rogue Antispyware | Tag | Clean The Net - Your guide to remove virus

PRO Antispyware 2009 rogue antispyware application

Tuesday, November 18th, 2008

PRO Antispyware 2009 is a rogue antispyware. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Pro ANtispyware 2009

File setup_225_7777_.exe received on 11.18.2008 12:09:21 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.18	-
AntiVir	7.9.0.31	2008.11.18	-
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.17	-
AVG	8.0.0.199	2008.11.17	-
BitDefender	7.2	2008.11.18	-
CAT-QuickHeal	10.00	2008.11.18	-
ClamAV	0.94.1	2008.11.18	-
DrWeb	4.44.0.09170	2008.11.18	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.17	-
F-Prot	4.4.4.56	2008.11.17	W32/SuspPack.H.gen!Eldorado
F-Secure	8.0.14332.0	2008.11.18	-
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	-
Ikarus	T3.1.1.45.0	2008.11.18	-
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	-
Microsoft	1.4104	2008.11.17	Program:Win32/WinSpywareProtect
NOD32	3621	2008.11.18	-
Norman	5.80.02	2008.11.17	-
Panda	9.0.0.4	2008.11.17	Suspicious file
PCTools	4.4.2.0	2008.11.17	-
Prevx1	V2	2008.11.18	-
Rising	21.04.12.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	-
Sophos	4.35.0	2008.11.18	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
VBA32	3.12.8.9	2008.11.17	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.17	-

Additional information
File size: 114688 bytes
MD5…: 5113da8324f92352294aee4f47a532b2
SHA1..: fc2bd52925959ee5061e412d12754ccc120d7925
SHA256: 9506866e9b3cda9e1867c34e091dc1c662032395e1dcf857627fa31547c76bd3
SHA512: ddb22cefe217431451134787847b8fc7b697bb154778cb41b63bc0d2caa70aa6 6d544bb2cf0b89c06d47ba7c56345b0408ac08354e44eddd0e20e17ca74a822e
PEiD..: -
TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
PEInfo: PE Structure information

Pro ANtispyware 2009

Host: scan.scannerantispyware.com
IP: 78.26.179.233

Whois:

role:           Renome Service Tech Staff
address:        Kosvennaya str., 78, Odessa, Ukraine, 65000
org:            ORG-RA159-RIPE
phone:          +380487597596
fax-no:         +380487597596
mnt-by:         RENOME-MNT
abuse-mailbox: abuse@odessa.tv
admin-c:        WU-RIPE
admin-c:        GA-RIPE
tech-c:         WU-RIPE
nic-hdl:        RSM-RIPE
source:         RIPE # Filtered

Host: files.download-antispyware.com
IP: 78.157.142.81

Whois:

netname:        VDHOST
descr:          VdHost Ltd.
descr:          abuse@vdhost.info
country:        LV
admin-c:        AV2990-RIPE
tech-c:         AV2990-RIPE
status:         ASSIGNED PA
mnt-by:         UN-MNT
source:         RIPE # Filtered

person:         Arturs Vavilovs
address:        Riga
phone:          +371 29653077
e-mail:         admin@vdhost.info
nic-hdl:        AV2990-RIPE
mnt-by:         UN-MNT
source:         RIPE # Filtered

Host: sales.proantispyware-2009-buy.com
IP: 216.195.42.226

Whois:

OrgName:    APS Telecom
OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

Host: secure.websecurebilling.com
IP: 209.8.45.146

Whois of websecurebilling.com :

Domain Name: WEBSECUREBILLING.COM
   Registrar: REGTIME LTD.
   Whois Server: whois.regtime.net
   Referral URL: http://www.webnames.ru
   Name Server: NS1.WEBSECUREBILLING.COM
   Name Server: NS2.WEBSECUREBILLING.COM
   Status: ok
   Updated Date: 11-nov-2008
   Creation Date: 07-nov-2008
   Expiration Date: 07-nov-2009

Whois 209.8.45.146:

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US

Pro ANtispyware 2009

PRO Antispyware 2009 from Pandora software

Pro ANtispyware 2009

Tags: Beyond The Network America, PRO Antispyware 2009, rogue Antispyware, VdHost Ltd
Posted in Malware, Rogues | 1 Comment »

Antispyware PRO XP rogue antispyware application

Monday, November 17th, 2008

Antispyware PRO XP is a rogue antispyware. To remove that rogue application viruses and antispyware use Cesam Anti-Malware - http://cleanthe.net/how-to-remove-virus/

Antispyware PRO XP

File setup_100525_3_.exe received on 11.17.2008 18:37:56 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.0	2008.11.17	-
AntiVir	7.9.0.31	2008.11.17	-
Authentium	5.1.0.4	2008.11.17	-
Avast	4.8.1281.0	2008.11.16	-
AVG	8.0.0.199	2008.11.17	-
BitDefender	7.2	2008.11.17	-
CAT-QuickHeal	10.00	2008.11.15	-
ClamAV	0.94.1	2008.11.17	-
DrWeb	4.44.0.09170	2008.11.17	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.17	-
F-Prot	4.4.4.56	2008.11.17	W32/SuspPack.H.gen!Eldorado
F-Secure	8.0.14332.0	2008.11.17	-
Fortinet	3.117.0.0	2008.11.15	-
GData	19	2008.11.17	-
Ikarus	T3.1.1.45.0	2008.11.17	-
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.17	-
McAfee	5436	2008.11.16	-
Microsoft	1.4104	2008.11.17	Program:Win32/WinSpywareProtect
NOD32	3618	2008.11.17	-
Norman	5.80.02	2008.11.14	-
Panda	9.0.0.4	2008.11.16	Suspicious file
PCTools	4.4.2.0	2008.11.17	-
Prevx1	V2	2008.11.17	-
Rising	21.04.02.00	2008.11.17	-
SecureWeb-Gateway	6.7.6	2008.11.17	-
Sophos	4.35.0	2008.11.17	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.17	-
TheHacker	6.3.1.1.155	2008.11.15	-
TrendMicro	8.700.0.1004	2008.11.17	-
VBA32	3.12.8.9	2008.11.17	-
ViRobot	2008.11.17.1472	2008.11.17	-
VirusBuster	4.5.11.0	2008.11.17	-

Additional information
File size: 122880 bytes
MD5…: cbcaa0f14b3ad25036a0e8042fe0e9d5
SHA1..: ecea91c245222dc67eb5818d6986169a6d7725f1
SHA256: 1af2c9791b8fe7698871249cf9ee6838ee9997e846b2f901a2d1d1bb0c2ea74c
SHA512: 06d550cbee18719b4d34a5bade7b0001da93fb680e4191caac796e711fb35685 9ef5136e0070e91893cd40d78c1bf7800ae71a3f30754ae160ec0facaa02fc43
PEiD..: -
TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.2%) Clipper DOS Executable (9.1%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
PEInfo: PE Structure information

