¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Nombre:TR/Click.Outtol.A
Descubierto:13/07/2010
Tipo:Troyano
En circulación (ITW):
Número de infecciones comunicadas:Medio-bajo
Potencial de propagación:Bajo
Potencial dañino:Medio
Fichero estático:
Tamaño:237.568 Bytes
Suma de control MD5:1acddaae2e00b99fd33794cfcad6f2f1
Versión del IVDF:7.10.09.77 - martes, 13 de julio de 2010

 General Alias:
   •  Bitdefender: Trojan.Agent.VB.BMU
   •  Panda: Trj/KillAV.NK
   •  Eset: Win32/AutoRun.VB.RF


Plataformas / Sistemas operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efectos secundarios:
   • Bloquea el acceso a portales de seguridad
   • Reduce las opciones de seguridad
   • Descarga ficheros dañinos
   • Suelta ficheros dañinos
   • Modificaciones en el registro

 Ficheros Se copia a sí mismo en la siguiente ubicación:
   • %HOME%\%nombre del usuario actual%1\winlogon.exe



Elimina el siguiente fichero:
   • %HOME%\%valores hex%\wlo.exe



Crea los siguientes ficheros:

– %HOME%\%nombre del usuario actual%1\VERSION.TXT
– %HOME%\%valores hex%\wlo.exe Además, el fichero es ejecutado después de haber sido creado. Los análisis adicionales indicaron que este fichero es también viral. Detectado como: Worm/Esfury.A.361

– %HOME%\%nombre del usuario actual%1\wlo.exe Además, el fichero es ejecutado después de haber sido creado. Los análisis adicionales indicaron que este fichero es también viral. Detectado como: TR/Agent.cfn

– %HOME%\%valores hex%\winlogon.exe Además, el fichero es ejecutado después de haber sido creado. Los análisis adicionales indicaron que este fichero es también viral. Detectado como: Worm/Esfury.A.361

%SYSDIR%\drivers\etc\hosts Los análisis adicionales indicaron que este fichero es también viral. Detectado como: TR/AntiHosts.Gen

– C:\winlogon.exe Los análisis adicionales indicaron que este fichero es también viral. Detectado como: TR/Agent.cfn

– %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogon.exe Los análisis adicionales indicaron que este fichero es también viral. Detectado como: TR/Agent.cfn




Intenta descargar algunos ficheros:

– La dirección es la siguiente:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/**********


– Las direcciones son las siguientes:
   • http://%cadena de caracteres%.che**********.info/?PWaevb7Nu6Pppnsx6gbJMPnnDHUPqa5W9MLXtueIMdn1UfoRhsYDY8CbrOJ2YW04vJu4DpIcWdQXStTkQpLfTX8JfIwCy04EIgcRu2UZn1MvgwU3RG5QM5jqXgCDmq84LTikYxahcv97XSH58hkn2TklKhDm7qqWQpLfTX8JfIwCy04EIgcRg9FZGYCYZCcOiNZSAtq1DtN1pCkFSIZOW0sqa0jm=%cadena de caracteres%
   • http://%cadena de caracteres%.che**********.info/?imp_728*90=%cadena de caracteres%


– La dirección es la siguiente:
   • http://whos.amung.us/widget/**********/


– La dirección es la siguiente:
   • http://widgets.amung.us/small/07/**********


– La dirección es la siguiente:
   • http://whos.amung.us/swidget/**********


– La dirección es la siguiente:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/flv/**********


– La dirección es la siguiente:
   • http://widgets.amung.us/classic/02/**********




Intenta ejecutar el siguiente fichero:

– Ejecuta uno de los ficheros siguientes:
   • "%HOME%\%valores hex%\winlogon.exe" ctfmon.exe

 Registro Añade las siguientes claves del registro para ejecutar los procesos al iniciar el sistema:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%serie de caracteres aleatorios%"="%HOME%\%valores hex%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%nombre del usuario actual%1\winlogon.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "%serie de caracteres aleatorios%"="%HOME%\%valores hex%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%nombre del usuario actual%1\winlogon.exe"



Añade las siguientes claves del registro para ejecutar el servicio al iniciar el sistema:

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   • "Start"=dword:0x00000004



Elimina del registro de Windows los valores de la siguiente clave:



Elimina del registro de Windows los valores de las siguientes claves:

–  [HKLM\SOFTWARE\Classes\lnkfile]
   • IsShortcut



Crea las siguientes entradas para evitar el cortafuego de Windows XP:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000
   • "EnableFirewall"=dword:0x00000000

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valores hex%\winlogon.exe"="%HOME%\%valores
      hex%
\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"



Añade las siguientes claves al registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FPAVServer.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ChromeSetup.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\88[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\055[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFile"=dword:0x00000001
   • "NoFolderOptions"=dword:0x00000001
   • "NoRun"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\002.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\074[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "ConsentPromptBehaviorAdmin"=dword:0x00000000
   • "EnableLUA"=dword:0x00000000
   • "PromptOnSecureDesktop"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\633[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\432[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:0x00000001
   • "DisableTaskMgr"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   http\UserChoice]
   • "Progid"="IE.HTTP"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valores hex%\winlogon.exe"="RUNASADMIN"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\035[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\053.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\005[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecFirewall]
   • "DisableMonitoring"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\13.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
   .htm\UserChoice]
   • "Progid"="IE.AssocFile.HTM"

