Another Fake Codec Site from ESTDOMAINS,
Do NOT download any program from this website.
Note that this program is a DNSChanger. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.It has the capability to install a Rootkit on to your computer to re-route your Internet searches through the bad servers to make money for them.
Screenshot:
Following pic would give u info on the DNS it modifies:
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com/
Expiration Date: 2008-09-21
Creation Date: 2007-09-21 Last
Update Date: 2007-11-26
Name Servers: ns1.codechq.net ns2.codechq.net
Extended Info
IP Address:
64.28.184.183
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2007-11-28 05:10:23 MST
Virustotal Results: Result: 14/32 (43.75%)
-----------------------------------------
My sample is : Codechq1080.exe
AntiVir 7.6.0.34 2007.11.28 HEUR/Malware
Avast 4.7.1074.0 2007.11.27 Win32:Trojan-gen {Other}
AVG 7.5.0.503 2007.11.27 Downloader.Zlob.KF
BitDefender 7.2 2007.11.28 Trojan.Zlob.BYQ
CAT-QuickHeal 9.00 2007.11.27 Win32.Trojan.DNSChanger.abj
Ewido 4.0 2007.11.27 Downloader.Zlob.eie
Fortinet 3.14.0.0 2007.11.28 W32/Zlobar.ABJ!tr
F-Secure 6.70.13030.0 2007.11.28 Trojan.Win32.DNSChanger.adz
Kaspersky 7.0.0.125 2007.11.28 Trojan.Win32.DNSChanger.adz
Prevx1 V2 2007.11.28 Generic.Dropper.xCodec
Sophos 4.23.0 2007.11.28 Troj/Zlobar-Fam
Symantec 10 2007.11.28 Trojan.Zlob
TheHacker 6.2.9.144 2007.11.28 Trojan/Downloader.Zlob.eie
Webwasher-Gateway 6.6.2 2007.11.28 Heuristic.Malware
Additional information:
------------------------
File size: 231553 bytes
MD5: d57546a73be8d902fa6a574452294ee4
SHA1: d20f49022a2cebb350360e7d675ef21aee205e4e
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=675A623B815697AB88DB03AB863BA800ACF0C59E
No comments:
Post a Comment