.0	2008.12.31	-
GData	19	2008.12.31	-
Ikarus	T3.1.1.45.0	2008.12.31	Trojan-Downloader.Win32.Renos
K7AntiVirus	7.10.572	2008.12.31	-
Kaspersky	7.0.0.125	2008.12.31	-
McAfee	5479	2008.12.30	-
McAfee+Artemis	5479	2008.12.30	-
Microsoft	1.4205	2008.12.31	TrojanDownloader:Win32/Renos.FU
NOD32	3725	2008.12.31	-
Norman	5.80.02	2008.12.30	-
Panda	9.0.0.4	2008.12.31	-
PCTools	4.4.2.0	2008.12.31	-
Prevx1	V2	2008.12.31	-
Rising	21.10.22.00	2008.12.31	-
SecureWeb-Gateway	6.7.6	2008.12.31	-
Sophos	4.37.0	2008.12.31	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.31	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.31	Possible_DLDER
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.31	-
VirusBuster	4.5.11.0	2008.12.30	-

Additional information
File size: 44032 bytes
MD5…: f975529e11396a52984cecef1c89f9af
SHA1..: f380faab50b864fd865d75a7cf8a3897a0f892e1
SHA256: c0c37870ea22171e78e025551f18f9fd5f3351bb79616c6aa72e7a39c687174d
SHA512: baf69c259cab1fea5403b1e9c2b13382066d00f38e3eb3de5ba64f2e0326a0b2 92e503abbc975548d50f736c46132051143243068c5546ca6ee7b7ace2bcbae7
ssdeep: 768:dFrGBBBkWsBHDOccg5xdqNk+nBALaBCQjqP0K6j6foKTAzdsG:OBBB0Koxdq NHn2LaBV86mfpTAzF
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×402010 timedatestamp…..: 0×495add17 (Wed Dec 31 02:46:47 2008) machinetype…….: 0×14c (I386)
CWSandbox info: <a href=’http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f975529e11396a52984cecef1c89f9af’ target=’_blank’>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f975529e11396a52984cecef1c89f9af</a>

System Security

File install.exe received on 12.31.2008 13:37:22 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.31	-
AhnLab-V3	2008.12.31.0	2008.12.31	-
AntiVir	7.9.0.45	2008.12.31	TR/Dldr.FraudLoad.vfgb
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.30	-
AVG	8.0.0.199	2008.12.31	Downloader.Generic8.KXU
BitDefender	7.2	2008.12.31	-
CAT-QuickHeal	10.00	2008.12.31	-
ClamAV	0.94.1	2008.12.31	-
Comodo	851	2008.12.31	-
DrWeb	4.44.0.09170	2008.12.31	Trojan.DownLoad.26371
eTrust-Vet	31.6.6284	2008.12.31	-
Ewido	4.0	2008.12.31	-
F-Prot	4.4.4.56	2008.12.30	-
F-Secure	8.0.14470.0	2008.12.31	-
Fortinet	3.117.0.0	2008.12.31	-
GData	19	2008.12.31	-
Ikarus	T3.1.1.45.0	2008.12.31	-
K7AntiVirus	7.10.572	2008.12.31	-
Kaspersky	7.0.0.125	2008.12.31	-
McAfee	5479	2008.12.30	-
McAfee+Artemis	5479	2008.12.30	-
Microsoft	1.4205	2008.12.31	Program:Win32/Winwebsec
NOD32	3725	2008.12.31	-
Norman	5.80.02	2008.12.30	-
Panda	9.0.0.4	2008.12.31	Suspicious file
PCTools	4.4.2.0	2008.12.31	-
Prevx1	V2	2008.12.31	Malicious Software
Rising	21.10.22.00	2008.12.31	-
SecureWeb-Gateway	6.7.6	2008.12.31	Trojan.Dldr.FraudLoad.vfgb
Sophos	4.37.0	2008.12.31	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.31	Downloader.MisleadApp
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.31	PAK_Generic.001
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.31	-
VirusBuster	4.5.11.0	2008.12.30	-

Additional information
File size: 63019 bytes
MD5…: b31c01ac8f06d9ef19fa5b1acac67ee0
SHA1..: 8411e84ac747d040cfca5b19490628169160307a
SHA256: 377008f44c8b75b29e9e8d954da9b490eb76f18f86011fa2d44cde2fda111d68
SHA512: ec7397449a46779d37a82846784bf59c6d123bc7dff864c55f17216b66755360 de4ae8d2cf2cc0035daeb901c15078e55aa2d844b2b926f85d1b9d9e99d66745
ssdeep: 1536:X3qCkvQhnmlq+/jJ1bifU9nMDbZnouy83EY5qnXK:X3qsP+dl0out3LInXK
PEiD..: -
TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×427740 timedatestamp…..: 0×4959e731 (Tue Dec 30 09:17:37 2008) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×1a000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×1b000 0xe000 0xd400 7.97 c23f87651a1f2e4de78e7937b77608e2 .rsrc 0×29000 0×2000 0×1e00 5.04 e8ca867ba12246a3769573f068ad48b3 ( 7 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Draw > gdi32.dll: SaveDC > oleaut32.dll: SysFreeString > user32.dll: GetDC > wininet.dll: InternetOpenW ( 0 exports )
Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=9FFF036C2B257BD9F6140086DCCFB80089A90EDC’ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=9FFF036C2B257BD9F6140086DCCFB80089A90EDC</a>
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

System Security

Host: 2009happytubes.com
IP: 74.50.117.70

Whois:

OrgName: NOC4Hosts Inc.
OrgID: NOC4H
Address: 400 N Tampa St
Address: #1025
City: Tampa
StateProv: FL
PostalCode: 33602
Country: US

Other sites:

1. All-celebs4you-here.com
2. All-porn-tubes-here.com
3. Scanner-av-here.com
4. Xmassextube.com
5. Xmasssporntube.com

Host: freedownload2009.com
IP: 94.247.3.232

Whois:

role: DATORU EXPRESS SERVISS HostMaster
address: 18. novembra street 319C
address: Daugavpils, LV-5413
address: Latvia
phone: +371 26631339
fax-no: +371 65420725
remarks: Information: http://www.pcexpress.lv

Other sites:

1. 3d-softwareportal.com
2. Becollectionoffiles.com
3. Clickandgetfile.com
4. Downloadexenow.com
5. Downloadfilesportal.com
6. Downloadfilesservice.com
7. Exefileshere.com
8. Exesoftportal.com
9. Extracoolfiles.com
10. Extrafilesonlyhere.com
11. Filesportalhere.com
12. Freepornclips2u.com
13. Jetexestorage.com
14. Pornexearchive.com
15. Secretfilesstoragehere.com
16. Softexeportal.com
17. Strongestarchive.com
18. Viewerarchive.com
19. X-filesstorehere.com

Host: netsecurityonline.com
IP: 91.211.64.31

Whois:

org-name: Ural Industrial Company
org-type: OTHER
address: Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c: AP10609-RIPE
mnt-ref: URALCOMP-MNT
mnt-by: URALCOMP-MNT
source: RIPE # Filtered

role: UralNet IP Master
address: Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone: +38 050 577 65 61

Other sites:

1. Hitstransfer.com
2. Trafficrelocation.com
3. Webnetworksecurity.com

Host: www.securedigitalpayments.com
IP: 209.8.45.153

Whois:

OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US

Whois of securedigitalpayments.com :

Registrant:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Administrative Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540
Technical Contact:
Piter Walter
Email: walterplovett@gmail.com
Organization: Private person
Address: 1308 Roosevelt Street
City: Oakland
State: CA
ZIP: 94612
Country: US
Phone: +1.4154495540

System Security

Tags: Beyond The Network America, DATORU EXPRESS SERVISS HostMaster, fake Antivirus application, NOC4Hosts, System Security, Ural Industrial Company
Posted in Fake Codec, Malware, Rogues | No Comments »

Rapid Antivirus rogue antivirus application

Tuesday, December 30th, 2008

Rapid Antivirus is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Rapid Antivirus

Host: privatetubes09.net
IP: 94.75.235.12

Whois:

inetnum: 94.75.235.0 - 94.75.235.255
netname: LEASEWEB
descr: LeaseWeb
descr: P.O. Box 93054
descr: 1090BB AMSTERDAM
descr: Netherlands
descr: www.leaseweb.com
remarks: Please send email to “abuse@leaseweb.com” for complaints
remarks: regarding portscans, DoS attacks and spam.
remarks: INFRA-AW
country: NL
admin-c: LSW1-RIPE
tech-c: LSW1-RIPE
status: ASSIGNED PA
mnt-by: LEASEWEB-MNT
source: RIPE # Filtered

person: RIP Mean
address: P.O. Box 93054
address: 1090BB AMSTERDAM
address: Netherlands
phone: +31 20 3162880
fax-no: +31 20 3162890

Other sites:

1. Directdownload09.net
2. Privatetubes09.net
3. Quicksoftupdate09.net

Host: rapidantivirus.com
IP: 91.208.0.220

Whois:

org-name: Still Trade Ltd
org-type: OTHER
address: Russian Federation,
address: St. Petersburg, Fedosenko st, 30 liter A, 24-N
mnt-ref: RU-WEBALTA-MNT
mnt-by: STILLTRADE-MNT
source: RIPE # Filtered

person: Perevitskiy Sergey
address: Russian Federation,
address: St. Petersburg, Fedosenko st, 30 liter A, 24-N
mnt-by: STILLTRADE-MNT

Other sites:

1. Agv-antivir.com
2. Antivirus2009plus.com
3. Extraantivir.com
4. Rapid-antivirus-2009.com
5. Rapidantivirus-2009.com
6. Rapidantivirus.com
7. Rapidantivirus2009.com
8. Securityscan2009.com
9. Securityscanner2009.com

Host: secure.vsoftstore.com
IP: 209.8.25.244

Whois:

OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US

Whois of vsoftstore.com:

Registrant
Christopher Otto
300 E OAKLAND PARK BLVD SUITE 313
33334 WILTON MANORS
United States

Administrative Contact
Christopher Otto christopherotto777 (at) gmail dot com
300 E OAKLAND PARK BLVD SUITE 313
33334 WILTON MANORS
United States
Tel: +1.3023707281

Technical Contact
Christopher Otto christopherotto777 (at) gmail dot com
300 E OAKLAND PARK BLVD SUITE 313
33334 WILTON MANORS
United States
Tel: +1.3023707281

Other sites:

1. Isoftmart.com
2. Vsoftstore.com
3. Xsoftstore.com

Rapid Antivirus

Tags: Beyond The Network America, LEASEWEB, Rapid Antivirus, rogue antivirus
Posted in Fake Codec, Malware | No Comments »

System Security rogue antivirus application

Tuesday, December 30th, 2008

System Security is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

System Security

File exclusivemovie.exe received on 12.30.2008 15:00:41 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.30	-
AhnLab-V3	2008.12.30.2	2008.12.30	-
AntiVir	7.9.0.45	2008.12.30	TR/Dldr.Agent.AWZO
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.29	-
AVG	8.0.0.199	2008.12.29	-
BitDefender	7.2	2008.12.30	-
CAT-QuickHeal	10.00	2008.12.30	TrojanDownloader.Agent.awyj
ClamAV	0.94.1	2008.12.30	-
Comodo	837	2008.12.29	-
DrWeb	4.44.0.09170	2008.12.30	Trojan.DownLoad.26579
eSafe	7.0.17.0	2008.12.28	Suspicious File
eTrust-Vet	31.6.6281	2008.12.29	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.29	-
F-Secure	8.0.14470.0	2008.12.30	-
Fortinet	3.117.0.0	2008.12.30	-
GData	19	2008.12.30	-
Ikarus	T3.1.1.45.0	2008.12.30	-
K7AntiVirus	7.10.569	2008.12.29	-
Kaspersky	7.0.0.125	2008.12.30	Trojan-Downloader.Win32.Agent.ayme
McAfee	5478	2008.12.29	-
McAfee+Artemis	5478	2008.12.29	Generic!Artemis
Microsoft	1.4205	2008.12.30	TrojanDownloader:Win32/Renos.FU
NOD32	3723	2008.12.30	Win32/TrojanDownloader.Zlob.CYA
Norman	5.80.02	2008.12.29	-
Panda	9.0.0.4	2008.12.29	-
PCTools	4.4.2.0	2008.12.30	-
Prevx1	V2	2008.12.30	Cloaked Malware
Rising	21.10.12.00	2008.12.30	-
SecureWeb-Gateway	6.7.6	2008.12.30	Trojan.Dldr.Agent.AWZO
Sophos	4.37.0	2008.12.30	Troj/DwnLdr-HLR
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.30	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.30	Possible_DLDER
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.30	-
VirusBuster	4.5.11.0	2008.12.29	-

Additional information
File size: 71168 bytes
MD5…: 442afb3012ffc4c34187df7bdd02ab58
SHA1..: 5e4ad6767be4cd0cb6881220461802d5f4d3fd77
SHA256: 44ed4667665856e84956fd080d1b1ed60e2b0caf563f93894be20310311f7ee2
SHA512: 1ebda8ab782e573191f082866ba6098600f41d04c741eff985f30a5d063a0dce 3a0e8810c5b5d446b518b51d6fd16a1034931db1b17520967c71131e9aa8cfcc
ssdeep: 768:0eGZ7pXszDhBm8D5aPMoIsyIdItKWz2EkRq7aJ9XmCHuPZHXyOSNTvvP/ZEI tn1w:YZOOE5aDIcl4Kq7ankH8d3Rt1i
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401fb0 timedatestamp…..: 0×49586dc4 (Mon Dec 29 06:27:16 2008) machinetype…….: 0×14c (I386)( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×2011 0×2200 6.49 4f47b49d94b06a4374cdfcafcfcc7419 .rdata 0×4000 0×784 0×800 4.95 75f2ad9d11318269387ef56e7f57b3d9 .data 0×5000 0xeef4 0xe800 7.92 1f83d4385a2dff4345d9147f707eaa8f ( 5 imports ) > KERNEL32.dll: CreateFileA, CloseHandle, DeviceIoControl, CreateFileW, GetSystemDirectoryA, GetVolumeInformationA, GetWindowsDirectoryA, ExitProcess, TerminateProcess, SetProcessPriorityBoost, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetCurrentProcess, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, IsBadWritePtr, GetComputerNameA, WriteFile, lstrlenA, GetVersionExA, GetTempPathA, CreateProcessA > SHELL32.dll: ShellExecuteExA, SHChangeNotify > MSVCRT.dll: rand, _except_handler3, atoi, sprintf, __CxxFrameHandler, _snprintf, srand, time, strncat, _strdup, __3@YAXPAX@Z, _itoa > MSVCP60.dll: __Xlen@std@@YAXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, __Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z > WININET.dll: HttpQueryInfoA, InternetOpenUrlA, InternetOpenA, InternetReadFile, InternetCloseHandle ( 0 exports )
Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=0041EA83000955D516530131EF71FE00754B1CC9′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=0041EA83000955D516530131EF71FE00754B1CC9</a>

System Security

File install.exe received on 12.30.2008 15:06:04 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.30	-
AhnLab-V3	2008.12.30.2	2008.12.30	-
AntiVir	7.9.0.45	2008.12.30	TR/Dldr.FraudLoad.vffc
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.29	-
AVG	8.0.0.199	2008.12.30	Downloader.Generic8.KTV
BitDefender	7.2	2008.12.30	-
CAT-QuickHeal	10.00	2008.12.30	-
ClamAV	0.94.1	2008.12.30	-
Comodo	837	2008.12.29	-
DrWeb	4.44.0.09170	2008.12.30	Trojan.DownLoad.26371
eSafe	7.0.17.0	2008.12.28	Suspicious File
eTrust-Vet	31.6.6281	2008.12.29	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.29	-
F-Secure	8.0.14470.0	2008.12.30	-
Fortinet	3.117.0.0	2008.12.30	-
GData	19	2008.12.30	-
Ikarus	T3.1.1.45.0	2008.12.30	-
K7AntiVirus	7.10.569	2008.12.29	-
Kaspersky	7.0.0.125	2008.12.30	-
McAfee	5478	2008.12.29	-
McAfee+Artemis	5478	2008.12.29	-
Microsoft	1.4205	2008.12.30	Program:Win32/Winwebsec
NOD32	3723	2008.12.30	-
Norman	5.80.02	2008.12.29	-
Panda	9.0.0.4	2008.12.29	Suspicious file
PCTools	4.4.2.0	2008.12.30	-
Prevx1	V2	2008.12.30	Malicious Software
Rising	21.10.12.00	2008.12.30	-
SecureWeb-Gateway	6.7.6	2008.12.30	Trojan.Dldr.FraudLoad.vffc
Sophos	4.37.0	2008.12.30	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.30	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.30	PAK_Generic.001
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.30	-
VirusBuster	4.5.11.0	2008.12.29	-

Additional information
File size: 63019 bytes
MD5…: b243f5de4921d8f7b6cf90e9aafe0aef
SHA1..: 96ecf2d547eeacfb64baeae0d07f39bd4f9f3412
SHA256: 7bc387c862fd99f40072ec6899bd2dfc8387d5ecc5e5d2666560ea8330e68973
SHA512: 21055584758e48fc48f86a0977a3eed252f02df7b5ec9ce0e70a824bc336f66c 4e0a86de0a336fcdabec9dc968d474a225f6b4d08a1b57bfdc3a2d5d11594956
ssdeep: 1536:z3qCkvQhnmlq+/Vy0×3vyNYOxgbVEgiK6nouy8PEY5qnXK:z3qsP+dy0×3v TVLfioutPLInXK
PEiD..: -
TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×427730 timedatestamp…..: 0×4958cb2f (Mon Dec 29 13:05:51 2008) machinetype…….: 0×14c (I386)( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×1a000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×1b000 0xe000 0xd400 7.97 f948a33dc79908cda9837b1810c8f732 .rsrc 0×29000 0×2000 0×1e00 5.04 4e32022a90b3400984565228a8f09193 ( 7 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Draw > gdi32.dll: SaveDC > oleaut32.dll: SysFreeString > user32.dll: GetDC > wininet.dll: InternetOpenW ( 0 exports )
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA
Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=B08F16022B7C0A8AF69300B095652100CAD98BCE’ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=B08F16022B7C0A8AF69300B095652100CAD98BCE</a>

System Security

Host: pornxmasstube.com
IP: 64.27.28.225

Whois:

OrgName:    Hollywood Interactive, Inc.
OrgID:      HLWD
Address:    600 W. 7th Street, Ste. 360
City:       Los Angeles
StateProv: CA
PostalCode: 90017
Country:    US
RNOCHandle: CNO4-ARIN
RNOCName:   CalPOP Network Operations
RNOCPhone: +1-213-627-1937
RNOCEmail: noc@calpop.com

Other sites:

1. Allbesttubeshere.com
2. Allpornotubeshere.com
3. Bestporntubehere.com
4. Megasupertubes.com
5. Onlybesttubesstorage.com
6. Porntube-cool.com
7. Pornxmasstube.com

Host: netsecurityonline.com
IP: 91.211.64.31

Whois:

netname:        Ural-NET
descr:          Ural Industrial Limited Company
country:        RU
org:            ORG-UICL2-RIPE
admin-c:        UIM1-RIPE
tech-c:         UIM1-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-HM-PI-MNT
mnt-lower:      RIPE-NCC-HM-PI-MNT
mnt-by:         URALCOMP-MNT
mnt-routes:     URALCOMP-MNT
mnt-domains:    URALCOMP-MNT
source:         RIPE # Filtered

organisation:   ORG-UICL2-RIPE
org-name:       Ural Industrial Company
org-type:       OTHER
address:        Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c:        AP10609-RIPE
mnt-ref:        URALCOMP-MNT
mnt-by:         URALCOMP-MNT
source:         RIPE # Filtered

role:           UralNet IP Master
address:        Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone:          +38 050 577 65 61

Other sites:

1. Hitstransfer.com
2. Trafficrelocation.com
3. Webnetworksecurity.com

Host: securedownloadsoftware.com
IP: 91.211.65.21

Whois:

netname:        Ural-NET
descr:          Ural Industrial Limited Company
country:        RU
org:            ORG-UICL2-RIPE
admin-c:        UIM1-RIPE
tech-c:         UIM1-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-HM-PI-MNT
mnt-lower:      RIPE-NCC-HM-PI-MNT
mnt-by:         URALCOMP-MNT
mnt-routes:     URALCOMP-MNT
mnt-domains:    URALCOMP-MNT
source:         RIPE # Filtered

organisation:   ORG-UICL2-RIPE
org-name:       Ural Industrial Company
org-type:       OTHER
address:        Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.