Antispyware PRO XP

Host: scan.antispyware-free-scanner.com
IP: 78.26.179.230

Whois:

organisation:   ORG-RA159-RIPE
org-name:       Renome-Service
org-type:       LIR
descr:          Renome-Service: Joint Multimedia Cable Network
address:        Renome Service
                Andrew Gaidulyan
                Kosvennaya str., 78
                65000 Odessa
                UKRAINE
phone:          +3 80487597596
fax-no:         +3 80487597596
abuse-mailbox: abuse@odessa.tv
admin-c:        GA-RIPE
admin-c:        WU-RIPE
admin-c:        WU-RIPE
mnt-ref:        RENOME-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
source:         RIPE # Filtered

Host: files.pc-security-downloads.com
IP: 78.157.142.80

Whois:

inetnum:        78.157.142.0 - 78.157.142.255
netname:        VDHOST
descr:          VdHost Ltd.
descr:          abuse@vdhost.info
country:        LV
admin-c:        AV2990-RIPE
tech-c:         AV2990-RIPE
status:         ASSIGNED PA
mnt-by:         UN-MNT
source:         RIPE # Filtered

person:         Arturs Vavilovs
address:        Riga
phone:          +371 29653077
e-mail:         admin@vdhost.info
nic-hdl:        AV2990-RIPE
mnt-by:         UN-MNT
source:         RIPE # Filtered

Host: sales.buy-antispyware-pro-xp.com
IP: 216.195.42.223

Whois:

OrgName:    APS Telecom
OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

Host: secure.paymentbit.net
IP: 216.195.56.175

Whois of paymentbit.net

Registrant:
         Joana Termon (4epmck6ysxu@privateregistration.srsplus.com)
        Billing Group, Corp
        ATTN: paymentbit.net
        c/o SRSPlus Private Registration
        P.O. Box 447
        Herndon, VA 20172-0447
        570-708-8760

Domain Name: paymentbit.net

Whois of IP 216.195.56.175:

OrgName:    APS Telecom
OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle: NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net, send network
Comment:    issue to noc@3fn.net
RegDate:    2003-11-05
Updated:    2004-09-17

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone: +1-800-539-8209
RTechEmail: noc@apxtelecom.com

OrgTechHandle: NSW-ARIN
OrgTechName:   Swen, Nash
OrgTechPhone: +1-800-539-8209
OrgTechEmail: noc@apxtelecom.com

Other sites:

1. 1softwarespot.com
2. Adult-billing.com
3. Bestsoftclub.com
4. Billhlp.com
5. Billingcenteronline.com
6. Billinghost.net
7. Billingintegrator.com
8. Billingmill.com
9. Billingserviceonline.com
10. Billingsquad.net
11. Billinternet.com
12. Billsvc.com
13. Customerhlp.com
14. Dopaymentsonline.com
15. Ebillingcenter.com
16. Fantazybill.com
17. Interbills.com
18. Justnetbilling.net
19. Legalbillingsystems.com
20. Mainbillingcenter.com
21. Megafixer.com
22. Orderhlp.com
23. Paymentbit.com
24. Paymentbit.net
25. Paymentforge.com
26. Safepaymentsonline.com
27. Softwbill.com
28. Spankyhosting.com
29. Support-wizard.com
30. Truebillingservices.com

Antispyware PRO XP

Tags: Antispyware PRO XP, APS Telecom, Renome-Service, rogue Antispyware, VdHost Ltd
Posted in Malware, Rogues | 1 Comment »

PCPrivacyCleaner rogue antispyware software

Saturday, August 9th, 2008

PCPrivacyCleaner is a rogue antispyware software.

DO NOT download any software from domain(s) of PCPrivacyCleaner .

PCPrivacyCleaner

File pcpc.exe received on 08.09.2008 14:38:04 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.8.9.0	2008.08.08	-
AntiVir	7.8.1.19	2008.08.09	SPR/Fake.C.603600.A
Authentium	5.1.0.4	2008.08.09	-
Avast	4.8.1195.0	2008.08.08	-
AVG	8.0.0.156	2008.08.08	Fake_AntiSpyware.ZL
BitDefender	7.2	2008.08.09	-
CAT-QuickHeal	9.50	2008.08.08	-
ClamAV	0.93.1	2008.08.09	-
DrWeb	4.44.0.09170	2008.08.09	-
eSafe	7.0.17.0	2008.08.07	Suspicious File
eTrust-Vet	31.6.6021	2008.08.08	-
Ewido	4.0	2008.08.09	-
F-Prot	4.4.4.56	2008.08.08	-
F-Secure	7.60.13501.0	2008.08.09	FraudTool.Win32.Agent.ao
Fortinet	3.14.0.0	2008.08.09	-
GData	2.0.7306.1023	2008.08.09	-
Ikarus	T3.1.1.34.0	2008.08.09	Generic.Win32.Malware.AntiSpywareExpert
K7AntiVirus	7.10.408	2008.08.09	-
Kaspersky	7.0.0.125	2008.08.09	not-a-virus:FraudTool.Win32.Agent.ao
McAfee	5357	2008.08.08	-
Microsoft	1.3807	2008.08.09	-
NOD32v2	3341	2008.08.08	-
Norman	5.80.02	2008.08.08	-
Panda	9.0.0.4	2008.08.09	Adware/VirusRemover2008
PCTools	4.4.2.0	2008.08.08	-
Prevx1	V2	2008.08.09	Fraudulent Security Program
Rising	20.56.41.00	2008.08.08	-
Sophos	4.32.0	2008.08.09	Troj/FakeVir-BJ
Sunbelt	3.1.1538.1	2008.08.09	PCPrivacyCleaner
Symantec	10	2008.08.09	-
TheHacker	6.2.96.395	2008.08.08	-
TrendMicro	8.700.0.1004	2008.08.08	-
VBA32	3.12.8.3	2008.08.08	Signed-Hoax.Win32.AntiA
ViRobot	2008.8.8.1329	2008.08.08	-
VirusBuster	4.5.11.0	2008.08.08	-
Webwasher-Gateway	6.6.2	2008.08.09	-

