More sites distributing Rogue Security applications
Site Name: Securecleaner.com
IP Address: 69.50.166.142
Registrar: ESTDOMAINS, INC.
Name Servers:
ns.securecleaner.com [69.50.166.142]
IP Address: 69.50.166.142
Registrar: ESTDOMAINS, INC.
Name Servers:
ns.securecleaner.com [69.50.166.142]
This site distributes Rogue Security Application called SecureCleaner . The Rogue application this site promotes belongs to Spywareno\ SpySheriff Family.
Screenshot of SecureCleaner Website:
The installer from the site was scanned and here is the scan result:
VirusTotal Scan Result: 2/32 (6.25%)
AVG 7.5.0.516 2008.01.21 Adware Generic2.AALS
NOD32v2 2812 2008.01.21 a variant of Win32/Adware.SpySheriff
VirusTotal Scan Result: 2/32 (6.25%)
AVG 7.5.0.516 2008.01.21 Adware Generic2.AALS
NOD32v2 2812 2008.01.21 a variant of Win32/Adware.SpySheriff
Site Name: Sys-cleaner.com
IP Address: 88.208.1.10
Registrar: GODADDY.COM, INC.
Name Servers:
ns39.domaincontrol.com [208.109.78.191]
ns40.domaincontrol.com [208.109.255.20]
IP Address: 88.208.1.10
Registrar: GODADDY.COM, INC.
Name Servers:
ns39.domaincontrol.com [208.109.78.191]
ns40.domaincontrol.com [208.109.255.20]
This site distributes Rogue Security Application called Sys-Cleaner. The Rogue application this site promotes belongs to Ultimate Defender Family.
Screenshot of Sys-Cleaner Website:
Screenshot of Sys-Cleaner promoter:
The installer from the site was scanned and here is the scan result:
VirusTotal Scan Result: 6/32 (18.75%)
BitDefender 7.2 2008.01.22 Trojan.Adloader.JC
eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm
Ikarus T3.1.1.20 2008.01.21 not-a-virus:.FraudTool.Win32.UltimateDefender.a
Panda 9.0.0.4 2008.01.21 Suspicious file
Prevx1 V2 2008.01.22 Heuristic: Suspicious File With Outbound Communications
Symantec 10 2008.01.22 EliteProtector
Site Name: Eliteprotector.com
IP Address: 88.208.1.11
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.eliteprotector.com [85.255.120.122]
ns2.eliteprotector.com [85.255.120.126]
IP Address: 88.208.1.11
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.eliteprotector.com [85.255.120.122]
ns2.eliteprotector.com [85.255.120.126]
This site distributes Rogue Security Application called EliteProtector. The Rogue application this site promotes belongs to Ultimate Defender Family.
Screenshot of EliteProtector Website:
The installer from the site was scanned and here is the scan result:
VirusTotal Scan Result: 17/32 (53.13%)
AhnLab-V3 2008.1.22.10 2008.01.21 Win-Trojan/Xema.variant
AntiVir 7.6.0.48 2008.01.21 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.01.21 W32/Dropper.gen6
CAT-QuickHeal 9.00 2008.01.21 FraudTool.UltimateDefender.v (Not a Virus)
eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm
Fortinet 3.14.0.0 2008.01.21 Misc/UltimateDefender
F-Prot 4.4.2.54 2008.01.21 W32/Dropper.gen6
F-Secure 6.70.13260.0 2008.01.21 W32/Smalltroj.BRAP
Ikarus T3.1.1.20 2008.01.21 not-a-virus:.FraudTool.Win32.UltimateDefender.v
Kaspersky 7.0.0.125 2008.01.22 not-a-virus:FraudTool.Win32.UltimateDefender.v
Microsoft 1.3109 2008.01.22 Trojan:Win32/Anomaly.gen!A
Norman 5.80.02 2008.01.21 W32/Smalltroj.BRAP
Sophos 4.24.0 2008.01.22 Sus/Dropper-A
Sunbelt 2.2.907.0 2008.01.17 Trojan.Crypt.XDR.Gen
Symantec 10 2008.01.22 EliteProtector
TheHacker 6.2.9.193 2008.01.22 Aplicacion/UltimateDefender.v
