Clean The Net

Total Secure 2009 is a fake - rogue antivirus. To remove that rogue application viruses and antispyware use Kaspersky antivirus - http://cleanthe.net/how-to-remove-virus/

File MediaTubeCodec_ver1.812.0.exe received on 10.22.2008 15:31:16 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.10.22.0	2008.10.22	-
AntiVir	7.9.0.5	2008.10.22	TR/Dldr.Zlob.aajg
Authentium	5.1.0.4	2008.10.22	-
Avast	4.8.1248.0	2008.10.22	-
AVG	8.0.0.161	2008.10.22	-
BitDefender	7.2	2008.10.22	-
CAT-QuickHeal	9.50	2008.10.22	-
ClamAV	0.93.1	2008.10.22	-
DrWeb	4.44.0.09170	2008.10.22	-
eSafe	7.0.17.0	2008.10.19	-
eTrust-Vet	31.6.6162	2008.10.21	-
Ewido	4.0	2008.10.22	-
F-Prot	4.4.4.56	2008.10.22	-
F-Secure	8.0.14332.0	2008.10.22	-
Fortinet	3.113.0.0	2008.10.22	-
GData	19	2008.10.22	-
Ikarus	T3.1.1.44.0	2008.10.22	Trojan-Downloader.Zlob
K7AntiVirus	7.10.501	2008.10.21	-
Kaspersky	7.0.0.125	2008.10.22	-
McAfee	5411	2008.10.22	-
Microsoft	1.4005	2008.10.22	TrojanDownloader:Win32/Zlob.gen!CD
NOD32	3545	2008.10.22	-
Norman	5.80.02	2008.10.22	-
Panda	9.0.0.4	2008.10.22	-
PCTools	4.4.2.0	2008.10.22	-
Prevx1	V2	2008.10.22	-
Rising	20.67.22.00	2008.10.22	-
SecureWeb-Gateway	6.7.6	2008.10.22	Trojan.Dldr.Zlob.aajg
Sophos	4.34.0	2008.10.22	-
Sunbelt	3.1.1742.1	2008.10.21	-
Symantec	10	2008.10.22	-
TheHacker	6.3.1.0.123	2008.10.22	-
TrendMicro	8.700.0.1004	2008.10.22	-
VBA32	3.12.8.8	2008.10.22	suspected of Win32.Trojan-Downloader
ViRobot	2008.10.22.1432	2008.10.22	-
VirusBuster	4.5.11.0	2008.10.22	-
Additional information
File size: 77824 bytes
MD5…: c1202919430900fd93e48dd6fab11cd6
SHA1..: 832d6fc07e7d45c3e89d33d04667f651a472ec5d
SHA256: ae993034e5fcdb5839639746f5c6fd59f285e1a0e6b90a014deb0408901e7c96
SHA512: a387584e9ba4db719800462d525c86b5ca4183eae74c7e0d1353977844372c63 3524dc2caf0c0b5605763de593e89952253fc2bfcfd537857da8731e1f2ce460
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×404950 timedatestamp…..: 0×48ff21d6 (Wed Oct 22 12:51:34 2008) machinetype…….: 0×14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0xadd7 0xb000 6.50 9b73cfbb6a4d4489b8ed47db51cb5657 .rdata 0xc000 0×467c 0×5000 4.80 e6135070d7c2a324e6665662dd569327 .data 0×11000 0×183c 0×1000 2.34 80d441cd7bfce31439da51c0d7736c55 .rsrc 0×13000 0xb0 0×1000 3.06 1fc8e43d261086abf4c231ece0e54239 ( 1 imports ) > KERNEL32.dll: HeapAlloc, GetProcessHeap, GetProcAddress, LoadLibraryW, SetLastError, GetLastError, FreeLibrary, HeapFree, GetVersionExA, LoadLibraryA, GetCurrentThread, GetCurrentProcess, lstrlenA, RaiseException, RtlUnwind, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleA, TlsGetValue, TlsSetValue, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, LeaveCriticalSection, EnterCriticalSection, VirtualFree, VirtualAlloc, HeapReAlloc, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, Sleep, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, WideCharToMultiByte, LCMapStringW ( 0 exports )

Host: moviesportal2008xxx.com
IP: 72.232.183.154

Whois:
OrgName: Layered Technologies, Inc.
OrgID: LAYER-3
Address: 5085 W Park Blvd
Address: Suite 700
City: Plano
StateProv: TX
PostalCode: 75093
Country: US

Other sites distributing rogue antivirus Total secure 2009:

1. Funnyportal2008p.com
2. Movieportal2008q.com
3. Mp3portal2008p.com
4. Softportal2008p.com
5. Starsportal2008p.com
6. Funnyportal2008xxx.com
7. Funnyportal2008yyy.com
8. Moviesportal2008eee.com
9. Moviesportal2008xxx.com
10. Moviesportal2008yyy.com
11. Moviesportal2008zzz.com
12. Mp3portal2008xxx.com
13. Mp3portal2008yyy.com
14. Softportal2008xxx.com
15. Softportal2008yyy.com
16. Starsportal2008xxx.com
17. Starsportal2008yyy.com

