Sign In
Create Account
0
hxxp://Smartantivirus2009.com
hxxp:/Smartantivirus-2009.com
hxxp:/Smart-antivirus2009.com
hxxp:/Smart-antivirus-2009.com
hxxp:/Smartantivirus2009buy.com
hxxp:/Smart-antivirus2009buy.com
hxxp:/Smart-antivirus-2009-buy.com
hxxp:/Smart-antivirus-2009buy.com
hxxp:/Smart-antivirus2009-buy.com
hxxp:/Smartantivirus-2009-buy.com
hxxp:/Smartantivirus-2009buy.com
hxxp:/Smartantivirus2009-buy.com
Back to top
#2
Posted 04 September 2008 - 11:46 PM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
#3
Posted 05 September 2008 - 12:56 AM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
Malwarebytes' Anti-Malware 1.25
Database version: 1116
Windows 5.1.2600 Service Pack 1
8:55:50 PM 9/4/2008
mbam-log-2008-09-04 (20-55-48).txt
Scan type: Quick Scan
Objects scanned: 38650
Time elapsed: 24 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 9
Memory Processes Infected:
C:\Documents and Settings\Bruce\Desktop\MBAM\samples to test\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart antivirus-2009.exe (Rogue.Installer) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Infected (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Suspicious (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
Files Infected:
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Desktop\MBAM\samples to test\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Local Settings\Temp\setup[1].ver1_1000.0_.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Bruce\Local Settings\Temp\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Bruce\Desktop\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\zlib.dll (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Start Menu\Programs\Smart Antivirus 2009\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
assimilated
Database version: 1116
Windows 5.1.2600 Service Pack 1
8:55:50 PM 9/4/2008
mbam-log-2008-09-04 (20-55-48).txt
Scan type: Quick Scan
Objects scanned: 38650
Time elapsed: 24 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 9
Memory Processes Infected:
C:\Documents and Settings\Bruce\Desktop\MBAM\samples to test\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart antivirus-2009.exe (Rogue.Installer) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Infected (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Suspicious (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> No action taken.
Files Infected:
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Desktop\MBAM\samples to test\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Local Settings\Temp\setup[1].ver1_1000.0_.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Bruce\Local Settings\Temp\SmartAntivirus2009.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Bruce\Desktop\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
C:\Program Files\Smart Antivirus 2009\zlib.dll (Rogue.SmartAntivirus) -> No action taken.
C:\Documents and Settings\Bruce\Start Menu\Programs\Smart Antivirus 2009\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> No action taken.
assimilated
#4
Posted 05 September 2008 - 01:09 AM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
#5
Guest_remixed_*
Posted 05 September 2008 - 01:22 AM
Guest_remixed_*
-
- Guests
http://www.threatexpert.com/report.aspx?ui...63-b84928ce5377
>https://support.estdomains.com<
Let's see if they pull it...
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS1.SMART-ANTIVIRUS2009.COM
Name Server: NS2.SMART-ANTIVIRUS2009.COM
Status: clientTransferProhibited
Updated Date: 30-aug-2008
Creation Date: 22-aug-2008
Expiration Date: 22-aug-2009
<ip address/hostname>
91.203.92.25
smart-antivirus2009.com
Host reachable, 75 ms. average
<net block>
91.203.92.0 - 91.203.95.255
<owner>
ISP UATelecom
EU
* For spam/abuse/security issues please contact *
* abuse@uatelecom.com.ua *
<administrative contact>
Mark Liberman
Kiev, Ukraine
phone: +380963801326
<technical contact>
UATelecom NOC manager
Voznesensk, Ukraine
<additional data>
BASTION-NET
Source: whois.ripe.net
>https://support.estdomains.com<
Let's see if they pull it...
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS1.SMART-ANTIVIRUS2009.COM
Name Server: NS2.SMART-ANTIVIRUS2009.COM
Status: clientTransferProhibited
Updated Date: 30-aug-2008
Creation Date: 22-aug-2008
Expiration Date: 22-aug-2009
<ip address/hostname>
91.203.92.25
smart-antivirus2009.com
Host reachable, 75 ms. average
<net block>
91.203.92.0 - 91.203.95.255
<owner>
ISP UATelecom
EU
* For spam/abuse/security issues please contact *
* abuse@uatelecom.com.ua *
<administrative contact>
Mark Liberman
Kiev, Ukraine
phone: +380963801326
<technical contact>
UATelecom NOC manager
Voznesensk, Ukraine
<additional data>
BASTION-NET
Source: whois.ripe.net
#6
Posted 05 September 2008 - 05:52 AM
-
- Experts
-
- 19 posts
New Member
The site is still live right now.
Here's all the domains on the same IP:
1. Antispyware2008b.com
2. Antivir--2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com
It looks like they area all registered with Estdomains.
The IP is currently blacklisted.
http://whois.domaint.../78.157.143.251
Here's all the domains on the same IP:
1. Antispyware2008b.com
2. Antivir--2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com
It looks like they area all registered with Estdomains.
The IP is currently blacklisted.
http://whois.domaint.../78.157.143.251
Suzi
Microsoft MVP Windows Security 2005 - 2009
Microsoft MVP Windows Security 2005 - 2009
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
