Posts Tagged ‘PCEXTREME’

Antivirus 2009 rogue antivirus application

Monday, September 8th, 2008

Antivirus 2009 is a rogue antivirus application. Stay away from Antivirus 2009 domains and products!

Antivirus 2009

 

File AV2009Install_880649.exe received on 09.08.2008 18:45:39 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.6.0 2008.09.08 -
AntiVir 7.8.1.28 2008.09.08 -
Authentium 5.1.0.4 2008.09.07 -
Avast 4.8.1195.0 2008.09.08 -
AVG 8.0.0.161 2008.09.08 -
BitDefender 7.2 2008.09.08 -
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.08 -
DrWeb 4.44.0.09170 2008.09.08 -
eSafe 7.0.17.0 2008.09.07 -
eTrust-Vet 31.6.6077 2008.09.08 -
Ewido 4.0 2008.09.08 -
F-Prot 4.4.4.56 2008.09.07 -
F-Secure 8.0.14332.0 2008.09.08 -
Fortinet 3.112.0.0 2008.09.08 -
GData 19 2008.09.08 -
Ikarus T3.1.1.34.0 2008.09.08 -
K7AntiVirus 7.10.446 2008.09.08 -
Kaspersky 7.0.0.125 2008.09.08 -
McAfee 5378 2008.09.05 -
Microsoft 1.3903 2008.09.08 -
NOD32v2 3426 2008.09.08 -
Norman 5.80.02 2008.09.08 -
Panda 9.0.0.4 2008.09.07 -
PCTools 4.4.2.0 2008.09.08 -
Prevx1 V2 2008.09.08 Fraudulent Security Program
Rising 20.61.02.00 2008.09.08 -
Sophos 4.33.0 2008.09.08 -
Sunbelt 3.1.1616.1 2008.09.07 -
Symantec 10 2008.09.08 AntiVirus2009
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.08 Cryp_FakeAV
VBA32 3.12.8.5 2008.09.08 -
ViRobot 2008.9.8.1367 2008.09.08 -
VirusBuster 4.5.11.0 2008.09.08 -
Webwasher-Gateway 6.6.2 2008.09.08 -
 
Additional information
File size: 137728 bytes
MD5…: b19cfc63fdcf283dc6e5f26f6726fa96
SHA1..: 44bb199f182e705800031c260442ef35e1d198cb
SHA256: 761c6f0a360787fc35c82fe1c1dbfd39026b13df3bf67cd34387edfd66b7fb78
SHA512: 0cf1139157a81ccb31f02911f45e3b5ad9f31c04b7a7d716c4711f9a73936827
f8f18c0dc6f53227520c5831118492eb1efa00fba48fdb9408c039955e4e3ad1
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0×4013a8
timedatestamp…..: 0×45b1e5ac (Sat Jan 20 09:49:32 2007)
machinetype…….: 0×14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0×1000 0×8544 0×8600 0.76 c8ffc38a92209561fcbbdc27762392ab
.data 0xa000 0×208544f 0×12600 6.43 41e5046c031bbc6314372b49563a394d
.tls 0×2090000 0×98 0×200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0×2091000 0×818 0xa00 0.06 18861ad1353611b05ac3d34f4d040790
.idata 0×2092000 0×88a 0xa00 2.92 4595dacaa944dc978a1109fc16d64cd7
.reloc 0×2093000 0×6c7 0×800 0.00 c99a74c555371a433d121f551d6c6398
.rsrc 0×2094000 0×4983 0×4a00 4.87 6018c49da28d8a40d60c05e6fa332977

( 3 imports )
> KERNEL32.DLL: GlobalFree, Sleep, GetLastError, SetLastError, OpenFile, WriteFile, DeleteAtom, GetFileTime, CreateProcessA, DeleteFileW, GetCommandLineA, GetComputerNameA, GetConsoleMode, ExitThread, GetCPInfo, OpenFileMappingA, FindFirstFileA, ReadFile, CreateThread, ReadConsoleA, DeleteFileA, GetFileSize, GetStdHandle, FindAtomA
> USER32.DLL: EndDialog, CopyRect, IsWindow, DrawTextA, LoadMenuA, IsMenu, DialogBoxParamA, CloseWindow
> COMCTL32.DLL: ImageList_AddIcon, ImageList_Create, DrawStatusText, InitCommonControls, CreateStatusWindow, ImageList_Copy, CreateStatusWindowW

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=D7629DD7002CD5541AA0028FCE8DB500CA8954E0

Antivirus 2009

Host: megatradetds0.com
IP: 89.18.166.210
Whois of IP 89.18.166.210 distibuting rogue antivirus Antivirus 2009 :

route:          89.18.160.0/19
descr:          Reasonnet Route Object
origin:         AS25525
mnt-by:         MNT-REASONNET
source:         RIPE # Filtered

Host: freeonlinescanner9.com
IP: 89.149.209.251

Whois:

org-name:       netdirect
org-type:       LIR
address:        netdirekt e. K.
                Kleyer Strasse 79 / Tor 14
                60326 Frankfurt
                Germany
phone:          +49 69 90556880
fax-no:         +49 69 905568822
e-mail:         ripe@netdirekt.de

 
Host: altawebgl-500.com
IP: 89.149.209.251

Whois:

org-name:       netdirect
org-type:       LIR
address:        netdirekt e. K.
                Kleyer Strasse 79 / Tor 14
                60326 Frankfurt
                Germany
phone:          +49 69 90556880
fax-no:         +49 69 905568822
e-mail:         ripe@netdirekt.de

Host: masterspitetds09.com
IP: 89.149.209.251

Whois:

org-name:       netdirect
org-type:       LIR
address:        netdirekt e. K.
                Kleyer Strasse 79 / Tor 14
                60326 Frankfurt
                Germany
phone:          +49 69 90556880
fax-no:         +49 69 905568822
e-mail:         ripe@netdirekt.de

Host: winupdates-server.com
IP: 89.18.189.44

Whois:

netname:        PCEXTREME
descr:          PCextreme BVV
country:        NL
admin-c:        PB8076-RIPE
tech-c:         PB8076-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-PCEXTREME
mnt-by:         MNT-REASONNET
mnt-routes:     MNT-REASONNET
source:         RIPE # Filtered

role:           PCextreme BV
address:        Londensekaai 1
address:        4331JG Middelburg
address:        The Netherlands
abuse-mailbox:  abuse@pcextreme.nl

Host: trustedpaymenssite.com
IP: 89.149.209.251

Whois:

org-name:       netdirect
org-type:       LIR
address:        netdirekt e. K.
                Kleyer Strasse 79 / Tor 14
                60326 Frankfurt
                Germany
phone:          +49 69 90556880
fax-no:         +49 69 905568822
e-mail:         ripe@netdirekt.de

Host: secure.innovagest2000sl.com
IP: 207.226.175.126

Whois of IP 207.226.175.126 selling rogue antivirus Antivirus 2009 :

OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: 450 Springpark PL
Address: Suite 100
City: Herdon
StateProv: VA
PostalCode: 20170
Country: US

Antivirus 2009

Antivirus 2009

 

Tags: , , , ,
Posted in Malware, Rogues | No Comments »

XP Antivirus rogue antivirus

Tuesday, August 19th, 2008

XP Antivirus is a rogue antivirus. Stay away from following domains and IPs of XP Antivirus .

