Another Fake Codec Site from ESTDOMAINS.
Do NOT download any installers from this website. Note that this program is a DNS Changer.
It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
Do NOT download any installers from this website. Note that this program is a DNS Changer.
It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.
codecdvi.com
Virustotal results: 12/32 (37.5%)
My sample is codecdvi1007.exe.
AntiVir ------> HEUR/Malware
AVG ------> Generic_c.FTY
BitDefender ------> Trojan.Zlob.BZY
CAT-QuickHeal ------> Win32.Trojan.DNSChanger.aho
ClamAV ------> Trojan.DNSChanger-2168
Fortinet ------> W32/ZLOB.ESC!tr
F-Secure ------> Trojan.Win32.DNSChanger.aii
Kaspersky ------> Trojan.Win32.DNSChanger.aii
McAfee ------> Puper.gen.d
Microsoft ------> Trojan:Win32/Alureon.gen!E
Symantec ------> Trojan.Zlob
Webwasher-Gateway ------> Heuristic.Malware
Additional information:
My sample is codecdvi1007.exe.
AntiVir ------> HEUR/Malware
AVG ------> Generic_c.FTY
BitDefender ------> Trojan.Zlob.BZY
CAT-QuickHeal ------> Win32.Trojan.DNSChanger.aho
ClamAV ------> Trojan.DNSChanger-2168
Fortinet ------> W32/ZLOB.ESC!tr
F-Secure ------> Trojan.Win32.DNSChanger.aii
Kaspersky ------> Trojan.Win32.DNSChanger.aii
McAfee ------> Puper.gen.d
Microsoft ------> Trojan:Win32/Alureon.gen!E
Symantec ------> Trojan.Zlob
Webwasher-Gateway ------> Heuristic.Malware
Additional information:
Domain Name: codecdvi.com
Status: ok
Registrar: ESTDOMAINS, INC.
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2007-12-17
Name Servers:
ns1.codecdvi.com
ns2.codecdvi.com
IP Address: 64.28.184.190
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2007-12-19 06:33:44 MST
Status: ok
Registrar: ESTDOMAINS, INC.
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2007-12-17
Name Servers:
ns1.codecdvi.com
ns2.codecdvi.com
IP Address: 64.28.184.190
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2007-12-19 06:33:44 MST
1 comment:
Cool article you got here. It would be great to read a bit more about this theme. The only thing it would also be great to see on this blog is some photos of such gadgets as gps jammer.
Post a Comment