This is list of doamins with spyware taht was banned, i'm got this info from
http://malwareonline.com
List domain banned :
ematrixsoft.com
beautyscreens.com
20:35 31/03/2009
chiburashko.com
fast-antimalware-scanner.com
fast-antimalware-scan.com
fastantimalwarescanner.com
llll19l.cn
k-softportal.com
liveantimalwarefastscnan.com
usedforspeedupb.info
liveantimalwarequickscnan.com
antimalwaresecurityscanner.com
antimalwaresecurityscan.com
malwareremovingtool.com
liveantimalwareproscan.com
live-antimalware-pro-scan.com
live-antimalware-scanner.com
x-bizsoftportal.com
liveantimalwareproscanner.com
benable.net
showlis.com
d-downloadportal.com
online-antimalware-scanner.com
8800.org
homeoffun.com
advancedprotectionscanner.com
yourtubeworld.com
desktoprepairpackage.com
removespywarethreats.com
advancedproantivirusscan.com
c-bizsoftportal.com
advancedproantivirusscanner.com
traffic-advance.net
extrafastdownload.com
liveantimalwarescan.com
ut99889.com
ololorialni.cn
xxxtube69.com
online-antimalware-scan.com
proantimalwareonlinescan.com
showmes.net
pro-antimalware-scan.com
liveantimalwarescanner.com
bestbartersoftware.com
sxxsnp3.cn
regclean.com
antispywareexpertplus.com
portalssoftwarestore.com
infodialer3000.com
portalnowsoftwarehere2009.com
signgag.com
proantimalwarescan.com
prosystemonlinescanner.com
pro-system-scan.com
prosystemonlinescan.com
viceshow.net
pro-antimalware-scanner.com
nowsoftwareportalhere.com
proantimalwarescanner.com
malwarebot.com
prosystemscan.com
prosystemscanner.com
professionalantivirusscan.com
freeportalsoftwarenow.com
professionalantivirusscanner.com
pro-system-scanner.com
advancedantivirusproscanner.com
portalsoftwarenow.com
advancedantivirusproscan.com
zoosexvideo.net
liteantimalwarescan.com
premiumantiviruspcscan.com
somefilesportalnow.com
ashowhome.net
premiumantiviruspccheck.com
yutux.net
liteantimalwarescanner.com
lite-anti-spyware-pro-scanner.com
free-onlinevideos.com
lite-antispyware-pro-scanner.com
x-btzsoftportal.com
xp-police-09.com
titmix.net
registrysmart.com
viewmyworldx.com
showabout.com
liteantispywareproscanner.com
programmi-approvati.com
liteantivirusscan.com
lite-antivirus-scan.com
z-bizsoftportal.com
lite-antivirus-scanner.com
liteonlineantivirusscan.com
liteantivirusproscanner.com
liteantivirusscanner.com
liteantivirusproscan.com
lite-anti-virus-scanner.com
lite-anti-virus-scan.com
bestvirusremover2009.com
enablerz.net
spywareremover2009plus.com
moon-runner.com
onlineantimalwareproscan.com
onlineantimalwareproscanner.com
tionshow.com
bestantimalwaredefense.com
bestantimalwaredefence.com
bestantimalwaresoftware.com
youradore.com
aslifm.biz
onlinescanweb.com
droopsci.com
myprivatetube09.com
viewersoftportal.com
onlineantimalwarescan.com
end-extra.com
loadmore.eu
dgaf.org
antivirussecurityaudit.com
onlineantivirusproscan.com
softportaldrivvers.com
pro-intra.com
tubeportalsoftware2009.com
wuc8.com
malwareprosecurityscan.com
malwaresecurityproscan.com
uinextra.com
malwareprosecurityscanner.com
nice-extra.com
malwaresecurityscan.com
taobaocdn.com
onlinevirusscanner.info
xp-police-antivirus.com
antimalwaresuperscanner.com
antimalwaresuperscan.com
antimalwaresuperproscan.com
antimalwaresuperproscanner.com
onlinestreasoftware.com
anti-malware-online-scanner.com
myextremetube.com
best-tube-download.org
antimalwareproonlinescan.com
hqextra.com
antimalwareonlinescanner.com
drivers2watch2009.com
antimalware-online-scanner.com
anti-malware-online-scan.com
wot-extra.com
antimalware-internet-scan.com
antimalwareinternetproscan.com
anti-malware-internet-scan.com
antimalware-online-scan.com
onlinestreamsofware.com
antimalwareonlinescan.com
fake-mailer.com
adware-pro-live.com
pornorawa.com
heroextra.com
antimalwareinternetscan.com
premiumantiviruscheck.com
premium-antivirus-defense.com
demoextra.com
your-soft-archive-4free.com
storage-tasp.com
antimalwareliveproscan.com
antimalware-live-pro-scan.com
tubeportalsoftware2008.com
antimalwareinternetscanner.com
mysoftwareprovider.com
17173.com
defender-2009.com
xp-police.com
tubesoftwareviewer2008.com
free-adult-movies69.net
turkojan.com
fileave.com
vivaextra.com
ultra-extra.com
antimalwareliveproscanner.com
u-9.info
forbidden-clips.com
viewformey.com
rapidantivirus-09.com
anti-malware-live-scan.com
antimalware-live-scan.com
antimalware-live-scanner.com
tubesoftwareviewer2009.com
vancin.com.br
pro-extra.com
antimalwarelivescanner.com
black-extra.com
anti-malware-pro-scan.com
dll-provider.com
rapidantivirus09.com
bestpornhub2009.com
maria22.com
antimalware-pro-scan.com
pc-archive-upgrade.com
antimalwareproscan.com
anti-malware-pro-scanner.com
toocharger.com
filmizlee.org
lilaloft.cn
antispydeluxe.com
extraultra.com
xp-download-center.com