Host: softwaredownload2008hq.com
IP: 78.157.143.250

Whois:

netname: VDHOST
descr: VdHost Ltd.
descr:
country: LV
admin-c: AV2990-RIPE
tech-c: UNHM-RIPE
status: ASSIGNED PA
mnt-by: UN-MNT
source: RIPE # Filtered

role: UltraNet Hostmaster
address: UltraNet SIA
Aizkraukles 23
Riga, LV-1006
Latvia
phone: +371 67543003
fax-no: +371 67594435

Other sites distributing rogue antivirus Total secure 2009:

1. Softdownload2008nm.com
2. Softdownload2008p.com
3. Softdownoad2008name.com
4. Softload2008cx.com
5. Softwaredownload2008gs.com
6. Softwaredownload2008gt.com
7. Softwaredownload2008hq.com
8. Softwaredownload2008hs.com
9. Softwaredownload2008rs.com
10. Softwaredownload2008sq.com
11. Softwaredownload2008st.com
12. Softwaredownload2008tq.com

Host: total-secure2009.com
IP: 200.63.45.55

Whois:

inetnum: 200.63.45/24
status: reallocated
owner: Ricardo Carreras
ownerid: HN-RICA-LACNIC
responsible: Honduras Web
address: P.O.Box: 1142 La Ceiba, #37 street., 1142, 37
address: 00000 - Tegucigalpa - TE
country: HN
phone: +504 9815-3645 []
owner-c: RIC9
tech-c: RIC9
abuse-c: RIC9
created: 20080630
changed: 20080630
inetnum-up: 200.63.40/21

Other sites distributing rogue antivirus Total secure 2009:

1. Total-secure2009.com
2. Windefender-2009.com

Host: viacodecright—2.com
IP: 77.91.227.179

Whois:

person: Pavel Malinkovich
address: Tevosyana 40a-89
address: Electrostal, Moscow Region
address: Russia
phone: +7 495 5434485
abuse-mailbox: abuse@netplace.ru
nic-hdl: PM946-RIPE
source: RIPE # Filtered

Other sites distributing rogue antivirus Total secure 2009:

1. Codecadult23df18.com
2. Hot-sextubedriver2.com
3. Sextubecodec023dfs41.com
4. Viacodecright—2.com

Host: megauplinkbindinstaller.com
IP: 91.203.92.99

Whois:

netname: BASTION-NET
descr: ISP UATelecom
country: EU
org: ORG-TG39-RIPE
admin-c: ML7676-RIPE
tech-c: UNm3-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT

Other sites distributing rogue antivirus Total secure 2009:

1. Megauplinkbindinstaller.com
2. Theupdatedownload.com

Host: onsafepro—2008.com
IP: 91.203.92.25

Whois:

netname: BASTION-NET
descr: ISP UATelecom
country: EU
org: ORG-TG39-RIPE
admin-c: ML7676-RIPE
tech-c: UNm3-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT

Other sites distributing rogue antivirus Total secure 2009:

1. Directnameservice—2008.com
2. Onsafepro—2008.com
3. S-avirus.com
4. Viruswebprotect—2008.com

Host: secure.intro-pay.com
IP: 216.40.219.141

Whois:

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US

Other sites selling rogue antivirus Total secure 2009:

1. Ds-pay.com
2. Intro-pay.com
3. Ormondsystems.com

Host: protect.trustedantivirus.com
IP: 93.190.139.221

Whois:

netname: WORLDSTREAM
descr: WorldStream IPv4.4
country: NL
admin-c: WS1670-RIPE
tech-c: WS1670-RIPE
status: ASSIGNED PA
mnt-by: MNT-WORLDSTREAM
mnt-by: KABELFOON-MNT
source: RIPE # Filtered

role: WORLDSTREAM DBM
address: Honderdland 111F
address: 2676LT Maasdijk
phone: +31174712117
fax-no: +31174512310

Other sites:

1. Gomyhit.com
2. Gomyron.com
3. Rdrmngr.com
4. Sadafaha.com
5. Vmaff.com

Host: intervarioclick.com
IP: 76.74.249.30

Whois:

OrgName: Peer 1 Network Inc.
OrgID: PER1
Address: 75 Broad Street
Address: 2nd Floor
City: New York
StateProv: NY
PostalCode: 10004
Country: USOrgName: Peer 1 Network Inc.
OrgID: PER1
Address: 75 Broad Street
Address: 2nd Floor
City: New York
StateProv: NY
PostalCode: 10004
Country: US

Other sites:

1. Ad2cash.net
2. Ad2profit.com
3. Adcomatoz.com
4. Adgurman.com
5. Adhokuspokus.com
6. Adnetserver.com
7. Adredired.com
8. Adverdaemon.com
9. Adverlounge.com
10. Adzyclon.com
11. Astalaprofit.com
12. B2adz.com
13. Beststatsever.com
14. Bizadsonline.net
15. Bizadverts.com
16. Bizmarketads.com
17. Blessedads.com
18. Brandmarketads.com
19. Clickadnet.net
20. Friedads.com
21. Glorymarkets.com
22. Greatad.net
23. Hostadserve.com
24. Iddqdmarketing.com
25. Intervarioclick.com
26. Invulnerableads.com
27. Luckyadcoin.com
28. Luckyadsols.com
29. Moneycometrue.com
30. Mythmarketing.com
31. Popadprovider.com
32. Prevedmarketing.com
33. Rocktheads.com
34. Sharpadverts.com
35. Shivanetworking.com
36. Statisticsmanager.com
37. Statsreportserver.com
38. Waytotheprofit.com
39. Widestatsnow.com

Antivirus Plasma fake antivirus. To remove viruses and antispyware use Kaspersky antivirus - http://cleanthe.net/how-to-remove-virus/

File AVPlasmaSetup.exe received on 10.17.2008 17:30:16 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.10.18.0	2008.10.17	Win-Trojan/Fakeav.898048
AntiVir	7.9.0.5	2008.10.17	TR/Fake.AVPlasma.A
Authentium	5.1.0.4	2008.10.17	-
Avast	4.8.1248.0	2008.10.15	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.10.17	-
BitDefender	7.2	2008.10.17	Trojan.FakeAV.CG
CAT-QuickHeal	9.50	2008.10.17	-
ClamAV	0.93.1	2008.10.17	-
DrWeb	4.44.0.09170	2008.10.17	-
eSafe	7.0.17.0	2008.10.16	-
eTrust-Vet	31.6.6153	2008.10.17	-
Ewido	4.0	2008.10.17	-
F-Prot	4.4.4.56	2008.10.16	-
F-Secure	8.0.14332.0	2008.10.17	Rogue:W32/XPAntivirus.GGX
Fortinet	3.113.0.0	2008.10.17	Adware/Fakeavplasma
GData	19	2008.10.17	Trojan.FakeAV.CG
Ikarus	T3.1.1.44.0	2008.10.17	Virus.Win32.Trojan
K7AntiVirus	7.10.498	2008.10.17	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.10.17	-
McAfee	5407	2008.10.16	-
Microsoft	1.4005	2008.10.17	Trojan:Win32/FakeSecSen
NOD32	3532	2008.10.17	-
Norman	5.80.02	2008.10.16	-
Panda	9.0.0.4	2008.10.17	Application/AntivirusPlasma
PCTools	4.4.2.0	2008.10.17	-
Prevx1	V2	2008.10.17	-
Rising	20.66.42.00	2008.10.17	-
SecureWeb-Gateway	6.7.6	2008.10.17	Trojan.Fake.AVPlasma.A
Sophos	4.34.0	2008.10.17	Sus/Uddo-B
Sunbelt	3.1.1730.1	2008.10.17	Antivirus Plasma
Symantec	10	2008.10.17	AntivirusPlasma
TheHacker	6.3.1.0.116	2008.10.16	-
TrendMicro	8.700.0.1004	2008.10.17	-
VBA32	3.12.8.7	2008.10.16	Hoax.Win32.FakeAV.Plasma
ViRobot	2008.10.17.1425	2008.10.17	-
VirusBuster	4.5.11.0	2008.10.17	-
Additional information
File size: 898048 bytes
MD5…: 349b6abfcc619965a71922dfedbf97c5
SHA1..: 3316fabf057e370abcf1dfe5b50a620f32d9a6da
SHA256: 2b265462e76086d6acea2434709a5e9a94f39b3371f18cc9fbae20c644f84c90
SHA512: ffb80af2f32be8b3fef359d77b52517d2f5f3e3b41dceeb7f2072e45f6ddcb3c 19844f497083de98c187bf4fd3ccf2b1754878116d98fe5e851e66dae1f678f3
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
TrID..: File type identification Win32 Executable Borland Delphi 7 (66.6%) Win32 Executable Borland Delphi 6 (26.1%) InstallShield setup (4.2%) Win32 Executable Delphi generic (1.4%) Win32 Executable Generic (0.8%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×483abc timedatestamp…..: 0×2a425e19 (Fri Jun 19 22:22:17 1992) machinetype…….: 0×14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0×1000 0×82b1c 0×82c00 6.55 8c3a7d036558d47672e885be7873bcda DATA 0×84000 0×239c 0×2400 4.96 4ca1c605f3d11663dd8435ddb01ef22e BSS 0×87000 0xf81 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0×88000 0×25da 0×2600 5.04 d1505c83f9134e0197d538b5d4a619ef .tls 0×8b000 0×10 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0×8c000 0×18 0×200 0.20 bcba58e4744c4acf760096ae29612d39 .reloc 0×8d000 0×8920 0×8a00 6.65 47b0cd2f95fb80f69b0ef2762fd061e1 .rsrc 0×96000 0×4ae00 0×4ae00 6.78 aa56304c6a4db2af19ee26ab5b8012ba ( 19 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle > user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA > advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey > kernel32.dll: lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle > version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA > gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt > user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout > kernel32.dll: Sleep > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit > ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize > oleaut32.dll: GetErrorInfo, SysFreeString > comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls > shell32.dll: Shell_NotifyIconA, ShellExecuteA > shell32.dll: SHGetSpecialFolderPathA > kernel32.dll: MulDiv > wsock32.dll: WSACleanup, WSAStartup, gethostbyname ( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=349b6abfcc619965a71922dfedbf97c5

