hgu.bat virus trojan type Packed.Win32.Krap.b

MegauploadGmbH MegauploadGmbH@live.de spam et virus Virus.Win32.Neshta.a client astraweb.com

tout les fichiers postés par MegauploadGmbH@live.de (MegauploadGmbH) sont des virus Virus.Win32.Neshta.a

Trojan Trojan-Spy.Win32.Zbot.cfef 201.116.71.243 mail.magnograf.com.mx

Trojan envoyé par : sistemas2.magnograf.com.mx mail.magnograf.com.mx 201.116.71.243

Checking IP: 201.116.71.243
Name:        mail.magnograf.com.mx
IP:        201.116.71.243
Domain:    magnograf.com.mx

Registrant:
Name:           Litografia Magno Graf S.A. de C.V.
Name:           Omar Carrillo Correa

inetnum:     201.116.71/24
owner:       Gestión de direccionamiento UniNet
responsible: Gestión de cambios y configuraciones
address:     Periferico Sur, 3190,
address:     01900 – México DF – DF
country:     MX

Vba32KeyMng.exe Editeur Piranha Bytes Documento.Doc____.exe

Documento.Doc____.exe fichier douteux sur des sites piratés
Received: from sistemas2.magnograf.com.mx (mail.magnograf.com.mx [201.116.71.243])

Exemple de sites piratés :

http://thanombutra.ac.th
http://infantilsmoher.com

Virus trojan sur rapidshare.com present.exe

exemple de Virus trojan sur rapidshare.com https://rapidshare.com/files/454406929/present.exe

95.211.73.164 95.211.72.211 malware leaseweb.com

Name:        hosted-by.leaseweb.com
IP:        95.211.73.164
Domain:    leaseweb.com

Name:        hosted-by.leaseweb.com
IP:        95.211.72.211
Domain:    leaseweb.com

defender-uvpsx.vv.cc 78.41.203.10 malware World Dedicated Ltd abuse.bz

Name:        defender-uvpsx.vv.cc
IP:        78.41.203.10
Domain:    vv.cc

Registrar: ENOM, INC.
person:          Alex Averin
address:         Russian Federation, Moscow, Lenina st. 10
phone:           +79194740626
abuse-mailbox:   e57303@abuse.bz

defender-fqqdx.vv.cc 78.41.203.10 freesystemscan.exe malware

freesystemscan.exe

Registrar: ENOM, INC.
person:          Alex Averin
address:         Russian Federation, Moscow, Lenina st. 10
phone:           +79194740626
abuse-mailbox:    mailto:e57303@abuse.bz
route:           78.41.200.0/21
descr:           Snel Internet IP space routed by We Dare

software-vend.co.cc 46.252.128.19 malware

Name:        software-vend.co.cc
IP:        46.252.128.19
Domain:    co.cc

Registrar: YESNIC CO. LTD.
inetnum:        46.252.128.0 – 46.252.129.255
person:         Andrejs Kaminskis
address:        Latgales 32/34, Rezekne, Latvia
phone:          +37127580487

fevertube.com 209.222.6.62 malware Ukrainien chez Choopa LLC
Name:        fevertube.com
IP:        209.222.6.62
Administrative Contact:
N/A
hectorix        ( mailto:hectorix@mail.ru)
odessa str 22
odessa
Odessa Oblast,55555
UA
Tel. +380.982567788
NetRange:       209.222.0.0 – 209.222.31.255
OrgName:        Choopa, LLC
OrgId:          CHOOP-1
Address:        2400 Main Street Extension
Address:        Suite 12
City:           Sayreville
StateProv:      NJ
PostalCode:     08872
Country:        US
RegDate:        2006-10-03
Updated:        2007-12-13
Comment:        http://www.choopa.net/

XP Total Security Win 7 Home Security 2011 jumonevetode.com VIRUS 204.45.118.69 FDCservers.net ONLINENIC INC

Fichiers vérolés:
Steam.exe
lol2.exe
Valve Corporation version 1.0.0.0
pod.exe
spm.exe
Xmegywso Software version 7.8
ohi.exe
Valve Corporation version 1.0.0.0
XP Total Security
http://jumonevetode.com/buy.html

1 Year License – $59.95
Full 1 Year License. This is One Time fee and Your Credit card will not billed again.

2 Year License – $69.95
Full 2 Years License. This is One Time fee and Your Credit card will not billed again.

LifeTime License – $79.95
Full Lifetime License. This is One Time fee and Your Credit card will not billed again.

Name:        jumonevetode.com
IP:        204.45.118.69
Registrar: ONLINENIC, INC.

Registrant:
Viktor Brikatnin  silks@ca4.ru +7.8124384111
Viktor Brikatnin
ul.Shotmana d.7-1 lit.3 pom.13N
Sankt-Peterburg,Sankt-Peterburg,RU 193076

NetRange:       204.45.0.0 – 204.45.255.255
CIDR:           204.45.0.0/16
OrgName:        FDCservers.net
OrgId:          FDCSE
Address:        141 w jackson blvd.
Address:        suite #1135
City:           Chicago
StateProv:      IL

Cette merde est assez chiante, elle en colle partout:

C:\Documents and Settings\Administrateur\Local Settings\Application Data\ohi.exe
« C:\Documents and Settings\Administrateur\Local Settings\Application Data\ohi.exe » -a « %1 » %*

HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500\Software\Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500\Software\Classes\exefile\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500_Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500_Classes\exefile\shell\open\command

United Parcel Service notification #423056 info72zx@ups.com viruse envoyé par 41.0.53.22 et 121.78.211.177

Virus type: XP Total Security Win 7 Home Security 2011  jumonevetode.com VIRUS 204.45.118.69 FDCservers.net ONLINENIC INC

Spam envoyé par 41.0.53.22 et 121.78.211.177

De : United Parcel Service [mailto:info72zx@ups.com]
Envoyé : dimanche 27 mars 2011 08:10
Objet : United Parcel Service notification #423056
Dear customer.
The parcel was sent your home address.
And it will arrive within 3 business day.
More information and the tracking number are attached in document below.
Thank you.
© 1994-2011 United Parcel Service of America, Inc.

fineguard-serv.in virus-searcher53.in sites dangereux type packupdate107_284.exe Trojan-PSW.Win32.LdPinch.apwp

Cheval de Troie et faux anti-virus

vc.videoconverterpack.com virus UDS:DangerousObject.Multi.Generic

Kaspersky Internet Security UDS:DangerousObject.Multi.Generic VideoConverterSetup.exe

Name: vc.videoconverterpack.com
IP: 184.72.236.67
Registrant:
PrivacyProtect.org
Domain Admin contact@privacyprotect.org

OrgName: Amazon.com, Inc.
OrgId: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA

My_Resume_ID478.zip Virus trojan Please look my CV. Thank you

Tentative ratée d’envoi de virus le fichier est vide
Spam reçu par 82.95.212.98 XS4ALL Internet BV

—–Message d’origine—–
De : Lourdes Driscoll [mailto:bargepd@softnavigator.ru]
Envoyé : samedi 21 août 2010 21:56
Objet : Please look my CV. Thank you

Hello!

I have figured out that you have an available job.
I am quiet intrested in it. So I send you my resume,

Looking forward to your reply.
Thank you.

Des internautes vendaient de fausses licences pour des antivirus Windows. La police fait fermer 19 sites web.

