Author Topic: Rogue - Fake AV  (Read 49774 times)

0 Members and 1 Guest are viewing this topic.

June 16, 2009, 12:53:15 am
Reply #90

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
209.44.126.22 - Fake AV
Code: [Select]
netsecurityworks.com/download.php

209.44.126.36 - Fake AV
Code: [Select]
stabilitytools.com/download.php

209.44.126.102 - Redirects to Fake AV
Code: [Select]
gorichscan.com
goscanrich.com
goscansoon.com

209.44.126.102 - Fake AV
Code: [Select]
planscan4.info/download/install.php
fullscan4.info/download/install.php
scan4page.info/download/install.php
scanfix4.info/download/install.php

209.44.126.241 - Fave AV
Code: [Select]
scantrustsecurity.com/download.php
gisecurityshield.com/download.php

*****

195.95.151.174 - Fake AV downloader
Code: [Select]
gojaxty.cn/installer_1.exe
fexonhu.cn/installer_1.exe
gihugyx.cn/installer_1.exe
giwgeam.cn/installer_1.exe
VirusTotal - 6/23 (26.09%)

then

195.95.151.174 - Fake AV
Code: [Select]
megaantivirusplus.com/redirect.php
megaantivirusplus.com/se.exe
megaantivirusplus.com/setup.exe
megaantivirusplus.com/cb/real.php?id=1
megaantivirusplus.com/cb/installs.php?id=1
ThreatExpert

******

84.16.235.187 - Fake AV
Code: [Select]
gen6scan.info/download/install.php
scannote6.info/download/install.php

204.27.57.227 - Fake AV
Code: [Select]
scan4note.info/download/install.php
top4scan.info/download/install.php

*******

Fake codec
Code: [Select]
my-xxl-tube.com/xplay.php
tube-collection.com/xplay.php
tube-storages.com/xplay.php
tubes-portal.com/xplay.ph

then trojan

Code: [Select]
hot-exe-area.com/streamviewer.40000.exe
hot-exe-area.com/softwarefortubeview.40009.exe
exe-2009-ok.com/TubeViewer.ver.6.40000.exe
exe-2009-ok.com/softwarefortubeview.40009.exe
main-exe-home.com/TubeViewer.ver.6.40000.exe
main-exe-home.com/softwarefortubeview.40009.exe

June 28, 2009, 05:57:46 pm
Reply #91

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Rogue AV

38.105.19.27
Code: [Select]
scan6user.info/download/install.php
scanuser6.info/download/install.php
scan6way.info/download/install.php
scanway6.info/download/install.php
way6scan.info/download/install.php
wayscan6.info/download/install.php
luxscan6.info/download/install.php
scan6fix.info/download/install.php
scan6note.info/download/install.php
genscan6.info/download/install.php
atomscan6.info/download/install.php
user6scan.info/download/install.php
ina6co.com/cki.php?uid=keyin
ina6sk.com/reports/download-report.php?prod_id=9
ina6sk.com/download/file.exe
ina6sk.com/download/InternetAntivirusPro.exe
goscaniron.com
goscanslim.com
goslimscan.com

209.44.126.x
Code: [Select]
securitywidgets.com
thesecuritytools.com

***

redirects to rogue

Code: [Select]
bestinternetoverview.com/go.php?id=2022&key=4c69e59ac&p=1
birthdaypostcard.cn/go.php?id=2022&key=4c69e59ac&p=1
lastfmmusic.cn/go.php?id=2004&key=ff0057594&p=1
quakeworldlive.cn/go.php?id=2022&key=4c69e59ac&p=1
apoiweh.cn/x_private_backtraffnail.php/?uid=102
22may2009.com/xr/in.php?r=default&s=morning&ss=c55aab543facee40ba25&seref=&ref=http://michael-jackson-s-son-
goto-my.com/t.php?s=morning&ss=c55aab543facee40ba25
blanket.bitelere.us

redirects using d87*eu/2.js

Code: [Select]
a2porn.us
a3porn.us
a4porn.us
a5porn.us
a6porn.us
a7porn.us
celebyama.com
moocelebs.com
ralfscelebs.com
yoocelebs.com
daniel-ratcliffe-nude.a2r.us
naked-girl-pool.a2g.us
i-wuhrer-sex-scene.a2h.us
vintage-porn-movies.a2v.us
teen-swimsuit-lingerie-models.a2x.us
nude-amateur-clips.a2y.us
sex-free-gallery.a2r.us
lf-hunter-videos.a5b.us
milf-hunter-videos.a5b.us
no-creditcard-porn.a2r.us
michael-jackson-and-brooke-shields.a2h.us
janet-jackson-all-for-you.a2g.us
andrea-jackson-nude.a2p.us
janet-jackson-tonights-the-night.a2h.us
fkk-mature-foto.a2v.us
janet-jackson-discipline.a2c.us
www-nude-young.a2q.us