Other sites:

1. Safesoftwaretransfer.com
2. Securedownloadsoftware.com

Host: www.securedigitalpayments.com
IP: 209.8.45.153

Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Whois of securedigitalpayments.com :

Registrant:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540
Administrative Contact:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540
Technical Contact:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540

System Security

Tags: Beyond The Network America, Hollywood Interactive, Inc., System Security, Ural Industrial Limited Company
Posted in Fake Codec, Malware | No Comments »

System Security another rogue antivirus application

Tuesday, December 30th, 2008

System Security is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

System Security another rogue antivirus application

File TubePlayer_1_.ver.6.exe received on 12.30.2008 12:01:56 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.30	-
AhnLab-V3	2008.12.30.2	2008.12.30	-
AntiVir	7.9.0.45	2008.12.30	-
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.29	-
AVG	8.0.0.199	2008.12.29	-
BitDefender	7.2	2008.12.30	-
CAT-QuickHeal	10.00	2008.12.30	-
ClamAV	0.94.1	2008.12.30	-
Comodo	837	2008.12.29	-
DrWeb	4.44.0.09170	2008.12.30	-
eSafe	7.0.17.0	2008.12.28	-
eTrust-Vet	31.6.6281	2008.12.29	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.29	-
F-Secure	8.0.14470.0	2008.12.30	-
Fortinet	3.117.0.0	2008.12.30	-
GData	19	2008.12.30	-
Ikarus	T3.1.1.45.0	2008.12.30	-
K7AntiVirus	7.10.569	2008.12.29	-
Kaspersky	7.0.0.125	2008.12.30	-
McAfee	5478	2008.12.29	-
McAfee+Artemis	5478	2008.12.29	-
Microsoft	1.4205	2008.12.30	-
NOD32	3723	2008.12.30	-
Norman	5.80.02	2008.12.29	-
Panda	9.0.0.4	2008.12.29	-
PCTools	4.4.2.0	2008.12.29	-
Prevx1	V2	2008.12.30	-
Rising	21.10.12.00	2008.12.30	-
SecureWeb-Gateway	6.7.6	2008.12.30	-
Sophos	4.37.0	2008.12.30	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.30	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.30	-
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.30	-
VirusBuster	4.5.11.0	2008.12.29	-

Additional information
File size: 49156 bytes
MD5…: bfe54ffd8371266827848e6ee4a4ba49
SHA1..: 3ee085a4430368ca747c40ed759985ca16640315
SHA256: 301470f6bddac3d3e32b86161ad4fe3dd3e41557d6e241e35b67e0835952c058
SHA512: f38908bf1efcc872627a30f6c995a4c590be2eca11e891573dfa2c47254ea1bd 7e933184ba99304f0a5ab0a877575b12b8f40a58f46572eb80e990682fd056d7
ssdeep: 384:gw5jhxJxGf91sp9UE2HgqUX8Ip7BwITSzAvqoCJsm:XjpxGf91cU1AqpI5Bw uv/C9
PEiD..: -
TrID..: File type identification Win32 Dynamic Link Library (generic) (55.5%) Clipper DOS Executable (14.7%) Generic Win/DOS Executable (14.6%) DOS Executable Generic (14.6%) VXD Driver (0.2%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×401103 timedatestamp…..: 0×47af8c24 (Sun Feb 10 23:43:32 2008) machinetype…….: 0×14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×1009 0×2000 1.95 9cc790b2704fcfe6106dcd0461e089f3 .data 0×3000 0×6104 0×7000 5.67 9812c319b5a7dbcd5cbdf90dc63d7445 .rdata 0xa000 0xe6c3 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0×19000 0×26d 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 ( 5 imports ) > comctl32.dll: InitCommonControls, ImageList_DragEnter, ImageList_LoadImage, ImageList_DrawIndirect, ImageList_GetImageRect, ImageList_Remove, ImageList_AddMasked, ImageList_DragMove, ImageList_Create, ImageList_DrawEx, ImageList_GetImageCount, ImageList_ReplaceIcon, ImageList_Draw, ImageList_LoadImageA, ImageList_GetIcon, ImageList_GetImageInfo > kernel32.dll: GetModuleFileNameA, SetLastError, GetLastError, GetStringTypeW, Sleep, GetFileSize, GetFullPathNameA, GetStdHandle, lstrcmpiA, GetStringTypeA, HeapAlloc, GetFileAttributesA, GetCommandLineA, GlobalAlloc, GlobalFree, GetCPInfo, lstrcpyA, lstrcatA, lstrlenA > gdi32.dll: AddFontMemResourceEx, GetClipBox, GetCurrentPositionEx, CreateSolidBrush, SetTextColor, GetPixel, ExtTextOutA, CloseFigure, AddFontResourceW, BeginPath, BitBlt, AddFontResourceExW, ClearBitmapAttributes, RestoreDC, AbortPath, CloseMetaFile, ClearBrushAttributes > advapi32.dll: RegQueryValueA, RegQueryInfoKeyW, RegDeleteValueA, RegEnumValueW, RegQueryValueW, RegFlushKey, RegCreateKeyExA, RegOpenKeyExW, RegGetKeySecurity, RegEnumKeyW, RegQueryValueExA, RegCreateKeyExW, RegReplaceKeyA, RegDeleteValueW, RegOpenKeyA, RegReplaceKeyW, RegOpenKeyW > user32.dll: GetDlgItem, GetDC, CreateIcon, GetWindowTextA, AppendMenuW, BlockInput, GetCursor, CopyRect, DrawIcon, DrawTextA, DrawTextW, LoadMenuA, AppendMenuA, GetMenu, EndDialog, CloseWindow, IsWindow, AlignRects, CopyIcon, DialogBoxParamA ( 0 exports )

System Security another rogue antivirus application

File install.exe received on 12.30.2008 11:56:51 (CET)
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.30	-
AhnLab-V3	2008.12.30.2	2008.12.30	-
AntiVir	7.9.0.45	2008.12.30	TR/Dldr.FraudLoad.vfee
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.29	-
AVG	8.0.0.199	2008.12.29	Downloader.Generic8.KSW
BitDefender	7.2	2008.12.30	-
CAT-QuickHeal	10.00	2008.12.30	TrojanDownloader.FraudLoad.ve
ClamAV	0.94.1	2008.12.30	-
Comodo	837	2008.12.29	-
DrWeb	4.44.0.09170	2008.12.30	Trojan.DownLoad.26371
eSafe	7.0.17.0	2008.12.28	Suspicious File
eTrust-Vet	31.6.6281	2008.12.29	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.29	-
F-Secure	8.0.14470.0	2008.12.30	-
Fortinet	3.117.0.0	2008.12.30	-
GData	19	2008.12.30	-
Ikarus	T3.1.1.45.0	2008.12.30	-
K7AntiVirus	7.10.569	2008.12.29	-
Kaspersky	7.0.0.125	2008.12.30	-
McAfee	5478	2008.12.29	-
McAfee+Artemis	5478	2008.12.29	-
Microsoft	1.4205	2008.12.30	Program:Win32/Winwebsec
NOD32	3723	2008.12.30	-
Norman	5.80.02	2008.12.29	-
Panda	9.0.0.4	2008.12.29	Suspicious file
PCTools	4.4.2.0	2008.12.29	-
Prevx1	V2	2008.12.30	Malicious Software
Rising	21.10.12.00	2008.12.30	-
SecureWeb-Gateway	6.7.6	2008.12.30	Trojan.Dldr.FraudLoad.vfee
Sophos	4.37.0	2008.12.30	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.30	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.30	PAK_Generic.001
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.30	-
VirusBuster	4.5.11.0	2008.12.29	-

Additional information
File size: 63019 bytes
MD5…: 287ec9491b432387577bfe08ef3fcd53
SHA1..: d5d0da152ab10b8f7fe33c0ab3c203d6c704442d
SHA256: c80828e79cb05226899295deb18ab3e1a589eace36e603a8cd7e21bb5991db33
SHA512: 39a4bf2d36ac5e2f12e57d0224453f4a6238d8f7163d8b306ba491a48d756393 7e6dd5deaed369daa5f38707bc6c537586998b8f5c648ee3a73170e4540c2157
ssdeep: 1536:m3qCkvQhnmlq+/iPCZCBsy1FvEenouy8nEY5qnXK:m3qsP+qNBoutnLInXK
PEiD..: -
TrID..: File type identification UPX compressed Win32 Executable (38.5%) Win32 EXE Yoda’s Crypter (33.4%) Win32 Executable Generic (10.7%) Win32 Dynamic Link Library (generic) (9.5%) Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×427750 timedatestamp…..: 0×4957d90e (Sun Dec 28 19:52:46 2008) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×1a000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×1b000 0xe000 0xd400 7.97 69b44c8cd853168b5b3c9102250d4968 .rsrc 0×29000 0×2000 0×1e00 5.04 9454c4570d66fa71be234ddaa074c1e2 ( 7 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Draw > gdi32.dll: SaveDC > oleaut32.dll: SysFreeString > user32.dll: GetDC > wininet.dll: InternetOpenW ( 0 exports )
Prevx info: <a href=’http://info.prevx.com/aboutprogramtext.asp?PX5=E33330252BBD9DBAF60A0067CD698A00A264A711′ target=’_blank’>http://info.prevx.com/aboutprogramtext.asp?PX5=E33330252BBD9DBAF60A0067CD698A00A264A711</a>
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