antimalware-pro-scanner.com
turbo-extra.com
vaccineprogram.co.kr
poor-software-download.net
sponsoradulto.com
antimalwareproscanner.com
cutinaisyo.cn
antimalware-scan.com
megavipsite.cn
anti-trojan-pro.org
anti-malware-scanner.com
xp-extra.com
antimalwarescan.com
tubesdrivers2009.com
porntubevidz.com
mp3support.ca
aliceadsl.it
missing-codecs.com
onlineproantispywarescanner.com
windows-security-scanner.com
antimalware-scanner.com
computerantiviruslivescan.com
brakeextra.com
4free-archive-soft-pc.net
antimalwarescanner.com
computerantivirusproscan.com
freepornvideosexxx.com
buscagoogle.com
premium-antivirus-defence.com
premiumantivirusdefense.com
premiumantivirusdefence.com
computerantivirusproscanner.com
fastsecurescanner.com
computeronlineproscan.com
super-super-archive.net
get-your-archive.com
computerantivirusscanner.com
antispyware2009download.com
full-mega-soft.net
computeronlineproscanner.com
premiumantivirusprotection.com
4free-download-pc-files.com
freetubedrivers.com
liteantispywarescan.com
computeronlinescan.com
onlineproantispywarescan.com
fire-extra.com
computeronlinescanner.com
extra-nitro.com
liteantispywarescanner.com
sysav-download.com
your-full-download.com
antispywarebot.com
bestantispywarelivescan.com
delfiextra.com
bestantispywareonlinescan.com
best-antispyware-scan.com
antispywarequickscanner.com
bestantispywarescan.com
bestantispywarescanner.com
antispyware-pro-live-scan.com
bestantispywareproscan.com
bestantispywaresecurityscan.com
registryrepair.ws
antispywareliveproscan.com
antispyware-online-scan.com
antispywareonlineproscan.com
win-downloading-updates-server.com
qazextra.com
softcollection-download.com
tubedrivers.com
antispywarepremiumsproscan.com
antispywarequickproscan.com
antispyware-online-pro-scan.com
antispywarequickscan.com
meuphpgratis.com.br
filecon.co.kr
super-soft-download.com
gefleet.com
antispywarepremiumscanner.com
antispyware-premium-scan.com
technoevent.cn
pure-software-download.net
new-soft-4pc-download.com
antispywarepremiumscan.com
streamdriversonline.com
lul.se
angelinajedura.cn
ares.pro
maindownload2009.net
extra-turbo.com
antispywareinternetscan.com
antispyware-internet-scan.com
streamonlinedrivers.com
spywarestop.com
antimalwareguard-plus.com
secureexpertcleanerpro.com
onlinewebscan.com
antispywareinternetscanner.com
200kontor.com
antispywareprolivescanner.com
antispywareprolivescan.com
premiumlivespywarescanner.com
premiumlivespywarescan.com
antispywareonlinescanner.com
premiumlivevirusscan.com
premiumlivevirusscanner.com
trackgame.net
premiumlivescanner.com
adwarespy.com
stramtubedrivers.com
antispywareexpert-plus.com
registrydoctorpro2008.com
best-software-new.net
premiumonlinescanner.com
premium-online-scanner.com
quickly-software-dowload.com
premiumonlinespywarescan.com
premiumantispywareproscan.com
virusremover2008-offer.com
scenicreflections.com
wtrm.com
fastantivirusproscanner.com
extrabrake.com
fast-antivirus-pro-scan.com
fastantispywaredefense.com
fastantispywareproscan.com
track-end.com
virusremover2008plus.com
fastantispywaredefence.com
fast-antispyware-scanner.com
tubeviewer2009.com
filesdownload2009.com
fastantispywareproscanner.com
fast-antiviruspro-scan.com
bestanti-virusscan.com
fastantispywarescanner.com
fastantispywarescan.com
premium-antispyware-scan.com
onlinespywaredefence.com
bestanti-virusscanner.com
softwaredbarchive.com
eylencem.com
cvtelcorp.com
premium-antispyware-scanner.com
freepornclips3u.com
girlporno.org
premiumantispywarescanner.com
load-best-soft-4you.net
soft-collection-load.com
internetantispywarescanner.com
filesfreedb.com
internet-antispyware-scan.com
internetantispywarescan.com
liveantispywarescan.com
live-antispyware-scan.com
liveantispywarescanner.com
pro-antispyware-scanner.com
live-antispyware-scanner.com
programmsstorage.com
load-software-dowload.net
antiviruspro-2009.com
tools-for.net
extrafilesstorage.com
track-mega.com
top-extra.com
premium-antivirus-scan.com
premium-antivirus-scanner.com
premium-antivirus-security.com
rapidspywarelivescan.com
programmsarchive.com
premiumantivirusscanner.com
rapidantivirusonlinescan.com
premiumantivirussecurity.com
mywebsearch.com
antimalwareguard.com
fdisk.co.kr
opera-extra.com
siri.com.mx
web-safe-way.com
tubesstreamdrivers.com
rapidantiviruslivescan.com
premium-advanced-scan.com
premiumantivirusscan.com
coolfilesstorages.com
antispyware-pro-dl.com
privatetubes2009.net
rapidantispywarescanner.com
rapidantiviruspcscanner.com
rapidantiviruspcscan.com
track-turbo.com
rapidspywarescanner.com
rapidantimalwarescanner.com
antivirus-scan-your-pc.com
steamtubesoftware.com
player-codec.biz
nutsmpegs.com
steramtubessoftware.com
premiumadvancedscanner.com