June 28, 2009, 08:07:56 pm
Reply #92

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Rogue AV:

Code: [Select]
hxxp://best-protect.info/install.php
hxxp://download.best-protect.info/dl/PreInstaller.exe

VirusTotal - 6/41 (14.63%)
Wepawet
Anubis

Quote
From ANUBIS:1032 to 70.38.11.165:80 - [70.38.11.165] 
Request: GET /admin/cgi-bin/get_domain.php?type=download 
Response: 200 "OK" 
Request: GET /admin/cgi-bin/get_domain.php?type=download 
Response: 200 "OK" 
Request: GET /admin/cgi-bin/get_domain.php?type=download 
Response: 200 "OK" 
Quote
From ANUBIS:1033 to 174.142.113.205:80 - [download.best-protect.info] 
Request: GET /collection.php?step=InstallBegin&id=none 
Response: 404 "<empty>" 
Request: GET /dl/Installer.exe 
Response: 200 "OK" 
Request: GET /dl/ABEST.CAB 
Response: 200 "OK" 
Request: GET /dl/QWProtect.dll 
Response: 200 "OK" 
Request: GET /dl/BS.exe 
Response: 200 "OK"

Code: [Select]
hxxp://7security.info/?uid=102&pid=3
hxxp://7security.info/?cmd=executeRedirect&p=rVaunZxWcmqRX5CIoZmRVmxrkE%2FDkpLYT52GqXKKhne7g49bm6RbblpsaWeTYZWUZmBbZWRxhlmEnKOIZ5mQhaCqVHCH2NmOoH%2Bno6%2BiWmWDj83KU2pPlpGN0pjQn6fUT4%2BG1qWYpqvYg52tpKmeYFqpqqWDZ4bOpaSdbo5nwFzDoJ%2FPpMjMkZSljmXdwNOrm6qaqJ2TmprEmNjYkpaTopOh0FvSmKCIqg%3D%3D
hxxp://7security.info/?p=WKmimHVlaGuHjsbIo21zdYWMpYOInKOjY4nT1m6uqIvTrNGoqaJflqGYdZvAgtLRn5%2Bkog%3D%3D

hxxp://protectionurl.info/?uid=102&pid=3
hxxp://protectionurl.info/?cmd=executeRedirect&p=rVaunZxWcmqRX5CIoZmRVmxrkE%2FDkpLYT52GqXKKhne7g49bm6RbblpsaWeTYZWUZmBbZWRxhlmEnKOIZ5mQhaCqVHCH2NmOoH%2Bno6%2BiWmWDj83KU2pPlpGN0pjQn6fUT4%2BG1qWYpqvYg52tpKmeYFqpqqWDZ4bOpaSdbo5nwFzDoJ%2FPpMjMkZSljmXdwNOrm6qaqJ2TmprEmNjYkpaTopOh0FvSmKCIqg%3D%3D
hxxp://protectionurl.info/?p=WKmimHVlaGuHjsbIo21zdYWMpYOInKOjY4nT1m6uqIvTrNGoqaJflqGYdZvAgtLRn5%2Bkog%3D%3D
hxxp://protectionurl.info/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo21zdYWMpYOInKOjZYnT1m6uqIzO1NeaWJaimHWWl4KmZQ==

hxxp://myofficeguard.info/?p=WKmimHVlaGuHjsbIo21zdYWMpYOInKOjZInT1m6uqI61h8WilnGbk4F5bw==

Anubis

Quote
From ANUBIS:1033 to 64.86.17.9:80 - [updvmfnow.cn] 
Request: POST /reports/minstalls.php 
Response: 200 "OK" 
Request: POST /reports/minstalls.php 
Response: 200 "OK" 
Quote
From ANUBIS:1035 to 206.53.61.73:80 - [update1.fastantivirus09.com] 
Request: HEAD /ReleaseXP.exe 
Response: 200 "OK" 
Request: GET /ReleaseXP.exe 
Response: 200 "OK" 

Payment page for rogue av:
Code: [Select]
hxxp://restricteddomainhelp.com/1/
==>
hxxp://msncoreupdate.com/buy.php?
==>
hxxp://secure.onlineantivirusmarket.com/buy.php?

Wepawet

Code: [Select]
hxxp://restricteddomainhelp.com/1/
==>
hxxp://msncoreupdate.com/buy.php
==>
hxxps://secure.privatesecuredpayments.com/billpav/?

July 23, 2009, 10:38:16 pm
Reply #93

Netelligent1

  • Newbie

  • Offline
  • *

  • 1
I think this following youtube is proof how unprofessional these folks are at Netelligent Hosting Services Inc .  If i was hosting a bunch of virii, I would want it stopped.

See a phone call about this to them and how they don't give a crap.

Check out the googgle map, they run the datacenter out of a home?!?! or is it a fake address?

http://www.youtube.com/watch?v=TuXxDYNrOe0


July 24, 2009, 12:41:12 am
Reply #94

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1689
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
The download for the site referenced on the YouTube page is;

namearra.info/download/install.php

Which downloads a file called install.exe, which is a fake AV and apparently, as a bonus, also gives you the TDSS rootkit:

http://www.virustotal.com/analisis/7a924c9b8ee6d669dcb319ea5b91b15b926ad0f7ac03e3099c15f5dbae765e2e-1248394178
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 29, 2009, 09:40:18 am
Reply #95

ocean

  • Special Access
  • Full Member

  • Offline
  • *

  • 49
    • ocean's Inseclab
Code: [Select]
http://nomalwares.com/wich redirects to setup of know
Code: [Select]
http://www.malwarebot.com/ through clickbank.net

http://www.virustotal.com/analisis/b7fb223df6da629ba93fd95897a496794be63216ce9f53107e1714d9c980bbc9-1248860632

July 30, 2009, 07:10:33 am
Reply #96

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Fake AV:
Code: [Select]
wertabulionsedaf.com/2/installer/Installer.exe?u=1025&s=e8f4f9a25ccda16144f11cd34e2528ff&t=2
retulahertomanof.com/2/installer/Installer.exe?u=1025&s=e8f4f9a25ccda16144f11cd34e2528ff&t=2
http://www.virustotal.com/analisis/93118ae2bb741aac13c9f4e74452ad33811a05c4b3adfaebf17bacc3f3bd0a92-1248937352
Code: [Select]
home-anti-virus2010.com
Homeantivirus2010.com
Homeav2010.com
Mal-Aware

August 17, 2009, 12:43:55 am
Reply #97

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
78.46.201.89 (redirectors to fake av aka personal antivirus)

Code: [Select]
b2b-forums.cn
bestvanillaresorts.cn
consensualart.cn
goldensunshine.cn
guidetogalaxy.cn
mywatermakrs.cn
personalrespect.cn
snowboard2009.cn
vipsoccermanager.cn

payload: /go.php?id=2013-01&key=a98402e2d&p=1

195.95.151.174 and 91.213.29.250

payload :

/installer_1.exe
/install.exe
/test.exe

or whatever you want with .exe

Code: [Select]
aguraot.cn
ajokauz.cn
ajuadeb.cn
ajufeiv.cn
ajyawif.cn
akeraoq.cn
akipahu.cn
akoede.cn
akoetly.cn
ameapi.cn
ameojyl.cn
amoujag.cn
anamuco.cn
aniuha.cn
aniulu.cn
anoemyx.cn
apefovy.cn
ateudny.cn
ateugic.cn
ateygi.cn
ateylqo.cn
atiawy.cn
atiguko.cn
ativoma.cn
atoacu.cn
atoceuk.cn
atofaf.cn
atuican.cn
atuyfe.cn
atuypha.cn
atyorzi.cn
atyrefi.cn
avayhik.cn
avemyk.cn
aveyco.cn
aveylpa.cn
avinyk.cn
aviopuh.cn
avoapyt.cn
avoeksi.cn
avoilem.cn
avomec.cn
avotyab.cn
avyatoh.cn
avyciso.cn
avyewi.cn
avygip.cn
avyodu.cn
avyofzu.cn
avyxaze.cn
awakuvi.cn
awaokfy.cn
awapero.cn
awaviyh.cn
awetudo.cn
awixys.cn
awoenpa.cn
awohebu.cn
awointa.cn
awozyt.cn
awukoga.cn
awumeha.cn
awuofo.cn
awupayk.cn
awyiqy.cn
awykep.cn
axaloeq.cn
axaobe.cn
axaonyc.cn
axecaif.cn
axeonar.cn
axeubi.cn
axeziry.cn
axezuko.cn
axiufow.cn
axiyqje.cn
axobaeg.cn
axoejaw.cn
axominy.cn
axucame.cn
axuewpo.cn
axuiwi.cn
axuovaf.cn
axygaek.cn
axykoqi.cn
axyqoz.cn
azacior.cn
azaedo.cn
azaujyr.cn
azeifko.cn
azejyri.cn
aziduon.cn
aziwote.cn
aziybga.cn
azoeldy.cn
azoexyh.cn
azokicu.cn
azovuqe.cn
azulydo.cn
azuones.cn
azuwem.cn
azysof.cn
babomvy.cn
bagsuni.cn
bagucqy.cn
bajnouq.cn
bajtoun.cn
bakyfxi.cn
banpyz.cn
bansexy.cn
bapebtu.cn
baqcemy.cn
baswoju.cn
bavwyto.cn
bazyrpe.cn
bebqac.cn
bedacqo.cn
bedgyg.cn
bedkosi.cn
bedtuif.cn
befpygi.cn
beguqiw.cn
behiswa.cn
beqgivo.cn
bestyru.cn
betimi.cn
betsuq.cn
bevafzi.cn
bewugox.cn
bexazyj.cn
bicqoej.cn
bikodny.cn
biqusu.cn
birzuof.cn
bisqop.cn
bisquva.cn
bizagy.cn
bizeda.cn
bobqaul.cn
bobujgi.cn
bocisak.cn
bocvur.cn
boknegi.cn
bokpaej.cn
bomkyvi.cn
borive.cn
boszacy.cn
boxmic.cn
bozipe.cn
boziqdu.cn
bozkus.cn
bozradi.cn
bubita.cn
dadquox.cn
dahure.cn
dajugif.cn
dakyqop.cn
ezeunac.cn
ezoagu.cn
ezuxevo.cn
fidteur.cn
fifteko.cn
fifxuer.cn
fimcuoj.cn
finwuyc.cn
fisruba.cn
fixguat.cn
fobrim.cn
focunqa.cn
fogpak.cn
fomazej.cn
fombual.cn
foszecy.cn
fotkum.cn
gopawu.cn
gopiby.cn
goqfap.cn
gortuwe.cn
gotceyr.cn
gotuqjy.cn
govaqip.cn
gowyti.cn
goxweyc.cn
gubcyil.cn
gubywef.cn
gugema.cn
gugkyaf.cn
gujdywa.cn
gurqyak.cn
gutciko.cn
guxryac.cn
gybukop.cn
gybwuv.cn
hagnuor.cn
haronpi.cn
idyise.cn
idyzok.cn
zypudo.cn
zyrnuhe.cn

August 17, 2009, 01:16:32 am
Reply #98

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
rogue fraudtool:
Code: [Select]
unvirex.com/UnVirexInstall.exe
199.238.181.158/setup.exe
199.238.181.161/setup.exe
intelinet-global.com/setup.exe
intelinet-global.net/setup.exe
intelinet-secure1.com/setup.exe
intelinet-secured.com/setup.exe
intelinet-dll-repair.com/setup.exe

systemsecurity:
Code: [Select]
serversafety.com/download.php
cybernetsafety.com/download.php
cheapsecurityscan.com/download.php
cheapsecurityscan.com/install/ws.exe
bestscannerever.com/download.php
bestscannerever.com/install/ws.exe
gersoft.info/download.php
gersoft.info/install/ws.exe

other rogue:
Code: [Select]
antiviruspro-live.com/Setup.exe

AdvancedVirusRemover:
Code: [Select]
bestscanpc.org/cgi-bin/load.pl

internetantiviruspro:
Code: [Select]
inb4it.com/download/file.exe
inb4it.com/download/InternetAntivirusPro.exe

smartprotectorpro:
Code: [Select]
195.95.151.184/smrtprt/setup.php?track_id=10001

fakespypro:
Code: [Select]
210.51.187.45/lib/update.exe

trojan fakerean:

payload:

/1/installer/Installer.exe
/2/installer/Installer.exe
/3/installer/Installer.exe
Code: [Select]
1024service.com
absolute-sports.com
amerikosamoder.com
berdanovskalonas.com
berhutervalonio.com
bugermanosatora.com
buteratorader.com
byhelp.com
car-motor.net
dealivery.com
educationdegreeonline.net
ertonagionalos.com
filewongatorda.com
golinovatorew.com
guletrmonahertuli.com
guletrubanionader.com
kiluretynefads.com
lilusanotraserta.com
millenyi.com
molinasdeals.com
mulikostarokaser.com
numbergatoriosso.com
odogdisconts.com
pcprogredukt.com
pcredirbugelda.com
pcredirlimasolat.com
pcredirokat.com
pcredirtumbasot.com
pcsecnitrosat.com
polakestrovanios.com
polserdagoniosa.com
queerdiscdeals.com
qwedasertafoas.com
reddogdiscounts.com
redipolkanosata.com
redirosanokas.com
redopalikosafer.com
redugaferdatona.com
redusecovulia.com
reeni.net
refadertogamo.com
sammyboydeals.com
sloon.net
starmak.net
uilerdobavonader.com
uiterbunagoretas.com
urgettindeals.com
vulertunerilos.com
vulesdaboknoerba.com
vuleskanorionas.com
wertubertagosad.com
wertugalionasewa.com
wertugalionetsa.com
wervaferganiota.com

fake windows security suite:
Code: [Select]
vmeltonline.com/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
webssearch.net/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
search-out.net/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
mykeepplace.net/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
linewebsearch.com/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
go-in-search.net/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
searchurlguide.com/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
secure-pro.cn/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
softsales-discount.com/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
safemanagment.com/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
searchinfoonline.net/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==
safe-pay-vault.com/build8_102.php?cmd=getFile&counter=1&p=WKmimHVlaGuHjsbIo22EfYCLt1POo22eU9LXoKitiJ/Y1cRflJ2dcZqTgX6ZU9janW1jZWJsmGGXZGSeXonZ0Zqop5uikomtpXFqZmxsa3CaXpmbV5OQcQ==


August 21, 2009, 11:50:14 pm
Reply #100

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV Scan Page.

Code: [Select]
hqpcscanner.com/online/9a8e5e72bfe78caae6a2b07ff47b6602/f67b46eed9e6f7d9e584824b2edeed9c/3656b9eddb95cfb9d7f013ed46b015a2
Payload.

Code: [Select]
veikalerd.com/download/f67b46eed9e6f7d9e584824b2edeed9c/3656b9eddb95cfb9d7f013ed46b015a2/14

August 22, 2009, 06:21:14 am
Reply #101

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Fake AV Scan Page.

Code: [Select]
hqpcscanner.com/online/9a8e5e72bfe78caae6a2b07ff47b6602/f67b46eed9e6f7d9e584824b2edeed9c/3656b9eddb95cfb9d7f013ed46b015a2
Payload.

Code: [Select]
veikalerd.com/download/f67b46eed9e6f7d9e584824b2edeed9c/3656b9eddb95cfb9d7f013ed46b015a2/14

downloads Rogue Savesoldier
http://www.threatexpert.com/report.aspx?md5=455c8798ec8441ed406d57c79b16f9f7

Code: [Select]
www.savesoldier.com/downloader.php?p=NvquysXZPvzWwOJYEkMBu7bYMTU%2F5q6WKFFJRk0LPDM%3Dhttp://www.virustotal.com/analisis/76f8e18f0e8df2c8e91bc2f8595dc1ac06f4221a2912443bd68222d05f7929bb-1250922382 3/41
Ruining the bad guy's day

August 30, 2009, 04:49:45 pm
Reply #102

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Code: [Select]
http://newwayscanner.info/24/24-021wL1AzLwEzL==
Fake AV Scan Page.

Code: [Select]
ntrytodownload.info/install.exeDownloads Rogue.


September 02, 2009, 09:06:47 am
Reply #103

XiTri

  • Jr. Member

  • Offline
  • **

  • 24
Code: [Select]
hxxp://av-scan-64.com/
hxxp://boomexe.com/av-scanner.0.exe

September 03, 2009, 04:53:09 pm
Reply #104

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3323
Code: [Select]
angelinajmovies.cnredirects to
Code: [Select]
sexy-pornoz.ru/free-porn.phpredirects to fake antivirus
Code: [Select]
vrenutredo.com/download/a37bddc7e715b39b2dd0578c63441da5/3656b9eddb95cfb9d7f013ed46b015a2 http://www.virustotal.com/analisis/2aa00fc173d127686d152f8bd081d9f82015f245a687a23a17ac77661cbf57a3-1251996391 6/41
Ruining the bad guy's day