Host: antivirusplasma.com
IP: 72.36.167.165
Whois:

OrgName:    Layered Technologies, Inc.
OrgID:      LAYER-3
Address:    5085 W Park Blvd
Address:    Suite 700
City:       Plano
StateProv:  TX
PostalCode: 75093
Country:    US

SpywareIsolator is a rogue Antispyware application. Stay away from following IP and hosts!

Host: spywareisolator.com
IP: 72.233.50.150

Whois:

OrgName:    Layered Technologies, Inc.
OrgID:      LAYER-3
Address:    5085 W Park Blvd
Address:    Suite 700
City:       Plano
StateProv:  TX
PostalCode: 75093
Country:    US
OrgAbuseHandle: LAT-ARIN
OrgAbuseName:   LT Abuse Team
OrgAbusePhone:  +1-972-398-7998
OrgAbuseEmail:  abuse@layeredtech.com

File spywareisolator_installer.exe received on 07.31.2008 16:06:51 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.07.31	Win-AppCare/Spywareisolator.81920.B
AntiVir	7.8.1.12	2008.07.31	-
Authentium	5.1.0.4	2008.07.31	-
Avast	4.8.1195.0	2008.07.31	Win32:Trojan-gen {Other}
AVG	8.0.0.156	2008.07.31	Downloader.Purityscan.BB
BitDefender	7.2	2008.07.31	Adware.Rogue.SpywareIsolator.A
CAT-QuickHeal	9.50	2008.07.30	FraudTool.SpywareIsolator.f (Not a Virus)
ClamAV	0.93.1	2008.07.31	Adware.Downloader-88
DrWeb	4.44.0.09170	2008.07.31	Trojan.Fakealert.439
eSafe	7.0.17.0	2008.07.29	????????????????????
eTrust-Vet	31.6.5998	2008.07.31	-
Ewido	4.0	2008.07.31	Not-A-Virus.PUP.SpywareIsolator
F-Prot	4.4.4.56	2008.07.30	-
F-Secure	7.60.13501.0	2008.07.31	FraudTool.Win32.SpywareIsolator.a
Fortinet	3.14.0.0	2008.07.31	Misc/SpywareIsolator
GData	2.0.7306.1023	2008.07.31	Win32:Trojan-gen
Ikarus	T3.1.1.34.0	2008.07.31	not-a-virus:.FraudTool.Win32.SpywareIsolator.f
Kaspersky	7.0.0.125	2008.07.31	not-a-virus:FraudTool.Win32.SpywareIsolator.a
McAfee	5350	2008.07.30	potentially unwanted program SpywareIsolator
Microsoft	1.3704	2008.07.28	Program:Win32/SpywareIsolator
NOD32v2	3314	2008.07.31	Win32/Adware.SpywareIsolator
Norman	5.80.02	2008.07.30	-
Panda	9.0.0.4	2008.07.31	Application/SpywareIsolator
PCTools	4.4.2.0	2008.07.31	-
Prevx1	V2	2008.07.31	Fraudulent Security Program
Rising	20.55.32.00	2008.07.31	-
Sophos	4.31.0	2008.07.31	SpywareIsolator Installer
Sunbelt	3.1.1537.1	2008.07.29	SpywareIsolator
Symantec	10	2008.07.31	SpywareIsolator
TheHacker	6.2.96.389	2008.07.25	Aplicacion/SpywareIsolator.a
TrendMicro	8.700.0.1004	2008.07.31	WORM_SDBOT.GEN-1
VBA32	3.12.8.1	2008.07.31	Win32.Adware.SpywareIsolator
ViRobot	2008.7.31.1319	2008.07.31	-
VirusBuster	4.5.11.0	2008.07.30	-
Webwasher-Gateway	6.6.2	2008.07.31	-
Additional information
File size: 81920 bytes
MD5…: c9a6503e47edf429279db22e5b692c63
SHA1..: 683c6674cd05ef3450157c58b733b9687320b83c
SHA256: aaa43796f656a96b6f488cd67f862339f125e08bd3df0e5560e208454926af34
SHA512: 3852167694b4deb8bbe6644612ed8aa638b6c2051d9af12ccc3648a7f89def8f 92001e0e2b4aa059726c9b02d44f5377d68d4b9f8e3a672d6706ec41b16bec04
PEiD..: Armadillo v1.71
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×40363f timedatestamp…..: 0×47af152f (Sun Feb 10 15:15:59 2008) machinetype…….: 0×14c (I386)( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×5985 0×6000 6.35 3f5ff4589f1450b23816125279886c95 .rdata 0×7000 0×47a6 0×5000 6.88 fdab5bce59f321fd1b005489614dc721 .data 0xc000 0xedc 0×1000 1.79 122c07243128423036fd5da5d7eaff62 .rsrc 0xd000 0×6f78 0×7000 6.15 587b3f5687d846750e036308c36e973c ( 4 imports ) > KERNEL32.dll: CreateThread, ExitProcess, CreateProcessA, GetStartupInfoA, CloseHandle, WriteFile, CreateFileA, Sleep, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, LoadLibraryA, FindResourceA, GetOEMCP, GetACP, GetCPInfo, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, SizeofResource, GetModuleHandleA, GetProcAddress, LoadResource, RtlUnwind, RaiseException, GetCommandLineA, GetVersion, HeapFree, HeapAlloc, SetUnhandledExceptionFilter, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetStringTypeW > USER32.dll: DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, MessageBoxA, SetDlgItemTextA, EndDialog, DefWindowProcA, DestroyWindow, PostQuitMessage, CreateWindowExA, DialogBoxParamA, LoadIconA, LoadCursorA, RegisterClassExA, wsprintfA, LoadStringA, LoadAcceleratorsA > WININET.dll: InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle > ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA ( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=c9a6503e47edf429279db22e5b692c63
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3C8BE7C200E4B77B402101A498BDA5008898C10F