megafilesonlyhere.com
premium-advanced-scanner.com
premiumadvancedscan.com
malwareremovalbot.com
antivirus-pro2009.com
viwersoftarchive2009.com
bestantivirusfastscanner.com
antispyware-dl-2009.com
bestantivirusdefense.com
spicyextra.com
bestantivirusfastscan.com
live-antivirus-scanner.com
bestantivirusdefence.com
proantiviruscomputerscan.com
best-antivirus-defense.com
bestantivirusquickscan.com
antispyware-securedl.com
home-track.net
netspywarescan.com
best-soft-4youcomp.com
best-antivirus-protection.com
best-antivirus-pro-scanner.com
express-antivirus2009com.com
viewerfilesstorage.com
bestantivirusproscan.com
bestantivirusproscanner.com
benderfilesstorage.com
tipo.co.il
oovoo.com
in-in.in
online-safe-way.com
400-free.com
persuadableresearchsurvey.com
cold-track.net
best-antivirus-scan.com
best-anti-virus-scan.com
best-anti-virus-scanner.com
tubeviewersoftware.com
bestantivirusscanner.com
msn-messenger-9.net
messbrasil.com.br
finantearad.ro
download-boosters.com
msn-messenger-9.info
proantiviruspcscan.com
game-extra.com
professionalvirusscan.com
best-antivirus-scanner.com
professionalvirusscanner.com
cold-extra.com
proantivirusprotection.com
proas-download.com
professional-virus-scan.com
proantispyware2009dl.com
viewertubesoftware.com
professional-virus-scanner.com
av-2009.info
rapid-antivirus2009.com
xerotrack.com
liveantivirusprotectionscan.com
live-antivirus-pc-scan.com
live-pc-antivirus-scan.com
live-antiviruspc-scan.com
livepcantivirusscan.com
spywprotect2009.com
exefilesdownload2009.com
viewersoftwarearchive.com
pcantivirusscanneronline.com
pc-security-scan.com
onlinepcvirusscanner.com
softwareviewers2009.com
filesstorage4you.com
online-pc-virus-scanner.com
www-avasthome.com
av10antivir.com
isafeantivirus.com
delfilist.com
list-black.com
pc-antispywarescanner.com
white-track.com
filesinnet4you2009.com
pure-download-new.net
crystalfilesarchive.com
xxxviewerfilesz.com
2009download-best-soft.com
xxxviewerfilesx.com
pc-anti-virus-scanner.com
giga-track.net
pc-security-scanner.com
pc-anti-virus-scan.com
virusandspywarescaning.com
pcsecurityscanner.com
softwareportalexefiles.com
yup-list.com
viewerdownload2009.com
listturbo.com
light-track.com
download2009exe.com
antispywaredl.com
advancedantivirusscan.com
advanced-anti-virus-scan.com
virusandspywarescan.com
advancedantivirusscanner.com
advanced-antivirus-scanner.com
freedownload2009.com
advanced-anti-virus-scanner.com
anti-virus-secure-scanner.com
soft-4-you-download.net
antivirus-proscan.com
antivirusprofessionalscan.com
antivirussecurescanner.com
turboplayer.net
antivirus-secure-scanner.com
fast-download-base-free.com
antispyware-dl.com
registryeasy.com
quicksoftupdate09.net
blobc6.com
freemyfunny.info
grandstreetinteractive.com
antivirus-super-scan.com
antivirussuperscan.com
filesstorage2009.com
softupdate09.com
porntube-vip.com
pop-list.com
antivirusdefencescanner.com
net-list.net
brakeplayer.net
exefileshere2009.com
anti-virus-online-scan.com
directdownload09.net
tonns-of-movs.com
antivirus-online-scan.com
youtube-for-free.com
protecton-antivirus-scan.com
sekasanehvataet.com
liveantiviruscomputerscan.com
antivirus-plus-2009.com
privatetubes09.net
demoplayer.net
viruspcscanner.com
secured-antivirus-scanner.com
spicylist.net
online-antivirus-information.com
pornexearchive.com
liveantiviruspcscan.com
strongestarchive.com
space-player.net
downloadproas.com
pcantivirusscanner.com
liveantiviruspccheck.com
protectonantivirusscan.com
antivirus-pc-full-scan.com
antivirusonlinescanner.com
antiviruspcfullscan.com
softexeportal.com
antiviruscomputerscan.com
downloabsecurehere1.com
exesoftportal.com
downloadexenow.com
xhlist.com
anti-viruspcscanner.com
antivirus-quickscan.com
mega-player.net
proantivirusscan.com
light-player.net
antivirus-fast-scanner.com
antivirusquickscan.com
download-proas-2009.com
onlinevirus-scanner.com
errornuker.com
sayclub.com
filesportalhere.com
privatetube2009.com
clickandgetfile.com
downloadall-soft-now.com
scanav4.com
antiviruspowerfulscan.com
powerantivirusscanner.com
power-antivirus-scanner.com
pro-antivirus-scanner.com
antivirus-powerful-scan.com
antiviruspowerfulscanner.com
sex-master.biz
4scanav.com
jetexestorage.com
onlinemalwarescanner.com
moon-player.net
powerantivirusscan.com
online-securityscan.com
onlinesecurity-scan.com
proantivirusscanner.com
orgasmbest.info
pangcc.net
secure-virus-check.com
bloxporn.info
onlinesecurity-scanner.com
astrumavrpro.com
exefileshere.com
extracoolfiles.com
onlinesecurityscanner.com
onlineantivirus-scanner.com
pro-antispyware-dl.com
online-securityscanner.com
freesoftportal.com
downloadallsoftnow.com
secretfilesstoragehere.com
x-filesstorehere.com
brakemovie.com
downloadallsoft-now.com
