hgu.bat virus trojan type Packed.Win32.Krap.b
hgu.bat virus trojan type Packed.Win32.Krap.b
hgu.bat virus trojan type Packed.Win32.Krap.b
MegauploadGmbH MegauploadGmbH@live.de spam et virus Virus.Win32.Neshta.a client astraweb.com
tout les fichiers postés par MegauploadGmbH@live.de (MegauploadGmbH) sont des virus Virus.Win32.Neshta.a
Trojan Trojan-Spy.Win32.Zbot.cfef 201.116.71.243 mail.magnograf.com.mx
Trojan envoyé par : sistemas2.magnograf.com.mx mail.magnograf.com.mx 201.116.71.243
Checking IP: 201.116.71.243
Name:Â Â Â Â Â Â mail.magnograf.com.mx
IP:Â Â Â Â Â Â 201.116.71.243
Domain:Â Â Â magnograf.com.mx
Registrant:
Name:Â Â Â Â Â Â Â Â Â Â Litografia Magno Graf S.A. de C.V.
Name:Â Â Â Â Â Â Â Â Â Â Omar Carrillo Correa
inetnum:Â Â Â Â 201.116.71/24
owner:      Gestión de direccionamiento UniNet
responsible: Gestión de cambios y configuraciones
address:Â Â Â Â Periferico Sur, 3190,
address:    01900 – México DF – DF
country:Â Â Â Â MX
Vba32KeyMng.exe Editeur Piranha Bytes Documento.Doc____.exe
Documento.Doc____.exe fichier douteux sur des sites piratés
Received: from sistemas2.magnograf.com.mx (mail.magnograf.com.mx [201.116.71.243])
Exemple de sites piratés :
http://thanombutra.ac.th
http://infantilsmoher.com
Virus trojan sur rapidshare.com present.exe
exemple de Virus trojan sur rapidshare.com https://rapidshare.com/files/454406929/present.exe
95.211.73.164 95.211.72.211 malware leaseweb.com
Name:Â Â Â Â Â Â hosted-by.leaseweb.com
IP:Â Â Â Â Â Â 95.211.73.164
Domain:Â Â Â leaseweb.com
Name:Â Â Â Â Â Â hosted-by.leaseweb.com
IP:Â Â Â Â Â Â 95.211.72.211
Domain:Â Â Â leaseweb.com
defender-uvpsx.vv.cc 78.41.203.10 malware World Dedicated Ltd abuse.bz
Name:Â Â Â Â Â Â defender-uvpsx.vv.cc
IP:Â Â Â Â Â Â 78.41.203.10
Domain:Â Â Â vv.cc
Registrar: ENOM, INC.
person:Â Â Â Â Â Â Â Â Â Alex Averin
address:Â Â Â Â Â Â Â Â Russian Federation, Moscow, Lenina st. 10
phone:Â Â Â Â Â Â Â Â Â Â +79194740626
abuse-mailbox:Â Â e57303@abuse.bz
defender-fqqdx.vv.cc 78.41.203.10 freesystemscan.exe malware
freesystemscan.exe
Registrar: ENOM, INC.
person:Â Â Â Â Â Â Â Â Â Alex Averin
address:Â Â Â Â Â Â Â Â Russian Federation, Moscow, Lenina st. 10
phone:Â Â Â Â Â Â Â Â Â Â +79194740626
abuse-mailbox:Â Â Â mailto:e57303@abuse.bz
route:Â Â Â Â Â Â Â Â Â Â 78.41.200.0/21
descr:Â Â Â Â Â Â Â Â Â Â Snel Internet IP space routed by We Dare
software-vend.co.cc 46.252.128.19 malware
Name:Â Â Â Â Â Â software-vend.co.cc
IP:Â Â Â Â Â Â 46.252.128.19
Domain:Â Â Â co.cc
Registrar: YESNIC CO. LTD.