System Security another rogue antivirus application

Host: mybest-pov-tube.com
IP: 69.59.21.247

Whois:

OrgName:    Carolina Internet
OrgID:      CARO
Address:    900 Center Park Drive
Address:    Suite A
City:       Charlotte
StateProv: NC
PostalCode: 28217
Country:    US

NetRange:   69.59.16.0 - 69.59.31.255
CIDR:       69.59.16.0/20
NetName:    CARO-NET-ARIN-1
NetHandle: NET-69-59-16-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.CARO.NET
NameServer: NS2.CARO.NET
NameServer: NS3.CARO.NET
Comment:
RegDate:    2006-08-10
Updated:    2006-08-10

RAbuseHandle: NOC240-ARIN
RAbuseName:   NOC
RAbusePhone: +1-704-643-8330

Other sites:

1. Av-scan-soft.net
2. Bestmytubeonilne1.com
3. Bestmytubeonilne2.com
4. Bestmytubeonilne3.com
5. Fast-xxx-tube.net
6. Fen-tube.com
7. My-bestpov-tube.com
8. Mybest-pov-tube.com
9. Mybestpov-tube.com
10. Scanner-pc-toolz.net
11. Tube-4-free-center.com
12. Tube-chick.net
13. Tube-free-4-adult.net
14. Tube-hu.com
15. Tube-more-sex.com
16. Tubeger.com
17. U-tube-verse.com
18. Uni-tube-911.com

Host: downloabsecurehere1.com
IP: 94.247.3.228

Whois:

role:           DATORU EXPRESS SERVISS HostMaster
address:        18. novembra street 319C
address:        Daugavpils, LV-5413
address:        Latvia
phone:          +371 26631339
fax-no:         +371 65420725
remarks:        Information: http://www.pcexpress.lv

Other sites:

1. Best-ps-download-4pc.com
2. Downloabsecurehere1.com
3. Downloabsecurehere2.com
4. Downloabsecurehere3.com
5. Downloabsecurehere4.com
6. Download-all4free.com
7. Download-allsoftnow.com
8. Download-files-bak.net
9. Download-files-plus.net
10. Download-fls.com
11. Download-softarch.com
12. Download-top-software.com
13. Download-top-software.net
14. Downloadall-soft-now.com
15. Downloadallsoft-now.com
16. Downloadallsoftnow.com
17. Dwnld-files.com
18. Fast-download-base-free.com
19. Files-download-arch.net
20. Files-upload-21.com
21. Get-files-4free.net
22. Get-frsh-files.com
23. Go-downloadz-pc-soft.com
24. Soft-4-you-download.net
25. Top-best-software-area.net

Host: netsecurityonline.com
IP: 91.211.64.31

Whois:

org-name:       Ural Industrial Company
org-type:       OTHER
address:        Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c:        AP10609-RIPE
mnt-ref:        URALCOMP-MNT
mnt-by:         URALCOMP-MNT
source:         RIPE # Filtered

role:           UralNet IP Master
address:        Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone:          +38 050 577 65 61

Other sites:

1. Hitstransfer.com
2. Trafficrelocation.com
3. Webnetworksecurity.com

Host: securedownloadsoftware.com
IP: 91.211.65.21

Whois:

org-type:       OTHER
address:        Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
admin-c:        AP10609-RIPE
mnt-ref:        URALCOMP-MNT
mnt-by:         URALCOMP-MNT
source:         RIPE # Filtered

role:           UralNet IP Master
address:        Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone:          +38 050 577 65 61

Other sites:

1. Safesoftwaretransfer.com
2. Securedownloadsoftware.com

Host: www.securedigitalpayments.com
IP: 209.8.45.153

Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Whois of securedigitalpayments.com :

Registrant:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540
Administrative Contact:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540
Technical Contact:
    Piter Walter
    Email: walterplovett@gmail.com
    Organization: Private person
    Address: 1308 Roosevelt Street
    City: Oakland
    State: CA
    ZIP: 94612
    Country: US
    Phone: +1.4154495540

System Security another rogue antivirus application

Tags: Beyond The Network America, Carolina Internet, DATORU EXPRESS SERVISS HostMaster, rogue antivirus, System Security, Ural Industrial Company, UralNet IP Master, Whois:
Posted in Fake Codec, Malware | No Comments »

Antivirus 2009 rogue antivirus application

Tuesday, December 9th, 2008

Antivirus 2009is a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Antivirus 2009

File exclusivemovie.1212.exe received on 12.09.2008 17:22:30 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.10.0	2008.12.09	-
AntiVir	7.9.0.43	2008.12.09	TR/Dldr.Zlob.imk
Authentium	5.1.0.4	2008.12.08	-
Avast	4.8.1281.0	2008.12.08	-
AVG	8.0.0.199	2008.12.09	-
BitDefender	7.2	2008.12.09	-
CAT-QuickHeal	10.00	2008.12.09	-
ClamAV	0.94.1	2008.12.09	-
Comodo	713	2008.12.09	-
DrWeb	4.44.0.09170	2008.12.09	-
eSafe	7.0.17.0	2008.12.09	Suspicious File
eTrust-Vet	31.6.6252	2008.12.09	-
Ewido	4.0	2008.12.09	-
F-Prot	4.4.4.56	2008.12.08	-
F-Secure	8.0.14332.0	2008.12.09	Trojan-Downloader.Win32.Agent.atlu
Fortinet	3.117.0.0	2008.12.09	-
GData	19	2008.12.09	-
Ikarus	T3.1.1.45.0	2008.12.08	-
K7AntiVirus	7.10.549	2008.12.09	-
Kaspersky	7.0.0.125	2008.12.09	Trojan-Downloader.Win32.Agent.atlu
McAfee	5458	2008.12.08	-
McAfee+Artemis	5458	2008.12.09	-
Microsoft	1.4205	2008.12.09	-
NOD32	3676	2008.12.09	-
Norman	5.80.02	2008.12.09	-
Panda	9.0.0.4	2008.12.09	-
PCTools	4.4.2.0	2008.12.09	-
Prevx1	V2	2008.12.09	Malware Dropper
Rising	21.07.12.00	2008.12.09	-
SecureWeb-Gateway	6.7.6	2008.12.09	Trojan.Dldr.Zlob.imk
Sophos	4.36.0	2008.12.09	Troj/DwnLdr-HLR
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.09	-
TheHacker	6.3.1.2.180	2008.12.09	-
TrendMicro	8.700.0.1004	2008.12.09	Possible_DLDER
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.9.1509	2008.12.09	Dropper.Agent.66560.D
VirusBuster	4.5.11.0	2008.12.09	-

Additional information
File size: 66560 bytes
MD5…: e24b67c9e5f7bb2c9d1e15eafee9f329
SHA1..: 0b3c238fc6bdf8cd469bc377b4f5bfa3e23a705f
SHA256: 1df0e73f40d49e9497e39bb1931dab84606ba0e309b3a10b03e858ba029d194b
SHA512: 7ab32711fa2ab4a614248eb1e2e2d9a2887b3efddef261f85dea2caf9c0f063f 001231816f8d59687827d35163dc832e5df6d1d5e7c57b00fcb13636fd3eab60
ssdeep: 1536:b9/+qo7X7Q1N4PpQ2iHzNb3vSkdaZcPvQRcCefymztRe:blJ0EIRQ2iJ5da iPvQR6qmhR
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Antivirus 2009

File InstallAVv_77100106.exe received on 12.09.2008 17:22:36 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.10.0	2008.12.09	-
AntiVir	7.9.0.43	2008.12.09	-
Authentium	5.1.0.4	2008.12.08	-
Avast	4.8.1281.0	2008.12.08	-
AVG	8.0.0.199	2008.12.09	Win32/Heur
BitDefender	7.2	2008.12.09	-
CAT-QuickHeal	10.00	2008.12.09	-
ClamAV	0.94.1	2008.12.09	-
Comodo	713	2008.12.09	-
DrWeb	4.44.0.09170	2008.12.09	-
eSafe	7.0.17.0	2008.12.09	Suspicious File
eTrust-Vet	31.6.6252	2008.12.09	-
Ewido	4.0	2008.12.09	-
F-Prot	4.4.4.56	2008.12.08	-
F-Secure	8.0.14332.0	2008.12.09	-
Fortinet	3.117.0.0	2008.12.09	-
GData	19	2008.12.09	-
Ikarus	T3.1.1.45.0	2008.12.08	-
K7AntiVirus	7.10.549	2008.12.09	-
Kaspersky	7.0.0.125	2008.12.09	-
McAfee	5458	2008.12.08	-
McAfee+Artemis	5458	2008.12.09	-
Microsoft	1.4205	2008.12.09	Trojan:Win32/FakeXPA
NOD32	3676	2008.12.09	-
Norman	5.80.02	2008.12.09	-
Panda	9.0.0.4	2008.12.09	-
PCTools	4.4.2.0	2008.12.09	-
Prevx1	V2	2008.12.09	-
Rising	21.07.12.00	2008.12.09	-
SecureWeb-Gateway	6.7.6	2008.12.09	-
Sophos	4.36.0	2008.12.09	Sus/Behav-297
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.09	-
TheHacker	6.3.1.2.180	2008.12.09	-
TrendMicro	8.700.0.1004	2008.12.09	PAK_Generic.001
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.9.1509	2008.12.09	-
VirusBuster	4.5.11.0	2008.12.09	-