XP Antivirus

XP Antivirus

File install_v2.exe received on 08.19.2008 15:07:20 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.8.19.0 2008.08.19 Win-Trojan/Fraudload.38912
AntiVir 7.8.1.23 2008.08.19 SPR/FakeAntiv.73216
Authentium 5.1.0.4 2008.08.19 W32/Downldr2.BCKL
Avast 4.8.1195.0 2008.08.18 Win32:FraudLoad-E
AVG 8.0.0.161 2008.08.19 Downloader.Generic6.AILN
BitDefender 7.2 2008.08.19 Trojan.Downloader.XPAntiVirus.C
CAT-QuickHeal 9.50 2008.08.18 TrojanDownloader.FraudLoad.i
ClamAV 0.93.1 2008.08.19 Trojan.Downloader-25473
DrWeb 4.44.0.09170 2008.08.19 Trojan.Fakealert.446
eSafe 7.0.17.0 2008.08.18 Win32.FraudLoad.i
eTrust-Vet 31.6.6035 2008.08.15 -
Ewido 4.0 2008.08.19 Downloader.FraudLoad.i
F-Prot 4.4.4.56 2008.08.18 W32/Downldr2.BCKL
F-Secure 7.60.13501.0 2008.08.19 Trojan-Downloader.Win32.FraudLoad.i
Fortinet 3.14.0.0 2008.08.19 W32/FraudLoad.I!tr.dldr
GData 2.0.7306.1023 2008.08.19 Trojan-Downloader.Win32.FraudLoad.i
Ikarus T3.1.1.34.0 2008.08.19 Trojan-Downloader.Win32.FraudLoad.i
K7AntiVirus 7.10.420 2008.08.18 Trojan-Downloader.Win32.FraudLoad.i
Kaspersky 7.0.0.125 2008.08.19 Trojan-Downloader.Win32.FraudLoad.i
McAfee 5363 2008.08.18 Downloader.gen.a
Microsoft 1.3807 2008.08.19 Program:Win32/XPAntiVirus
NOD32v2 3367 2008.08.19 Win32/Adware.XPAntivirus
Norman 5.80.02 2008.08.19 W32/DLoader.FNEV
Panda 9.0.0.4 2008.08.19 Application/XPAntivirus2008
PCTools 4.4.2.0 2008.08.19 Trojan-Downloader.FraudLoad!sd5
Prevx1 V2 2008.08.19 Malware Downloader
Rising 20.58.12.00 2008.08.19 -
Sophos 4.32.0 2008.08.19 Troj/FakeVir-CJ
Sunbelt 3.1.1546.1 2008.08.15 XPAntivirus
Symantec 10 2008.08.19 XPAntivirus
TheHacker 6.3.0.5.054 2008.08.19 Trojan/Downloader.FraudLoad.i
TrendMicro 8.700.0.1004 2008.08.19 TROJ_DLOADE.FX
VBA32 3.12.8.3 2008.08.19 Trojan-Downloader.Win32.FraudLoad.i
ViRobot 2008.8.19.1341 2008.08.19 Trojan.Win32.Downloader.38912.K
VirusBuster 4.5.11.0 2008.08.19 Trojan.DL.FraudLoad.FU
Webwasher-Gateway 6.6.2 2008.08.19 Riskware.FakeAntiv.73216
 
Additional information
File size: 38912 bytes
MD5…: c09d45ac642d3dc718c2d3b5468ccb39
SHA1..: 766b97fb4cbdf03c79063b41d6dd6c2659a8f9f3
SHA256: 575b2aace9e772a15fe5b4832c1aa5bc6cb211c85d2afab2dc0f02c19bfdf63b
SHA512: 63836d5bcf8e07b8caaed4c23ab932cd98e8e8c0197154934567551f44e72ef3
c3ac498242a4ae13874e7bdd7813c336ebc6c34e1fa5ab6d4f7631f6eda310d0
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0×419c00
timedatestamp…..: 0×2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…….: 0×14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0×1000 0×10000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0×11000 0×9000 0×8e00 7.90 6ddd5716043f070b2c20ace08ce308e5
.rsrc 0×1a000 0×1000 0×600 2.87 b41eb2c77b13e07c62c74a5d361fd93f

( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> advapi32.dll: RegCloseKey
> comctl32.dll: ImageList_DrawEx
> gdi32.dll: SetROP2
> oleaut32.dll: VariantClear
> shell32.dll: ShellExecuteA
> user32.dll: GetDC
> wininet.dll: InternetOpenA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3F47ACD6003486DF988100873445F90029D7143E
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=c09d45ac642d3dc718c2d3b5468ccb39
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Authentium): UPX
packers (F-Prot): UPX

XP Antivirus

XP Antivirus

Host: systemscanner2009.com
IP: 89.18.189.44

Whois of IP 89.18.189.44 distributing rogue antivirus XP Antivirus:

netname:        PCEXTREME
descr:          PCextreme BVV
country:        NL
admin-c:        PB8076-RIPE
tech-c:         PB8076-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-PCEXTREME
mnt-by:         MNT-REASONNET
mnt-routes:     MNT-REASONNET
source:         RIPE # Filtered

role:           PCextreme BV
address:        Londensekaai 1
address:        4331JG Middelburg
address:        The Netherlands
abuse-mailbox:  abuse@pcextreme.nl

Other sites  of IP 89.18.189.44 distributing rogue antivirus XP Antivirus:

1.  Updatesantivirus.com 
2.  Xpantivirus.com 
3.  Xpdownloadserver.com 

XP Antivirus

Host: secure.software-payment.com
IP: 216.195.56.160

Whois:

OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv:  OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle:  NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone:  +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Tags: , , , ,
Posted in Malware, Rogues | No Comments »

Page 1 of 11

© 2009 - CleanThe.Net  Remove Virus |  Contact US |  Advertising |  Report Malware/Virus |  Glossary