– [HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valores hex%\winlogon.exe"="%HOME%\%valores hex%\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246"

– [HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EHttpSrv.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\BullGuard.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel]
   • "HomePage"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
   • "DisableMonitoring"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\864[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\081[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Policies\Microsoft\Windows\System]
   • "DisableCMD"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Svc]
   • "AntiSpywareOverride"=dword:0x00000000
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000000
   • "FirstRunDisabled"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "UpdatesDisableNotify"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FirewallControlPanel.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\091[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   • "NoAutoRebootWithLoggedOnUsers"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valores hex%\winlogon.exe"="RUNASADMIN"

– [HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile]
   • "EnableFirewall"=dword:0x00000000

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   ftp\UserChoice]
   • "Progid"="IE.FTP"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   • "Default_Page_URL"="http://5k32pez9uwowdo0.directorio-w.com"
   • "Default_Search_URL"="http://61ohz4fld059059.directorio-w.com"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\027[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\082.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile]
   • "EnableFirewall"=dword:0x00000000

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\004.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Filemon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\06.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valores hex%\winlogon.exe"="%HOME%\%valores hex%\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861"

– [HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiSpyWareDisableNotify"=dword:0x00000001
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "AutoUpdateDisableNotify"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "InternetSettingsDisableNotify"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "cval"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\051.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'rorre' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\084.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\021[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\061[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ComboFix.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\006.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\827[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Diskmon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\09.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecAntiVirus]
   • "DisableMonitoring"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   https\UserChoice]
   • "Progid"="IE.HTTPS"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\
   003[[=s rav;eslaf=p rav;eslaf=b rav;ib.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""



Modifica las siguientes claves del registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Nuevo valor:
   • "DisableSR"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\ftp\shell\open\command]
   Nuevo valor:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKLM\SYSTEM\CurrentControlSet\Services\Sr]
   Nuevo valor:
   • "Start"=dword:0x00000004

– [HKLM\SOFTWARE\Classes\https\shell\open\command]
   Nuevo valor:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKCU\Control Panel\Sound]
   Nuevo valor:
   • "Beep"="no"

– [HKLM\SOFTWARE\Classes\http\shell\open\command]
   Nuevo valor:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKLM\SOFTWARE\Classes\http\shell\open\ddeexec\Application]
   Nuevo valor:
   • "@"="IExplore"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Nuevo valor:
   • "Disable Script Debugger"="Yes"
   • "Local Page"="http://j4d1677o5i4b992.directorio-w.com"
   • "Search Page"="http://z027305rxhiu861.directorio-w.com"
   • "Start Page"="http://oou30vs938ikf65.directorio-w.com"

– [HKLM\SOFTWARE\Classes\https\shell\open\ddeexec\Application]
   Nuevo valor:
   • "@"="IExplore"

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN]
   Nuevo valor:
   • "Default_Page_URL"="http://g1sp91vn21u1rm1.directorio-w.com"
   • "Default_Search_URL"="http://589980kqkmulj48.directorio-w.com"
   • "Local Page"="http://cw356qr302m63gl.directorio-w.com"
   • "Search Page"="http://tft17fi9ekwn7u0.directorio-w.com"
   • "Start Page"="http://j147m23v4t1n5ai.directorio-w.com"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuevo valor:
   • "Hidden"=dword:0x00000002
   • "HideFileExt"=dword:0x00000003
   • "ShowSuperHidden"=dword:0x00000000
   • "SuperHidden"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\Application]
   Nuevo valor:
   • "@"="IExplore"

 Ficheros host El fichero host es modificado de la siguiente manera:

– En este caso, las entradas existentes serán eliminadas.

– El acceso a los siguientes dominios es redirigido a otras destinaciones:
   • 208.109.220.95 viabcp.com; 208.109.220.95 www.viabcp.com;
      208.109.220.95 bcpzonasegura.viabcp.com; 173.236.65.132
      www.produbanco.com; 173.236.65.132 produbanco.com; 173.236.65.132
      www.pichincha.com; 173.236.65.132 pichincha.com; 173.236.65.132
      wwwp1.pichincha.com; 173.236.65.132 wwwp2.pichincha.com;
      173.236.65.132 wwwp3.pichincha.com; 173.236.65.132
      wwwp4.pichincha.com; 173.236.65.132 wwww01.pichincha.com;
      173.236.65.132 wwww02.pichincha.com; 173.236.65.132
      wwww03.pichincha.com; 173.236.65.132 wwww04.pichincha.com;
      69.162.96.136 bn.com.pe; 69.162.96.136 www.bn.com.pe; 69.162.96.136
      zonasegura1.bn.com.pe; 69.162.96.136 www.zonasegura1.bn.com.pe;
      173.236.69.68 www.interbank.com.pe; 173.236.69.68 interbank.com.pe;
      130.108.67.190 iniciorapido.info; 8.228.150.60 www.iniciorapido.info;
      72.173.58.80 buscalo.in; 149.199.47.113 www.buscalo.in; 50.239.117.227
      buscafacil.com; 221.103.12.98 www.buscafacil.com; 28.48.176.49
      emsisoft.com; 105.75.165.150 ahnlab.com; 6.114.235.196 antivir.es;
      177.234.62.135 antiy.net; 240.180.226.87 authentium.com;
      61.206.215.120 avast.com; 219.245.29.233 avg.com; 133.178.180.172
      bitdefender.com; 197.55.88.124 quickheal.com; 17.81.77.157 clamav.net;
      175.189.148.15 comodo.com; 89.53.231.141 drweb.com; 153.254.139.161
      aladdin.com; 230.212.128.194 ca.com; 63.64.198.240 f-prot.com;
      46.184.25.179 f-secure.com; 41.129.1.130 fortinet.com; 186.156.246.163
      gdata.es; 19.195.248.21 ikarus.at; 2.59.143.216 jiangmin.com;
      254.5.51.168 kaspersky.com; 142.31.40.201 mcafee.com; 232.70.110.58
      microsoft.com; 214.191.193.185 eset.es; 210.136.169.205 norman.com;
      30.162.158.238 nprotect.com; 188.202.161.28 pandasecurity.com;
      170.66.56.222 pctools.com; 166.11.220.174 prevx.com; 243.37.209.207
      rising-global.com; 144.145.23.65 sophos.com; 127.9.106.4
      sunbeltsoftware.com; 122.210.14.211 symantec.com; 199.169.3.244
      hacksoft.com.pe; 100.20.73.102 trendmicro.com; 83.140.224.229
      anti-virus.by; 79.86.132.249 hauri.net; 155.44.121.26 virusbuster.hu;
      57.151.191.139 www.emsisoft.com; 39.16.18.10 www.ahnlab.com;
      35.217.182.218 www.antivir.es; 111.243.171.251 www.antiy.net;
      13.27.242.109 www.authentium.com; 251.147.69.47 www.avast.com;
      247.92.45.255 www.avg.com; 68.118.34.32 www.bitdefender.com;
      225.158.36.146 www.quickheal.com; 208.22.187.17 www.clamav.net;
      203.223.95.36 www.comodo.com; 24.250.84.69 www.drweb.com;
      181.33.154.183 www.aladdin.com; 164.221.237.54 www.ca.com;
      159.167.213.6 www.f-prot.com; 236.125.202.39 www.f-secure.com;
      138.232.204.152 www.fortinet.com; 52.97.99.91 www.gdata.es;
      116.42.7.43 www.ikarus.at; 192.0.252.76 www.jiangmin.com;
      94.108.67.190 www.kaspersky.com; 8.228.150.60 www.mcafee.com;
      72.173.58.80 www.microsoft.com; 149.199.47.113 www.eset.es;
      50.239.117.227 www.norman.com; 221.103.12.98 www.nprotect.com;
      28.48.176.49 www.pandasecurity.com; 105.75.165.150 www.pctools.com;
      6.114.235.196 www.prevx.com; 177.234.62.135 www.rising-global.com;
      240.180.226.87 www.sophos.com; 61.206.215.120 www.sunbeltsoftware.com;
      219.245.29.233 www.symantec.com; 133.178.180.172 www.hacksoft.com.pe;
      197.55.88.124 www.trendmicro.com; 17.81.77.157 www.anti-virus.by;
      175.189.148.15 www.hauri.net; 89.53.231.141 www.virusbuster.hu;
      153.254.139.161 www.emsisoft.com; 230.212.128.194 www.anti-trojan.net;
      63.64.198.240 malwarescan.emsisoft.com; 46.184.25.179
      forum.emsisoft.com; 41.129.1.130 www.emsisoft.net; 186.156.246.163
      www.emsisoft.it; 19.195.248.21 www.emsisoft.de; 2.59.143.216
      www.anti-trojan-software.net; 254.5.51.168 mamutu.com; 142.31.40.201
      www.emsisoft.es; 232.70.110.58 malwarescan.emsisoft.de;
      214.191.193.185 ww.emsisoft.com; 210.136.169.205 www.emsisoft.fr;
      30.162.158.238 www.emsisoft.nl; 188.202.161.28
      onlinecheck.emsisoft.com; 170.66.56.222 onlinecheck.emsisoft.de;
      166.11.220.174 www.emsisoft.org; 243.37.209.207 scan.anti-trojan.net;
      144.145.23.65 www.trojaner.info; 127.9.106.4 onlinecheck.emsisoft.org;
      122.210.14.211 onlinecheck.emsisoft.net; 199.169.3.244 blitzblank.com;
      100.20.73.102 www.emsisoft.at; 83.140.224.229 www.emsisoft.jp;
      79.86.132.249 www.mamutu.com; 155.44.121.26 malwarescan.emsisoft.es;
      57.151.191.139 www.mamutu.de; 39.16.18.10 download5.emsisoft.com;
      35.217.182.218 download1.emsisoft.com; 111.243.171.251
      download4.emsisoft.com; 13.27.242.109 global.ahnlab.com; 251.147.69.47
      www.hackshields.com; 247.92.45.255 www.internationalservicecheck.com;
      68.118.34.32 www.irangoals.com; 225.158.36.146 ixomodels.com;
      208.22.187.17 www.indielisboa.com; 203.223.95.36
      www.latin-mass-society.org; 24.250.84.69 www.arpia.be; 181.33.154.183
      www.owen.org; 164.221.237.54 www.prdouglas.co.uk; 159.167.213.6
      www.zarya.info; 236.125.202.39 www.willsee.com; 138.232.204.152
      halmapr.com; 52.97.99.91 karuna-shechen.org; 116.42.7.43
      www.barder.com; 192.0.252.76 www.antivir.es; 94.108.67.190
      www.buraka.tv; 8.228.150.60 www.dr-bull.com; 72.173.58.80
      www.manchester-offices.co.uk; 149.199.47.113 saverssite.com;
      50.239.117.227 canada.karuna-shechen.org; 221.103.12.98
      developmentdrums.org; 28.48.176.49 www.imddomains.co.uk;
      105.75.165.150 cutlines.org; 6.114.235.196 elblogdemanu.com;
      177.234.62.135 ruben.bzin.net; 240.180.226.87 welkam.co.jp;
      61.206.215.120 www.cambridge-steiner-school.co.uk; 219.245.29.233
      naturesimages.net; 133.178.180.172 www.1stavenuelimousines.co.uk;
      197.55.88.124 www.mtr-design.com; 17.81.77.157 dev.depeuter.org;
      175.189.148.15 www.emeraldclassic.co.uk; 89.53.231.141
      www.peterhearnwaste.co.uk; 153.254.139.161 etrr.co.uk; 230.212.128.194
      www.avoncourt.com; 63.64.198.240 sarahmcconnellphotography.net;
      46.184.25.179 www.ixomodels.com; 41.129.1.130 natsko.com;
      186.156.246.163 www.nottinghampoetryseries.com; 19.195.248.21
      www.sheffieldmind.co.uk; 2.59.143.216 ixostore.ixomodels.com;
      254.5.51.168 www.flairweddings.co.uk; 142.31.40.201 www.fimasys.com;
      232.70.110.58 cohartuk.com; 214.191.193.185 qqjkw.net; 210.136.169.205
      vivo-austin.com; 30.162.158.238 www.freeality.com; 188.202.161.28
      bestofewan.com; 170.66.56.222 www.handwritingforkids.com;
      166.11.220.174 cowsmo.com; 243.37.209.207 www.2xlgames.com;
      144.145.23.65 kimzimmer.net; 127.9.106.4 basetendencies.com;
      122.210.14.211 trackingtheworld.com; 199.169.3.244
      www.reviewsofbooks.com; 100.20.73.102 www.collectedcurios.com;
      83.140.224.229 www.renningers.com; 79.86.132.249 ccslaughterspdx.com;
      155.44.121.26 www.briarhurst.com; 57.151.191.139 www.smf.org;
      39.16.18.10 ribbonwarehouse.com; 35.217.182.218 www.garryowen.com;
      111.243.171.251 45pounds.com; 13.27.242.109 isotopecomics.com;
      251.147.69.47 roysephotos.com; 247.92.45.255 www.stadiumpage.com;
      68.118.34.32 www.elvis-express.com; 225.158.36.146
      www.tomorrowsedge.net; 208.22.187.17 www.beautybar.com; 203.223.95.36
      pineleafboys.com; 24.250.84.69 www.mountainlakeslodge.com;
      181.33.154.183 pvtc.org; 164.221.237.54 bhsbees.com; 159.167.213.6
      baristamagazine.com; 236.125.202.39 www.gokidding.com; 138.232.204.152
      defalcos.com; 52.97.99.91 www.celticmerchant.com; 116.42.7.43
      www.hxproduction.com; 192.0.252.76 www.wellgousa.com; 94.108.67.190
      blog.titanium-jewelry.com; 8.228.150.60 www.brightoctober.com;
      72.173.58.80 hishomeforchildren.com; 149.199.47.113
      www.phoenixtrikeworks.com; 50.239.117.227 www.professorbeyer.com;
      221.103.12.98 www.secondchanceboxer.com; 28.48.176.49
      www.residentphotography.com; 105.75.165.150 woottonfootball.com;
      6.114.235.196 www.deborahshelton.net; 177.234.62.135 bobbondart.com;
      240.180.226.87 www.authentium.com; 61.206.215.120 asap.authentium.com;
      219.245.29.233 www.authentium.com.au; 133.178.180.172 avast.com;
      197.55.88.124 www.avast.com; 17.81.77.157 files.avast.com;
      175.189.148.15 download535.avast.com; 89.53.231.141 avg.com;
      153.254.139.161 www.avg.com; 230.212.128.194 grisoft.com;
      63.64.198.240 www.grisoft.com; 46.184.25.179 antivirus-tools.com;
      41.129.1.130 archive.bitdefender.com; 186.156.246.163
      avx.rob-have.net; 19.195.248.21 b-have.orgbitdefender-ar.com;
      2.59.143.216 bitdefender.com; 254.5.51.168 bitdefender.org;
      142.31.40.201 bitdefenderchina.com; 232.70.110.58
      bitdefenderguatemala.com; 214.191.193.185 bitdefendermalaysia.com;
      210.136.169.205 bitdefendertaiwan.com; 30.162.158.238
      bitdefenderuruguay.com; 120.134.93.216 bitdefenderusa.com;
      102.254.244.154 buy.bitdefender-es.com; 98.199.152.106
      buy.bitdefender.com; 175.225.141.139 buy.bitdefender.de; 76.77.211.253
      de.bitdefender.com; 59.197.38.192 fr.bitdefender.com; 54.142.202.143
      futurenow.bitdefender.com; 131.101.191.176 it.bitdefender.com;
      32.208.5.34 jobs.bitdefender.com; 15.72.156.161 kb.bitdefender.com;
      11.18.64.181 kb.bitdefender.de; 87.232.53.214 kb.bitdefender.us;
      245.83.123.71 latin.bitdefender.com; 227.204.206.198
      linux.bitdefender.com; 223.149.114.150 malwarecity.com; 43.175.103.183
      malwarecity.netmalwarecity.org; 201.215.174.41 malwarepedia.com;
      183.79.1.235 neunet.orgnews.bitdefender.com; 179.24.233.187
      nl.bitdefender.com; 0.50.222.220 renewals.bitdefender.com;
      157.90.224.78 sales.bitdefender.com; 140.210.119.205
      square.bitdefender.com; 135.155.27.224 store.bitdefender.com;
      212.182.16.1 store.de.bitdefender.com; 113.221.86.115
      us.bitdefender.com; 96.153.169.242 virusscanonline.net; 92.99.145.194
      wedoantivirus.com; 168.57.134.227 www.antivirus-tools.com;
      70.164.136.84 www.avx.ro; 240.29.31.23 www.bit-defender.de;
      48.230.195.231 www.bitdefende.de; 124.188.184.8
      www.bitdefender-es.com; 26.40.255.122 www.bitdefender.be;
      196.160.82.180 www.bitdefender.cl; 192.37.178.200
      www.bitdefender.co.uk; 13.64.167.233 www.bitdefender.com;
      170.103.237.91 www.bitdefender.com.au; 85.223.132.218
      www.bitdefender.com.sg; 148.168.40.169 www.bitdefender.com.tw;
      225.195.29.14 www.bitdefender.com.vn; 126.234.99.60
      www.bitdefender.de; 41.98.182.255 www.bitdefender.es; 105.44.90.207
      www.bitdefender.fr; 181.70.79.240 www.bitdefender.hk; 83.109.149.97
      www.bitdefender.us; 253.42.44.36 www.bitdefenderme.com; 61.175.208.244
      www.malwarecity.com; 137.201.197.21 www.malwarecity.fr; 39.53.12.135
      quickheal.com; 209.173.95.5 www.quickheal.com; 17.118.3.25
      www.clamav.net; 94.77.248.58 cgi.clamav.net; 183.184.62.104
      lurker.clamav.net; 166.48.145.43 wwws.clamav.net; 161.249.121.250
      lists.clamav.net; 238.208.42.215 bugs.clamav.net; 71.247.44.73
      system-cleaner.comodo.com; 54.111.195.12 backup.comodo.com;
      50.57.103.220 www.comodoantispam.com; 194.83.92.253
      easy-vpn.comodo.com; 28.122.162.110 www.trustlogo.com; 10.243.245.237
      ztl.comodo.com; 6.188.221.1 www.livepcsupport.com; 82.214.210.34
      www.whichssl.com; 240.254.213.80 www.trustix.com; 222.118.108.18
      disk-encryption.comodo.com; 218.63.16.226 speedtest.comodo.com;
      39.90.5.3 www.contentverification.com; 196.197.75.117 idauthority.com;
      179.61.158.56 www.comodo.tv; 174.6.66.7 online-backup.comodo.com;
      251.221.55.40 www.testmypcsecurity.com; 152.72.125.154
      www.ccssforum.org; 135.192.20.25 i-vault.comodo.com; 131.138.184.45
      internetsecurity.comodo.com; 207.96.173.78 www.comodopartners.com;
      109.203.243.191 timestamp.comodoca.com; 91.68.70.62
      secure-email.comodo.com; 87.13.234.14 timestamp.wosign.com;
      163.39.224.47 rover800.gaima.co.uk; 65.79.38.161 www.nsclean.com;
      47.199.121.99 www.contentverification.com; 43.144.97.51
      new-estore.drweb.com; 120.171.86.84 support.drweb.com; 50.238.116.226
      pda.drweb.com; 32.103.11.97 updates.drweb.com; 28.48.175.117
      drweb.com; 104.74.164.150 vms.drweb.com; 6.114.235.8
      solutions.drweb.com; 244.46.62.134 news.drweb.com; 240.247.38.86
      my.drweb.com; 61.206.27.119 buy.drweb.com; 218.57.29.233
      products.drweb.com; 133.177.180.172 new-support.drweb.com;
      196.122.88.123 promotions.drweb.com; 17.81.77.156 network.drweb.com;
      174.188.147.14 customers.drweb.com; 89.52.230.141 store.drweb.com;
      153.254.138.161 company.drweb.com; 229.24.127.194 training.drweb.com;
      131.63.197.51 license.drweb.com; 45.184.92.178 cureit.ru;
      109.129.0.130 free.drweb.com; 185.155.245.231 info.drweb.com;
      87.195.60.21 new-partners.drweb.com; 1.59.143.215 drweb.net;
      65.4.51.167 new-company.drweb.com; 142.31.40.200 new-beta.drweb.com;
      43.70.110.58 new-forum.drweb.com; 214.2.5.253 secure.av-desk.com;
      21.135.169.204 www.av-desk.com; 98.162.158.237
      new-solutions.drweb.com; 255.13.228.95 new-www.drweb.com;
      170.133.55.222 www.freedrweb.ru; 234.79.219.242 daniloff.net;
      54.37.208.19 drweb-inside.com; 144.144.22.64 drwebinside.com;
      126.9.105.3 aladdin.com; 122.210.81.211 alladdin.ru; 10.236.70.244
      chickensroamfree.com; 100.20.73.102 ealaddin.net; 82.140.224.40
      ealaddin.orgeshop.aladdin.com; 78.85.132.248 secureme.com;
      223.111.121.25 www.aks.com; 56.151.191.139 www.aladdin.com;
      39.15.18.10 www.ealaddin.com; 34.216.182.217 www.ealaddin.com;
      43.175.171.250 auwww.ealaddin.nl; 200.214.173.40 www.esafe.com;
      183.78.68.235 www.hasp.se; 179.24.232.187 www.safenet-inc.com;
      255.50.221.220 www3.safenet-inc.com; 157.157.35.77 www.ca.com;
      139.22.118.16 cacomvip.ca.com; 135.223.26.224 www.netegrity.com;
      211.181.16.1 search.ca.com; 113.33.86.115 cai.com; 95.153.237.241
      www.f-prot.com; 91.98.145.5 frisk-software.com; 168.57.134.38
      www.frisk.is; 69.164.204.152 www.frisk-software.com; 52.28.31.23
      f-secure.com; 47.229.195.230 f-secure.frf-secure.hk; 124.0.184.7
      f-secure.nlfsecure.com; 25.39.254.121 fsecure.nlwebyard.com;
      8.159.81.60 www.f-secure.com; 4.105.57.12 www.fsecure.com;
      80.131.46.45 www.virus.fi; 238.170.48.158 fortihero.com; 220.35.199.29
      fortilog.com; 216.236.107.49 fortinet.co.at; 36.6.96.14 fortinet.com;
      126.234.99.128 fortiprotect.com; 108.166.182.254 fortiwifi.com;
      104.111.158.206 www.apsecure.com; 181.70.147.239 www.fortifed.com;
      82.177.149.97 www.fortiid.com; 253.41.44.36 www.fortimail.com;
      60.242.208.243 www.fortinet-apac.com; 137.201.197.20 www.fortinet.ch;
      38.52.11.134 www.fortinet.co.il; 209.172.94.5 www.fortinet.com;
      17.118.2.25 www.fortinet.com; 93.144.247.58 arwww.fortinet.cz;
      251.183.61.171 www.fortinet.net; 165.48.212.42 www.fortinet.nl;
      229.249.120.250 www.fortinet.sg; 49.19.110.95 www.fortinetuk.com;
      207.59.180.141 www.secure-elements.com; 121.179.7.79 gdata.es;
      185.124.171.31 www.gdata.es; 6.151.160.64 ikarus.at; 163.190.230.178
      www.ikarus.at; 78.122.125.117 global.jiangmin.com; 141.255.33.1
      jiangmin.com.cn; 150.214.210.33 jiangmin.com; 51.65.24.147
      www.jiangmin.com.cn; 222.185.107.18 www.kaspersky.com; 30.131.15.38
      forum.kaspersky.com; 106.89.4.71 support.kaspersky.co; 196.196.158.200
      usa.kaspersky.com; 6.145.241.139 brazil.kaspersky.com; 2.90.217.91
      latam.kaspersky.com; 146.116.206.124 kaspersky.com; 236.156.209.238
      me.kaspersky.com; 218.20.104.176 images.kaspersky.com; 214.221.12.128
      www.mcafee.com; 103.247.1.161 support.mcafee.com; 192.31.71.19
      msr.mcafee.com; 175.151.154.146 home.mcafee.com; 170.96.130.165
      networkassociates.com; 247.123.119.198 us.mcafee.com; 148.162.121.244
      tr.mcafee.com; 131.26.16.183 au.mcafee.com; 126.228.180.135
      mx.mcafee.com; 135.186.101.100 networkassociates.nai.com;
      37.37.171.213 go.mcafee.com; 19.158.254.152 fr.mcafee.com;
      15.103.162.104 uk.mcafee.com; 91.61.151.137 de.mcafee.com;
      249.169.222.251 obscgi.mcafee.com; 231.33.117.121 nai.com;
      227.234.25.141 www.entercept.com; 48.192.14.174 jp.mcafee.com;
      205.44.84.32 mcafeeb2b.com; 188.164.167.159 cn.mcafee.com;
      183.109.75.110 service.mcafee.com; 4.136.64.143 br.mcafee.com;
      161.175.134.1 www.mcafee.at; 144.39.217.196 mcafeeretail.com;
      140.241.193.148 it.mcafee.com; 216.11.182.181 tw.mcafee.com;
      118.50.184.38 privacy.microsoft.com; 100.171.79.165 tempuri.org;
      252.16.144.85 schemas.xmlsoap.org; 72.42.133.118 www.microsoft.com;
      230.82.203.232 specs.xmlsoap.org; 213.14.30.103
      www.eugrantsadvisor.ie; 208.215.6.54 schemas.microsoft.com;
      29.174.251.87 encarta.msn.com; 186.25.253.201 www.sysinternals.com;
      101.145.148.140 grv.microsoft.com; 164.91.56.92 www.xmlsoap.org;
      241.49.45.124 www.eugrantsadvisor.se; 142.156.115.238
      www.eugrantsadvisor.com; 57.20.198.109 research.microsoft.com;
      121.222.106.129 www.engyro.com; 197.248.95.162
      www.exchangeyourcareer.com; 99.31.165.19 www.eugrantsadvisor.de;
      13.152.60.146 exchangeyourcareer.net; 77.97.225.98 eugrantsadvisor.de;
      153.123.214.199 eugrantsadvisor.cz; 243.95.216.177 www.eset.es;
      158.215.43.116 demos.eset.es; 221.160.207.67 descargas.eset.es;
      42.187.196.100 blogs.protegerse.com; 199.226.10.214 eos.eset.es;
      114.158.161.153 pedidos.protegerse.com; 177.36.69.105
      reg-int.nod32-es.com; 254.62.58.137 reg.eset.es; 155.169.128.251
      vicentevirtual.com; 70.33.211.122 cou85.com; 134.235.119.142
      www.norman.com; 210.193.108.175 fsc.norman.com; 44.44.178.220
      nprobeta.norman.com; 26.165.5.159 register.norman.com; 22.110.238.111
      webadmin.norman.no; 166.136.227.144 sandbox.norman.com; 0.176.229.2
      www.nprotect.com; 239.40.124.197 global.nprotect.com; 234.241.32.148
      www.nprotect.co.kr; 123.12.21.181 www.npin.co.kr; 144.239.23.227
      siren24.nprotect.com; 127.103.106.98 15660808.co.kr; 122.49.82.118
      biz.nprotect.com; 199.75.71.150 nprotect.net; 101.114.73.196
      www.nprotect.com.br; 83.234.224.135 liveprotect.net; 79.180.132.87
      nprotect.seoul.go.kr; 155.206.121.120 chollian.nprotect.co.kr;
      57.57.191.233 www.pandasecurity.com; 39.178.18.172
      research.pandasecurity.com; 35.123.183.124 support.pandasecurity.com;
      111.81.172.157 pandalabs.pandasecurity.com; 13.189.242.15
      pandasecurity.com; 252.53.137.142 mop.pandasecurity.com;
      247.254.45.161 timeforyourbusi.pandasecurity.com; 68.213.34.194
      cybercrime.pandasecurity.com; 225.64.104.52 free.pandasecurity.com;
      208.184.187.179 cloudprotection.pandasecurity.com; 203.130.95.131
      shop.pandasecurity.com; 24.156.84.163 soporte.pandasecurity.com;
      114.127.86.209 together.pctools.com; 96.248.169.148 www.prevx.com;
      92.193.145.100 info.prevx.com; 168.219.134.133 free.prevx.com;
      70.2.136.246 spywarefiles.prevx.com; 52.123.31.117
      spywaredlls.prevx.com; 48.68.196.137 shield.prevx.com; 124.94.185.170
      www.prevx1.com; 26.134.255.28 howsafeismypc.com; 9.66.82.155
      www.retento.com; 4.11.58.106 www.freerav.com; 81.226.47.139
      www.rising-global.com; 238.77.49.253 www.risingav.com.au;
      153.197.200.192 support.rising-global.com; 216.143.108.144
      superboy2010.com.au; 37.101.97.176 www.sophos.com; 195.208.167.34
      feeds.sophos.com; 109.73.250.161 esp.sophos.com; 173.18.158.181
      cn.sophos.com; 249.44.147.214 tw.sophos.com; 151.83.217.71
      kr.sophos.com; 29.168.76.162 sophos.com; 93.113.240.114
      podcasts.sophos.com; 169.139.230.215 www.sunbeltsoftware.com;
      71.179.44.5 go.sunbeltsoftware.com; 242.43.127.199
      oem.sunbeltsoftware.com; 49.244.35.151 antispam.sunbeltsoftware.com;
      126.15.24.184 antispyware.sunbeltsoftware.com; 27.54.94.42
      antivirus.sunbeltsoftware.com; 198.242.245.237 sunbeltsoftware.com;
      5.119.153.189 shop.sunbeltsoftware.com; 82.146.142.221
      live.sunbeltsoftware.com; 239.253.212.79 firewall.sunbeltsoftware.com;
      154.117.39.206 www.symantec.com; 218.63.203.226 security.symantec.com;
      38.21.192.3 securityrespons.symantec.com; 128.128.6.48
      service1.symantec.com; 110.249.89.243 enterprisesecur.symantec.com;
      106.194.65.195 eval.symantec.com; 250.220.55.228 symantec.com;
      84.4.57.86 definitions.symantec.com; 67.124.208.24
      investor.symantec.com; 62.69.116.232 et.symantec.com; 207.96.105.9
      sfdoccentral.symantec.com; 40.135.175.123 servicenews.symantec.com;
      211.187.190.182 securityrespons.symantec.com; 206.132.166.202
      sea.symantec.com; 27.159.155.234 go.symantec.com; 184.198.157.24
      dell.symantec.com; 167.62.52.219 sun.symantec.com; 163.8.216.171
      marian.symantec.com; 239.34.205.204 tms.symantec.com; 141.141.19.61
      securitycheck.symantec.com; 123.6.102.0 smallbiz.symantec.com;
      119.207.10.208 www.symantec.com; 195.165.0.241
      visualtracking.symantec.com; 97.17.70.99 search.symantec.com;
      80.137.221.225 liveupdate.symantec.com; 75.82.129.245
      sitedirector.symantec.com; 152.41.118.22 edm.symantec.com;
      53.148.188.136 hostedmailsecur.symantec.com; 36.12.15.7
      www4.symantec.com; 31.213.179.215 education.symantec.com;
      108.240.168.247 vos.symantec.com; 9.23.238.105 www.hacksoft.com.pe;
      248.143.65.44 hacksoft.pe; 244.89.41.252 www.hacksoft.pe; 64.115.30.29
      housecall.trendmicro.com; 222.154.32.142 www.trendmicro.com;
      204.19.183.13 housecall65.trendmicro.com; 200.220.91.33
      us.trendmicro.com; 208.178.13.254 blog.trendmicro.com; 110.218.83.112
      emea.trendmicro.com; 93.150.166.238 housecall60.trendmicro.com;
      88.95.142.190 jp.trendmicro.com; 165.54.131.223 de.trendmicro.com;
      66.161.133.81 it.trendmicro.com; 237.25.28.20 itw.trendmicro.com;
      44.227.192.228 esupport.trendmicro.com; 121.185.181.4
      es.trendmicro.com; 22.36.251.118 br.trendmicro.com; 193.156.78.245
      tw.trendmicro.com; 1.102.242.9 la.trendmicro.com; 77.128.231.42
      uk.trendmicro.com; 235.167.45.155 ru.trendmicro.com; 149.32.196.26
      smbstore.trendmicro.com; 213.233.104.234 apac.trendmicro.com;
      33.3.94.79 store.trendmicro.com; 191.43.164.125
      training.trendmicro.com; 106.163.247.63 trial.trendmicro.com;
      169.108.155.15 ushousecall02.trendmicro.com; 246.135.144.48
      subwiz.trendmicro.com; 147.174.214.162 go.trendmicro.com;
      62.106.109.101 feeds.trendmicro.com; 125.240.17.53
      channelpartner.trendmicro.com; 202.10.6.85 wtc.trendmicro.com;
      35.49.8.131 shop.trendmicro.com; 206.169.91.2 fr.trendmicro.com;
      14.115.255.22 threatinfo.trendmicro.com; 90.73.244.55
      newsletters.trendmicro.com; 180.180.58.100 www.anti-virus.by;
      162.45.141.39 bg.virusblokada.com; 158.246.118.247 www.vba.com.by;
      46.16.107.24 beta.anti-virus.by; 136.56.109.138
      www.bg.virusblokada.com; 119.176.4.76 www.hauri.net; 114.121.168.28
      www.hauri.co.kr; 3.148.157.61 company.hauri.net; 92.187.227.175
      www.globalhauri.com; 75.51.54.46 shop.hauri.co.kr; 70.253.30.66
      hauri.co.kr; 147.23.19.98 pg.hauri.net; 48.62.21.144
      esecurity.livecall.co.kr; 31.182.172.83 mall.hauri.co.kr; 27.128.80.35
      company.hauri.co.kr; 103.154.69.68 haurijapan.com; 5.5.139.181
      virobot.co.kr; 243.126.222.120 www.virusbuster.hu; 11.99.158.100
      virusbuster.hu; 87.57.147.133 scanner.novirusthanks.org;
      245.164.217.246 scanner2.novirusthanks.or; 227.29.112.117
      novirusthanks.org; 223.230.20.137 www.novirusthanks.org; 43.188.10.170
      virustotal.com; 201.40.80.28 www.virustotal.com; 184.160.163.154
      virscan.org; 179.105.71.106 www.virscan.org; 0.132.60.139
      virusscan.jotti.org; 157.171.130.253 jotti.org; 140.35.213.192
      www.jotti.org; 135.237.189.144 viruschief.com; 212.7.178.176
      www.viruschief.com; 113.46.180.34 scanner.virus.org; 96.166.75.161
      virus.org; 92.112.239.181 www.virus.org; 168.138.228.214 scan4you.net;
      70.177.42.71 www.scan4you.net; 52.110.125.198 avhide.com;
      48.55.101.150 www.avhide.com; 56.201.23.115 anubis.iseclab.org;
      214.53.25.229 iseclab.org; 129.173.176.167 www.iseclab.org;
      192.118.84.119 threatexpert.com; 13.77.73.152 www.threatexpert.com


 Informaciones diversas  Para buscar una conexión a Internet, contacta el siguiente sitio web:
   • http://www.whatismyip.org


Objeto mutex:
Crea el siguiente objeto mutex:
   • @0MPfV5@mqt

 Datos del fichero Lenguaje de programación:
El programa de malware ha sido escrito en Visual Basic.


Programa de compresión de ejecutables:
Para agravar la detección y reducir el tamaño del fichero, emplea un programa de compresión de ejecutables.

Descripción insertada por Petre Galan el miércoles, 24 de noviembre de 2010
Descripción actualizada por Petre Galan el miércoles, 24 de noviembre de 2010

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.