Additional information
File size: 90112 bytes
MD5…: c5135fdf2bd0cf512b034607cdaf3bde
SHA1..: 303bd94d484830cd729fb58bd7979152d13ab788
SHA256: bb22d1f01e882196c820cb6d528ecabde3fc23f6bbfe2b93477893022956402e
SHA512: a8d0cc17a38f9fb5e6fbfd0bce6df2780a6e6c154d4997455cf842c5fb93caaf fa8d22902e6e3c8f89d39ce2418f98dd557ac927040f83977b9a22f4818082bb
ssdeep: 1536:M3q7VoagHfSTDFHVs9aur8It+Ah83mOxHIRp21OaBreBbMzXH8MV:Ma7Voa N/FHVQao88+wpT8MID
PEiD..: -
TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
PEInfo: PE Structure information

Antivirus 2009

Host: allcooltubeshere.com
IP: 89.149.228.200

Whois:

netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de
nic-hdl:      WW200-RIPE
mnt-by:       NETDIRECT-MNT
source:       RIPE # Filtered

Other sites:

1) 69-tube-69.com
2) Megasexytube.com
3) Super-av-scanner.com

Host: codecdownload.allcleanfileshere.com
IP: 91.203.93.81

Whois:

netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de
nic-hdl:      WW200-RIPE
mnt-by:       NETDIRECT-MNT
source:       RIPE # Filtered

Other sites:

1) 3d-softportal.com
2) 3d-softportal.net
3) Allfilesherefordownload.com

Host: advancedproscan.com
IP: 69.10.44.207

Whois:

Interserver, Inc INTERSERVER

Host: protectedpaymentsite.com
IP: 209.8.45.117

Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Host: microsoft.protectionsoftwaredownload.com
IP: 89.149.241.106

Whois:

inetnum:        89.149.241.0 - 89.149.244.255
netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822

Host: softwareservicebilling.com
IP: 63.219.177.214

Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Antivirus 2009

Tags: Antivirus 2009, Beyond The Network America, netdirect, rogue antivirus
Posted in Fake Codec, Malware, Rogues | 1 Comment »

Antivirus 2009 rogue antivirus application

Wednesday, November 19th, 2008

Antivirus 2009 a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Antivirus 2009

File v-codec.123.exe received on 11.19.2008 16:23:57 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.19	-
AntiVir	7.9.0.34	2008.11.19	-
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.18	-
AVG	8.0.0.199	2008.11.19	-
BitDefender	7.2	2008.11.19	-
CAT-QuickHeal	10.00	2008.11.19	-
ClamAV	0.94.1	2008.11.19	-
DrWeb	4.44.0.09170	2008.11.19	-
eSafe	7.0.17.0	2008.11.18	Suspicious File
eTrust-Vet	31.6.6216	2008.11.19	-
Ewido	4.0	2008.11.19	-
F-Prot	4.4.4.56	2008.11.18	-
F-Secure	8.0.14332.0	2008.11.19	-
Fortinet	3.117.0.0	2008.11.19	-
GData	19	2008.11.19	-
Ikarus	T3.1.1.45.0	2008.11.19	Trojan-Downloader.Win32.CodecPack
K7AntiVirus	7.10.527	2008.11.18	-
Kaspersky	7.0.0.125	2008.11.19	-
McAfee	5438	2008.11.18	-
Microsoft	1.4104	2008.11.19	TrojanDownloader:Win32/Renos.BAH
NOD32	3624	2008.11.19	Win32/TrojanDownloader.Zlob.CVG
Norman	5.80.02	2008.11.19	-
Panda	9.0.0.4	2008.11.19	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.19	Malware Dropper
Rising	21.04.22.00	2008.11.19	-
SecureWeb-Gateway	6.7.6	2008.11.19	-
Sophos	4.35.0	2008.11.19	Troj/Dloadr-CAG
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.19	Downloader
TheHacker	6.3.1.1.158	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.19	Possible_DLDER
VBA32	3.12.8.9	2008.11.19	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.18	-

Additional information
File size: 50176 bytes
MD5…: eec2d22e39d75355539f7eb7ff384fc2
SHA1..: 0ba883d406a51f5194c1ea5df2f8d78f02a30342
SHA256: b396ab2fc5128eb3643b0e483bcefe146c2fc855e3658eba7ab2b83df1b81860
SHA512: a3f42f426d7df0688984b57c89953cafab9432fc91793328c0385bbb2b471e3a 4897f4fc4efa6045e9181df30d74f40d34bcbf23d6e7a4ca0e4ca01aa2386270
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=45B34567006772C7C4750054B66A1E00137572E3

Antivirus 2009

File A9installertest_77100102.exe received on 11.19.2008 16:24:06 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.19	-
AntiVir	7.9.0.34	2008.11.19	-
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.18	-
AVG	8.0.0.199	2008.11.19	-
BitDefender	7.2	2008.11.19	-
CAT-QuickHeal	10.00	2008.11.19	-
ClamAV	0.94.1	2008.11.19	-
DrWeb	4.44.0.09170	2008.11.19	-
eSafe	7.0.17.0	2008.11.18	-
eTrust-Vet	31.6.6216	2008.11.19	-
Ewido	4.0	2008.11.19	-
F-Prot	4.4.4.56	2008.11.18	-
F-Secure	8.0.14332.0	2008.11.19	-
Fortinet	3.117.0.0	2008.11.19	-
GData	19	2008.11.19	-
Ikarus	T3.1.1.45.0	2008.11.19	-
K7AntiVirus	7.10.527	2008.11.18	-
Kaspersky	7.0.0.125	2008.11.19	-
McAfee	5438	2008.11.18	-
Microsoft	1.4104	2008.11.19	Trojan:Win32/FakeXPA
NOD32	3624	2008.11.19	-
Norman	5.80.02	2008.11.19	-
Panda	9.0.0.4	2008.11.19	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.19	-
Rising	21.04.22.00	2008.11.19	-
SecureWeb-Gateway	6.7.6	2008.11.19	-
Sophos	4.35.0	2008.11.19	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.19	-
TheHacker	6.3.1.1.158	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.19	-
VBA32	3.12.8.9	2008.11.19	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.18	-

Additional information
File size: 163840 bytes
MD5…: b58b7c0fca632601b7b6f22faf0c73ac
SHA1..: ea50267f8ccdb033d3b1a2c060cc238f084e23fa
SHA256: a67e4fe36e60fbe3db906591fbede08bae239c1afb55ebc715879e57d621debf
SHA512: e4f4a17190f92e9371ce6aa2e74bf4dc016c30071e4a061ff6dbac116a41e15d bd64b95d9b4545b4b85ff07259a77158df2970c67d595db304cf368b0bfedc55
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%)
PEInfo: PE Structure information

Host: imp-porntube.net
IP: 64.27.28.224
Whois:

OrgName:    Hollywood Interactive, Inc.
OrgID:      HLWD
Address:    600 W. 7th Street, Ste. 360
City:       Los Angeles
StateProv: CA
PostalCode: 90017
Country:    US

NetRange:   64.27.0.0 - 64.27.31.255
CIDR:       64.27.0.0/19
NetName:    HOLLYWOOD-INTERACTIVE
NetHandle: NET-64-27-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.CALPOP.COM
NameServer: NS2.CALPOP.COM
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-01-10
Updated:    2004-09-13

RNOCHandle: CNO4-ARIN
RNOCName:   CalPOP Network Operations
RNOCPhone: +1-213-627-1937
RNOCEmail:   noc@calpop.com

Other sites:

1. Celebs4you-online2008.com
2. I-av-sscan2009.com
3. Imp-porntube.net

Host: antivirusdefense.com
IP: 69.10.44.207

Whois:

OrgName:    Interserver, Inc
OrgID:      INTER-83
Address:    110 Meadowlands Pkwy
Address:    1st Floor
City:       Secaucus
StateProv: NJ
PostalCode: 07094
Country:    US

Host: www.win-security-scanner.org
IP: 115.126.5.92

Whois:

OrgName:    Asia Pacific Network Information Centre
OrgID:      APNIC
Address:    PO Box 2131
City:       Milton
StateProv: QLD
PostalCode: 4064
Country:    AU

Other sites:

1. Spy-protector.org
2. Win-security-scanner.org
3. Spy-protector.biz

Host: powerfulvirusremover2008.com
IP: 77.245.61.80

Whois:

descr:          Webair Internet Development company, Inc
country:        NL
org:            ORG-RII1-RIPE
admin-c:        RIIS1-RIPE
tech-c:         RIIS1-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      GLOBALAXS-MNT
mnt-lower:      WEBAIRINC-MTL
mnt-domains:    MNT-RECURRING
mnt-routes:     MNT-RECURRING
source:         RIPE # Filtered

organisation:   ORG-RII1-RIPE
org-name:       Webair Internet Development company, Inc
org-type:       LIR
address:        Recurring International Inc
                Sagi Brody
                REDBUS INTERHOUSE (NETHERLANDS) B V GYROSCOOPWEG 2E
                AB 1042 AMSTERDAM
                Netherlands
phone:          +31 20 4804400
fax-no:         +15169385100

Other sites:

1. Mysecureexpertcleaner.com
2. Pcvirusremover2008.com
3. Powerfulvirusremover2008.com
4. Prosecureexpertcleaner.com
5. Prosecureexpertcleanerpro.com
6. Registrydoctor2008-online.com
7. Registrydoctor2008-pro.com
8. Registrydoctor2008-scan.com
9. Registrydoctor2008.com
10. Registrydoctorpro2008.com
11. Secureexpertcleaner.com
12. Securefileshred.com
13. Securefileshredder.com
14. Securefileshredder2009.com
15. Securefilesshred.com
16. Securefilesshredder.com
17. Strongvirusremover2008.com
18. Supersecurefileshredder.com
19. Topregistrydoctor2008.com
20. Virusremover2008flash.com
21. Virusremover2008plus.com
22. Winsecureexpertcleaner.com
23. Yoursecureexpertcleaner.com