See the original post here:
Redevance Windows, escroquerie bien rôdée venue d´Inde

city-of-plymouth.info 109.123.78.180 virus postcard.jpg.exe spam 88.100.219.50

virus / trojan dans postcard.jpg.exe

spam envoyé par 88.100.219.50
NEXTEL-XDSL XDSL NETWORK-ADSL
Jiri Hvezda Telefonica O2 Czech Republic, a.s. Za Brumlovkou 2 Prague 4 – 140 22
The Czech Republic +420 2 84084222
city-of-plymouth.info
John Simmon
csc
1849 South Bentley Ave.
Los Angeles
California
90025
+1.3108447267
khokhar33@hotmail.com
UK2 – Ltd
Ditlev Bredahl
One Canada Square
Canary Wharf
E14 5DY London
UNITED KINGDOM
ripe@uk2.net
type de spam:

—–Message d’origine—–
De : 123Greetings [mailto:valentines@123Greetings.net]
Envoyé : jeudi 11 février 2010 10:32
Objet : You’ve received a postcard from a family member !

Good day.

Your family member has sent you an ecard from 123Greetings.com <http://city-of-plymouth.info/postcard.jpg.exe> .
Send free ecards from 123Greetings.com <http://city-of-plymouth.info/postcard.jpg.exe>  with your choice of colors, words and music.
Your ecard will be available with us for the next 5 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard please click here <http://city-of-plymouth.info/postcard.jpg.exe> .

Your ecard number is
a885b5e6291c3de8293ec6968e3ca03

Best wishes,
123Greetings

www.games-attack.com attention virus Downloader-BPJ.gen.b

Si vous avez téléchargé le fichier Games-Attack_setup.exe sur download.gales-attack.com

votre ordinateur sera infecté par le virus Downloader-BPJ.gen.b

www.games-attack.com Plus de 100 jeux flash gratuits attention adware

source McAfee

www.newliveplayer.com Live Player VIRUS Downloader-BPJ.gen.b Live-Player_setup.exe adserving.cpxinteractive.com

Diffusé par la régie pub: adserving.cpxinteractive.com

Name:        www.newliveplayer.com
IP:        91.209.163.201,         91.209.163.202,         91.209.163.203
Domain:    newliveplayer.com

owner-c:
nic-hdl: RV749-GANDI
owner-name: FAVORIT NETWORK S.L.
organisation: FAVORIT NETWORK S.L.
person: Ramon Viladomiu
address: Rambla Catalunya Número 12 2º 2ª
zipcode: 08007
city: BARCELONA
country: Spain
phone: +34.610552977
fax:  »
email:  mailto:2ffba9ee4ff19e8587163b873c03ff22-913471@contact.gandi.net

Virus Western Union. You can get money transfer! Order NR.1827

Spam envoyé par fw-tk.scheier.at fw-tk.scheier.at 80.120.120.190

virus dans WU_Details_1c7a2.zip

 

De : Manager Elwood Seymour [mailto:receiver@westernunion.com]
Envoyé : lundi 9 novembre 2009 11:42
À : billing@crixx.de
Objet : Western Union. You can get money transfer! Order NR.1827

—– english text —–
This mail contained a virus or a file violating the mail policy.
The file has been repaired or deleted.

Hint: most infected mails are not originating from the given sender address.
Notifying the sender does not make sense in these cases.

—– deutscher Text —–
Diese Mail enthielt einen Virus oder eine Datei, die gegen die Mail-Richtlinien verstößt.
Die Datei wurde repariert oder entfernt.

Hinweis: die meisten Virenmails stammen nicht vom angegebenen Absender.
Diesen zu kontaktieren, macht in der Regel keinen Sinn.

—– Attachment(s) —–
Repaired/repariert:
No attachments are in this category.

Deleted/entfernt:
1. WU_Details_1c7a2.zip/WU_Details_1c7a2.exe: Trojan.Bredolab!gen5

Blocked/blockiert:
No attachments are in this category.

———— Original message ————
Dear customer.

The amount of money transfer: 9822 USD.
Money is available to withdrawl.

You may find the Money Transfer Control Number (MTCN) and receiver’s details in document attached to this email.

Western Union.
Financial Services.