Webwasher-Gateway 6.6.2 2008.01.21 Trojan.Crypt.XDR.Gen
VirusTotal Scan Result: 17/32 (53.13%)
AhnLab-V3 2008.1.22.10 2008.01.21 Win-Trojan/Xema.variant
AntiVir 7.6.0.48 2008.01.21 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.01.21 W32/Dropper.gen6
CAT-QuickHeal 9.00 2008.01.21 FraudTool.UltimateDefender.v (Not a Virus)
eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm
Fortinet 3.14.0.0 2008.01.21 Misc/UltimateDefender
F-Prot 4.4.2.54 2008.01.21 W32/Dropper.gen6
F-Secure 6.70.13260.0 2008.01.21 W32/Smalltroj.BRAP
Ikarus T3.1.1.20 2008.01.21 not-a-virus:.FraudTool.Win32.UltimateDefender.v
Kaspersky 7.0.0.125 2008.01.22 not-a-virus:FraudTool.Win32.UltimateDefender.v
Microsoft 1.3109 2008.01.22 Trojan:Win32/Anomaly.gen!A
Norman 5.80.02 2008.01.21 W32/Smalltroj.BRAP
Sophos 4.24.0 2008.01.22 Sus/Dropper-A
Sunbelt 2.2.907.0 2008.01.17 Trojan.Crypt.XDR.Gen
Symantec 10 2008.01.22 EliteProtector
TheHacker 6.2.9.193 2008.01.22 Aplicacion/UltimateDefender.v
Webwasher-Gateway 6.6.2 2008.01.21 Trojan.Crypt.XDR.Gen
Site Name: xpantiviruspro.com
IP Address: 69.50.183.50
Registrar: ESTDOMAINS, INC.
Name Servers:
managedns1.estboxes.com [69.50.182.20]
managedns2.estboxes.com [69.50.183.26]
managedns3.estboxes.com [69.50.182.22]
managedns4.estboxes.com [69.50.183.30]
IP Address: 69.50.183.50
Registrar: ESTDOMAINS, INC.
Name Servers:
managedns1.estboxes.com [69.50.182.20]
managedns2.estboxes.com [69.50.183.26]
managedns3.estboxes.com [69.50.182.22]
managedns4.estboxes.com [69.50.183.30]
This site distributes Rogue Security Application called XPantiviruspro.
Screenshot of XPantiviruspro Website:
Screenshot of XPantiviruspro fake scanner page
The installer from the site was scanned and here is the scan result:
VirusTotal Scan Result: 14/32 (43.75%)
AntiVir 7.6.0.48 2008.01.21 TR/Delphi.Downloader.Gen
DrWeb 4.44.0.09170 2008.01.21 Trojan.Fakealert.401
eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm
Ewido 4.0 2008.01.21 Not-A-Virus.Downloader.Win32.XpAntivirus.c
F-Secure 6.70.13260.0 2008.01.21 W32/DLoader.EWBA
Ikarus T3.1.1.20 2008.01.21 not-a-virus:Downloader.Win32.XpAntivirus.c
Kaspersky 7.0.0.125 2008.01.22 not-a-virus:Downloader.Win32.XpAntivirus.c
McAfee 5212 2008.01.21 FakeAlert-AB.dldr
Norman 5.80.02 2008.01.21 W32/DLoader.EWBA
Panda 9.0.0.4 2008.01.21 Adware/Xpantivirus2008
Prevx1 V2 2008.01.22 Heuristic: Suspicious File With Outbound Communications
Sophos 4.24.0 2008.01.21 Sus/DelpDldr-A
Symantec 10 2008.01.22 Downloader.MisleadApp
Webwasher-Gateway 6.6.2 2008.01.21 Trojan.Delphi.Downloader.Gen
Site Name: xpcleanerpro.com
IP Address: 69.50.183.51
Registrar: ESTDOMAINS, INC.
Name Servers:
managedns1.estboxes.com [69.50.182.20]
managedns2.estboxes.com [69.50.183.26]
managedns3.estboxes.com [69.50.182.22]
managedns4.estboxes.com [69.50.183.30]
IP Address: 69.50.183.51
Registrar: ESTDOMAINS, INC.
Name Servers:
managedns1.estboxes.com [69.50.182.20]
managedns2.estboxes.com [69.50.183.26]
managedns3.estboxes.com [69.50.182.22]
managedns4.estboxes.com [69.50.183.30]
This site distributes a bogus Drive Cleaner Application called XPcleanerpro. No proper download available for this bogus Drive Cleaner, only a notepad.exe file is available for download.
Screenshot of XPcleanerpro Website:
Stay away from all these sites.
Bharath M N
Bharath M N