Additional information
File size: 839632 bytes
MD5…: 4427a246b1c00d3c9529dbcbe8f7af8d
SHA1..: be397161aebf1d55bc0192e28967acbd2e486f41
SHA256: 7dd8fc27076eee2389a431e2836aa95b664fb3489584b48e0a46c94abc7254d7
SHA512: cf6353bcd79d681bfce13f1d5957bbadc702bdd12493a2f6187d5b518508ea9f 9cf660bba4c859c44e8dbc8b131cf884bdb15fff734ef917c9240c19dfd3500e
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×68ed80 timedatestamp…..: 0×48932184 (Fri Aug 01 14:45:24 2008) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×1ca000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×1cb000 0xc5000 0xc4200 7.93 3e4d7a6aa5343672e01bb0f41b758c8a .rsrc 0×290000 0×8000 0×7400 4.29 a7946405aeb2c04db18f83e195c3c38e ( 19 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess > ADVAPI32.dll: RegCloseKey > COMCTL32.dll: - > COMDLG32.dll: GetFileTitleA > dbghelp.dll: ImageDirectoryEntryToData > GDI32.dll: Escape > IPHLPAPI.DLL: GetAdaptersInfo > MSIMG32.dll: AlphaBlend > ole32.dll: OleRun > OLEAUT32.dll: - > oledlg.dll: - > RPCRT4.dll: UuidCreate > SHELL32.dll: - > SHLWAPI.dll: StrStrIA > urlmon.dll: IsValidURL > USER32.dll: GetDC > VERSION.dll: VerQueryValueA > WININET.dll: InternetOpenA > WINSPOOL.DRV: OpenPrinterA ( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=68EDA621D0321E87CF300C1CD4A1D0002E910424
packers (F-Prot): UPX

PCPrivacyCleaner

Host: pcprivacycleaner.com
IP: 92.62.100.64

Whois of IP 92.62.100.64 distributing rogue antispyware PCPrivacyCleaner :

inetnum:        92.62.100.0 - 92.62.100.255
netname:        STARLINE_EE
descr:          Starline Web Services
country:        EE
admin-c:        VN268-RIPE
tech-c:         VN268-RIPE
status:         ASSIGNED PA
mnt-by:         AS39823-MNT
source:         RIPE # Filtered

person:         Viktor Norin
address:        Pae 21
address:        Tallinn
address:        Estonia
nic-hdl:        VN268-RIPE
phone:          +3726370911
abuse-mailbox: abuse@starline.ee

Other sites from IP 92.62.100.64 distributing rogue antispyware PCPrivacyCleaner :

1. Advancedprivacyguard.com
2. Advancedprivacyguard2008.com
3. Advancedprivacyguardpro.com
4. Advancedprivacyguardsolution.com
5. Advancedprivacyguardtool.com
6. Advancedprivacysuite.com
7. Advancedprivacysuite2008.com
8. Advancedprivacysuite2009.com
9. Advancedprivacysuitepro.com
10. Antispyexpert.com
11. Antispyexpertpro.com
12. Antispywareexpert-scanner.com
13. Antispywareexpert-solution.com
14. Antispywareexpert-system.com
15. Antispywareexpert.com
16. Antispywareexpertpro.com
17. Bestpcprivacycleaner.com
18. Cyberadvancedprivacysuite.com
19. Globaladvancedprivacyguard.com
20. Globaladvancedprivacysuite.com
21. Pc-cleanerpro.com
22. Pcadvancedprivacyguard.com
23. Pcadvancedprivacysuite.com
24. Pcprivacycleaner.com
25. Pcprivacycleanerpro.com
26. Personalpccleaner.com
27. Swiftpcprivacycleaner.com
28. Yourpcprivacycleaner.com

Host: download.pcprivacycleaner.com
IP: 67.228.177.143

Whois:

OrgName:    SoftLayer Technologies Inc.
OrgID:      SOFTL
Address:    1950 N Stemmons Freeway
City:       Dallas
StateProv: TX
PostalCode: 75207
Country:    US
NetRange:   67.228.0.0 - 67.228.255.255
CIDR:       67.228.0.0/16
OriginAS:   AS36351
NetName:    SOFTLAYER-4-5
NetHandle: NET-67-228-0-0-1
Parent:     NET-67-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM
Comment:    abuse@softlayer.com

Host: secure.bestpaymentsolution.net
IP: 84.243.253.220

Whois:

inetnum:        84.243.253.0 - 84.243.253.255
netname:        GFX-CUST-WORLDSTREAM
descr:          WorldStream ip-block 3
org:            ORG-WS14-RIPE
country:        NL
admin-c:        GFX-RIPE
tech-c:         GFX-RIPE
status:         ASSIGNED PA
mnt-by:         GFX-MNT
source:         RIPE # Filtered

organisation:   ORG-WS14-RIPE
org-name:       WorldStream2
org-type:       OTHER
address:        Dijkweg 127c
address:        2675 AC Honselersdijk
address:        The Netherlands
phone:          +31 70 755 1131
abuse-mailbox: abuse@worldstream.nl

Other sites on this IP:

1. Anonymbrowser.com
2. Best-payments.net
3. Bestpaymentsolution.net
4. Billingbit.com
5. Billingbridge.com
6. Blablahost.com
7. Direct-billing.com
8. Errordigger.com
9. Errorinspector.com
10. Internetsupernanny.com
11. Passwordinspector.com
12. Pctotaldefender.com
13. Sellmosoft.net
14. Softwarepayments.net
15. Statsgod.com

PCPrivacyCleaner

Tags: PCPrivacyCleaner, rogue Antispyware, SoftLayer, STARLINE
Posted in Malware, Rogues | 2 Comments »

PC Protection Center 2008 rogue antispyware software

Thursday, August 7th, 2008

PC Protection Center 2008 is a rogue antispyware software. Here are some fake scanning pages of PC Protection Center 2008. Stay away from following IP and hosts!

File pcprotectioncenter_setup.exe received on 08.07.2008 10:43:24 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.8.7.0	2008.08.07	-
AntiVir	7.8.1.19	2008.08.07	-
Authentium	5.1.0.4	2008.08.07	-
Avast	4.8.1195.0	2008.08.06	-
AVG	8.0.0.156	2008.08.07	-
BitDefender	7.2	2008.08.07	-
CAT-QuickHeal	9.50	2008.08.06	-
ClamAV	0.93.1	2008.08.07	-
DrWeb	4.44.0.09170	2008.08.07	BACKDOOR.Trojan
eSafe	7.0.17.0	2008.08.06	Suspicious File
eTrust-Vet	31.6.6016	2008.08.06	-
Ewido	4.0	2008.08.06	-
F-Prot	4.4.4.56	2008.08.06	-
F-Secure	7.60.13501.0	2008.08.07	-
Fortinet	3.14.0.0	2008.08.07	-
GData	2.0.7306.1023	2008.08.07	-
Ikarus	T3.1.1.34.0	2008.08.07	PHISH.FraudTool.Spyaway.G
K7AntiVirus	7.10.405	2008.08.07	-
Kaspersky	7.0.0.125	2008.08.07	-
McAfee	5355	2008.08.06	-
Microsoft	1.3807	2008.08.07	-
NOD32v2	3335	2008.08.07	-
Norman	5.80.02	2008.08.06	-
Panda	9.0.0.4	2008.08.06	-
PCTools	4.4.2.0	2008.08.06	-
Prevx1	V2	2008.08.07	-
Rising	20.56.30.00	2008.08.07	-
Sophos	4.31.0	2008.08.07	-
Sunbelt	3.1.1537.1	2008.08.07	-
Symantec	10	2008.08.07	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.07	-
VBA32	3.12.8.2	2008.08.06	suspected of Malware.VB.31 (paranoid heuristics)
ViRobot	2008.8.6.1326	2008.08.06	-
VirusBuster	4.5.11.0	2008.08.06	-
Webwasher-Gateway	6.6.2	2008.08.07	-

