Code : Tout sélectionner
1229881997.655 310 192.168.1.63 TCP_MISS/200 15906 GET http://netdigitalsecurity.com/ws/index.php?affid=01701 - DIRECT/94.75.210.40 text/htmlDomain Name: NETDIGITALSECURITY.COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: NS1.NETDIGITALSECURITY.COM
Name Server: NS2.NETDIGITALSECURITY.COM
Status: clientTransferProhibited
Updated Date: 16-dec-2008
Creation Date: 16-dec-2008
Expiration Date: 16-dec-2009
Registrant:
PrivacyProtect.org
Domain Admin (protected e-mail)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 16-Dec-2008
Expiration Date: 16-Dec-2009
Domain servers in listed order:
ns2.netdigitalsecurity.com
ns1.netdigitalsecurity.com
Code : Tout sélectionner
1229882005.734 641 192.168.1.63 TCP_MISS/200 62900 GET http://securesoftwareretrieve.com/downloadsetupws.php?affid=01701 - DIRECT/94.247.2.217 application/octet-stream
1229882038.297 2995 192.168.1.63 TCP_MISS/200 1279736 GET http://thesafedownload.com/install/ws.zip - DIRECT/209.67.220.178 application/zipDomain Name: SECURESOFTWARERETRIEVE.COM
Registrar: REGTIME LTD.
Whois Server: whois.regtime.net
Referral URL: http://www.webnames.ru
Name Server: NS1.SECURESOFTWARERETRIEVE.COM
Name Server: NS2.SECURESOFTWARERETRIEVE.COM
Status: ok
Updated Date: 19-dec-2008
Creation Date: 17-dec-2008
Expiration Date: 17-dec-2009
Domain name: securesoftwareretrieve.com
Name servers:
ns1.securesoftwareretrieve.com
ns2.securesoftwareretrieve.com
Registrar: Regtime Ltd.
Creation date: 2008-12-17
Expiration date: 2009-12-17
Registrant:
Robert Ward
Email: [email protected]
Organization: Private person
Address: 1595 Stoney Lane
City: Carrollton
State: TX
ZIP: 75006
Country: US
Phone: +1.9729044211
Administrative Contact:
Robert Ward
Email: [email protected]
Organization: Private person
Address: 1595 Stoney Lane
City: Carrollton
State: TX
ZIP: 75006
Country: US
Phone: +1.9729044211
Technical Contact:
Robert Ward
Email: [email protected]
Organization: Private person
Address: 1595 Stoney Lane
City: Carrollton
State: TX
ZIP: 75006
Country: US
Phone: +1.9729044211
Billing Contact:
Robert Ward
Email: [email protected]
Organization: Private person
Address: 1595 Stoney Lane
City: Carrollton
State: TX
ZIP: 75006
Country: US
Phone: +1.9729044211
Code : Tout sélectionner
1229968695.849 559 192.168.1.25 TCP_MISS/200 718 GET http://antiviruson.com/ - DIRECT/89.111.176.21 text/html
1229968696.447 320 192.168.1.25 TCP_MISS/302 310 GET http://internettraffictrade.com/in.php?land=20&affid=01400 - DIRECT/94.247.2.217 text/html
1229968698.079 1483 192.168.1.25 TCP_MISS/200 15906 GET http://netisecurity.com/ws/index.php?affid=01400 - DIRECT/94.75.210.40 text/htmlCode : Tout sélectionner
1230423253.783 479 192.168.1.120 TCP_MISS/200 63417 GET http://websafetyguide.com/downloadsetupws.php?affid=05800 - DIRECT/91.211.64.31 application/octet-streamDomain Name: WEBSAFETYGUIDE.COM
Registrar: REGTIME LTD.
Whois Server: whois.regtime.net
Referral URL: http://www.webnames.ru
Name Server: NS1.WEBSAFETYGUIDE.COM
Name Server: NS2.WEBSAFETYGUIDE.COM
Status: ok
Updated Date: 27-dec-2008
Creation Date: 27-dec-2008
Expiration Date: 27-dec-2009
Name servers:
ns1.websafetyguide.com
ns2.websafetyguide.com
Registrar: Regtime Ltd.
Creation date: 2008-12-27
Expiration date: 2009-12-27
Registrant:
Jeane Hoppe
Email: [email protected]
Organization: Private person
Address: 2267 Lawman Avenue
City: Fairfax
State: VA
ZIP: 22030
Country: US
Phone: +1.7032736758
Code : Tout sélectionner
1231185599.762 304 192.168.1.25 TCP_MISS/302 316 GET http://clicksredirect.com/in.php?land=20&affid=04800 - DIRECT/91.211.64.31 text/htmlCode : Tout sélectionner
1231185754.524 978 192.168.1.25 TCP_MISS/200 15891 GET http://watchnetprotection.com/scan/index.php?affid=04800 - DIRECT/91.211.64.31 text/htmlA Trojan Downloader that masquerades as a legitimate system file.
A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.
Win32.Outsbot.u
Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan.Win32.Agent.ado
This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
Win32.BlackMail.xx
This is a "Bagle" mass-mailer which demonstrates typical "Bagle" behavior.Worm.Bagle.CP
Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
Trojan.IRCBot.dA worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.
Win32.Spamta.KG.wormA multi-component mass-mailing worm that downloads and executes files from the Internet.
Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the users knowledge.
Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.
Trojan-Dropper.Win32.Agent.bot is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Win32.Delbot.AI A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
SecurePCCleaner - C:/Program Files/SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
TrustedAntivirus - C:/Program Files/TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Trojan.Alg.t C:/windows/system32/alg.exe Trojan program that can compromise your private information stored on the hard drive.
Trojan horse that gets access to e-mail accounts on the infected computer.
Trojan.MailGrabber.s C:/windows/system32/explorer.exe
Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Dialer.Xpehbam.biz_dialer C:/windows/system32/cmdial32.dll
Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Win32.Rbot.fm C:/windows/system32/svchost.exe
Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.