The site mentioned below is a promo site advertising SpyWatchE Rogue security application from SpywareNo/SpySheriff family.
Site Name: Spywatchepromo.com
IP Address: 58.22.101.110
Registrar: ESTDOMAINS, INC.
Screenshot of Spywatchepromo.com sites Fake/Scare scan page
Screenshot of Spywatchepromo.com sites Fake/Scare scan page
The site pushes “install_3914_MHw0OXx8fHx8fHw_.exe” file on to the system which in turn download the SpyWatchE Rogue security application. VirusTotal Scan results:
VirusTotal Scan Result: 5/32 (15.62%)
AVG 7.5.0.516 2008.03.31 Downloader.Zlob.VQV
NOD32v2 2987 2008.03.31 probably a variant of Win32/Genetik
Panda 9.0.0.4 2008.03.31 Adware/SpyShredder
Prevx1 V2 2008.03.31 Trojan.Vundo
Sophos 4.28.0 2008.03.31 Troj/SpWadA-Gen
The site Winxprotector.com also shares the same IP. This site also belongs to SpywareNo/SpySheriff family and distributes rogue security application.
Screenshot of Winxprotector.com site
Stay away from these sites.
Bharath M N