Host: official-antivirus2009.com
IP: 84.243.196.136

Whois:

org-name:       PortNAP Internet Services
org-type:       OTHER
address:        Beverwaardseweg 232
address:        3077GD Rotterdam
address:        The Netherlands
phone:          +31.612928606
mnt-ref:        GFX-MNT
mnt-by:         GFX-MNT
source:         RIPE # Filtered

role:           GrafiX NOC
org:            ORG-GIB1-RIPE
address:        GrafiX Internet B.V.
address:        Stationsplein 20
address:        2907 MJ Capelle aan den IJssel
phone:          +31 10 2640210
fax-no:         +31 10 2640211

Host: softwarebillingservice.com
IP: 63.219.177.214

Whois of softwarebillingservice.com

Registration Service Provided By: ERDOMAIN.COM
Contact: +49.3036741521
Website: http://www.erdomain.com

Domain Name: SOFTWAREBILLINGSERVICE.COM

Registrant:
    N/A
    Viktor Temchenko        (temchenkoviktor@googlemail.com)
    Pr. Geroev Tryda
    Kharkov
    Kharkiv Oblast,01001
    UA
    Tel. +380.936328480

Creation Date: 03-Nov-2008
Expiration Date: 03-Nov-2009

Whois of 63.219.177.214

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Antivirus 2009

Antivirus 2009 from Pandora software

Antivirus 2009

Tags: Antivirus 2009, Asia Pacific Network Information Centre, Beyond The Network America, Hollywood Interactive, Interserver, PortNAP Internet Services, rogue antivirus, Webair Internet Development company
Posted in Malware, Rogues | 3 Comments »

PRO Antispyware 2009 rogue antispyware application

Tuesday, November 18th, 2008

PRO Antispyware 2009 is a rogue antispyware. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Pro ANtispyware 2009

File setup_225_7777_.exe received on 11.18.2008 12:09:21 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.18	-
AntiVir	7.9.0.31	2008.11.18	-
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.17	-
AVG	8.0.0.199	2008.11.17	-
BitDefender	7.2	2008.11.18	-
CAT-QuickHeal	10.00	2008.11.18	-
ClamAV	0.94.1	2008.11.18	-
DrWeb	4.44.0.09170	2008.11.18	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.17	-
F-Prot	4.4.4.56	2008.11.17	W32/SuspPack.H.gen!Eldorado
F-Secure	8.0.14332.0	2008.11.18	-
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	-
Ikarus	T3.1.1.45.0	2008.11.18	-
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	-
Microsoft	1.4104	2008.11.17	Program:Win32/WinSpywareProtect
NOD32	3621	2008.11.18	-
Norman	5.80.02	2008.11.17	-
Panda	9.0.0.4	2008.11.17	Suspicious file
PCTools	4.4.2.0	2008.11.17	-
Prevx1	V2	2008.11.18	-
Rising	21.04.12.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	-
Sophos	4.35.0	2008.11.18	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
VBA32	3.12.8.9	2008.11.17	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.17	-

Additional information
File size: 114688 bytes
MD5…: 5113da8324f92352294aee4f47a532b2
SHA1..: fc2bd52925959ee5061e412d12754ccc120d7925
SHA256: 9506866e9b3cda9e1867c34e091dc1c662032395e1dcf857627fa31547c76bd3
SHA512: ddb22cefe217431451134787847b8fc7b697bb154778cb41b63bc0d2caa70aa6 6d544bb2cf0b89c06d47ba7c56345b0408ac08354e44eddd0e20e17ca74a822e
PEiD..: -
TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
PEInfo: PE Structure information

Pro ANtispyware 2009

Host: scan.scannerantispyware.com
IP: 78.26.179.233

Whois:

role:           Renome Service Tech Staff
address:        Kosvennaya str., 78, Odessa, Ukraine, 65000
org:            ORG-RA159-RIPE
phone:          +380487597596
fax-no:         +380487597596
mnt-by:         RENOME-MNT
abuse-mailbox: abuse@odessa.tv
admin-c:        WU-RIPE
admin-c:        GA-RIPE
tech-c:         WU-RIPE
nic-hdl:        RSM-RIPE
source:         RIPE # Filtered

Host: files.download-antispyware.com
IP: 78.157.142.81

Whois:

netname:        VDHOST
descr:          VdHost Ltd.
descr:          abuse@vdhost.info
country:        LV
admin-c:        AV2990-RIPE
tech-c:         AV2990-RIPE
status:         ASSIGNED PA
mnt-by:         UN-MNT
source:         RIPE # Filtered

person:         Arturs Vavilovs
address:        Riga
phone:          +371 29653077
e-mail:         admin@vdhost.info
nic-hdl:        AV2990-RIPE
mnt-by:         UN-MNT
source:         RIPE # Filtered

Host: sales.proantispyware-2009-buy.com
IP: 216.195.42.226

Whois:

OrgName:    APS Telecom
OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

Host: secure.websecurebilling.com
IP: 209.8.45.146

Whois of websecurebilling.com :

Domain Name: WEBSECUREBILLING.COM
   Registrar: REGTIME LTD.
   Whois Server: whois.regtime.net
   Referral URL: http://www.webnames.ru
   Name Server: NS1.WEBSECUREBILLING.COM
   Name Server: NS2.WEBSECUREBILLING.COM
   Status: ok
   Updated Date: 11-nov-2008
   Creation Date: 07-nov-2008
   Expiration Date: 07-nov-2009

Whois 209.8.45.146:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Pro ANtispyware 2009

PRO Antispyware 2009 from Pandora software

Pro ANtispyware 2009

Tags: Beyond The Network America, PRO Antispyware 2009, rogue Antispyware, VdHost Ltd
Posted in Malware, Rogues | 1 Comment »

Antivirus 2009 rogue antivirus application

Saturday, November 15th, 2008

Antivirus 2009 a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Antivirus 2009

File A9installer_880649.exe received on 11.15.2008 14:03:48 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.14.3	2008.11.14	-
AntiVir	7.9.0.31	2008.11.14	TR/Dldr.FraudLoad.vdlc
Authentium	5.1.0.4	2008.11.15	W32/FakeAV.FM
Avast	4.8.1281.0	2008.11.14	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.11.14	Downloader.Agent.AOYR
BitDefender	7.2	2008.11.15	-
CAT-QuickHeal	10.00	2008.11.15	-
ClamAV	0.94.1	2008.11.15	-
DrWeb	4.44.0.09170	2008.11.15	-
eSafe	7.0.17.0	2008.11.13	Win32.FraudLoad.vdlc
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.15	-
F-Prot	4.4.4.56	2008.11.14	W32/FakeAV.FM
F-Secure	8.0.14332.0	2008.11.15	Trojan-Downloader.Win32.FraudLoad.vdlc
Fortinet	3.117.0.0	2008.11.15	-
GData	19	2008.11.15	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.45.0	2008.11.15	Trojan-Downloader.Win32.FraudLoad
K7AntiVirus	7.10.526	2008.11.15	Trojan-Downloader.Win32.FraudLoad.vdlc
Kaspersky	7.0.0.125	2008.11.15	Trojan-Downloader.Win32.FraudLoad.vdlc
McAfee	5434	2008.11.14	FakeAlert-AB
Microsoft	1.4104	2008.11.15	TrojanDownloader:Win32/Renos
NOD32	3615	2008.11.15	-
Norman	5.80.02	2008.11.14	W32/DLoader.KTQX
Panda	9.0.0.4	2008.11.15	Adware/Xpantivirus2008
PCTools	4.4.2.0	2008.11.15	-
Prevx1	V2	2008.11.15	-
Rising	21.03.42.00	2008.11.14	-
SecureWeb-Gateway	6.7.6	2008.11.14	Trojan.Dldr.FraudLoad.vdlc
Sophos	4.35.0	2008.11.15	Mal/Generic-A
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.15	-
TheHacker	6.3.1.1.152	2008.11.13	-
TrendMicro	8.700.0.1004	2008.11.14	TROJ_FAKEAV.XR
VBA32	3.12.8.9	2008.11.14	-
ViRobot	2008.11.15.1470	2008.11.15	-
VirusBuster	4.5.11.0	2008.11.14	-

Additional information
File size: 163840 bytes
MD5…: 5bd224f0fa4fa6120186ff9bd6f7b874
SHA1..: fa7c5868cd788786086e84bce49405544344cd7b
SHA256: 78e2fe7e834721c9eca5171d3e4078e7f27d3f97d00aaf724ece51400038a95f
SHA512: 7ae2f1068c20e5f45ba660e048fb8fb814b8a67e8f5486b6de0a8f5e8cad400a edd619f8805e861c91aae0925555a92aa4394dd225c62810ac6b84f5b4b394be
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%)
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401167 timedatestamp…..: 0×45bb4551 (Sat Jan 27 12:28:01 2007) machinetype…….: 0×14c (I386)( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×5045 0×6000 0.69 37201dedc3c62b3f80091e4e2c12a76c .rdata 0×7000 0×1012 0×2000 0.00 0829f71740aab1ab98b33eae21dee122 .data 0×9000 0×2c0efd 0×16000 6.10 9878f70f1e61fd935bbeb99d549a6a4c .tls 0×2ca000 0×5f 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rdata 0×2cb000 0×418 0×1000 0.04 0fde2d8028c16bbcaa57889bf4353caf .idata 0×2cc000 0×980 0×1000 3.45 e5ea0b80b0b55a2c73aee5c423e8956e .reloc 0×2cd000 0×3a3 0×1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0×2ce000 0×4ffb 0×5000 4.66 2fa0c20dd8fbcf1837e630bc7d807913 ( 5 imports ) > KERNEL32.DLL: DeleteFileA, GetCommandLineA, CopyFileW, CopyFileA, GetLastError, CreateProcessA, OpenFileMappingA, GetFileSize, WriteFile, OpenFile, GetConsoleMode, CopyFileExW, GetStdHandle, CreateDirectoryA, GetFileTime, ExitThread, GlobalFree, ReadFile, Sleep, GetCPInfo, FindAtomA, CreateThread > USER32.DLL: InsertMenuA, GetDC, CopyImage, DrawTextA, GetFocus, GetMenu, DrawIconEx, AppendMenuW, CalcMenuBar, BlockInput, GetCursor, LoadCursorA, LoadMenuA, CopyRect, GetDlgItem, IsWindow > ADVAPI32.DLL: RegOpenKeyW, RegOpenKeyA, RegReplaceKeyW, RegCreateKeyExA, RegQueryInfoKeyW, RegLoadKeyA, RegDeleteKeyA, RegOpenKeyExW, RegLoadKeyW, RegReplaceKeyA, RegEnumValueA, RegEnumKeyW, RegQueryValueA, RegCreateKeyExW, RegOpenKeyExA, RegCreateKeyW, RegEnumKeyA, RegEnumValueW, RegGetKeySecurity, RegEnumKeyExW > ADVAPI32.DLL: RegOpenKeyA, RegLoadKeyA, RegQueryValueExA, RegQueryValueW, RegCreateKeyExA, RegReplaceKeyA, RegReplaceKeyW, RegEnumKeyW, RegCreateKeyExW, RegEnumKeyExA, RegQueryInfoKeyW, RegGetKeySecurity, RegOpenKeyW, RegDeleteKeyA, RegLoadKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumKeyA > KERNEL32.DLL: GetComputerNameA, Sleep, GetStdHandle, GetCPInfo, DeleteFileA, ExitThread, GlobalFree, CopyFileA, DeleteFileW, CopyFileExA, CreateDirectoryA, GetFileSize, GetLastError, GetCommandLineA, OpenFileMappingA, GetConsoleMode, FindFirstFileA, SetLastError, OpenFile, CreateProcessA, CopyFileExW ( 0 exports )

Antivirus 2009

Host: softwareclicks2.com
IP: 64.86.17.44

Whois:

OrgName:    Teleglobe Inc.
OrgID:      GLBE
Address:    1441 Carrie-Derick
City:       Montreal
StateProv: QC
PostalCode: H3C-4S9
Country:    CA

NetRange:   64.86.0.0 - 64.86.255.255
CIDR:       64.86.0.0/16
OriginAS:   AS6453
NetName:    TELEGLOBE
NetHandle: NET-64-86-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: CASTOR.TELEGLOBE.NET
NameServer: POLLUX.TELEGLOBE.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-05-04
Updated:    2007-04-23

RAbuseHandle: ABUSE1643-ARIN
RAbuseName:   Abuse
RAbusePhone: +1-514-868-7875

Host: total-antivirus-scan.com
IP: 64.86.17.44

Whois:

OrgName:    Teleglobe Inc.
OrgID:      GLBE
Address:    1441 Carrie-Derick
City:       Montreal
StateProv: QC
PostalCode: H3C-4S9
Country:    CA

NetRange:   64.86.0.0 - 64.86.255.255
CIDR:       64.86.0.0/16
OriginAS:   AS6453
NetName:    TELEGLOBE
NetHandle: NET-64-86-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: CASTOR.TELEGLOBE.NET
NameServer: POLLUX.TELEGLOBE.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-05-04
Updated:    2007-04-23

RAbuseHandle: ABUSE1643-ARIN
RAbuseName:   Abuse
RAbusePhone: +1-514-868-7875

Host: premium-update.com
IP: 64.86.17.44

Whois:

OrgName:    Teleglobe Inc.
OrgID:      GLBE
Address:    1441 Carrie-Derick
City:       Montreal
StateProv: QC
PostalCode: H3C-4S9
Country:    CA

NetRange:   64.86.0.0 - 64.86.255.255
CIDR:       64.86.0.0/16
OriginAS:   AS6453
NetName:    TELEGLOBE
NetHandle: NET-64-86-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: CASTOR.TELEGLOBE.NET
NameServer: POLLUX.TELEGLOBE.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-05-04
Updated:    2007-04-23

RAbuseHandle: ABUSE1643-ARIN
RAbuseName:   Abuse
RAbusePhone: +1-514-868-7875

Host: securedliveupdate.com
IP: 64.86.17.44

Whois:

OrgName:    Teleglobe Inc.
OrgID:      GLBE
Address:    1441 Carrie-Derick
City:       Montreal
StateProv: QC
PostalCode: H3C-4S9
Country:    CA

NetRange:   64.86.0.0 - 64.86.255.255
CIDR:       64.86.0.0/16
OriginAS:   AS6453
NetName:    TELEGLOBE
NetHandle: NET-64-86-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: CASTOR.TELEGLOBE.NET
NameServer: POLLUX.TELEGLOBE.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-05-04
Updated:    2007-04-23

RAbuseHandle: ABUSE1643-ARIN
RAbuseName:   Abuse
RAbusePhone: +1-514-868-7875

Host: secureyourpayments.com
IP: 64.86.17.44

Whois of secureyourpayments.com:

Registrant:
   Valensia Holmes
   402 Office Park Drive
   Birmingham, Alabama 35223
   United States

   Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
   Domain Name: SECUREYOURPAYMENTS.COM
      Created on: 09-Sep-08
      Expires on: 09-Sep-09
      Last Updated on: 09-Sep-08

   Administrative Contact:
      Holmes, Valensia ValensiaHolmesceo@googlemail.com
      402 Office Park Drive
      Birmingham, Alabama 35223
      United States
      (205) 830-9900      Fax –

   Technical Contact:
      Holmes, Valensia ValensiaHolmesceo@googlemail.com
      402 Office Park Drive
      Birmingham, Alabama 35223
      United States
      (205) 830-9900      Fax –

Whois of 64.86.17.44:

OrgName:    Teleglobe Inc.
OrgID:      GLBE
Address:    1441 Carrie-Derick
City:       Montreal
StateProv: QC
PostalCode: H3C-4S9
Country:    CA

NetRange:   64.86.0.0 - 64.86.255.255
CIDR:       64.86.0.0/16
OriginAS:   AS6453
NetName:    TELEGLOBE
NetHandle: NET-64-86-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: CASTOR.TELEGLOBE.NET
NameServer: POLLUX.TELEGLOBE.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-05-04
Updated:    2007-04-23

RAbuseHandle: ABUSE1643-ARIN
RAbuseName:   Abuse
RAbusePhone: +1-514-868-7875

Host: softwarebillingservice.com
IP: 63.219.177.214

Whois of softwarebillingservice.com

Registration Service Provided By: ERDOMAIN.COM
Contact: +49.3036741521
Website: http://www.erdomain.com

Domain Name: SOFTWAREBILLINGSERVICE.COM

Registrant:
    N/A
    Viktor Temchenko        (temchenkoviktor@googlemail.com)
    Pr. Geroev Tryda
    Kharkov
    Kharkiv Oblast,01001
    UA
    Tel. +380.936328480

Creation Date: 03-Nov-2008
Expiration Date: 03-Nov-2009

Whois of 63.219.177.214

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Antivirus 2009

Rogue antivirus Antivirus 2009 from Pandora Software

Antivirus 2009

Tags: Antivirus 2009, Beyond The Network America, rogue antivirus, Teleglobe Inc
Posted in Malware, Rogues | No Comments »

Ultra Antivirus rogue antivirus application

Friday, November 7th, 2008

Ultra Antivirus a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Ultra Antivirus

File Release_UNREG.exe received on 11.07.2008 17:41:38 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.7.1	2008.11.07	-
AntiVir	7.9.0.26	2008.11.07	DR/FakeAV.BC.20
Authentium	5.1.0.4	2008.11.07	-
Avast	4.8.1248.0	2008.11.06	Win32:Neptunia-AGB
AVG	8.0.0.161	2008.11.07	FakeAlert.BD
BitDefender	7.2	2008.11.07	Dropped:Trojan.Fakeav.BC
CAT-QuickHeal	9.50	2008.11.07	-
ClamAV	0.94.1	2008.11.07	Adware.Brasen-2
DrWeb	4.44.0.09170	2008.11.07	-
eSafe	7.0.17.0	2008.11.06	Suspicious File
eTrust-Vet	31.6.6198	2008.11.07	-
Ewido	4.0	2008.11.07	-
F-Prot	4.4.4.56	2008.11.06	-
F-Secure	8.0.14332.0	2008.11.07	TXT/JunkFakeAlert.C
Fortinet	3.117.0.0	2008.11.07	PossibleThreat
GData	19	2008.11.07	Dropped:Trojan.Fakeav.BC
Ikarus	T3.1.1.45.0	2008.11.07	Trojan.Win32.FakeSecSen
K7AntiVirus	7.10.519	2008.11.07	-
Kaspersky	7.0.0.125	2008.11.07	not-a-virus:FraudTool.Win32.MSAntivirus.bo
McAfee	5426	2008.11.06	Generic.dx
Microsoft	1.4104	2008.11.07	Trojan:Win32/FakeSecSen
NOD32	3595	2008.11.07	-
Norman	5.80.02	2008.11.07	Antivirus2008.ET.dropper
Panda	9.0.0.4	2008.11.07	Adware/UltraAntivirus2009
PCTools	4.4.2.0	2008.11.07	-
Prevx1	V2	2008.11.07	Fraudulent Security Program
Rising	21.02.42.00	2008.11.07	-
SecureWeb-Gateway	6.7.6	2008.11.07	Trojan.Dropper.FakeAV.BC.20
Sophos	4.35.0	2008.11.07	Mal/FakeAV-F
Sunbelt	3.1.1783.2	2008.11.05	Ultra Antivirus 2009(UltraAV)
Symantec	10	2008.11.07	AntiVirus2009
TheHacker	6.3.1.1.144	2008.11.07	-
TrendMicro	8.700.0.1004	2008.11.07	-
VBA32	3.12.8.9	2008.11.06	-
ViRobot	2008.11.7.1457	2008.11.07	-
VirusBuster	4.5.11.0	2008.11.07	-