 

Host: secure.software-payment.com
IP: 216.195.56.148
Whois:

OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv:  OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle:  NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone:  +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Other sites on this IP:

1.  Adult-billing.com 
2.  Billhlp.com 
3.  Billingcenteronline.com 
4.  Billinghlp.com 
5.  Billinghost.net 
6.  Billingintegrator.com 
7.  Billingmill.com 
8.  Billingserviceonline.com 
9.  Billingsquad.net 
10.  Billingsvc.com 
11.  Billingware.net 
12.  Billinternet.com 
13.  Billsvc.com 
14.  Ccbillhelp.com 
15.  Ccbillservice.com 
16.  Customerhlp.com 
17.  Ebillingcenter.com 
18.  Eglobalbilling.com 
19.  Extrabilling.com 
20.  Fantazybill.com 
21.  Legalbillingsystems.com 
22.  Mainbillingcenter.com 
23.  Orderhlp.com 
24.  Paymentbit.com 
25.  Paymentbit.net 
26.  Paymentforge.com 
27.  Quickdownloadpro.com 
28.  Safepaymentsonline.com 
29.  Software-payment.com 
30.  Spankyhosting.com 
31.  Support-wizard.com 
32.  Supporthlp.com 
33.  Truebillingservices.com 
34.  Ultimatepayment.com 

Antivirus 2009 is a rogue Antispyware application. Stay away from following IP and hosts!

Host: windows-virus-scanner.com
IP:72.232.16.194

Whois:

OrgName:    Layered Technologies, Inc.
OrgID:      LAYER-3
Address:    5085 W Park Blvd
Address:    Suite 700
City:       Plano
StateProv:  TX
PostalCode: 75093
Country:    US
NetRange:   72.232.0.0 - 72.233.127.255
CIDR:       72.232.0.0/16, 72.233.0.0/17
NetName:    LAYERED-TECH-
NetHandle:  NET-72-232-0-0-1
Parent:     NET-72-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.LAYEREDTECH.COM
NameServer: NS2.LAYEREDTECH.COM
Comment:    Please send all abuse complaints to
Comment:    abuse@layeredtech.com

windows-virus-scanner(dot)com/2009/download/trial/AV2009Install_0011.exe

Virus Total description of this file:

File AV2009Install_0011.exe received on 07.23.2008 12:22:52 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.23.0	2008.07.22	-
AntiVir	7.8.1.11	2008.07.23	-
Authentium	5.1.0.4	2008.07.23	-
Avast	4.8.1195.0	2008.07.23	Win32:Fraudo
AVG	8.0.0.130	2008.07.23	-
BitDefender	7.2	2008.07.23	-
CAT-QuickHeal	9.50	2008.07.22	-
ClamAV	0.93.1	2008.07.23	-
DrWeb	4.44.0.09170	2008.07.23	-
eSafe	7.0.17.0	2008.07.22	-
eTrust-Vet	31.6.5976	2008.07.23	-
Ewido	4.0	2008.07.22	-
F-Prot	4.4.4.56	2008.07.22	-
F-Secure	7.60.13501.0	2008.07.23	-
Fortinet	3.14.0.0	2008.07.23	-
GData	2.0.7306.1023	2008.07.23	Win32:Fraudo
Ikarus	T3.1.1.34.0	2008.07.23	-
Kaspersky	7.0.0.125	2008.07.23	-
McAfee	5344	2008.07.22	-
Microsoft	1.3704	2008.07.23	-
NOD32v2	3290	2008.07.23	-
Norman	5.80.02	2008.07.22	-
Panda	9.0.0.4	2008.07.23	-
PCTools	4.4.2.0	2008.07.22	-
Prevx1	V2	2008.07.23	Fraudulent Security Program
Rising	20.54.22.00	2008.07.23	-
Sophos	4.31.0	2008.07.23	-
Sunbelt	3.1.1536.1	2008.07.18	-
Symantec	10	2008.07.23	AntiVirus2008
TheHacker	6.2.96.387	2008.07.23	-
TrendMicro	8.700.0.1004	2008.07.23	-
VBA32	3.12.8.1	2008.07.22	Trojan.Win32.Pakes.juu
VIRobot	2008.7.23.1307	2008.07.23	-
VirusBuster	4.5.11.0	2008.07.22	-
Webwasher-Gateway	6.6.2	2008.07.23	-
Additional information
File size: 103936 bytes
MD5…: b5e0316864b5d7dd4a9060b54d4aeb8e
SHA1..: 49ba66c30f04b9592d835a94d13fae0f750594bd
SHA256: 7030548a6bbd7ad320f5abe8a5d9f220392fd2309881a8885a8ae1b692edaa05
SHA512: ea856e74a873e0df39697c1b79539d85ad19de23c16af9435af6f451e67c39f8 ebddd1b441b0205dadae54c911846631b348669677aea617c92b9b12d35ecb47
PEiD..: -
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×4014a0 timedatestamp…..: 0×463138a0 (Thu Apr 26 23:41:20 2007) machinetype…….: 0×14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×3477 0×3600 1.34 6d33375141017a1ea632e33caee2510d .data 0×5000 0xe8cd 0xea00 7.48 6cce7954d864f0e1a339ce805e95cb46 .tls 0×14000 0×3b 0×200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rdata 0×15000 0×18 0×200 0.22 b2d62274e8f303cd13ac0afc27383ff4 .idata 0×16000 0×474 0×600 2.44 93d16fff8f49687ef4a698be2d5f67de .rsrc 0×17000 0xf49a 0×6600 5.75 d6b8c0503ae3f1d0151a82dba067ead7 ( 2 imports ) > COMCTL32.DLL: CreateMappedBitmap, ImageList_Copy, ImageList_Add, DrawStatusText, ImageList_LoadImageW, InitCommonControls, MenuHelp, ImageList_AddIcon, ImageList_DrawEx > ADVAPI32.DLL: RegQueryValueA, RegEnumKeyW, RegSetValueA, RegDeleteValueW, RegQueryValueExW, RegEnumKeyExA, RegEnumKeyA ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=B32E189700C34B0A964901B303010E00E060136A

Screenshot  of fake scanning by Antivirus 2009

Host:antivirus2009professional.com
IP:89.149.226.24

Whois:

inetnum:        89.149.226.0 - 89.149.227.255
netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Other sites on this IP:

1.  Drivemedirect.com 
2.  Global-clicks.com 
3.  Windows-internet-scanner.com 

Screenshot of a license purchase from antivirus2009professional.com

Screenshot of a license purchase from secure.billingware.net

Host:secure.billingware.net
IP:216.195.56.148

Whois:

OrgName:    APS Telecom
OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv:  OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle:  NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone:  +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Other sites on this IP:

1.  Adult-billing.com 
2.  Bestreleases.org 
3.  Billhlp.com 
4.  Billingcenteronline.com 
5.  Billinghlp.com 
6.  Billinghost.net 
7.  Billingintegrator.com 
8.  Billingmill.com 
9.  Billingserviceonline.com 
10. Billingsquad.net 
11. Billingsvc.com 
12. Billingware.net 
13. Billinternet.com 
14. Billsvc.com 
15. Ccbillhelp.com 
16. Ccbillservice.com 
17. Customerhlp.com 
18. Ebillingcenter.com 
19. Eglobalbilling.com 
20. Extrabilling.com 
21. Fantazybill.com 
22. Legalbillingsystems.com 
23. Mainbillingcenter.com 
24. Orderhlp.com 
25. Paymentbit.com 
26. Paymentbit.net 
27. Paymentforge.com 
28. Quickdownloadpro.com 
29. Safepaymentsonline.com 
30. Software-payment.com 
31. Spankyhosting.com 
32. Support-wizard.com 
33. Supporthlp.com 
34. Truebillingservices.com 
35. Ultimatepayment.com 

Antivirus XP 2008 is a rogue Antispyware/Adware application. Its pretends like Windows Media Codec and request for download it.

