Friday, August 22, 2008

AntiSpywareDeluxe and AntiSpyDeluxe

AntiSpywareDeluxe and AntiSpyDeluxe

Domain Name: Antispywaredeluxe.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com/
Expiration Date: 2009-02-03
Creation Date: 2008-02-03
Last Update Date: 2008-04-04
Name Servers:
ns.antispywaredeluxe.com
ns1.us.editdns.net
ns2.us.editdns.net
ns3.us.editdns.net
Extended Info IP Address: 67.205.75.9
Website Status: active
Server Type: lighttpd/1.4.18
Alexa Trend/Rank: 1 Month: 2,303,620 3 Month: 1,579,144
Page Views per Visit: 1 Month: 1 3 Month: 1.1
Cache Date: 2008-08-22 09:18:10 MST
Compare Archived Data: 2008-03-24
------------------------------------------------------------


Domain Name: Antispydeluxe.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com/
Expiration Date: 2009-08-18
Creation Date: 2008-08-18
Last Update Date: 2008-08-18
Name Servers: ns1.antispysoftware08.com ns2.antispysoftware08.com
Extended Info IP Address: 200.63.42.145
Website Status: active
Server Type: Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8b mod_perl/1.29 FrontPage/5.0.2.2510
Cache Date: 2008-08-22 09:22:24 MST
Compare Archived Data: 2008-08-19


AntiSpywareDeluxe




AntiSpyDeluxe
Posted by at No comments:

Friday, July 25, 2008

More new Fake Codec sites

Some more new Fake codec sites distributing DNS changer Trojans.

avicodec.net
best-codec.com
cleancodec.net
demo-codec.net
democodec.net
end-codec.net
endcodec.net
hq-codec.net

Note that the the Registrars of the above sites is ESTDOMAINS.

Donot download or install any file from these sites.
Posted by at No comments:

Friday, July 18, 2008

New Fake codec sites

New set of fake codec sites producing DNS changer Trojans.

Note that the Registrar of all these sites is ESTDOMAINS.

Stay away from them.

abc-codec.com
brakecodec.net
city-codec.com
citycodec.net
clean-codec.net
demo-codec.com
end-codec.com
firecodec.net
game-codec.com
giga-codec.com
hero-codec.com
hope-codec.com
hq-codec.com
ix-codec.com
jetcodec.net
megazcodec.com
nitrocodec.net
operacodec.com
qaz-codec.net
red-codec.net
spacecodec.net
storm-codec.com
uin-codec.net
ultracodec.net
viva-codec.com
white-codec.com
wotcodec.com
xero-codec.com
xvid-codec.org
zerocodec.net
Posted by at No comments:

Wednesday, July 2, 2008

AntiSpyware-2008






AntiSpyware-2008 is a Rogue application

Following websites distribute AntiSpyware-2008:

antispyware-2008-download.com
antispyware-2008-download.net
antispyware-2008-download.info
antivirus2008pro-download.com
antivirus2008pro-download.net
antivirus2008pro-download.info
antispyware2008-download.com
antispyware2008-download.net
antispyware2008-download.info
antivirus2008-pro.com
antivirus2008-pro.net
antivirus2008-pro.info
anti-spy-ware-2008.com
antispyware2008y.com
antispyware-2008.info


Screenshots:

Installation



It usually drops the following files n folders:


Fake scanner page:


Posted by at 1 comment:

Tuesday, July 1, 2008

TotalAntivirus





Totalantivirus is a new rogue application

Totalantivirusonline.com

TotalAntivirus




Domain Name: Totalantivirusonline.com
Status: ok
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.publicdomainregistry.com
Referral URL: http://www.publicdomainregistry.com
Expiration Date: 2009-03-31
Creation Date: 2008-03-31
Last Update Date: 2008-05-31
Name Servers:
ns1.mynick.name
ns2.mynick.name
ns3.mynick.name
ns4.mynick.name

IP Address: 72.233.81.107
IP Location: United States
Website Status: active
Server Type: Apache
Cache Date: 2008-07-01 07:05:50 MST
Posted by at 1 comment:

Friday, April 25, 2008

videopluginax.com , Porntubeguide.com

This summary is not available. Please click here to view the post.
Posted by at No comments:

Thursday, March 6, 2008

Real AntiVirus






Real AntiVirus is a Rogue application and the Registrar of real-av.com is ESTDOMAINS

Stay away from this website.

Real AntiVirus

real-av.com


Domain Name: real-av.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2009-02-25
Creation Date: 2008-02-25
Last Update Date: 2008-02-25
Name Servers:
qw.cool-cool-websearch.com
wq.cool-cool-websearch.com

IP Address: 66.246.229.81
IP Location: United States
Website Status: active
Server Type: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8b PHP/4.4.8 mod_perl/1.29 FrontPage/5.0.2.2510
Cache Date: 2008-03-06 05:06:20 MST
Posted by at No comments:

Monday, March 3, 2008

AntiSpyStorm2008






AntiSpyStorm2008 is a rogue application and the Registrar of AntiSpyStorm2008.com is ESTDOMAINS.

The rogue application @ Antispystorm2008.com Is same as the rogue application @ Antispystorm.com

But the verion is Different(for now). Check the screenshot below:

Antispystorm2008.com - 1.01.0044
Antispystorm.com - 1.01.0031

AntiSpyStorm2008

AntiSpyStorm @ AntiSpyStorm2008.com


AntiSpyStorm @ AntiSpyStorm.com


AntiSpyStorm2008.com

Domain Name: antispystorm2008.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-07
Creation Date: 2008-02-07
Last Update Date: 2008-02-07

Name Servers:
ns1.3fn.net
ns2.3fn.net

IP Address: 216.195.54.111
IP Location: United States
Website Status: active
Server Type: Apache/2.2.4 (Unix) PHP/4.4.4 mod_ssl/2.2.4 OpenSSL/0.9.7e-p1
Cache Date: 2008-03-03 10:10:35 MST

Posted by at No comments:

SpyMaxX






SpyMaxX is a Rogue application and the Registrar of spymaxx.com is ESTDOMAINS.

Stay away from this website.


SpyMaxX


SpyMaxX.com


Domain Name: spymaxx.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2009-02-04
Creation Date: 2008-02-04
Last Update Date: 2008-02-04
Name Servers:
ns1.3fn.net
ns2.3fn.net

IP Address: 216.195.54.110
IP Location: United States
Website Status: active
Server Type: Apache/2.2.4 (Unix) PHP/4.4.4 mod_ssl/2.2.4 OpenSSL/0.9.7e-p1
Cache Date: 2008-03-03 09:30:22 MST

Posted by at No comments:

TheLastDefender










TheLastDefender is a Rogue application and the Registrar of TheLastDefender.com is ESTDOMAINS.

Stay away from this website.


TheLastDefender


TheLastDefender.com

Domain Name: thelastdefender.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-12-28
Creation Date: 2007-12-28
Last Update Date: 2008-02-26
Name Servers:
ns1.thelastdefender.com
ns2.thelastdefender.com


IP Address: 78.31.211.57
Website Status: active
Server Type: Apache/2.2.6 (FreeBSD)
Alexa Trend/Rank: 1 Month: 2,207,208
Page Views per Visit: 1 Month: 3.2
Cache Date: 2008-03-03 04:00:26 MST
Posted by at No comments:

Friday, February 29, 2008

Mpgapplication.com


Mpgapplication.com Distributes Zlob Trojan

Make sure that you don’t install any application from this website.


Domain Name: mpgapplication.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-27
Creation Date: 2008-02-27
Last Update Date: 2008-02-27

Name Servers:
ns1.mpgapplication.com
ns2.mpgapplication.com

Extended Info IP Address: 85.255.118.180
IP Location: Ukraine
Website Status: active
Server Type: Apache/2.2.2 (Fedora)
Cache Date: 2008-02-28 04:43:39 MST
Posted by at No comments:

Wmvsolution.com

Wmvsolution.com Distributes Zlob Trojan

Make sure that you don’t install any application from this website.

Domain Name: wmvsolution.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-27
Creation Date: 2008-02-27
Last Update Date: 2008-02-27

Name Servers:
ns1.wmvsolution.com
ns2.wmvsolution.com

Extended Info IP Address: 85.255.120.109
IP Location: Ukraine
Website Status: active
Server Type: Apache/2.2.2 (Fedora)
Cache Date: 2008-02-28 07:48:27 MST
Posted by at No comments:

TheSpyBot






TheSpyBot is a Rogue application and TheSpyBot.com is regdt to ESTDOMAINS

Make sure that you don’t install any application from this website.

TheSpyBot

thespybot.com

Domain Name: thespybot.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-12
Creation Date: 2008-02-12
Last Update Date: 2008-02-13

Name Servers:
ns1.thespybot.com
ns2.thespybot.com

Extended Info IP Address: 78.108.183.32
Website Status: active
Server Type: nginx/0.5.33
Cache Date: 2008-02-28 10:47:53 MST

Posted by at 2 comments:

SpyWatchE






SpyWatchE is a Rogue application and spywatche.com is regdt to ESTDOMAINS

Make sure that you don’t install any application from this website.


SpyWatchE

SpyWatchE.com

Domain Name: spywatche.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2009-02-12
Creation Date: 2008-02-12
Last Update Date: 2008-02-13
Name Servers:
ns1.spywatche.com
ns2.spywatche.com

IP Address: 78.108.183.33
Website Status: active
Server Type: nginx/0.5.33
Cache Date: 2008-02-28 10:44:59 MST

Posted by at No comments:

Thursday, February 7, 2008

spacecodec.com

Another Fake codec site regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.

spacecodec.com


Domain Name: spacecodec.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-02-05

Name Servers:
ns1.spacecodec.com
ns2.spacecodec.com
IP Address: 64.28.184.177
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-02-07 04:32:09 MST
Posted by at No comments:

Monday, February 4, 2008

Lightcodec.com

What a PITY, This website is active once again producing the DNS changer trojan after more than a year.

It seams that the snake has taken a big o turn to bite its own tail, but the game is not yet over!!!!!

Stay away from this website.

lightcodec.com

Domain Name: lightcodec.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-02-02

Name Servers:
ns1.lightcodec.com
ns2.lightcodec.com

IP Address: 64.28.184.176
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-02-04 04:38:47 MST

Posted by at No comments:

Friday, February 1, 2008

Firecodec.com

Another Fake Codec site Regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.

Firecodec.com


Domain Name: firecodec.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-29

Name Servers:
ns1.firecodec.com
ns2.firecodec.com

IP Address: 64.28.184.175
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-02-01 03:10:18 MST
Posted by at No comments:

Thursday, January 31, 2008

Some Malicious Domains

This summary is not available. Please click here to view the post.
Posted by at No comments:

Monday, January 28, 2008

Qazcodec.net

Another Fake Codec site Regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.


qazcodec.net


Domain Name: qazcodec.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-26

Name Servers:
ns1.qazcodec.net
ns2.qazcodec.net

IP Address: 64.28.184.174
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-28 03:56:01 MST
Posted by at No comments:

Friday, January 25, 2008

Hqcodectime.net






Hqcodectime.net is Another Fake Codec Site regtd to ESTDOMAINS.
Following:

codecmpg.com 64.28.184.162
codecmeg.net 64.28.184.163
Codecultra.net 64.28.184.164
codecops.net 64.28.184.165
Codecpro.net 64.28.184.166
codecviva.com 64.28.184.167
Codeczang.net 64.28.184.168
codecplay.com 64.28.184.169
Codecbsplay.com 64.28.184.170
Vipcodecvip.com 64.28.184.171
Hqcodecvip.com 64.28.184.172

Do NOT download any installers from this website.Note that this program is a DNS Changer.

It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Hqcodectime.net


Domain Name: hqcodectime.net
Status: ok
Registrar: ESTDOMAINS, INC.
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-23

Name Servers:
ns1.hqcodectime.net
ns2.hqcodectime.net

IP Address: 64.28.184.173
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-25 03:17:32 MST

STAY AWAY FROM THIS SITE!!!!!!!!
Posted by at No comments:

Tuesday, January 15, 2008

WinErrorFixer 2007







WinErrorFixer 2007 is described as potentially unwanted application by some of them, as shown in the VirusTotal Result.



VirusTotal Result: 7/32 (21.88%)

AVG -------> SHeur.KTO
eSafe -------> suspicious Trojan/Worm
FileAdvisor -------> Low threat detected
McAfee 5206 -------> potentially unwanted program Winfixer
Panda 9.0.0.4 -------> Application/WinErrorFixer
Prevx1 V2 -------> Suspicious File With Persistence
Webwasher-Gateway 6.0.1 -------> Worm.Win32.ModifiedUPX.gen!84 (suspicious)
----------------------------------------------------------------------------------------
File size: 54552 bytes
MD5: e89ee5276da753dc98571f39119f4265
SHA1: 92f9111440e85e68bc880bd03f8cb0dcf89531c5
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e89ee5276da753dc98571f39119f4265
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=123001F018A318BFD5D60079156D15002616DA17

Screenshots:






Additional information :

Domain Name: winerrorfixer.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Expiration Date: 2008-12-07
Creation Date: 2005-12-07
Last Update Date: 2007-10-29

Name Servers:
ns29.domaincontrol.com
ns30.domaincontrol.com

IP Address: 64.46.38.133
IP Location: Canada
Website Status: active
Server Type: Apache/2.0.58 (Unix) mod_ssl/2.0.58 OpenSSL/0.9.7f PHP/4.4.7
Alexa Trend/Rank: 1 Month: 44,539 3 Month: 49,706
Page Views per Visit: 1 Month: 1.7 3 Month: 1.8
Cache Date: 2008-01-15 03:22:48 MST
Compare Archived Data: 2007-09-15

Posted by at No comments:

Monday, January 7, 2008

CodecViva.com

Another Fake Codec Site regtd to ESTDOMAINS.

Do NOT download any installers from this website.

Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

CodecViva.com


Domain Name: codecviva.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-05

Name Servers:
ns1.codecviva.com
ns2.codecviva.com

IP Address: 64.28.184.167
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-07 05:41:20 MST
Posted by at No comments:

Saturday, January 5, 2008

InfeStop


InfeStop is a Rogue application from ESTDOMAINS.

It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.

VirusTotla result is very poor, make sure that you do not download the application.

InfeStop.com

InfeStop

Warning

VirusTotal results: 2/32 (6.25%)
NOD32v2----------> error - password-protected file
Microsoft----------> Program:Win32/Easyspywarecleaner

Domain Name: infestop.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19

Name Servers:
ns1.infestop.com
ns2.infestop.com

IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Cache Date: 2008-01-05 08:42:15 MST
Posted by at No comments:
Subscribe to: Posts (Atom)