Sign In
Create Account
0
From Sunbelt: a fake codec is downloadable from freerealitympegs(dot)com.
#1
Posted 13 July 2007 - 08:02 AM
-
- Experts
-
- 700 posts
Elite Member
- Gender:Male
- Location:Harlingen - The Netherlands
- Interests:
- [•]www.pdd-nos.nl
[•]www.pdd-nos.be
[•]www.pdd-nos.com
Back to top
#2
Posted 13 July 2007 - 01:15 PM
-
- Administrators
-
- 5,191 posts
Forum Deity
- Location:Northampton, MA USA
This is part of a new rogue wave that advertises and installs rogues typically pushed through Vundo type infections . It also does one of the worst desktop wallpaper hijacks I have seen in a long time .
At this point I am seeing this heavily spammed through hacked .edu sites .
Anyone that wants to go hunting for this from scratch can use google's advanced search for (any adult phrase + movies) within .edu only . The results will contain direct rogue home page redirects , Zlob fake movie pages , DNSchanger movie pages and this new one . You will also get exploit install Renos pages , but Renos is currently broken and fails to download pesttrap (but it tries) .
Other sites on their server :
Bestsearchinternet.com
Fastsearchsites.com
Findanystuff.com
Freerealitympegs.com
Funnypedro.com
Jalapenovids.com
Mp3too.com
Paparazzidog.com
Petrushkin.com
Searchbestguide.com
Searchisall.com
Searchthebestworld.com
Syprivacy.com
Yoursearchbest.com
BTW MBAM is completely on top of this one at this point , I check for changes every day .
At this point I am seeing this heavily spammed through hacked .edu sites .
Anyone that wants to go hunting for this from scratch can use google's advanced search for (any adult phrase + movies) within .edu only . The results will contain direct rogue home page redirects , Zlob fake movie pages , DNSchanger movie pages and this new one . You will also get exploit install Renos pages , but Renos is currently broken and fails to download pesttrap (but it tries) .
Other sites on their server :
Bestsearchinternet.com
Fastsearchsites.com
Findanystuff.com
Freerealitympegs.com
Funnypedro.com
Jalapenovids.com
Mp3too.com
Paparazzidog.com
Petrushkin.com
Searchbestguide.com
Searchisall.com
Searchthebestworld.com
Syprivacy.com
Yoursearchbest.com
BTW MBAM is completely on top of this one at this point , I check for changes every day .
#3
Posted 13 July 2007 - 01:23 PM
-
- Administrators
-
- 5,191 posts
Forum Deity
- Location:Northampton, MA USA
Its been more than a week since I started working with this infection and this is what VT currently sees :
AhnLab-V3 2007.7.13.0 2007.07.13 no virus found
AntiVir 7.4.0.39 2007.07.13 no virus found
Authentium 4.93.8 2007.07.13 no virus found
Avast 4.7.997.0 2007.07.12 no virus found
AVG 7.5.0.476 2007.07.12 no virus found
BitDefender 7.2 2007.07.13 Trojan.FakeCodecs.G
CAT-QuickHeal 9.00 2007.07.12 no virus found
ClamAV devel-20070416 2007.07.13 no virus found
DrWeb 4.33 2007.07.13 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3783 2007.07.13 no virus found
Ewido 4.0 2007.07.13 no virus found
FileAdvisor 1 2007.07.13 no virus found
Fortinet 2.91.0.0 2007.07.13 no virus found
F-Prot 4.3.2.48 2007.07.13 no virus found
Ikarus T3.1.1.8 2007.07.13 no virus found
Kaspersky 4.0.2.24 2007.07.13 no virus found
McAfee 5073 2007.07.12 no virus found
Microsoft 1.2704 2007.07.12 no virus found
NOD32v2 2396 2007.07.12 error occurred while reading archive
Norman 5.80.02 2007.07.12 no virus found
Panda 9.0.0.4 2007.07.13 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.12 no virus found
Symantec 10 2007.07.13 no virus found
TheHacker 6.1.6.145 2007.07.12 no virus found
VBA32 3.12.0.2 2007.07.13 no virus found
VirusBuster 4.3.23:9 2007.07.12 no virus found
Webwasher-Gateway 6.0.1 2007.07.13 no virus found
Aditional information
File size: 56000 bytes
MD5: 0c0aaca10f1a4dde4886fab128afac5e
SHA1: 3b519fa56b271ae34c3da4a5ce81e008921cf55e
packers: BINARYRES
BitDefender is known for its unpacking technology , seems that its reputation is well deserved . Hats off to BitDefender on this one .
AhnLab-V3 2007.7.13.0 2007.07.13 no virus found
AntiVir 7.4.0.39 2007.07.13 no virus found
Authentium 4.93.8 2007.07.13 no virus found
Avast 4.7.997.0 2007.07.12 no virus found
AVG 7.5.0.476 2007.07.12 no virus found
BitDefender 7.2 2007.07.13 Trojan.FakeCodecs.G
CAT-QuickHeal 9.00 2007.07.12 no virus found
ClamAV devel-20070416 2007.07.13 no virus found
DrWeb 4.33 2007.07.13 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3783 2007.07.13 no virus found
Ewido 4.0 2007.07.13 no virus found
FileAdvisor 1 2007.07.13 no virus found
Fortinet 2.91.0.0 2007.07.13 no virus found
F-Prot 4.3.2.48 2007.07.13 no virus found
Ikarus T3.1.1.8 2007.07.13 no virus found
Kaspersky 4.0.2.24 2007.07.13 no virus found
McAfee 5073 2007.07.12 no virus found
Microsoft 1.2704 2007.07.12 no virus found
NOD32v2 2396 2007.07.12 error occurred while reading archive
Norman 5.80.02 2007.07.12 no virus found
Panda 9.0.0.4 2007.07.13 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.12 no virus found
Symantec 10 2007.07.13 no virus found
TheHacker 6.1.6.145 2007.07.12 no virus found
VBA32 3.12.0.2 2007.07.13 no virus found
VirusBuster 4.3.23:9 2007.07.12 no virus found
Webwasher-Gateway 6.0.1 2007.07.13 no virus found
Aditional information
File size: 56000 bytes
MD5: 0c0aaca10f1a4dde4886fab128afac5e
SHA1: 3b519fa56b271ae34c3da4a5ce81e008921cf55e
packers: BINARYRES
BitDefender is known for its unpacking technology , seems that its reputation is well deserved . Hats off to BitDefender on this one .
#4
Posted 29 July 2007 - 10:34 PM
-
- Experts
-
- 419 posts
True Member
- Location:The Internets
Jalapenovids.com is what is left to a redirect to contravirus.
All other addresses are dead.
If you're infected with this, take a gander at the new Malwarebytes Anti-Malware.
All other addresses are dead.
If you're infected with this, take a gander at the new Malwarebytes Anti-Malware.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
