Wednesday, November 28, 2007

Another Fake Codec Site from ESTDOMAINS,

Do NOT download any program from this website.

Note that this program is a DNSChanger. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.It has the capability to install a Rootkit on to your computer to re-route your Internet searches through the bad servers to make money for them.


Following pic would give u info on the DNS it modifies:


Whois Server:

Referral URL:

Expiration Date: 2008-09-21

Creation Date: 2007-09-21 Last

Update Date: 2007-11-26

Name Servers:

Extended Info
IP Address:
Website Status: active

Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch

Cache Date: 2007-11-28 05:10:23 MST

Virustotal Results: Result: 14/32 (43.75%)

My sample is : Codechq1080.exe

AntiVir 2007.11.28 HEUR/Malware
Avast 4.7.1074.0 2007.11.27 Win32:Trojan-gen {Other}
AVG 2007.11.27 Downloader.Zlob.KF
BitDefender 7.2 2007.11.28 Trojan.Zlob.BYQ
CAT-QuickHeal 9.00 2007.11.27 Win32.Trojan.DNSChanger.abj
Ewido 4.0 2007.11.27 Downloader.Zlob.eie
Fortinet 2007.11.28 W32/Zlobar.ABJ!tr
F-Secure 6.70.13030.0 2007.11.28 Trojan.Win32.DNSChanger.adz
Kaspersky 2007.11.28 Trojan.Win32.DNSChanger.adz
Prevx1 V2 2007.11.28 Generic.Dropper.xCodec
Sophos 4.23.0 2007.11.28 Troj/Zlobar-Fam
Symantec 10 2007.11.28 Trojan.Zlob
TheHacker 2007.11.28 Trojan/Downloader.Zlob.eie
Webwasher-Gateway 6.6.2 2007.11.28 Heuristic.Malware

Additional information:
File size: 231553 bytes
MD5: d57546a73be8d902fa6a574452294ee4
SHA1: d20f49022a2cebb350360e7d675ef21aee205e4e
Prevx info:


No comments: