CaCaWeb.com découvrez les arnaques du Web

city-of-plymouth.info 109.123.78.180 virus postcard.jpg.exe spam 88.100.219.50

virus / trojan dans postcard.jpg.exe

spam envoyé par 88.100.219.50
NEXTEL-XDSL XDSL NETWORK-ADSL
Jiri Hvezda Telefonica O2 Czech Republic, a.s. Za Brumlovkou 2 Prague 4 - 140 22
The Czech Republic +420 2 84084222
city-of-plymouth.info
John Simmon
csc
1849 South Bentley Ave.
Los Angeles
California
90025
+1.3108447267
khokhar33@hotmail.com
UK2 - Ltd
Ditlev Bredahl
One Canada Square
Canary Wharf
E14 5DY London
UNITED KINGDOM
ripe@uk2.net
type de spam:

—–Message d’origine—–
De : 123Greetings [mailto:valentines@123Greetings.net]
Envoyé : jeudi 11 février 2010 10:32
Objet : You’ve received a postcard from a family member !

Good day.

Your family member has sent you an ecard from 123Greetings.com <http://city-of-plymouth.info/postcard.jpg.exe> .
Send free ecards from 123Greetings.com <http://city-of-plymouth.info/postcard.jpg.exe>  with your choice of colors, words and music.
Your ecard will be available with us for the next 5 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard please click here <http://city-of-plymouth.info/postcard.jpg.exe> .

Your ecard number is
a885b5e6291c3de8293ec6968e3ca03

Best wishes,
123Greetings

Virus

www.games-attack.com attention virus Downloader-BPJ.gen.b

Si vous avez téléchargé le fichier Games-Attack_setup.exe sur download.gales-attack.com

votre ordinateur sera infecté par le virus Downloader-BPJ.gen.b

www.games-attack.com Plus de 100 jeux flash gratuits attention adware

source McAfee

Adware Spyware Trojan, Virus adware, favorit, games-attack.com, Virus

www.newliveplayer.com Live Player VIRUS Downloader-BPJ.gen.b Live-Player_setup.exe adserving.cpxinteractive.com

Diffusé par la régie pub: adserving.cpxinteractive.com

Name:        www.newliveplayer.com
IP:        91.209.163.201,         91.209.163.202,         91.209.163.203
Domain:    newliveplayer.com

owner-c:
nic-hdl: RV749-GANDI
owner-name: FAVORIT NETWORK S.L.
organisation: FAVORIT NETWORK S.L.
person: Ramon Viladomiu
address: Rambla Catalunya Número 12 2º 2ª
zipcode: 08007
city: BARCELONA
country: Spain
phone: +34.610552977
fax: ”
email:  mailto:2ffba9ee4ff19e8587163b873c03ff22-913471@contact.gandi.net

Adware Spyware Trojan, Virus adserving.cpxinteractive.com, adware, Downloader-BPJ.gen.b, Live Player, newliveplayer.com, Virus

Virus Western Union. You can get money transfer! Order NR.1827

Spam envoyé par fw-tk.scheier.at fw-tk.scheier.at 80.120.120.190

virus dans WU_Details_1c7a2.zip

De : Manager Elwood Seymour [mailto:receiver@westernunion.com]
Envoyé : lundi 9 novembre 2009 11:42
À : billing@crixx.de
Objet : Western Union. You can get money transfer! Order NR.1827

—– english text —–
This mail contained a virus or a file violating the mail policy.
The file has been repaired or deleted.

Hint: most infected mails are not originating from the given sender address.
Notifying the sender does not make sense in these cases.

—– deutscher Text —–
Diese Mail enthielt einen Virus oder eine Datei, die gegen die Mail-Richtlinien verstößt.
Die Datei wurde repariert oder entfernt.

Hinweis: die meisten Virenmails stammen nicht vom angegebenen Absender.
Diesen zu kontaktieren, macht in der Regel keinen Sinn.

—– Attachment(s) —–
Repaired/repariert:
No attachments are in this category.

Deleted/entfernt:
1. WU_Details_1c7a2.zip/WU_Details_1c7a2.exe: Trojan.Bredolab!gen5

Blocked/blockiert:
No attachments are in this category.

———— Original message ————
Dear customer.

The amount of money transfer: 9822 USD.
Money is available to withdrawl.

You may find the Money Transfer Control Number (MTCN) and receiver’s details in document attached to this email.

Western Union.
Financial Services.

Virus Virus, western union

Virus Generic Dropper.js DHL Services. You should get the parcel NR.14056 DHL_print_label_a0456.zip

Spam de 195.91.54.121 T-Mobile Slovensko, a.s.

Virus en pièce jointe DHL_print_label_a0456.zip type Generic Dropper.js

—–Message d’origine—–
De : Manager Ruben Robison [mailto:delivery@dhl-usa.com]
Envoyé : mardi 27 octobre 2009 22:07
À : computersmtpdanielschmidt@dsb-computer.de
Objet : DHL Services. You should get the parcel NR.14056

Hello!
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.
You may pickup the parcel at our post office personaly!
Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.
Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you,
DHL Services.

Virus dhl, Virus

Your order has been paid! Parcel NR.755 DHL_print_label_f532c.zip

Spam de Chinois 58.211.222.214 CHINANET jiangsu province network

fichier décompressé DHL_print_label_f532c.exe
qui est une fausse icone Microsoft Excel
et doit être un trojan ou similaire
Type de spam :

—–Message d’origine—–
De : Manager Dawn Madison [mailto:servise@compusa.com]
Envoyé : lundi 19 octobre 2009 02:24
À : commercial@aflonline.co.uk
Objet : Your order has been paid! Parcel NR.7558
Hello!
Thank you for shopping at our internet shop!
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered ” Nokia N81 ”
You can find your tracking number in attached to the e-mail  document.
Please print the DHL label to get your package.
We hope you enjoy your order!

Virus chine, dhl, Virus

newliveplayer.com download.newliveplayer.com virus Downloader-BPJ

newliveplayer.com contient le virus Downloader-BPJ

Fichier : live-player.exe

Ce site Web a été signalé car il contient les menaces suivantes :
Menace de logiciel malveillant : ce site contient des liens vers des virus ou d’autres programmes logiciels
pouvant révéler des informations personnelles stockées ou tapées sur votre ordinateur à des personnes malveillantes.

Adware Spyware Trojan, Virus adware, favorit, Virus

You have recieved A Hallmark E-Card. postcard.exe virus W32/Sality.gen

fausse adresse :
www.HallMark.com [E-card@HallMark.com]

Exemple de message:
Hello!
You have recieved a Hallmark E-Card.
To see it, Just click here ,
There’s something special about that E-Card feeling. We invite you to make a friend’s day and send one.
Hope to see you soon,
Your friends at Hallmark
Your privacy is our priority. Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.  
 
http://200.110.93.146/e-greeting/postcard.exe

ATTENTION contient le virus virus W32/Sality.gen

owner:       Telconet S.A
ownerid:     EC-TESA-LACNIC
responsible: TELCONET S. A.
address:     Kennedy Norte MZ, 109,
address:     59342 - Guayaquil -
country:     EC

Emails envoyés par :

62.210.185.123 ELASSAR MULTIMEDIA

62.173.0.67 Telemail Limited

70.103.70.115 Integra Telecom, Inc.

200.169.14.110 Century Telecom Ltda

Virus postcard, Virus

HTML/FakeAV InstallAVg_880860.exe bestantimalwaredefence.com

Registrant:
Name: Geeta A Bhatia 15 Community Centre Panchsheel Park
New Delhi Country: IN 110017 customer.service@insiasmartsecurity.com

Name:  bestantimalwaredefence.com
IP:  83.133.123.174,   83.133.127.93,   78.47.91.153

hébergé chez Greatnet New Media
83.133.123.174 & 83.133.127.93

et 78.47.91.153
Siarhei Shandrokha Senpai IT Solutions Unit 10, College Court
Lower Kevin Street Dublin 8 IRELAND +35314791837 info@senpai-it.com

Virus malware, Virus

stabilityinternetscan.com virus FakeAlert-WinwebSecurity install.exe

spam de 222.184.56.3 CHINANET jiangsu province network pour shouldsaua.info

stabilityinternetscan.com 91.211.64.31

Registrant:
Marsha Bresnahan marshadbresnahan@gmail.com
Organization: Private person 4685 Raintree Boulevard Blaine MN 55434 US Phone: +1.7637845676

Hébergé en Ukraine chez
Ural Industrial Limited Company
620240 Ekaterinburg, Sofia Kovalevsaja st.
UralNet Ukraine, 69078 Kiev, Luteranskaya 28 st.

fausses alertes type Lsas.Blaster.Keyloger
votre PC sera vérolé par des fichiers du type :

C:\Documents and Settings\All Users\Application Data\592329298\1327884038.exe
C:\Documents and Settings\All Users\Application Data\97D247B.exe

91.211.65.21
91.211.64.0 - 91.211.67.255
Ural Industrial Limited Company
Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
UralNet IP Master Ukraine, 69078 Kiev, Luteranskaya 28 st.
+38 050 577 65 61 abuse@uralnet.biz

Registrant:
Courtney Duerst courtneyduerst@gmail.com Private person
3296 Pike Street San Diego 92126 US +1.8585789864

http://systemsecurityonline.com/support_reg.php
72.232.191.88

https://www.securesoftwarepays.com/?affid=12800
72.232.186.19
Registrant:
Ruby Drews rubycdrews@gmail.com Private person
120 Polk Street GilbertGilbert AZ 85233 US +1.5208401461

72.232.186.19
NetRange:   72.232.0.0 - 72.233.127.255
LAYERED-TECH Suo-Anttila, Jeremy Paul
+1-972-398-7998 abuse@layeredtech.com

87.248.221.156
Limelight Networks, INC. 2220 W 14th ST 85281 TEMPE AZ United States
+1 602 850 5095 ripe-admin@llnw.com

connexion aussi sur:
212.239.59.97
inetnum:      212.239.59.0 - 212.239.59.255
Elemedia S.p.A. Via Massena, 2 I-20145 Milano MI Italy
De nombreux spam semblent avoit été envoyé à partir du serveur mobile3.wsj.com appartenant à Dow Jones & Company, Inc

Virus ukraine, Virus

live-pc-antivirus-scan.com virus JS/FakeAlert-AB.dldr Antivirus 2009 pro
Arnaque type Antivirus 2009 Antivirus 2009 pro
live-pc-antivirus-scan.com vous fait croire que votre ordinateur est infecté et vous envoi
le fichier vérolé InstallAVg_880278.exe Virus type Generic Dropper.bw ou S/FakeAlert-AB.dldr

live-pc-antivirus-scan.com 78.46.216.237
hébergé chez Siarhei Shandrokha Senpai IT Solutions info@senpai-it.com
Hetzner Online AG

Virus antivirus2009, Virus

viewvideos.cn bigcooltube.cn virus TubeCodec3257.exe

Faux site porno souvent avec le logo porntube
qui ont comme but de vous faire télécharger un faux codec TubeCodec3257.exe
qui s’avère être un virus

Virus antivirus2009, Virus

pcantivirusscanneronline.com

Arnaque type Antivirus 2009
vous fait croire que votre ordinateur est infecté et vous envoi
le fichier vérolé InstallAVg_880278.exe Virus type Generic Dropper.bw

pcantivirusscanneronline.com 78.46.216.237
hébergé chez Siarhei Shandrokha Senpai IT Solutions info@senpai-it.com
Hetzner Online AG

Virus antivirus2009, Virus

Virus 98.tmp.exe 193.200.29.38

Ce genre de Virus ou adware/spyware 98.tmp.exe se connecte à l’adresse 193.200.29.38

inetnum:        193.200.29.0 - 193.200.29.255
netname:        ITNSCOM-NET
descr:          IT Network Systems
country:        NORWAY
org-name:       ITNS LLC
address:        Malerhaugveien 20
address:        Oslo N-0661
phone:          +4773591296
e-mail:         erik_shtein@safe-mail.net

Virus Virus

Spam et virus websecurityexamine.com install.exe

Name:  websecurityexamine.com
IP:  91.211.64.31

Registrar: REGTIME LTD.
Ural Industrial Limited Company
Russia, 620240 Ekaterinburg, Sofia Kovalevsaja st.
UralNet IP Master Ukraine, 69078 Kiev, Luteranskaya 28 st.
phone:          +38 050 577 65 61 abuse@uralnet.biz

Virus Virus

Antivirus 2010 virus Generic Downloader x

Les Ukrainiens sont déjà prêts pour 2009 avec leurs versions bidon d’antivirus 2010

Le fichier AV2010Installer.exe est vu par McAfee comme virus Generic Downloader x

av2010.net 217.20.175.74
KivviSoftware leonardo126@gmail.com)
+380.4365213  pr. Pobedi 1 Kiev, kiev 01001 Ukraine

Hébergé chez WNet ISP Pochayninska str. 25/49, off. 30 Kyiv, 04071 Ukraine
vitaesoftware.com
kivvisoftware.net 217.20.175.74
domaines créés en octobre 2008

Paiements gérés par www.plimus.com

Virus antivirus 2010, Virus

Virus InstallAVg_880829.exe advancedantivirusscan.com securedonlinewebspace.com

Virus type “Antivirus 2009″

InstallAVg_880829.exe
http://advancedantivirusscan.com/2009/1/fr/_freescan.php?nu=880829
http://securedonlinewebspace.com/soft.php?aid=0829&d=1&product=XPA&refer=dd6b5198b

advancedantivirusscan.com 78.46.216.237
securedonlinewebspace.com 78.46.216.237
Registrar: TODAYNIC.COM, INC. www.NOW.CN

Appartient à un Russe :
Andrey V Vernikov Address: yl. Sigorskaya 3 dom 18 kv. 42
Moskva RU 119324 +7.4952268456 promasteryouth@gmail.com

Hébergé chez : Siarhei Shandrokha Senpai IT Solutions Unit 10
College Court Lower Kevin Street Dublin 8
Hetzner Online AG

Virus antivirus2009, Virus

Virus W32/Waledac.gen par MSN superchristmaslights.com

http://superchristmaslights.com/
http://superchristmaslights.com/postcard.exe
Le fichier postcard.exe est un virus du type W32/Waledac.gen

Exemple de spam sur MSN:

John has sent Merry Christmas greeting.Here’s your greeting card: http://superchristmaslights.com/?code=459817a2450
For your convenience, the greeting card will be available for the next 30 days.

superchristmaslights.com 87.207.165.210

Domaine enregistré en Chine le 19-dec-2008 chez XINNET.COM
pour toutes plaintes concernant un domaine XINNET écrivez à admin1@xinnet.com, ipas@cnnic.cn, ictex@ceopen.cn, ipas@cnnic.net.cn
ecrivez “plusieurs” fois pour être sûr qu’ils comprennent

WANGJIAYAN YANGCHANGLU353HAO jianshi jiangxisheng china
343059 86-0796-69502624  WANGJIAYAN@SOHU.CN
hébergé en Pologne chez UPC Telewizja Kablowa Sp. z o.o.
abuse@chello.pl

Hébérgeurs de spammeurs, Virus chine, msn, spam, Virus, xinnet

S8EMnL6i.exe adware spyware virus

Je ne sais pas si le nom est généré de manière aléatoire mais c’est un virus type Generic.dx
qui diffuse de la pub type forbes.com, forbesautos.com, encherclic, internetgameboxx, ecosearch et classesinternational

Virus

Spam et virus Barack Obama and Osama bin Laden

ATTENTION VIRUS!

Spam de 87.118.108.77 , ns.km22659-02.keymachine.de

Commentaire :
A top-secret news.
Barack Obama and Osama bin Laden came to an agreement about the future of US.
It’s the new page in US history. There is no America now at whole!!!!!!!!!!!! Only terrorists and money, it’s all Obama intrested in. http://best-top.us/news  Watch the video !!!
Watch quickly. The video will be deleted by hoster because of politics. !!!

http://best-top.us/news
renvoi sur http://yourbestpov-tube.com/xxplay.php?id=20632

qui vous propose de télécharger le fichier TubePlayer.ver.6.exe
à partir de downloadallsoft-now.com
ce programme se connect ensuite sur 69.46.16.99 hivelocity.net
un programme a.exe est généré qui va sur 89.149.236.200 Gibibits-Limited Chine
ensuite S8MnL6i.exe sur 216.95.196.22 verizonbusiness.com

McAfee voit ceci comme le virus Generic Dropper.bw

best-top.us 72.232.116.49 appartient à :
vova sak Pervomayskaya street 30-1
Moskovskaya oblast 36545 Russian Federation
+7.9266041689 belpak@inbox.ru
hébergé chez Layered Technologies, Inc

yourbestpov-tube.com 64.27.18.55 appartient à :
Washington Robin robinwfwatkins@gmail.com
Private person 4695 Monroe Avenue Palmetto 34221 US +7.9417220595
hébergé chez  Hollywood Interactive Inc

On retrouve aussi bestpricesoft.com 85.17.138.29
hébergé chez LeaseWeb Hollande

Adware Spyware Trojan, Virus spam, Virus