Additional information
File size: 562213 bytes
MD5…: 8319ab6c214919017c22a15406188dbd
SHA1..: 8e507cc42141fe74699e7b4cd39011146f187a7a
SHA256: 15dcba2c2c0e3bcac2d55fad7f7fa94218c9b7a338e41a511df50eac4213958a
SHA512: a79bd799b32adb79a5b8dc206adeeaf02447676118d47b308753d7652d58bed3 69e7d2841f9e25227f44017199ce2c3831482216128c824443152d73e507532d
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×45c930 timedatestamp…..: 0×48983190 (Tue Aug 05 10:55:12 2008) machinetype…….: 0×14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0×1000 0×47000 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0×48000 0×15000 0×14c00 7.92 6f9d35af0485f957bc5a16596c0fb73b .rsrc 0×5d000 0×7000 0×6e00 5.33 28f40f0a145c62194227f109ca6745e5 ( 2 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > MSVBVM60.DLL: - ( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=8319ab6c214919017c22a15406188dbd
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

Host: pcprotectioncenter2008.com
IP: 85.255.118.116

Whois of IP 85.255.118.116 :

netname:        UkrTeleGroup
descr:          UkrTeleGroup Ltd.
country:        UA
person:         Andrew Sotov
address:        Mechnikova 58/5 65029 Odessa
abuse-mailbox: abuse@urktelegroup.com.ua

Other sites on IP 85.255.118.116 of domain pcprotectioncenter2008.com distributing fake antivirus PC Protection Center 2008 :

1. Antispystorm2008.com
2. Cleanmaster-pro.com
3. Pcprotectioncenter2008.com
4. Perfectcleaner2007.com
5. Pills-shop-online.com
6. Spyaway2007.com
7. Spymaxx.com

Host: secure.pnm-soft.com
IP: 207.226.175.125

Whois of IP 207.226.175.125 of domain secure.pnm-soft.com selling fake antivirus PC Protection Center 2008 :

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US
OrgAbuseHandle: PAD13-ARIN
OrgAbuseName:   PCCW AUP Department
OrgAbusePhone: +1-703-621-1637
OrgAbuseEmail: probinson@pccwglobal.com

Tags: Beyond The Network America, PC Protection Center 2008, rogue Antispyware, UkrTeleGroup
Posted in Malware, Rogues | No Comments »

Spyzooka rogue antispyware software

Wednesday, August 6th, 2008

Spyzooka is a rogue antispyware software. Here are some fake scanning pages of Spyzooka .

Installer of Spyzooka is signed by Verisign’s Thawte division

DO NOT download any software from domain(s) of Spyzooka .

Thawte division certification of Spyzooka

File spyzookasetup.exe received on 08.06.2008 13:11:01 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.8.6.2	2008.08.06	-
AntiVir	7.8.1.15	2008.08.06	-
Authentium	5.1.0.4	2008.08.05	-
Avast	4.8.1195.0	2008.08.05	-
AVG	8.0.0.156	2008.08.06	-
BitDefender	7.2	2008.08.06	-
CAT-QuickHeal	9.50	2008.08.05	-
ClamAV	0.93.1	2008.08.06	-
DrWeb	4.44.0.09170	2008.08.06	-
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6015	2008.08.06	-
Ewido	4.0	2008.08.06	-
F-Prot	4.4.4.56	2008.08.05	-
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.06	-
GData	2.0.7306.1023	2008.08.06	-
Ikarus	T3.1.1.34.0	2008.08.06	-
K7AntiVirus	7.10.404	2008.08.05	-
Kaspersky	7.0.0.125	2008.08.06	-
McAfee	5354	2008.08.05	-
Microsoft	1.3807	2008.08.06	-
NOD32v2	3331	2008.08.06	-
Norman	5.80.02	2008.08.06	-
Panda	9.0.0.4	2008.08.05	Suspicious file
PCTools	4.4.2.0	2008.08.05	-
Prevx1	V2	2008.08.06	-
Rising	20.56.22.00	2008.08.06	-
Sophos	4.31.0	2008.08.06	-
Sunbelt	3.1.1537.1	2008.08.06	-
Symantec	10	2008.08.06	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	-
ViRobot	2008.8.5.1324	2008.08.06	Adware.SpyZooka.R.2441440
VirusBuster	4.5.11.0	2008.08.05	-
Webwasher-Gateway	6.6.2	2008.08.06	-

Additional information
File size: 2441440 bytes
MD5…: f3b40eafb791701999d53c1bdb0af884
SHA1..: 2ed4c663798281506197eb0ae9a7a149a0a1cdff
SHA256: 94dd864e69046179880296e61c9952d94a60f2b242c2860acfe8e3d47c66f083
SHA512: e543c6e4a50e7b766734566cba68c4547222fea0038dad1778e99661713ccb1d e4b0b158af338cc0bd122006afa53e1543f3525af5e77a1c0bc66c5d98ede78a
PEiD..: -

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=f3b40eafb791701999d53c1bdb0af884

Host: Spyzooka.net
IP: 69.16.231.220

OrgName:    Liquid Web, Inc.
OrgID:      LQWB
Address:    4210 Creyts Rd.
City:       Lansing
StateProv: MI
PostalCode: 48917
Country:    US
OrgAbuseHandle: ABUSE551-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone: +1-800-580-4985
OrgAbuseEmail: abuse@liquidweb.com

Other sites from IP 69.16.231.220 distributing Spyzooka

1. Spywarefool.com
2. Spyzooka.com
3. Spyzooka.net

Host: bluepenguinsoftware.com
IP: 69.16.231.223

Whois:

OrgName:    Liquid Web, Inc.
OrgID:      LQWB
Address:    4210 Creyts Rd.
City:       Lansing
StateProv: MI
PostalCode: 48917
Country:    US
OrgAbuseHandle: ABUSE551-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone: +1-800-580-4985
OrgAbuseEmail: abuse@liquidweb.com

Tags: Liquid Web, rogue Antispyware, Spyzooka, Thawte
Posted in Malware, Rogues | No Comments »

Trace Sweeper

Monday, August 4th, 2008

Trace Sweeper is a rogue Antispyware application.

