VirusHeat- A New Rogue Security Application
VirusHeat.com
VirusHeat a New Rogue Security application from the SSH Family. The Rogue application is distributed through Zlob Trojan.The application is a clone of VirusProtectPro, SpyHeal, SpyLocked and many other Rogue security applications.
Site Name: VirusHeat.com
IP Address: 85.255.120.53
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.amigobore.com [85.255.117.205]
ns2.amigobore.com [91.192.106.1]
ns3.amigobore.com [85.255.117.202]
ns4.amigobore.com [195.3.144.77]
Screenshot of VirusHeat Application:
Detection of the rogue is really poor.
VirusTotal Scan Result: 5/32 (15.63%)
Avast 4.7.1098.0 2008.02.08 Win32:AntiVirGear
BitDefender 7.2 2008.02.09 Adware.Spyfalcon.G
Ikarus T3.1.1.20 2008.02.09 Virus.Win32.Spycrush.B
Kaspersky 7.0.0.125 2008.02.09 not-a-virus:FraudTool.Win32.SpyHeal.i
VBA32 3.12.6.0 2008.02.09 Win32.Adware.VirusProtectPro
VirusTotal Scan Result: 5/32 (15.63%)
Avast 4.7.1098.0 2008.02.08 Win32:AntiVirGear
BitDefender 7.2 2008.02.09 Adware.Spyfalcon.G
Ikarus T3.1.1.20 2008.02.09 Virus.Win32.Spycrush.B
Kaspersky 7.0.0.125 2008.02.09 not-a-virus:FraudTool.Win32.SpyHeal.i
VBA32 3.12.6.0 2008.02.09 Win32.Adware.VirusProtectPro
VirusHeat removal Instruction here.
Another Component site from Zlob Trojan:
Site Name: Puresafetyhere.com
IP Address: 85.255.116.211
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.puresafetyhere.com [85.255.116.211]
ns2.puresafetyhere.com [85.255.116.212]
This site advertises well documented Rogue security applications. Stay away from these sites and the rogue application they advertise.
Bharath M N
Another Component site from Zlob Trojan:
Site Name: Puresafetyhere.com
IP Address: 85.255.116.211
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.puresafetyhere.com [85.255.116.211]
ns2.puresafetyhere.com [85.255.116.212]
This site advertises well documented Rogue security applications. Stay away from these sites and the rogue application they advertise.
Bharath M N