inetnum:Â Â Â Â Â Â Â 46.252.128.0 – 46.252.129.255
person:Â Â Â Â Â Â Â Â Andrejs Kaminskis
address:Â Â Â Â Â Â Â Latgales 32/34, Rezekne, Latvia
phone:Â Â Â Â Â Â Â Â Â +37127580487
fevertube.com 209.222.6.62 malware Ukrainien chez Choopa LLC
Name:Â Â Â Â Â Â fevertube.com
IP:Â Â Â Â Â Â 209.222.6.62
Administrative Contact:
N/A
hectorix       ( mailto:hectorix@mail.ru)
odessa str 22
odessa
Odessa Oblast,55555
UA
Tel. +380.982567788
NetRange:Â Â Â Â Â Â 209.222.0.0 – 209.222.31.255
OrgName:Â Â Â Â Â Â Â Choopa, LLC
OrgId:Â Â Â Â Â Â Â Â Â CHOOP-1
Address:Â Â Â Â Â Â Â 2400 Main Street Extension
Address:Â Â Â Â Â Â Â Suite 12
City:Â Â Â Â Â Â Â Â Â Â Sayreville
StateProv:Â Â Â Â Â NJ
PostalCode:Â Â Â Â 08872
Country:Â Â Â Â Â Â Â US
RegDate:Â Â Â Â Â Â Â 2006-10-03
Updated:Â Â Â Â Â Â Â 2007-12-13
Comment:Â Â Â Â Â Â Â http://www.choopa.net/
XP Total Security Win 7 Home Security 2011 jumonevetode.com VIRUS 204.45.118.69 FDCservers.net ONLINENIC INC
Fichiers vérolés:
Steam.exe
lol2.exe
Valve Corporation version 1.0.0.0
pod.exe
spm.exe
Xmegywso Software version 7.8
ohi.exe
Valve Corporation version 1.0.0.0
XP Total Security
http://jumonevetode.com/buy.html
1 Year License – $59.95
Full 1 Year License. This is One Time fee and Your Credit card will not billed again.
2 Year License – $69.95
Full 2 Years License. This is One Time fee and Your Credit card will not billed again.
LifeTime License – $79.95
Full Lifetime License. This is One Time fee and Your Credit card will not billed again.
Name:Â Â Â Â Â Â jumonevetode.com
IP:Â Â Â Â Â Â 204.45.118.69
Registrar: ONLINENIC, INC.
Registrant:
Viktor Brikatnin silks@ca4.ru +7.8124384111
Viktor Brikatnin
ul.Shotmana d.7-1 lit.3 pom.13N
Sankt-Peterburg,Sankt-Peterburg,RU 193076
NetRange:Â Â Â Â Â Â 204.45.0.0 – 204.45.255.255
CIDR:Â Â Â Â Â Â Â Â Â Â 204.45.0.0/16
OrgName:Â Â Â Â Â Â Â FDCservers.net
OrgId:Â Â Â Â Â Â Â Â Â FDCSE
Address:Â Â Â Â Â Â Â 141 w jackson blvd.
Address:Â Â Â Â Â Â Â suite #1135
City:Â Â Â Â Â Â Â Â Â Â Chicago
StateProv:Â Â Â Â Â IL
Cette merde est assez chiante, elle en colle partout:
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ohi.exe
« C:\Documents and Settings\Administrateur\Local Settings\Application Data\ohi.exe » -a « %1 » %*
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500\Software\Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500\Software\Classes\exefile\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500_Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-842925246-1844237615-1801674531-500_Classes\exefile\shell\open\command
United Parcel Service notification #423056 info72zx@ups.com viruse envoyé par 41.0.53.22 et 121.78.211.177
Virus type: XP Total Security Win 7 Home Security 2011Â jumonevetode.com VIRUS 204.45.118.69 FDCservers.net ONLINENIC INC
Spam envoyé par 41.0.53.22 et 121.78.211.177
De : United Parcel Service [mailto:info72zx@ups.com]
Envoyé : dimanche 27 mars 2011 08:10
Objet : United Parcel Service notification #423056
Dear customer.
The parcel was sent your home address.
And it will arrive within 3 business day.
More information and the tracking number are attached in document below.
Thank you.
© 1994-2011 United Parcel Service of America, Inc.
fineguard-serv.in virus-searcher53.in sites dangereux type packupdate107_284.exe Trojan-PSW.Win32.LdPinch.apwp
Cheval de Troie et faux anti-virus
vc.videoconverterpack.com virus UDS:DangerousObject.Multi.Generic
diffusé sur pub google, hébergé par Amazon
fichier: VideoConverterSetup.exe
Kaspersky Internet Security UDS:DangerousObject.Multi.Generic VideoConverterSetup.exe
Name: vc.videoconverterpack.com
IP: 184.72.236.67
Registrant:
PrivacyProtect.org
Domain Admin contact@privacyprotect.org
OrgName: Amazon.com, Inc.
OrgId: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
My_Resume_ID478.zip Virus trojan Please look my CV. Thank you
Tentative ratée d’envoi de virus le fichier est vide
Spam reçu par 82.95.212.98 XS4ALL Internet BV
—–Message d’origine—–
De : Lourdes Driscoll [mailto:bargepd@softnavigator.ru]
Envoyé : samedi 21 août 2010 21:56
Objet : Please look my CV. Thank you
Hello!
I have figured out that you have an available job.
I am quiet intrested in it. So I send you my resume,
Looking forward to your reply.