Here are some fake scanning pages. DO NOT download any software from this domain(s).

File tracesweeper_setup.exe received on 08.04.2008 16:38:12 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.04	-
AntiVir	7.8.1.15	2008.08.04	-
Authentium	5.1.0.4	2008.08.03	-
Avast	4.8.1195.0	2008.08.04	-
AVG	8.0.0.156	2008.08.04	-
BitDefender	7.2	2008.08.04	-
CAT-QuickHeal	9.50	2008.08.02	-
ClamAV	0.93.1	2008.08.04	-
DrWeb	4.44.0.09170	2008.08.04	-
eSafe	7.0.17.0	2008.08.03	-
eTrust-Vet	31.6.6007	2008.08.04	-
Ewido	4.0	2008.08.04	-
F-Prot	4.4.4.56	2008.08.03	-
F-Secure	7.60.13501.0	2008.08.04	-
Fortinet	3.14.0.0	2008.08.04	-
GData	2.0.7306.1023	2008.08.04	-
Ikarus	T3.1.1.34.0	2008.08.04	-
K7AntiVirus	7.10.402	2008.08.02	-
Kaspersky	7.0.0.125	2008.08.04	-
McAfee	5352	2008.08.01	-
Microsoft	1.3807	2008.08.04	-
NOD32v2	3324	2008.08.04	-
Norman	5.80.02	2008.08.04	-
Panda	9.0.0.4	2008.08.03	-
PCTools	4.4.2.0	2008.08.04	-
Prevx1	V2	2008.08.04	-
Rising	20.56.02.00	2008.08.04	-
Sophos	4.31.0	2008.08.04	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.04	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.04	-
VBA32	3.12.8.2	2008.08.04	-
ViRobot	2008.8.4.1322	2008.08.04	-
VirusBuster	4.5.11.0	2008.08.03	-
Webwasher-Gateway	6.6.2	2008.08.04	-

Additional information
File size: 805287 bytes
MD5…: d4322bdc6b16f7bc267fa2137265869d
SHA1..: 8729441d71c0e8ad689d47931b8d0733fb5e88d1
SHA256: 02aba3b25000f7ff5108bc2938c0ad3bf346ef5633c22dec7111c9798ada794c
SHA512: 29d82aedacd07b4ecacc275f5fe959dd3da5da8030ceddfa41f6ea2f43775a61 e797cda1de1a431a01a585f506a97c23b47c2ea297447e0792f985627fbc2a75
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0×4094e4 timedatestamp…..: 0×2a425e19 (Fri Jun 19 22:22:17 1992) machinetype…….: 0×14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0×1000 0×8c50 0×8e00 6.56 637d0318e65d66f449407b46e95e059b DATA 0xa000 0×248 0×400 2.72 db132afa620772f9f6d44271e57847c4 BSS 0xb000 0xe48 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0xc000 0×8c8 0xa00 4.25 07beaac03baa14255d548202c5f668a1 .tls 0xd000 0×8 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0xe000 0×18 0×200 0.20 d293bf8d4ebe9826d58e1d27c25fe4b6 .reloc 0xf000 0×850 0×0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0×10000 0×7cd4 0×7e00 5.14 08421e9bd4edc8b7a9ed0bab4042558c ( 8 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle > user32.dll: MessageBoxA > oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA > kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SetLastError, SetFilePointer, SetEndOfFile, RemoveDirectoryA, ReadFile, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, InterlockedExchange, FormatMessageA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle > user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA > comctl32.dll: InitCommonControls > advapi32.dll: AdjustTokenPrivileges ( 0 exports )

Host: trace-sweeper.com
IP: 66.230.190.60

Whois:

Real International Business Corp

Other sites on IP 66.230.190.60 hosting of rogue antivirus Trace Sweeper

1. 2keysgames.com
2. Actualresearch.com
3. Alfawipe.com
4. Alphawipe.com
5. Aspywall.com
6. Bad-blog.org
7. Destroytracks.com
8. Fastfreesearch.info
9. Fine-fatty.com
10. Freesexvoyage.com
11. Hotblogz.net
12. Makenotes.com
13. Marvie.net
14. Sex-land-yard.com
15. Trace-sweeper.com

Host: secure.shareit.com
IP: 85.255.19.11

Whois:

organisation:   ORG-EA10-RIPE
org-name:       element 5 GmbH
org-type:       LIR
address:        Vogelsanger Str. 78
address:        50823
address:        Koeln
address:        Germany
phone:          +49 221 31088 0
fax-no:         +49 221 31088 99
e-mail:         noc@element5.de

Other sites on this IP:

1. 5-minutes.info
2. Digitalvendor.com
3. Domainblocker.com
4. E-5.us
5. E-administration.com
6. Element-5.com
7. Element-5.net
8. Element-5.org
9. Element-5.us
10. Element5-france.com
11. Element5.biz
12. Element5.com
13. Element5.org
14. Element5.us
15. Element5info.com
16. Element5newsletter.com
17. Elementfive.net
18. Elementfive.org
19. Emarketingasset.com
20. Emarketingassets.com
21. Insoftwarewetrust.com
22. Kiosk-systeme.com
23. Kiosk-systems.com
24. Kioskstations.com
25. Kiosksystem.com
26. Kioskterminals.com
27. Pocketpc2003.com
28. Pocketpc2004.com
29. Pocketpc2005.com
30. Software-kaufen.com
31. Softwarepromotion.com

Host: regnow.com
IP: 209.87.178.183

OrgName:    Digital River, Inc.
OrgID:      DIGITA-123
Address:    9625 West 76th Street
Address:    Suite 150
City:       Eden Prairie
StateProv: MN
PostalCode: 55344
Country:    US

RAbuseHandle: ABUSE358-ARIN
RAbuseName:   ABUSE
RAbusePhone: +1-952-540-3023
RAbuseEmail:   abuse@digitalriver.com

Tags: Digital River, Real International Business Corp, rogue Antispyware, Trace Sweeper
Posted in Malware, Rogues | No Comments »

XP Antivirus 2008

Monday, August 4th, 2008

XP Antivirus 2008 is a rogue Antispyware application.

Here are some fake scanning pages. DO NOT download any software from this domain(s).

File XPAinstall_881234.exe received on 08.04.2008 16:01:28 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.04	-
AntiVir	7.8.1.15	2008.08.04	TR/Crypt.CFI.Gen
Authentium	5.1.0.4	2008.08.03	-
Avast	4.8.1195.0	2008.08.04	-
AVG	8.0.0.156	2008.08.03	-
BitDefender	7.2	2008.08.04	Trojan.FakeAlert.XL
CAT-QuickHeal	9.50	2008.08.02	-
ClamAV	0.93.1	2008.08.04	-
DrWeb	4.44.0.09170	2008.08.04	-
eSafe	7.0.17.0	2008.08.03	-
eTrust-Vet	31.6.6007	2008.08.04	-
Ewido	4.0	2008.08.04	-
F-Prot	4.4.4.56	2008.08.03	-
F-Secure	7.60.13501.0	2008.08.04	-
Fortinet	3.14.0.0	2008.08.04	-
GData	2.0.7306.1023	2008.08.04	-
Ikarus	T3.1.1.34.0	2008.08.04	-
K7AntiVirus	7.10.402	2008.08.02	-
Kaspersky	7.0.0.125	2008.08.04	-
McAfee	5352	2008.08.01	-
Microsoft	1.3807	2008.08.04	Program:Win32/Antivirus2008
NOD32v2	3324	2008.08.04	-
Norman	5.80.02	2008.08.04	-
Panda	9.0.0.4	2008.08.03	-
PCTools	4.4.2.0	2008.08.04	-
Prevx1	V2	2008.08.04	-
Rising	20.56.02.00	2008.08.04	-
Sophos	4.31.0	2008.08.04	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.04	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.04	-
VBA32	3.12.8.2	2008.08.04	Trojan-Downloader.Win32.FraudLoad.vate
ViRobot	2008.8.4.1322	2008.08.04	-
VirusBuster	4.5.11.0	2008.08.03	-
Webwasher-Gateway	6.6.2	2008.08.04	Trojan.Crypt.CFI.Gen

Additional information
File size: 113152 bytes
MD5…: 529739c631258911be7eb9e0e3224f7b
SHA1..: e5887adb870197d2e4b513841ebaf30ae5d13bda
SHA256: b661b3c00d23100fd9abb943066b9a81af63a8629d591445eaa4ea9d224332cc
SHA512: 77f01909d2ef983661006b5bff8be43416f1383ba70ef12ad4a2ee939f0fed6e cf26612c95732207786d8c92d614032b4d7438f89bb74cccb146baaba1e9fbb5
PEiD..: -
PEInfo: PE Structure information( base data ) entrypointaddress.: 0×401163 timedatestamp…..: 0×458ffdbc (Mon Dec 25 16:35:08 2006) machinetype…….: 0×14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0×1000 0×3735 0×3800 1.24 53ac9810eba70da5b963725e7f597d49 .data 0×5000 0×10856 0×10a00 7.53 99acef6c346c6ae39822152a9cd6b055 .tls 0×16000 0xb 0×200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rdata 0×17000 0xb87 0×200 0.23 16ac84e24467a5da7bcbf69f342ce17d .idata 0×18000 0×69f 0×800 2.05 2bfd00031972539e81fabade08038f5c .rsrc 0×19000 0×14499 0×6600 5.76 cff851500989f6cbb93c4ae18e41f37b ( 2 imports ) > COMCTL32.DLL: ImageList_Create, CreateMappedBitmap, MenuHelp, CreateStatusWindowW, ImageList_GetIconSize, CreateToolbar, InitCommonControls, ImageList_DrawEx, ImageList_GetIcon, ImageList_EndDrag > ADVAPI32.DLL: RegSetValueW, RegQueryValueA, RegEnumKeyExW, RegCreateKeyA, RegDeleteValueW, RegOpenKeyA, RegEnumValueA, RegOpenKeyExA, RegQueryValueExW ( 0 exports )

Host: global-advers.com
IP: 89.149.226.24

descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Host : windows-scannernv.com
IP: 89.149.226.24

descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Host: protectionxp2009.com
IP: 89.149.197.240

descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Other sites on IP 89.149.197.240 hosting of rogue antivirus XP Antivirus 2008

1. Protectionxp2009.com
2. Securedstats.com
3. Virus-webscanner.com
4. Virus9-webscanner.com

Host: updatesantivirus.com
IP: 84.16.252.73

descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Host: fastupdateserver.com
IP: 58.65.238.106

netname:      HOSTFRESH
descr:        HostFresh
descr:        Internet Service Provider
country:      HK
admin-c:      PL466-AP
tech-c:       PL466-AP
status:       ALLOCATED PORTABLE
mnt-by:       APNIC-HM
mnt-lower:    MAINT-HK-HOSTFRESH
mnt-routes:   MAINT-HK-HOSTFRESH
remarks:      Please send Spam & Abuse report to
remarks:      abuse@hostfresh.com

Other sites on IP 58.65.238.106 hosting of rogue antivirus XP Antivirus 2008

1. Antispyguard-scanner.com
2. Fastupdateserver.com
3. Fastwebway.com
4. Impressiontracker.com
5. Mcprivate.biz
6. Online-xpcleaner.com
7. Streamhotvideo.com
8. Xpantivirussecurity.com
9. Xpcleanerpro.com

Host: secure.xp-antivirus.com
IP: 207.226.175.123

OrgName:    Beyond The Network America, Inc.
OrgID:      BNA-42
Address:    450 Springpark PL
Address:    Suite 100
City:       Herdon
StateProv: VA
PostalCode: 20170
Country:    US
OrgAbuseHandle: PAD13-ARIN
OrgAbuseName:   PCCW AUP Department
OrgAbusePhone: +1-703-621-1637
OrgAbuseEmail: probinson@pccwglobal.com

Tags: HOSTFRESH, netdirect, rogue Antispyware, XP Antivirus 2008
Posted in Malware, Rogues | No Comments »

AdvancedXPFixer

Friday, August 1st, 2008

AdvancedXPFixer is a rogue Antispyware application.

Here are some fake scanning pages. DO NOT download any software from this domain(s).

Host: www.axpfixer.com
IP: 216.240.138.220
Whois:

OrgName:    ATMLINK, INC.
OrgID:      ATMLIN
Address:    600 W. 7th Street
Address:    Suite 360
City:       Los Angeles
StateProv: CA
PostalCode: 90017
Country:    US
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.com

Other sites on this IP:

1. Axpdefender08.com
2. malwareprotector08.com

Host: advancedxpfixer.com
IP: 211.95.79.242

netname:      UNICOM
descr:        China United Telecommunications Corporation
descr:        No.133,Taiyun Building,Xidan North Street
descr:        Xicheng District,Beijing,China
country:      CN

person:       Jin Yang
nic-hdl:      JY7-CN
e-mail:       ipac@cnnic.cn

These are billing pages for fake software AdvancedXPFixer . Don’t buy there.

Host: secure.software-payment.com
IP: 216.195.56.160

Whois:

OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle: NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone: +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Tags: AdvancedXPFixer, ATMLINK, rogue Antispyware, UNICOM
Posted in Malware, Rogues | No Comments »

MalwareProtector 2008

Friday, August 1st, 2008

MalwareProtector 2008 is a rogue Antispyware application.

Here are some fake scanning pages. DO NOT download any software from this domain(s).

Hosts: malwareprotector08.com
IP: 216.240.138.220
Whois:

OrgName:    ATMLINK, INC.
OrgID:      ATMLIN
Address:    600 W. 7th Street
Address:    Suite 360
City:       Los Angeles
StateProv: CA
PostalCode: 90017
Country:    US
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.com

Other sites on this IP:

1. Axpdefender08.com
2. av-xp-08.com

File MalwareProtector2008Installer.exe received on 08.01.2008 11:42:48 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.01	-
AntiVir	7.8.1.15	2008.08.01	DR/FraudTool.MalwareProtector.H
Authentium	5.1.0.4	2008.07.31	-
Avast	4.8.1195.0	2008.07.31	Win32:Agent-AAPR
AVG	8.0.0.156	2008.08.01	FakeAlert.AT
BitDefender	7.2	2008.08.01	Adware.XpAntivirus.AJ
CAT-QuickHeal	9.50	2008.07.31	-
ClamAV	0.93.1	2008.08.01	Trojan.Peed.IG
DrWeb	4.44.0.09170	2008.08.01	Trojan.Packed.512
eSafe	7.0.17.0	2008.07.29	-
eTrust-Vet	31.6.5999	2008.07.31	-
Ewido	4.0	2008.07.31	-
F-Prot	4.4.4.56	2008.07.31	-
F-Secure	7.60.13501.0	2008.08.01	FraudTool.Win32.MalwareProtector.h
Fortinet	3.14.0.0	2008.08.01	Misc/MalwareProtector
GData	2.0.7306.1023	2008.08.01	-
Ikarus	T3.1.1.34.0	2008.08.01	Trojan.Win32.Tibs.J
K7AntiVirus	7.10.399	2008.07.31	-
Kaspersky	7.0.0.125	2008.08.01	not-a-virus:FraudTool.Win32.MalwareProtector.h
McAfee	5351	2008.07.31	-
NOD32v2	3317	2008.08.01	Win32/TrojanDownloader.FakeAlert.EU
Norman	5.80.02	2008.07.31	Renos.AAX.dropper
Panda	9.0.0.4	2008.08.01	Suspicious file
Prevx1	V2	2008.08.01	Cloaked Malware
Rising	20.55.42.00	2008.08.01	-
Sophos	4.31.0	2008.08.01	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.01	MalwareProtector2008
TheHacker	6.2.96.391	2008.07.31	Aplicacion/MalwareProtector.b
TrendMicro	8.700.0.1004	2008.08.01	TROJ_FAKEAV.BC
VBA32	3.12.8.2	2008.08.01	-
ViRobot	2008.7.31.1319	2008.07.31	Adware.MalwareProtector.2109201
VirusBuster	4.5.11.0	2008.07.31	-
Webwasher-Gateway	6.6.2	2008.08.01	Trojan.Dropper.FraudTool.MalwareProtector.H

Additional information
File size: 2109201 bytes
MD5…: 499d7dacb0dc68c83650b4fd3928d1dd
SHA1..: 9efa30186c793bcc061c15b1ca2ce2e481ff9df1
SHA256: b7ac71b975b78c054993f98ab067f9cd7c72e351373ee054c7eb1e699f58ae08
SHA512: dd53abec4c17147b20a3fa5a2b14acb0ea898e54b91088cb98a853701ec2b2f9 b3b8cc0622edf4b474ec90a16e82cc183634bce276e1abe13e7e01d87c2af5ea
PEiD..: -

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1355039711C62AA42F562046E6D56D003E37064C

Host: stat.malwareprotector08.com
IP: 78.159.96.17

inetnum:        89.149.226.0 - 89.149.227.255
netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

These are billing pages for fake software MalwareProtector 2008 . Don’t buy there.

Host: secure.paymentbit.net
IP: 216.195.56.148

Whois:

OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle: NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone: +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Other sites on this IP:

1. Adult-billing.com
2. Billhlp.com
3. Billingcenteronline.com
4. Billinghlp.com
5. Billinghost.net
6. Billingintegrator.com
7. Billingmill.com
8. Billingserviceonline.com
9. Billingsquad.net
10. Billingsvc.com
11. Billingware.net
12. Billinternet.com
13. Billsvc.com
14. Ccbillhelp.com
15. Ccbillservice.com
16. Customerhlp.com
17. Ebillingcenter.com
18. Eglobalbilling.com
19. Extrabilling.com
20. Fantazybill.com
21. Legalbillingsystems.com
22. Mainbillingcenter.com
23. Orderhlp.com
24. Paymentbit.com
25. Paymentbit.net
26. Paymentforge.com
27. Quickdownloadpro.com
28. Safepaymentsonline.com
29. Software-payment.com
30. Spankyhosting.com
31. Support-wizard.com
32. Supporthlp.com
33. Truebillingservices.com
34. Ultimatepayment.com

Tags: 3FN, ATMLINK, MalwareProtector 2008, NETDIRECT-NET, rogue Antispyware
Posted in Malware, Rogues | No Comments »

Antivirus XP 2008

Friday, August 1st, 2008

Antivirus XP 2008 is a rogue Antispyware application.

Here are some fake scanning pages. DO NOT download any software from this domain(s).