antivirus-online-proscan.com
onlineantivirus-scan.com
online-antivirusscanner.com
spy-shredder.com
protection-fast-scanner.com
defender2009.com
protectionquickscanner.com
3d-softwareportal.com
protectionfast-scanner.com
iascanner-pro.com
protection-audit-scan.com
rapid-scanner.com
light-movie.com
security-audit-scanner.com
scanner-report.com
protectionfastscanner.com
fileshereinout.com
scan4av.com
download-all4free.com
get-frsh-files.com
anti-virusrapid-scanner.com
antivirusrapid-scanner.com
proas2009-dl.com
vivamovie.com
myprivatetubes09.net
demomovie.net
moonmovie.net
antivirusfastscan.com
dwnld-files.com
antivirus-rapid-scan.com
antivirus-fast-scan.com
antivirus-rapid-scanner.com
files-upload-21.com
trustedfileshere.com
antivirus-rapidscan.com
download-best-antivirus2010.info
avscannow.com
kit-gold.com
bmezine.com
pro-antivirus-scan.com
advanced-antivirus-scan.com
download-softarch.com
advanced-pro-scan.com
download-fls.com
pro-antivirusscanner.com
avcheckedfileshere.com
pro-anti-virus-scan.com
antivirus-pro-scanner.com
fire-movie.com
advanced-scan.com
advancedproscan.com
virus-doctor-site.com
rapidantivir-2009.com
download-files-bak.net
allcleanfileshere.com
advanced-scanner.com
anti-virus-live-scan.com
advancedscanner.com
cnlife.info
nitromovie.net
scanner4.com
cleanmovie.net
allfileswaitingyou.com
antivirus-online-protection.com
anti-virus-online-protection.com
msas2009dl.com
3d-softwareportal.net
taboplayilist.com
antivirus-best-protection.com
matesoftstorage.com
anti-virus-best-protection.com
anti-virus-pro-scanner.com
anti-virus-live-scanner.com
downloadallfilesonlyhere.com
anti-virus-computer-scan.com
antivirus-computer-scan.com
myrealtube.net
securityscanner-2009.com
extremetube09.com
get-files-4free.net
gigafilez.com
download-top-software.net
keyengage.net
allfilesherefordownload.com
antivirus-best-scanner.com
antivirus-live-scanner.com
antivirus-bestscanner.com
antiviruspremiumscanner.com
spacekeys.net
antivirusbestscanner.com
download-softpacks.net
proas2009-download.com
cool-softwareportal.com
computerfastscanner.com
proas2009download.com
protected-downloads.com
files-donload-ch.net
filestoragehere.com
computerquickscanner.com
pcantivirusscan.com
full-pc-scan.com
bestsoftstorage.com
c-net-download.net
unlimsoftstorage.com
full-antivirus-scan.com
full-antivirusscan.com
rapid-antivirus-2009.com
win-antivirus-protect.com
avscanplus.com
anti-virus-proscan.com
friendlysoftportal.com
antivirus-bestscan.com
antivirusbest-scan.com
antivirusbestscan.com
webz-scan.com
uploadingstorage.com
dvdladnse.com
anti-virus-pro-scan.com
anti-virus-full-scan.com
defense-live-scan.com
anti-virus-fullscan.com
anti-virusquickscan.com
pro-scanner-online.com
av-2009.com
virus-triggers.com
bestextremetube.com
3d-softportal.com
x-softportal.com
defence-live-scan.com
playmyfile.com
vivafiles.net
ultrafiles.net
infotimer.net
space-player.com
light-player.com
moon-player.com
qazplayer.com
systemtrigger.com
effectiveload.com
hq-live.net
securityscanner2009.com
k-softwareportal.net
downloadfiles-citadel.com
s-softwareportal.com
virusremover2008flash.com
360safe.com
fastmp3player.com
dlv4.com
secureexpertcleaner.com
keygen.name
fuck-pussygirl-now.com
thekeys.ws
div-xmovies.com
seriall.com
3d-downloadportal.net
3d-downloadportal.com
antivirus-pro-scan.com
antivirus-protectionscan.com
rapidantivirus-2009.com
livefilestore.com
adwarealert.com
virus-trigger.com
antivirus–plus.com
ultimatesentry.com
rapidantivirus2009.com
premium-online-scan.com
s-softwareportal.net
end-live.com
premuim-live-scan.com
softwarebillingservice.com
a013.com
antispyexpertpro.com
zango.com
scan-web.com
allpc-softdownload.com
s-softwaredownload.com
protectionscanner.com
cold-live.net
vpornmovies2.com
super-softwaredownload.net
virtrigger.com
xppcenter.com
download-citadel-software.com
protection-livescan.com
antispywareguard.com
super-softwaredownload.com
protectionlive-scan.com
myprivatetubes2009.net
scanavpro.com
quickdirectdownload2008.com
imgfarm.com
quicksoftupdate2008.com
bestsecureexpertcleaner.com
advavsentry.com
super-downloadportal.com
antispywareguardpro.com
super-digitalportal.com
antivirusdefense.com
antimalwareguardpro.com
registrydefender.com
winavsentry.com
better-softwareportal2008.com
ozby.com
av-pro-2009.com
allpc-softportal.com
pcprivacycleanerpro.com
total-antivirus-scan.com
myprivatetube2009.net
dailykeys.com
privatetube08.com
pc-softstorage.com
registrydoctor2008.com
downloadproas2009.com
rapidantivirus.com
softwareformyvideo.com
top-pc-software-site.net
antispyexpert.com
virus-labs2009.com
vivafiles.com
pro-scan-online.com
download-antispyware.com
anti-virus-defence.com
zangocash.com
antivirus-premium-scan.com.