Stay away from the following domains/IPs

Host: 2008x-adult-2008.com
IP: 72.21.53.218
Whois:

OrgName:    Layered Technologies, Inc.
NetRange:   72.21.32.0 - 72.21.63.255
CIDR:       72.21.32.0/19
NetName:    LAYERED-TECH
NameServer: NS1.LAYEREDTECH.COM
NameServer: NS2.LAYEREDTECH.COM
OrgAbuseHandle: LAT-ARIN
OrgAbuseName:   LT Abuse Team
OrgAbusePhone:  +1-972-398-7998
OrgAbuseEmail: abuse@layeredtech.com
network:City:Albany
network:State:OR
network:Postal-Code:97322
network:Country-Code:US
network:Phone:972-398-7998

Other site on this ip:

1.  2008-adultx-2008.com 
2.  2008adult-s2008.com 
3.  2008adultx2008.com 
4.  2008x-adult-2008.com 
5.  Contentx2008.com 
6.  Newcontent-x2008.com 
7.  Newx-content-s2008.com 
8.  Sex-18tube-2008.com 
9.  Sexi18tube2008.com 
10. Streamadultvideo.com 
11. 18x-adult2008.com 
12. New-contentx-2008.com 

Then trojan downloads additional binaries from the following URLs http://bestsoftware.cc/soft/xxx/xxx/MediaTubeCodec_ver1.635.0.exe

Host: bestsoftware.cc
IP: 91.203.70.18

Whois:

org-name:       Nano IT SIA
org-type:       OTHER
address:        Zakusalas krastmala 1
address:        Riga, Latvija, LV-1050
phone:          +371 67160167
fax-no:         +371 67876478
abuse-mailbox:  abuse@nano.lv

Other sites on this ip:

1.  Antispyware-2008-download.info 
2.  Antispyware-2008-download.net 
3.  Antispyware2008-download.info 
4.  Antispyware2008-download.net 
5.  Best-freeware08.com 
6.  Best-soft08.com 
7.  Best-software08.com 
8.  Bestsoft-ware08.com 
9.  Freewarebest08.com 
10. Soft-best-ware.com 
11. S-softbestfree.com 
12. Soft-bfreeware.com 
13. Soft08best.com 
14. Softbestfree.com 
15. Softbestfreeware.com 
16. Supersoftbestfree.com 

System got fake “screen od death” and begin to work unstable

Host: 64.247.39.247
IP: 64.247.39.247
Whois:

OrgName:    Net Access Corporation
OrgID:      NAC
Address:    9 Wing Drive
City:       Cedar Knolls
StateProv:  NJ
PostalCode: 07927
Country:    US
RAbuseHandle: ABUSE156-ARIN
RAbuseName:   Abuse Department
RAbusePhone:  +1-800-638-6336
RAbuseEmail:   abuse@nac.net

Other Sites on this ip:

1.  Soft102049239423.com 
2.  Soft3842.com 

 

Host: ecodeflow.com
IP: 195.93.218.180

Whois:

organisation:   ORG-BL54-RIPE
org-name:       Buildhouse Ltd.
org-type:       OTHER
address:        109240, Russia, Moscow, Radischevskaya verhnyaya str., h. 13/15
e-mail:         info@airhouse.su

Other Sites on this ip:

1.  Ecodeflow.com 
2.  Usabestsoftware.net

Trojan downloads and installs rouge antispyware Antivirus XP from

 http://viacodecright2.com/software/WebSoftCodecDriverr.exe

Then making some fake scan and suggesting to buy a license.

Host: viacodecright2.com
IP:77.91.227.179

Whois:

inetnum:        77.91.227.176 - 77.91.227.191
netname:        NETPLACE
descr:          NETPLACE
country:        RU
admin-c:        PM946-RIPE
tech-c:         PM946-RIPE
status:         ASSIGNED PA
mnt-by:         RU-WEBALTA-MNT
source:         RIPE # Filtered
person:         Pavel Malinkovich
address:        Tevosyana 40a-89
address:        Electrostal, Moscow Region
address:        Russia
phone:          +7 495 5434485
abuse-mailbox:  abuse@netplace.ru

Other sites on this ip:

1.  Codecadult23df18.com 
2.  Hot-sextubedriver2.com 
3.  Sextubecodec023dfs41.com 
4.  Viacodecright2.com 

Host: antivirusxp2008.com
IP: 85.255.120.139

Whois:

inetnum:        85.255.112.0 - 85.255.127.255
netname:        UkrTeleGroup
descr:          UkrTeleGroup Ltd.
admin-c:        UA481-RIPE
tech-c:         UA481-RIPE
country:        UA
phone:          +380487311011
fax-no:         +380487502499
person:         Andrew Sotov
address:        Mechnikova 58/5 65029 Odessa
abuse-mailbox:  abuse@ukrtelegroup.com.ua

Other Sites on this ip:

 

1.  Advancedxpfixer.com 
2.  Antivirusprofessional2008.com 
3.  Antivirusxp2008.com 
4.  Malwarepatrolpro.com 
5.  Malwareprotector2008.com 
6.  Tobesoftware.com 
7.  Winifixer.com 
8.  Winifixer.net 

 