Thank you.
Des internautes vendaient de fausses licences pour des antivirus Windows. La police fait fermer 19 sites web.
See the original post here:
Redevance Windows, escroquerie bien rôdée venue d´Inde
city-of-plymouth.info 109.123.78.180 virus postcard.jpg.exe spam 88.100.219.50
virus / trojan dans postcard.jpg.exe
spam envoyé par 88.100.219.50
NEXTEL-XDSL XDSL NETWORK-ADSL
Jiri Hvezda Telefonica O2 Czech Republic, a.s. Za Brumlovkou 2 Prague 4 – 140 22
The Czech Republic +420 2 84084222
city-of-plymouth.info
John Simmon
csc
1849 South Bentley Ave.
Los Angeles
California
90025
+1.3108447267
khokhar33@hotmail.com
UK2 – Ltd
Ditlev Bredahl
One Canada Square
Canary Wharf
E14 5DY London
UNITED KINGDOM
ripe@uk2.net
type de spam:
—–Message d’origine—–
De : 123Greetings [mailto:valentines@123Greetings.net]
Envoyé : jeudi 11 février 2010 10:32
Objet : You’ve received a postcard from a family member !
Good day.
Your family member has sent you an ecard from 123Greetings.com <http://city-of-plymouth.info/postcard.jpg.exe> .
Send free ecards from 123Greetings.com <http://city-of-plymouth.info/postcard.jpg.exe>Â with your choice of colors, words and music.
Your ecard will be available with us for the next 5 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.
To view your ecard please click here <http://city-of-plymouth.info/postcard.jpg.exe> .
Your ecard number is
a885b5e6291c3de8293ec6968e3ca03
Best wishes,
123Greetings
www.games-attack.com attention virus Downloader-BPJ.gen.b
Si vous avez téléchargé le fichier Games-Attack_setup.exe sur download.gales-attack.com
votre ordinateur sera infecté par le virus Downloader-BPJ.gen.b
www.games-attack.com Plus de 100 jeux flash gratuits attention adware
source McAfee
www.newliveplayer.com Live Player VIRUS Downloader-BPJ.gen.b Live-Player_setup.exe adserving.cpxinteractive.com
Mcafee indique un VIRUS type Downloader-BPJ.gen.b dans le fichier Live-Player_setup.exe
stocké sur http://download.newliveplayer.com
Diffusé par la régie pub: adserving.cpxinteractive.com
Name:Â Â Â Â Â Â www.newliveplayer.com
IP:Â Â Â Â Â Â 91.209.163.201, Â Â Â Â Â Â 91.209.163.202, Â Â Â Â Â Â 91.209.163.203
Domain:Â Â Â newliveplayer.com
owner-c:
nic-hdl: RV749-GANDI
owner-name: FAVORIT NETWORK S.L.
organisation: FAVORIT NETWORK S.L.
person: Ramon Viladomiu
address: Rambla Catalunya Número 12 2º 2ª
zipcode: 08007
city: BARCELONA
country: Spain
phone: +34.610552977
fax:  »
email:Â mailto:2ffba9ee4ff19e8587163b873c03ff22-913471@contact.gandi.net
Virus Western Union. You can get money transfer! Order NR.1827
Spam envoyé par fw-tk.scheier.at fw-tk.scheier.at 80.120.120.190
virus dans WU_Details_1c7a2.zip
Â
De : Manager Elwood Seymour [mailto:receiver@westernunion.com]
Envoyé : lundi 9 novembre 2009 11:42
À : billing@crixx.de
Objet : Western Union. You can get money transfer! Order NR.1827
—– english text —–
This mail contained a virus or a file violating the mail policy.
The file has been repaired or deleted.
Hint: most infected mails are not originating from the given sender address.
Notifying the sender does not make sense in these cases.
—– deutscher Text —–
Diese Mail enthielt einen Virus oder eine Datei, die gegen die Mail-Richtlinien verstößt.
Die Datei wurde repariert oder entfernt.
Hinweis: die meisten Virenmails stammen nicht vom angegebenen Absender.
Diesen zu kontaktieren, macht in der Regel keinen Sinn.
—– Attachment(s) —–
Repaired/repariert:
No attachments are in this category.
Deleted/entfernt:
1. WU_Details_1c7a2.zip/WU_Details_1c7a2.exe: Trojan.Bredolab!gen5
Blocked/blockiert:
No attachments are in this category.
———— Original message ————
Dear customer.
The amount of money transfer: 9822 USD.
Money is available to withdrawl.
You may find the Money Transfer Control Number (MTCN) and receiver’s details in document attached to this email.
Western Union.
Financial Services.