super-softwareportals.com
cleanlive.net
powerfulvirusremover2008.com
anti-virusproscan.com
This about more of Downadup Conflicker.C description, in the avira antivirus detected as below:
Virus: Worm/Conficker
Date discovered: 14/01/2009
Type: Worm
In the wild: Yes
Reported Infections: Medium
Distribution Potential: Medium
Damage Potential: Medium
Static file: No
File size: ~160.000 Bytes
IVDF version: 7.01.01.115 - Wed, 14 Jan 2009 08:44 (GMT+1)
General detetected in another antivirus :
Methods of propagation:
• Local network
• Mapped network drives
Aliases:
• Symantec: W32.Downadup.B
• Kaspersky: Net-Worm.Win32.Kido.fw
• F-Secure: Worm:W32/Downadup.gen!A
• Sophos: Mal/Conficker-A
• Panda: Trj/Downloader.MDW
• Grisoft: I-Worm/Generic.CJY
• Eset: a variant of Win32/Conficker.AE worm
• Bitdefender: Win32.Worm.Downadup.Gen
Similar detection:
• Worm/Kido
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Registry modification
• Makes use of software vulnerability
• Third party control
Virus File
It copies itself to the following locations:
• %all shared folders% \RECYCLER\S-%number%\%random character string%.vmx
• %ProgramFiles%\Internet Explorer\%random character string%.dll
• %ProgramFiles%\Movie Maker\%random character string%.dll
• %System%\%random character string%.dll
• %Temp%\%random character string%.dll
• %ALLUSERSPROFILE%\Application Data\%random character string%.dll
The following file is created:
– %all shared folders%\autorun.inf This is a non malicious text file with the following content:
• %random comments%
shellexecute rundll32.exe %paths and filenames of malware copies%,%random character string%
%random comments%
In The Registry
The following registry keys are added in order to load the service after reboot:
– HKLM\SYSTEM\CurrentControlSet\Services\%random words%\
Parameters\
• ServiceDll" = "%paths and filenames of malware copies%"
– HKLM\SYSTEM\CurrentControlSet\Services\%random words%\
• "ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs
"Type" = "4"
"Start" = "4"
"ErrorControl" = "4"
The following registry keys are changed:
– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
Old value:
• "Start"=dword:00000003
New value:
• "Start"=dword:00000004
– [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]
Old value:
• "Start"=dword:00000003
New value:
• "Start"=dword:00000004
– [HKLM\SYSTEM\CurrentControlSet\Services\BITS]
Old value:
• "Start"=dword:00000003
New value:
• "Start"=dword:00000004
– [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]
Old value:
• "Start"=dword:00000003
New value:
• "Start"=dword:00000004
– HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
New value:
• "Hidden"=dword:00000002
"ShowCompColor"=dword:00000001
"HideFileExt"=dword:00000000
"DontPrettyPath"=dword:00000000
"ShowInfoTip"=dword:00000001
"HideIcons"=dword:00000000
"MapNetDrvBtn"=dword:00000000
"WebView"=dword:00000000
"Filter"=dword:00000000
"SuperHidden"=dword:00000000
"SeparateProcess"=dword:00000000
In the Network Infection
In order to ensure its propagation the malware attemps to connect to other machines as described below.
It uses the following login information in order to gain access to the remote machine:
– The following list of passwords:
• 000; 0000; 00000; 0000000; 00000000; 0987654321; 111; 1111; 11111;
111111; 1111111; 11111111; 123; 123123; 12321; 123321; 1234; 12345;
123456; 1234567; 12345678; 123456789; 1234567890; 1234abcd; 1234qwer;
123abc; 123asd; 123qwe; 1q2w3e; 222; 2222; 22222; 222222; 2222222;
22222222; 321; 333; 3333; 33333; 333333; 3333333; 33333333; 4321; 444;
4444; 44444; 444444; 4444444; 44444444; 54321; 555; 5555; 55555;
555555; 5555555; 55555555; 654321; 666; 6666; 66666; 666666; 6666666;
66666666; 7654321; 777; 7777; 77777; 777777; 7777777; 77777777;
87654321; 888; 8888; 88888; 888888; 8888888; 88888888; 987654321; 999;
9999; 99999; 999999; 9999999; 99999999; a1b2c3; aaa; aaaa; aaaaa;
abc123; academia; access; account; Admin; admin; admin1; admin12;
admin123; adminadmin; administrator; anything; asddsa; asdfgh; asdsa;
asdzxc; backup; boss123; business; campus; changeme; cluster;
codename; codeword; coffee; computer; controller; cookie; customer;
database; default; desktop; domain; example; exchange; explorer; file;
files; foo; foobar; foofoo; forever; freedom; fuck; games; home;
home123; ihavenopass; Internet; internet; intranet; job; killer;
letitbe; letmein; login; Login; lotus; love123; manager; market;
money; monitor; mypass; mypassword; mypc123; nimda; nobody; nopass;
nopassword; nothing; office; oracle; owner; pass; pass1; pass12;
pass123; passwd; password; Password; password1; password12;
password123; private; public; pw123; q1w2e3; qazwsx; qazwsxedc; qqq;
qqqq; qqqqq; qwe123; qweasd; qweasdzxc; qweewq; qwerty; qwewq; root;
root123; rootroot; sample; secret; secure; security; server; shadow;
share; sql; student; super; superuser; supervisor; system; temp;
temp123; temporary; temptemp; test; test123; testtest; unknown; web;
windows; work; work123; xxx; xxxx; xxxxx; zxccxz; zxcvb; zxcvbn;
zxcxz; zzz; zzzz; zzzzz
IP address generation:
It creates random IP addresses while it keeps the first three octets from its own address. Afterwards it tries to establish a connection with the created addresses.
Infection process:
It makes the compromised machine download the malware from the infected source computer.
The downloaded file is stored on the compromised machine as: .\RECYCLER\S-%number%\%random character string%.vmx
Host
– Access to the following domains is effectively blocked:
• ahnlab; arcabit; avast; avg.; avira; avp.; bit9.; ca.; castlecops;
centralcommand; cert.; clamav; comodo; computerassociates; cpsecure;
defender; drweb; emsisoft; esafe; eset; etrust; ewido; f-prot;
f-secure; fortinet; gdata; grisoft; hacksoft; hauri; ikarus; jotti;
k7computing; kaspersky; malware; mcafee; microsoft; nai.;
networkassociates; nod32; norman; norton; panda; pctools; prevx;
quickheal; rising; rootkit; sans.; securecomputing; sophos; spamhaus;
spyware; sunbelt; symantec; threatexpert; trendmicro; vet.; virus;
wilderssecurity; windowsupdate
Miscellaneous
Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
• http://www.getmyip.org
• http://www.whatsmyipaddress.com
• http://getmyip.co.uk
• http://checkip.dyndns.org
Checks for an internet connection by contacting the following web sites:
• baidu.com; google.com; yahoo.com; msn.com; ask.com; w3.org; aol.com;
cnn.com; ebay.com; msn.com; myspace.com
File patching:
In order to increase the number of maximum connections it has the capability to modify the tcpip.sys. It may result in a corruption of that file and break network connectivity.
Rootkit Technology
It is a malware-specific technology. The malware hides its presence from system utilities, security applications and in the end, from the user.
Method used:
Hooks the following API functions:
• DNS_Query_A
• DNS_Query_UTF8
• DNS_Query_W
• Query_Main
• sendto
File details of virus
Programming language:
The malware program was written in MS Visual C++.
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
more information go to avira
Norman Malware Cleaner is a Norman program utility that may be used to detect and remove specific malicious software (malware). Note that it should not be used as a substitute for running normal proactive antivirus protection, but rather as a reactive tool to handle systems that are already infected.
By downloading and running the program below it will clean an infected system completely:
- kill running processes that are infected
- remove infections from disk (including ActiveX components and browser helper objects)
- reveal and remove rootkits
- restore correct registry values
- remove references created by malware in hosts file
- remove windows firewall rules for malicious programs
Download: Norman Malware Cleaner
Switches to Norman Malware Cleaner
| /iagree | Agree to license agreement (popup window suppressed) |
| /scan | Specify file/folder to scan |
| /norecurse | Do not recurse into subfolders. Only valid when used with /scan |
| /exclude | Specify file/folder to exclude |
| /run | Start scanning automatically |
| /autoboot | Reboot automatically after scan if needed |
| /quiet | Do not display GUI |
| /log | Specify log file |
| /noclean | Skip the cleaning process |
| /nops | Skip process scanning |
| /nounpack | Skip archive scanning |
| /nosysvol | Do not scan for changes to system restore after deleting a file |
| /? | List switches |
source from http://obengware.com Read More......
Be carefully for the owner of the account banking that could trafered money via the mobile phone, trojan this was working in Indonesia.
In many countries mobile providers allow their clients to transfer money, specifically credit that can be used by the recipients on their own phones, from one mobile number to another. This is useful when you need to communicate with someone who does not have enough money in their account. Indonesia is one country where such transfers are popular.
One Indonesian mobile provider allows customers to transfer money/credit from account to account by simply sending a text/sms to number 151 with the following text: TP . Malware writers in Indonesia appreciated this chance to make some money.
We found 5 new Trojans over the past week which send such money transfer requests to 151 – without the permission or knowledge of the phone’s owner.
All 5 Trojans are written in Python and work on Symbian:
Trojan-SMS.Python.Flocker.ab, Trojan-SMS.Python.Flocker.ac, Trojan-SMS.Python.Flocker.ad, Trojan-SMS.Python.Flocker.ae, Trojan-SMS.Python.Flocker.af
The sums we have traced range from 5 000 to 10 000 Indonesian rupees (0.45 – 0.90 USD). Obviously the goal is to transfer large quantities of small sums in the hopes that while individual users might not notice the leak, the overall sum of transfers will be significant.
We have seen many attacks in Russia based on un-sanctioned sms/text messages to steal money. We were certain that the problem would spread – and it has. We will continue to monitor the situation and keep you posted.
Read More......
Approximately 39 viruses were put into Patch DX 11 fake.
Many software that was interesting to be tried. One of them was to make Windows XP that was supportive DirectX 11. Unclear why there is DirectX 11, that was certain file that was measuring 598KB this was false and contained various virus sorts.
When found file with the term of Download Microsoft DirectX 11 of For Windows XP And the Vista, or the name file DirectX 11 (Windows XP and the VISTA) .exe. Better be removed, because of his contents nano nano the virus.
Not only that many use the PC software copian, the type of computer so Apple also targeted trojan. One is iWork 09 is assigned to the Internet even menginfeksi Apple computer user.
Where the distribution OSX.Trojan.iServices.A trojan, it seems many outstanding dijaringan P2P.
Hidden Trojan called iWorkService or dikenala OSX.Trojan.iServices.A will open the entire rights in the Apple computer. So that the computer can diremote by other people.
Information iWorkService Trojan Removal Tool
Platform: Mac OS X
Last update: 23 January 2009
Developer: SecureMac
File type: .dmg
File size : 350.19 Kb
License : Freeware
Category : Antivirus
Downloads: 215
Download iWorkService Trojan Removal Tool via Net-Security.org
Virus Downadup since the beginning of February 2009 is being spread quickly, BitDefender provides tools virus.
Worm Downadup Win32/Conficker.C target large scale attack on 1 April. Worm Downadup Win32/Conficker.C as variants to 3, has the ability memblock some website security system, turning off the security system of Windows components and download the file at random to lead the web to a particular site.
When the Worm Downadup Win32/Conficker.C downloaded and activated by accident on the computer. The worm will copy itself to create a random file name in the Windows System. Worm sometimes release some of the file that is input into the program directory.
Worm Downadup Win32/Conficker.C will be active each time the computer is turned on, because it can be registered from the list of programs that should be active when the computer starts is enabled.
Computer Worm infected Downadup Win32/Conficker.C, directly taking some steps such as turning off the antivirus update system.
Worm will turn off service from Windows:
* wscsvc - Security Center
* WinDefend Windows Defender (Vista)
* wuauserv - Automatic Updates
* BITS - Background Intelligent Transfer Service
* ERSvc - Error Reporting Service
* WerSvc - Windows Error Reporting Service (Vista)
Worm also turn off system restore point, if your computer does not have a system restore then there is the possibility computer has been infected Downadup.
Remove Downadup from infected computers
Downadup (or Conficker) is a network worm that takes advantage of vulnerabilities in Windows to spread. Its removal is complicated by the fact that it blocks many known antivirus software and associated websites.
BitDefender Labs has detected a new and more aggressive Downadup version. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.
The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.
BitDefender is the first to offer a free tool which disinfects all versions of Downadup. This domain is the first to serve a removal tool without being blocked by the e-threat.
The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.
Download and run the tools provided below to rid your computer or newtork of this e-threat.
1. Single PC Removal Tool
Removes Downadup from a single PC
Download Now (.zip - 2.2MB)
2. Network Removal Tool
Removes Downadup from PCs in a Microsoft Network
Download Now (.exe - 13MB)
Download Manual to Removal tool Downup for Single and Network (.doc - 324.50 KB)
3. PCMAV Express (Indonesia antivirus by pcmav)
Download (Ziddu)
The instruction for using pcmav express :
- Confirm user you had the right to be equal the Administrator.
- Deactivated antivirus that terinstall in order to not disturb PCMAV Express.
- Confirmed beforehand that your computer not terkoneksi to the network or the internet for the process scan.
- After being finished, really was suggested to do restart and scan repeated (if necessary). After the virus succeeded in being settled, immediately update/patch your Windows. PCMAV Express this then could detect if your computer not yet in patch.
- Ascertain all of PC that has terhubung in the network also was free Conficker.Confirmed password Administrator's right in PC Anda was not easy to be guessed, because Conficker had the capacity to infiltrate with did “the conjecture” against password the Administrator with the public's available vocabulary in his dictionary. If the step 3-7 above was not followed by you well, then big the Conficker possibility could attack came back, was as good as anything antivirus that was used by you.
PCI Express, server-based solid-state storage offering sets a new standard for enterprise application-centric storage, with up to 640 gigabytes of capacity and 1.5 gigabytes per-second of sustained throughput
SALT LAKE CITY - March 11, 2009 - Fusion-io, the leader in solid-state architecture and high-performance I/O solutions, today announced the ioDrive Duo, which doubles the slot capacity of Fusion-io’s successful PCI Express-based ioDrive storage solution. The new ioDrive Duo is the market’s fastest and most innovative server-based solid-state storage solution.
With the ioDrive Duo, it is now possible for application, database and system administrators to get previously unheard-of levels of performance, protection and capacity utilization from a single server. Performance for multiple ioDrive Duos scales linearly, allowing any enterprise to scale performance to six gigabytes per-second (Gbytes/sec) of read bandwidth and over 500,000 read IOPS by using just four ioDrive Duos.
“Many database and system administrators are finding that SANs are too expensive and don’t meet performance, protection and capacity utilization expectations,” said David Flynn, CTO of Fusion-io. “This is why more and more application vendors are moving toward application-centric solid-state storage. The ioDrive Duo offers the enterprise the advantages of application-centric storage without application-specific programming.”
ioDrive Duo Product Details
The following specifications describe the physical and performance characteristics of the ioDrive Duo.
Based on PCI Express x8 or PCI Express 2.0 x4 standards, which can sustain up to 20 gigabits per-second (Gbytes/sec) of raw throughput, the ioDrive Duo has more than enough bandwidth to obtain industry-leading performance from a single card. The ioDrive Duo can easily sustain 1.5 Gbytes/sec of read bandwidth and nearly 200,000 read IOPS. Its performance metrics are as follows:
• Sustained read bandwidth: 1500 MB/sec (32k packet size)
• Sustained write bandwidth: 1400 MB/sec (32k packet size)
• Read IOPS: 186,000 (4k packet size)
• Write IOPS: 167,000 (4k packet size)
• Latency <>RELIABILITY
The ioDrive Duo offers unmatched solid-state protection for data integrity and reliability with triple redundancy for a single storage component.
• Multi-bit error detection and correction
• Patent-pending Flashback protection, offering chip-level N+1 redundancy and on-board self-healing so that no servicing is required
• Optional RAID-1 mirroring between two ioMemory modules on the same ioDrive Duo, offering complete redundancy on a single PCIe card
CAPACITY
The ioDrive Duo comes in the following capacities:
• 160 Gbytes
• 320 Gbytes
• 640 Gbytes
• 1.28 TB (second half of 2009)
The ioDrive Duo will be available in April 2009. To find out more about how this and Fusion-io’s other enterprise solid-state storage products can benefit your organization, please visit Fusion site
Read More......
Sebuah Sertifikat Keaslian (Certificate of Authenticity - COA) adalah label untuk membantu mengidentifikasi keaslian piranti lunak Microsoft. Tanpa label ini, Anda tidak akan mendapat lisensi resmi untuk menjalankan piranti lunak Microsoft. Sebuah COA bukanlah lisensi piranti lunak; dia adalah identifier visual yang membantu menentukan apakah piranti lunak Microsoft yang Anda jalankan asli ataukah tidak. Sebuah COA tidak akan pernah bisa dibeli secara sendirian tanpa membeli piranti lunak yang harus dibuktikan keasliannya.
Untuk membantu Anda menguji keaslian piranti lunak yang Anda dapatkan, COA mencakup fitur anti-pembajakan yang canggih. COA bisa juga mengandung barcode yang digunakan untuk tujuan pelacakan produk. Ada empat tipe COA:
Untuk pirati lunak yang dibeli secara terpisah dari PC melalui saluran eceran, label COA akan ditempelkan pada sisi atas dari paket pirati lunak.
Untuk memastikan bahwa Anda memiliki perangkat lunak ritel Microsoft yang asli, cari label Certificate of Authenticity (COA) yang ditempel pada kemasan ritel. COA mestinya selalu menyertai produk yang dikaitkan dengannya. COA tidak dapat dibeli secara terpisah.
COA yang ditampilkan di atas telah diproduksi sejak Desember 2006. Jika COA Anda tidak sama dengan yang ditampilkan di atas, maka yang Anda miliki adalah versi terdahulu. Untuk versi terdahulu dari COA ini, pilih link Lihat Versi Sebelumnya dalam jendela latar.
COA menampilkan nama produk yang dicetak pada label, termasuk gambar latar yang dicetak dengan kata berulang yang bercetak-mikro. Kata-kata ini berupa hurup biru dengan latar putih dalam garis terdistorsi. COA ini memiliki sudut kiri yang lengkung.
Sisi kiri COA berisi Port-Hole™ transparan masing-masing dengan serat kertas yang terlihat sekeliling tepi bagian dalam. Jalinan vertikal yang melalui Port-Hole™ ini adalah benang metalik berisi huruf yang diterakan dengan jelas dan dibaca "OUR PASSION" dalam warna merah dan "MICROSOFT". Satu cara untuk mengecek apakah COA Anda asli adalah dengan lembut mengoyak tepi COA untuk menentukan apakah benangnya benar-benar terjalin ke dalam serat label, bukan dicetak di atasnya.
COA Windows Prainstal Untuk Manufaktur Besar
Untuk perangkat lunak Windows yang sudah diinstal sebelumnya oleh manufaktur besar (juga dikenal dengan Original Equipment Manufacturer atau OEM) pada komputer, COA seharusnya ditempelkan di badan komputer. COA berisi kode kunci produk 25-karakter, yang mungkin akan diminta jika instalasi ulang diperlukan.
Untuk memastikan bahwa Anda memiliki sistem operasi Microsoft Windows yang asli, cari label Certificate of Authenticity (COA) yang ditempel pada rangka komputer. COA tidak dapat dibeli secara terpisah. Setiap COA Windows prainstal menampilkan nama produk Microsoft yang tertera dekat bagian atas label dan kode kunci produk yang terdiri dari 25-karakter. Jika COA Anda tidak sama dengan yang ini, maka yang Anda miliki adalah versi terdahulu.
COA Windows prainstal yang terbaru berisi Port-Hole™ dekat bagian tengah COA, berbentuk seperti bendera Windows dengan dua jalinan benang yang melintang di tengahnya. Kata "Your Potential" tersembunyi di bawah lapisan yang-diaktifkan-panas di sebelah kanan benang. Benang kiri berisi cetak mikro dari kata "Our Passion."
Bagian atas COA yang ditampilkan di sebelah kiri telah diproduksi sejak Februari 2007 dan Port-Hole-nya telah terisi penuh dengan serat kertas.
Bagian bawah COA telah diproduksi sejak September 2006 dan Port-Hole-nya transparan dengan serat kertas individual yang terlihat di sekeliling tepi bagian dalam. (Mungkin bentuknya bervariasi, tergantung teknik pembuatannya.)
Semua COA ini biasanya berwarna biru. Walau demikian, di Asia, COA tersedia dalam warna merah mawar, dan untuk instalasi Windows Starter Edition, COA berwarna hijau.
COA Windows Prainstal untuk Manufaktur Kecil
Untuk perangkat lunak Windows yang sudah diinstal sebelumnya oleh manufaktur kecil (juga dikenal dengan Perakit Sistem) pada komputer, COA seharusnya ditempelkan di badan komputer. COA berisi kode kunci produk 25-karakter, yang mungkin akan diminta jika instalasi ulang diperlukan. Sebagian Perakit Sistem menyertakan perangkat lunak Windows bersama komputer baru namun belum diinstal. Komputer ini seharusnya disertainya dengan COA Windows Prainstal.
Untuk memastikan bahwa Anda memiliki sistem operasi Microsoft Windows yang asli, cari label Certificate of Authenticity (COA) yang ditempel pada rangka komputer. COA tidak dapat dibeli secara terpisah. Setiap COA Windows prainstal menampilkan nama produk Microsoft yang tertera dekat bagian atas label dan kode kunci produk yang terdiri dari 25-karakter. Jika COA Anda tidak sama dengan yang ini, maka yang Anda miliki adalah versi terdahulu.
COA Windows prainstal untuk manufaktur kecil yang terbaru berisi dua Port-Hole™ di dekat bagian tengah COA dengan latar belakang biru-hijau. Port-Hole di sebelah kiri berbentuk lonjong dan Port-Hole di sebelah kanan berbentuk seperti bendera Windows, masing-masing dengan serat kertas yang terlihat di sekeliling tepi bagian dalam. (Mungkin bentuknya bervariasi, tergantung teknik pembuatannya).
COA ini biasanya berwarna biru-hijau. Walau demikian, di Asia, COA tersedia dalam warna merah mawar, dan untuk instalasi Windows Starter Edition, COA berwarna hijau.
COA Piranti Lunak Non-Windows yang Telah Terpasang
Untuk perangkat lunak non-Windows (misalnya Microsoft Office) yang disertakan pada pembelian komputer, COA harus disertakan bersama disc pemulihan sistem Anda atau kemasan Office Ready PC.
Versi Pabrik Pembuat Peralatan Asli (OEM) dari piranti lunak Microsoft diberikan lisensinya kepada pabrik pembuat PC melalui dua saluran berbeda - pabrik pembuat PC besar atau Pembangun Sistem berskala kecil. Pada musim gugur 2001, label COA khusus-program baru diperkenalkan dengan fitur pengamanan dan pelacakan yang mutakhir, serta alamat situs web Bagaimana Mengenalinya. Sertifikat Keaslian (COA) harus selalu menyertai produk yang berkaitan dengannya. COA tidak bisa dibeli secara terpisah.
Versi Office yang didistribusikan dengan PC yang dirakit oleh Pembangun Sistem akan mencantumkan tulisan "OEM Product" dalam huruf tebal besar di arah kiri atas COA (seperti ditunjukkan di sini pada gambar grafis label COA). Versi Office yang berasal dari pabrik pembuat PC besar akan diberi nama pabrik pembuat PC tersebut pada label COA.
Perhatikan bahwa piranti lunak aplikasi Microsoft versi sebelumnya akan memiliki COA yang sedikit berbeda. Versi Office yang didistribusikan dengan PC yang dirakit oleh Pembangun Sistem akan menampilkan huruf "D" bagian kiri tengah label COA yang menunjukkan ia berasal dari saluran distribusi. Versi Office yang berasal dari pabrik pembuat PC besar tidak menampilkan huruf "D" pada label COA.
Untuk info lebih lanjut bisa dilihat di situs resmi microsoft