Host: stat.antivirusxp2008.com
IP: 85.255.120.114

Whois:

inetnum:        85.255.112.0 - 85.255.127.255
netname:        UkrTeleGroup
descr:          UkrTeleGroup Ltd.
admin-c:        UA481-RIPE
tech-c:         UA481-RIPE
country:        UA
phone:          +380487311011
fax-no:         +380487502499
person:         Andrew Sotov
address:        Mechnikova 58/5 65029 Odessa
abuse-mailbox:  abuse@ukrtelegroup.com.ua

Host: bot.mspublik.com
IP: 85.255.120.35

Whois:

inetnum:        85.255.112.0 - 85.255.127.255
netname:        UkrTeleGroup
descr:          UkrTeleGroup Ltd.
admin-c:        UA481-RIPE
tech-c:         UA481-RIPE
country:        UA
phone:          +380487311011
fax-no:         +380487502499
person:         Andrew Sotov
address:        Mechnikova 58/5 65029 Odessa
abuse-mailbox:  abuse@ukrtelegroup.com.ua

Other Sites on this ip:

1.  Mspublic.com 
2.  Mspublik.com 
3.  Xxxvidonline.com 

Host: www.antivirusxp08.com
IP: 85.255.120.115

Whois:

inetnum:        85.255.112.0 - 85.255.127.255
netname:        UkrTeleGroup
descr:          UkrTeleGroup Ltd.
admin-c:        UA481-RIPE
tech-c:         UA481-RIPE
country:        UA
phone:          +380487311011
fax-no:         +380487502499
person:         Andrew Sotov
address:        Mechnikova 58/5 65029 Odessa
abuse-mailbox:  abuse@ukrtelegroup.com.ua

Other sites on this ip:

1.  Antivirusxp08.com 
2.  I-kerberos.com 
3.  Porntubeaccess.com 
4.  Winifixer.org 
5.  Youpornztube.com 

Trojan prevent google antispaware and antivirus searches

File WebSoftCodecDriverr.exe received on 07.16.2008 14:36:23 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.16.0	2008.07.16	-
AntiVir	7.8.0.68	2008.07.16	-
Authentium	5.1.0.4	2008.07.15	-
Avast	4.8.1195.0	2008.07.15	Win32:Vapsup-EB
AVG	7.5.0.516	2008.07.16	-
BitDefender	7.2	2008.07.16	-
CAT-QuickHeal	9.50	2008.07.15	-
ClamAV	0.93.1	2008.07.16	Trojan.Dropper-4103
DrWeb	4.44.0.09170	2008.07.16	Trojan.Fakealert.1005
eSafe	7.0.17.0	2008.07.15	-
eTrust-Vet	31.6.5959	2008.07.16	-
Ewido	4.0	2008.07.16	-
F-Prot	4.4.4.56	2008.07.15	-
F-Secure	7.60.13501.0	2008.07.16	-
Fortinet	3.14.0.0	2008.07.16	-
GData	2.0.7306.1023	2008.07.16	-
Ikarus	T3.1.1.26.0	2008.07.16	-
Kaspersky	7.0.0.125	2008.07.16	-
McAfee	5339	2008.07.15	-
Microsoft	1.3704	2008.07.16	Trojan:Win32/Zlob.gen!P
NOD32v2	3271	2008.07.16	-
Norman	5.80.02	2008.07.16	-
Panda	9.0.0.4	2008.07.15	-
Prevx1	V2	2008.07.16	-
Rising	20.53.22.00	2008.07.16	Trojan.Win32.Vapsup.esd
Sophos	4.31.0	2008.07.16	Mal/Emogen-AC
Sunbelt	3.1.1536.1	2008.07.15	-
Symantec	10	2008.07.16	-
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.16	-
VBA32	3.12.8.0	2008.07.16	-
VirusBuster	4.5.11.0	2008.07.15	-
Webwasher-Gateway	6.6.2	2008.07.16	-
Additional information
File size: 198369 bytes
MD5…: 5a5daa0cee99cee7ad21f50462c6b312
SHA1..: f5d0132e2890e59c5e77f5e34a8acba9f3aaeb72
SHA256: 0855d50e920f7d2c33a8441c96fd68a4fd0f0966abed85ee45570f6b6f71542b
SHA512: b33711d23d9d4e71d3de7f2c25b5307a6b230f26e0f3ee5ee3f2262bc12c2f7b 8ab9c7c5c6b0d699f01e9f878119f9332363057353dbeffcc89ff2eaa1d0028e
PEiD..: -
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×403225 timedatestamp…..: 0×47701ed8 (Mon Dec 24 21:04:24 2007) machinetype…….: 0×14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×5934 0×5a00 6.44 ddaad1595c8e8e5ec997bbaf724504c8 .rdata 0×7000 0×1190 0×1200 5.18 db16645055619c0cc73276ff5c3adb75 .data 0×9000 0×1aff8 0×400 5.05 7993437d2cdfc8838f55d1b05035a3d2 .ndata 0×24000 0xd000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0×31000 0×6c8 0×800 2.92 b898f519dd0181466e88d61275175423 ( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports )