Thursday, January 31, 2008
Monday, January 28, 2008
Qazcodec.net
Another Fake Codec site Regd to ESTDOMAINS.
This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
Stay away from this website.
Domain Name: qazcodec.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-26
Name Servers:
ns1.qazcodec.net
ns2.qazcodec.net
IP Address: 64.28.184.174
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-28 03:56:01 MST
This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
Stay away from this website.
qazcodec.net
Domain Name: qazcodec.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-26
Name Servers:
ns1.qazcodec.net
ns2.qazcodec.net
IP Address: 64.28.184.174
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-28 03:56:01 MST
Friday, January 25, 2008
Hqcodectime.net
Hqcodectime.net is Another Fake Codec Site regtd to ESTDOMAINS.
Following:
codecmpg.com 64.28.184.162
codecmeg.net 64.28.184.163
Codecultra.net 64.28.184.164
codecops.net 64.28.184.165
Codecpro.net 64.28.184.166
codecviva.com 64.28.184.167
Codeczang.net 64.28.184.168
codecplay.com 64.28.184.169
Codecbsplay.com 64.28.184.170
Vipcodecvip.com 64.28.184.171
Hqcodecvip.com 64.28.184.172
Do NOT download any installers from this website.Note that this program is a DNS Changer.
It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
Hqcodectime.net
Domain Name: hqcodectime.net
Status: ok
Registrar: ESTDOMAINS, INC.
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-23
Name Servers:
ns1.hqcodectime.net
ns2.hqcodectime.net
IP Address: 64.28.184.173
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-25 03:17:32 MST
STAY AWAY FROM THIS SITE!!!!!!!!
Tuesday, January 15, 2008
WinErrorFixer 2007
WinErrorFixer 2007 is described as potentially unwanted application by some of them, as shown in the VirusTotal Result.
VirusTotal Result: 7/32 (21.88%)
AVG -------> SHeur.KTO
eSafe -------> suspicious Trojan/Worm
FileAdvisor -------> Low threat detected
McAfee 5206 -------> potentially unwanted program Winfixer
Panda 9.0.0.4 -------> Application/WinErrorFixer
Prevx1 V2 -------> Suspicious File With Persistence
Webwasher-Gateway 6.0.1 -------> Worm.Win32.ModifiedUPX.gen!84 (suspicious)
----------------------------------------------------------------------------------------
File size: 54552 bytes
MD5: e89ee5276da753dc98571f39119f4265
SHA1: 92f9111440e85e68bc880bd03f8cb0dcf89531c5
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e89ee5276da753dc98571f39119f4265
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=123001F018A318BFD5D60079156D15002616DA17
Screenshots:
Additional information :
Domain Name: winerrorfixer.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Expiration Date: 2008-12-07
Creation Date: 2005-12-07
Last Update Date: 2007-10-29
Name Servers:
ns29.domaincontrol.com
ns30.domaincontrol.com
IP Address: 64.46.38.133
IP Location: Canada
Website Status: active
Server Type: Apache/2.0.58 (Unix) mod_ssl/2.0.58 OpenSSL/0.9.7f PHP/4.4.7
Alexa Trend/Rank: 1 Month: 44,539 3 Month: 49,706
Page Views per Visit: 1 Month: 1.7 3 Month: 1.8
Cache Date: 2008-01-15 03:22:48 MST
Compare Archived Data: 2007-09-15
Monday, January 7, 2008
CodecViva.com
Another Fake Codec Site regtd to ESTDOMAINS.
Do NOT download any installers from this website.
Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
Domain Name: codecviva.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-05
Name Servers:
ns1.codecviva.com
ns2.codecviva.com
IP Address: 64.28.184.167
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-07 05:41:20 MST
Do NOT download any installers from this website.
Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
CodecViva.com
Domain Name: codecviva.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-05
Name Servers:
ns1.codecviva.com
ns2.codecviva.com
IP Address: 64.28.184.167
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-07 05:41:20 MST
Saturday, January 5, 2008
InfeStop
InfeStop is a Rogue application from ESTDOMAINS.
It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.
VirusTotla result is very poor, make sure that you do not download the application.
InfeStop.com
InfeStop
Warning
VirusTotal results: 2/32 (6.25%)
NOD32v2----------> error - password-protected file
Microsoft----------> Program:Win32/Easyspywarecleaner
Domain Name: infestop.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19
Name Servers:
ns1.infestop.com
ns2.infestop.com
IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Cache Date: 2008-01-05 08:42:15 MST
NOD32v2----------> error - password-protected file
Microsoft----------> Program:Win32/Easyspywarecleaner
Domain Name: infestop.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19
Name Servers:
ns1.infestop.com
ns2.infestop.com
IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Cache Date: 2008-01-05 08:42:15 MST
Spy-Rid
Spy-Rid is a Rogue application from ESTDOMAINS.
It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.
VirusTotla result is very poor, make sure that you do not download the application
Spy-Rid.com
Spy-Rid
Warning
VirusTotal results: 2/32 (6.25%)
NOD32v2----------> error - password-protected file
Sunbelt----------> Spy-Rid
Domain Name: spy-rid.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19
Name Servers:
ns1.spy-rid.com
ns2.spy-rid.com
IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Cache Date: 2008-01-05 08:30:48 MST
EasySpywareCleaner
EasySpywareCleaner is a Rogue application from ESTDOMAINS.
It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.
VirusTotla result is very poor, make sure that you do not download the application.
EasySpywareCleaner.com
EasySpywareCleaner
Warning
VirusTotal results: 2/32 (6.25%)
Microsoft ----------> Program:Win32/Easyspywarecleaner
NOD32v2 ----------> error - password-protected file
Domain Name: easyspywarecleaner.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19
Name Servers:
ns1.easyspywarecleaner.com
ns2.easyspywarecleaner.com
IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Alexa Trend/Rank: 1 Month: 831,443
Page Views per Visit: 1 Month: 1.4
Cache Date: 2008-01-05 07:34:30 MST
Friday, January 4, 2008
codecpro.net
codecpro.net is the latest Fake Codec Site from ESTDOMAINS followin
Codecops.net
Codecultra.net
Codecmeg.net
Codecmpg.com
Codecdvi.com
Do NOT download any installers from this website. Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
codecpro.net
Codecops.net
Codecultra.net
Codecmeg.net
Codecmpg.com
Codecdvi.com
Do NOT download any installers from this website. Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
codecpro.net
Domain Name: codecpro.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-02
Name Servers:
ns1.codecpro.net
ns2.codecpro.net
IP Address: 64.28.184.166
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-04 03:30:22 MST
Compare Archived Data: 2007-12-13
Subscribe to:
Posts (Atom)