Host: www.av-xp-08.com
IP: 200.63.48.140

owner:       CyprusHostingNetworks
ownerid:     CY-CYPR-LACNIC
responsible: Alexandr Buzenidiz
address:     1 Avlonos Street, 22, Office 14
address:     1075 - Nicosia - CY
person:      Alexandr Buzenidiz
e-mail:      abuse@cyprus-hosting.net

Other sites on this IP:

1. Antivirusxp2008.com
2. Av-xp-08.com

File AntivirusXP2008Installer.exe received on 08.01.2008 11:20:03 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.01	-
AntiVir	7.8.1.15	2008.08.01	-
Authentium	5.1.0.4	2008.07.31	-
Avast	4.8.1195.0	2008.07.31	-
AVG	8.0.0.156	2008.08.01	FakeAlert.AT
BitDefender	7.2	2008.08.01	Adware.XpAntivirus.AJ
CAT-QuickHeal	9.50	2008.07.31	-
ClamAV	0.93.1	2008.08.01	Trojan.Peed.IG
DrWeb	4.44.0.09170	2008.08.01	Trojan.MulDrop.18211
eSafe	7.0.17.0	2008.07.29	-
eTrust-Vet	31.6.5999	2008.07.31	-
Ewido	4.0	2008.07.31	-
F-Prot	4.4.4.56	2008.07.31	-
F-Secure	7.60.13501.0	2008.08.01	FraudTool.Win32.XPAntivirus.nh
Fortinet	3.14.0.0	2008.08.01	-
GData	2.0.7306.1023	2008.08.01	-
Ikarus	T3.1.1.34.0	2008.08.01	-
K7AntiVirus	7.10.399	2008.07.31	-
Kaspersky	7.0.0.125	2008.08.01	not-a-virus:FraudTool.Win32.XPAntivirus.nh
McAfee	5351	2008.07.31	-
NOD32v2	3316	2008.07.31	Win32/TrojanDownloader.Agent.OBK
Norman	5.80.02	2008.07.31	-
Panda	9.0.0.4	2008.08.01	Suspicious file
PCTools	4.4.2.0	2008.08.01	-
Prevx1	V2	2008.08.01	-
Rising	20.55.42.00	2008.08.01	-
Sophos	4.31.0	2008.08.01	-
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.01	-
TheHacker	6.2.96.391	2008.07.31	Aplicacion/MalwareProtector.b
TrendMicro	8.700.0.1004	2008.08.01	-
VBA32	3.12.8.2	2008.08.01	-
ViRobot	2008.7.31.1319	2008.07.31	-
VirusBuster	4.5.11.0	2008.07.31	-
Webwasher-Gateway	6.6.2	2008.08.01	-

Additional information
File size: 1394321 bytes
MD5…: 414d18f17506eceb6cdcdee4809841b8
SHA1..: e8002146221f17afce38415e7d8cf2a92c73fa7b
SHA256: 704f45f152df70476b6ed346c6b883b07a6c9d2de9b701618a82f3d11029d059
SHA512: b715fa1f66518195c350c428c4e8cbc827b68cfcce902ccdfac06630fe66040d 183d3b27bf91fdba4b128a895601cf12ff1f919b3601932429d7a333b241612c
PEiD..: -

IP: 78.159.96.17

inetnum:        89.149.226.0 - 89.149.227.255
netname:        NETDIRECT-NET
descr:          netdirekt e.K.
remarks:        INFRA-AW
country:        DE
admin-c:        WW200-RIPE
tech-c:         SR614-RIPE
status:         ASSIGNED PA
mnt-by:         NETDIRECT-MNT
mnt-lower:      NETDIRECT-MNT
mnt-routes:     NETDIRECT-MNT
source:         RIPE # Filtered

person:       Wiethold Wagner
address:      netdirekt e. K.
address:      Kleyer Strasse 79 / Tor 14
address:      60326 Frankfurt
address:      DE
phone:        +49 69 90556880
fax-no:       +49 69 905568822
e-mail:       info@netdirekt.de

Hosts: stat.av-xp-08.com
IP: 216.240.138.220
Whois:

OrgName:    ATMLINK, INC.
OrgID:      ATMLIN
Address:    600 W. 7th Street
Address:    Suite 360
City:       Los Angeles
StateProv: CA
PostalCode: 90017
Country:    US
OrgAbusePhone: +1-213-627-1937
OrgAbuseEmail: noc@atmlinkinc.com

Other sites on this IP:

1. Axpdefender08.com
2. Malwareprotector08.com

These are billing pages for fake software Antivirus XP 2008. Don’t buy there.

Host: secure.paymentbit.net
IP: 216.195.56.148

Whois:

OrgID:      APSTE
Address:    8130 SW BEAVERTON-HILLSDALE HWY
City:       PORTLAND
StateProv: OR
PostalCode: 97225
Country:    US

NetRange:   216.195.32.0 - 216.195.63.255
CIDR:       216.195.32.0/19
NetName:    APS-EPSI
NetHandle: NET-216-195-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.3FN.NET
NameServer: NS2.3FN.NET
Comment:    send abuse issues to abuse@3fn.net , send network

RTechHandle: NSW-ARIN
RTechName:   Swen, Nash
RTechPhone: +1-800-539-8209
RTechEmail : noc@apxnoctelecom.com

Other sites on this IP:

1. Adult-billing.com
2. Billhlp.com
3. Billingcenteronline.com
4. Billinghlp.com
5. Billinghost.net
6. Billingintegrator.com
7. Billingmill.com
8. Billingserviceonline.com
9. Billingsquad.net
10. Billingsvc.com
11. Billingware.net
12. Billinternet.com
13. Billsvc.com
14. Ccbillhelp.com
15. Ccbillservice.com
16. Customerhlp.com
17. Ebillingcenter.com
18. Eglobalbilling.com
19. Extrabilling.com
20. Fantazybill.com
21. Legalbillingsystems.com
22. Mainbillingcenter.com
23. Orderhlp.com
24. Paymentbit.com
25. Paymentbit.net
26. Paymentforge.com
27. Quickdownloadpro.com
28. Safepaymentsonline.com
29. Software-payment.com
30. Spankyhosting.com
31. Support-wizard.com
32. Supporthlp.com
33. Truebillingservices.com
34. Ultimatepayment.com

Tags: 3FN, Antivirus XP 2008, CyprusHostingNetworks, NETDIRECT-NET, rogue Antispyware
Posted in Malware | 1 Comment »

Clean The Net

Your guide to Remove Virus

Posts Tagged ‘rogue Antispyware’

PRO Antispyware 2009 rogue antispyware application

Antispyware PRO XP rogue antispyware application

PCPrivacyCleaner rogue antispyware software

PC Protection Center 2008 rogue antispyware software

Spyzooka rogue antispyware software

Trace Sweeper

XP Antivirus 2008

AdvancedXPFixer

MalwareProtector 2008

Antivirus XP 2008

We recommend:
CESAM Anti-Malware

Archives

Tag Cloud

Categories

Recent Posts

Recent Comments

Glossary

July 2009
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Your guide to Remove Virus

Posts Tagged ‘rogue Antispyware’

We recommend: CESAM Anti-Malware

Archives

Tag Cloud

Categories

Recent Posts

Recent Comments

Glossary

We recommend:
CESAM Anti-Malware