Additional information
File size: 1068932 bytes
MD5…: 287d60b2ef39a8edafc30a75467acc26
SHA1..: 5c78e6dd8dc1e3ac12ddb809bbfc131dc469e13f
SHA256: 396379871e70ba2e088c71f33f52ec0cb8adb332d5421dfeb973e455e7daaf6f
SHA512: 1b902c16ff6412d0e5615e13a9224b8d7ec619fd20d5dcda1a5174cbb36be125 3eed4cee75ff28222d5234e18d058072bcc41bf9dc07e6729020fefbb6fc570e
PEiD..: -
TrID..: File type identification WinRAR Self Extracting archive (96.2%) Win32 Executable Generic (1.5%) Win32 Dynamic Link Library (generic) (1.4%) Generic Win/DOS Executable (0.3%) DOS Executable Generic (0.3%)
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401000 timedatestamp…..: 0×48832f43 (Sun Jul 20 12:27:47 2008) machinetype…….: 0×14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0xb000 0xaa00 6.38 617fd2b6e593db880055da5d052e2e90 .data 0xc000 0×10000 0xe00 5.98 a3a1c5a7089b8ab4c4a34e2156d324b3 .idata 0×1c000 0×1000 0×1000 4.90 9f01d3ddd424f15429a8ad4b561ae1f5 .rsrc 0×1d000 0×8cbc 0×8e00 5.05 05ace194adf71ba5ee93257fc93e646d ( 7 imports ) > ADVAPI32.DLL: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA > KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, OpenFile, ReadFile, SetCurrentDirectoryA, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, SetVolumeLabelA, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, _lclose, lstrcmpiA, lstrlenA > COMCTL32.DLL: - > GDI32.DLL: DeleteObject > SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA > USER32.DLL: CharLowerA, CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA > OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize ( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=287d60b2ef39a8edafc30a75467acc26
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=64A1441D001C4D914566067F97856F008DF19A1A
packers (F-Prot): ZIP, Aspack

Ultra Antivirus

Host: ultraantivirus2009.com
IP: 91.208.0.223

Whois:

netname:        STILLTRADE-NET
descr:          Still Trade Ltd
country:        RU
org:            ORG-STIL1-RIPE
admin-c:        PERE1-RIPE
tech-c:         PERE1-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-HM-PI-MNT
mnt-by:         STILLTRADE-MNT
mnt-lower:      RIPE-NCC-HM-PI-MNT
mnt-routes:     STILLTRADE-MNT
mnt-domains:    STILLTRADE-MNT
source:         RIPE # Filtered

Other sites:

1. Micro-antiv2009.com
2. Micro-antivir-2009.com
3. Micro-antivir2009.com
4. Micro-antivirus-2009.com
5. Micro-av-2009.com
6. Micro-av2009.com
7. Microantivir-2009.com
8. Microantivir2009.com
9. Microantivirus-2009.com
10. Microantivirus2009.com
11. Microav2009.com
12. Ultraantivirus2009.com

Host: secure.innovagest2000s.com
IP: 63.219.177.211

Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Pandora software

Ultra Antivirus

Tags: Beyond The Network America, rogue antivirus, Still Trade Ltd, Ultra Antivirus
Posted in Malware, Rogues | No Comments »

Antivirus 2009 rogue antivirus application

Wednesday, November 5th, 2008

Antivirus 2009 a rogue antivirus application. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Antivirus 2009

File zcodec.1179.exe received on 11.05.2008 19:03:28 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.5.3	2008.11.05	-
AntiVir	7.9.0.26	2008.11.05	-
Authentium	5.1.0.4	2008.11.05	-
Avast	4.8.1248.0	2008.11.05	-
AVG	8.0.0.161	2008.11.05	-
BitDefender	7.2	2008.11.05	-
CAT-QuickHeal	9.50	2008.11.04	-
ClamAV	0.94.1	2008.11.05	-
DrWeb	4.44.0.09170	2008.11.05	-
eSafe	7.0.17.0	2008.11.05	Suspicious File
eTrust-Vet	31.6.6190	2008.11.05	-
Ewido	4.0	2008.11.05	-
F-Prot	4.4.4.56	2008.11.05	-
F-Secure	8.0.14332.0	2008.11.05	-
Fortinet	3.117.0.0	2008.11.05	-
GData	19	2008.11.05	-
Ikarus	T3.1.1.45.0	2008.11.05	Trojan-Downloader.Win32.Renos
K7AntiVirus	7.10.517	2008.11.05	-
Kaspersky	7.0.0.125	2008.11.05	-
McAfee	5424	2008.11.04	-
Microsoft	1.4005	2008.11.05	TrojanDownloader:Win32/Renos.BAH
NOD32	3587	2008.11.05	-
Norman	5.80.02	2008.11.05	-
Panda	9.0.0.4	2008.11.05	-
PCTools	4.4.2.0	2008.11.05	-
Prevx1	V2	2008.11.05	Fraudulent Security Program
Rising	21.02.22.00	2008.11.05	-
SecureWeb-Gateway	6.7.6	2008.11.05	Trojan.Dldr.LooksLike.Agent.anlg
Sophos	4.35.0	2008.11.05	-
Sunbelt	3.1.1783.2	2008.11.05	-
Symantec	10	2008.11.05	-
TheHacker	6.3.1.1.140	2008.11.05	-
TrendMicro	8.700.0.1004	2008.11.05	Possible_DLDER
VBA32	3.12.8.9	2008.11.05	-
ViRobot	2008.11.5.1453	2008.11.05	-
VirusBuster	4.5.11.0	2008.11.05	-

Additional information
File size: 69120 bytes
MD5…: 5285d1ac7c1ef893c515eef078891a47
SHA1..: f6a528195e49f3cffd9adb9cf6062943ce5bc07d
SHA256: 0d7b5a49ee44f92539424d34721ae741924f890d8f946387373500216783d3bc
SHA512: 82b33ba253349298bc60a54ffe32722c4cc83c876d876f60ff950e2d1d6ed7e2 8ce18b210464e3fa496d050ab15bb6d817cb46570e6b4194f27bf047ea106051
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×4025c0 timedatestamp…..: 0×49114fcf (Wed Nov 05 07:48:31 2008) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×2655 0×2800 6.52 6d38b5001569200d2257b47e266d0ca7 .rdata 0×4000 0×9b2 0xa00 5.08 cbb079fe3e5c511fc08bdc91ee53709c .data 0×5000 0xde3c 0xd800 7.98 48af1b1d062a2cabf3d70b723b5fabe4 ( 6 imports ) > KERNEL32.dll: CreateFileA, CloseHandle, DeviceIoControl, GetSystemDirectoryA, GetVolumeInformationA, ExitProcess, TerminateProcess, SetProcessPriorityBoost, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetCurrentProcess, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, IsBadWritePtr, GetComputerNameA, WriteFile, lstrlenA, lstrcatA, GetVersionExA, Sleep, GetTempPathA, CreateProcessA > USER32.dll: GetDlgItem, wsprintfA > SHELL32.dll: ShellExecuteExA, SHChangeNotify > MSVCRT.dll: sprintf, rand, __CxxFrameHandler, __2@YAPAXI@Z, strstr, srand, time, strncat, atoi, _except_handler3, strncpy, _strdup, __3@YAXPAX@Z, _itoa > MSVCP60.dll: __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Xlen@std@@YAXXZ, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z > WININET.dll: HttpQueryInfoA, InternetOpenUrlA, InternetOpenA, InternetCloseHandle, InternetReadFile ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3B56EC65005D9CA90E2F01F8696E9700B4E96D9E

Antivirus 2009

Host: newer-pon-hub2008.com
IP: 66.232.105.254
Whois:

OrgName:    NOC4Hosts Inc.
OrgID:      NOC4H
Address:    400 N Tampa St
Address:    #1025
City:       Tampa
StateProv: FL
PostalCode: 33602
Country:    US

Other sites:

1. Best-softportal.com
2. Best-softwareportal.com
3. Celebrity-on-video-2008.com
4. Domain5122.com
5. E-softpoertals2008.com
6. E-softportals.com
7. Funportalsoft.com
8. Funsoft-enjoyportal.com
9. I-av-scanner.com
10. I-softportal08.com
11. Main-downloadportal.com
12. Main-porn-hub.com
13. Main-softwaredownload.com
14. New-porn-hub.com
15. New-porn-tubeportal.com
16. Newest-porn-tube.com
17. Online-av-scann2008.com
18. Soft4enjoy2008.com
19. Soft4funportal.com
20. Soft4funportal2008.com

Host: live-antivirus-scan.com
IPs: 89.149.253.215 and 91.203.92.47 and 78.159.118.217

Whois:

inetnum:        89.149.253.0 - 89.149.255.255
netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822

Other sites:

1. Protectiononlineinfo.com

Host: secure.innovagest2000sl.com
IP: 207.226.175.126
Whois:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Antivirus 2009 by Pandora software

Antivirus 2009

Tags: Antivirus 2009, Beyond The Network America, NETDIRECT-NET, NOC4Hosts, rogue antivirus
Posted in Malware, Rogues | No Comments »

We recommend:
CESAM Anti-Malware

Clean The Net

Your guide to Remove Virus

Posts Tagged ‘Beyond The Network America’

System security fake antivirus application

Rapid Antivirus rogue antivirus application

System Security rogue antivirus application

System Security another rogue antivirus application

Antivirus 2009 rogue antivirus application

Antivirus 2009 rogue antivirus application

PRO Antispyware 2009 rogue antispyware application

Antivirus 2009 rogue antivirus application

Ultra Antivirus rogue antivirus application

Antivirus 2009 rogue antivirus application

We recommend:
CESAM Anti-Malware

Archives

Tag Cloud

Categories

Recent Posts

Recent Comments

Glossary

July 2009
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Your guide to Remove Virus

Posts Tagged ‘Beyond The Network America’

We recommend: CESAM Anti-Malware

Archives

Tag Cloud

Categories

Recent Posts

Recent Comments

Glossary

We recommend:
CESAM Anti-Malware