Malicious sites
Trojan distributing sites:
Zlob Trojan Distributing site:
Site Name: Aviutility.com
IP Address: 85.255.117.245
DNS Changer Trojan Distributing site:
Site Name: Megazticket.net
IP Address: 64.28.184.179
Trojan-Downloader Distributing sites
Site Name: Getvideoc.com
IP Address: 77.92.88.22
The trojan installs the following Malicious BHO
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\avgsafe.dll
The BHO nags user into downloading IE-Antivirus which is a well documented rogue security application. The Trojan uses random name for the dll file, usually in the format a%safe.dll
MediaTubeCodec Trojan Distributing site:
Site Name: Bestsoft-ware08.com
IP Address: 91.203.70.18
The Trojan further changes the Background with the following fake warning message and also silently installs "Antivirus2008PRO" rogue security application.
Reference links:
77.91.227.179/bingo/Antivirus2008PRO.exe
Rogue/Fake scanner pages:
Totalantivirus
Totalantivirus is yet another clone of the current rogue Antivirus series.
Site Name: Totalantivirusonline.com
IP Address: 72.233.81.107
Zlob Trojan Distributing site:
Site Name: Aviutility.com
IP Address: 85.255.117.245
DNS Changer Trojan Distributing site:
Site Name: Megazticket.net
IP Address: 64.28.184.179
Trojan-Downloader Distributing sites
Site Name: Getvideoc.com
IP Address: 77.92.88.22
The trojan installs the following Malicious BHO
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\avgsafe.dll
The BHO nags user into downloading IE-Antivirus which is a well documented rogue security application. The Trojan uses random name for the dll file, usually in the format a%safe.dll
MediaTubeCodec Trojan Distributing site:
Site Name: Bestsoft-ware08.com
IP Address: 91.203.70.18
The Trojan further changes the Background with the following fake warning message and also silently installs "Antivirus2008PRO" rogue security application.
Reference links:
77.91.227.179/bingo/Antivirus2008PRO.exe
Rogue/Fake scanner pages:
Totalantivirus
Totalantivirus is yet another clone of the current rogue Antivirus series.
Site Name: Totalantivirusonline.com
IP Address: 72.233.81.107
Screenshot of Totalantivirus application
Some new sites assosiated with this rogue series:
Site Name: XP-Registration.com
IP Address: 209.67.214.194
Site Name: XPonlinescanner9.com
reference links:
xponlinescanner9(dot)com/2009/3/_freescan.php?aid=77011813
Stay away from all these sites.
Bharath M N
Site Name: XP-Registration.com
IP Address: 209.67.214.194
Site Name: XPonlinescanner9.com
reference links:
xponlinescanner9(dot)com/2009/3/_freescan.php?aid=77011813
Stay away from all these sites.
Bharath M N
