Descrizione completa

Nome del virus:	TR/Click.Outtol.A
Scoperto:	13/07/2010
Tipo:	Trojan
In circolazione (ITW):	Si
Numero delle infezioni segnalate:	Medio-Basso
Potenziale di propagazione:	Basso
Potenziale di danni:	Medio
File statico:	Si
Dimensione del file:	237.568 Byte
Somma di controllo MD5:	1acddaae2e00b99fd33794cfcad6f2f1
Versione IVDF:	7.10.09.77 - martedì 13 luglio 2010

Generale Alias:
   • Bitdefender: Trojan.Agent.VB.BMU
   • Panda: Trj/KillAV.NK
   • Eset: Win32/AutoRun.VB.RF

Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003

Effetti secondari:
   • Blocca l'accesso a siti web di sicurezza
   • Abbassa le impostazioni di sicurezza
   • Scarica file “maligni”
   • Duplica file “maligni”
   • Modifica del registro

File Si copia alla seguente posizione:
   • %HOME%\%nome utente corrente%1\winlogon.exe

Cancella il seguente file:
   • %HOME%\%valori esadecimali%\wlo.exe

Vengono creati i seguenti file:

– %HOME%\%nome utente corrente%1\VERSION.TXT
– %HOME%\%valori esadecimali%\wlo.exe Viene eseguito ulteriormente dopo che è stato completamente creato. Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: Worm/Esfury.A.361

– %HOME%\%nome utente corrente%1\wlo.exe Viene eseguito ulteriormente dopo che è stato completamente creato. Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: TR/Agent.cfn

– %HOME%\%valori esadecimali%\winlogon.exe Viene eseguito ulteriormente dopo che è stato completamente creato. Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: Worm/Esfury.A.361

– %SYSDIR%\drivers\etc\hosts Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: TR/AntiHosts.Gen

– C:\winlogon.exe Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: TR/Agent.cfn

– %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogon.exe Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: TR/Agent.cfn

Prova a scaricare dei file:

– La posizione è la seguente:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/**********

– Le posizioni sono le seguenti:
   • http://%stringa carattere%.che**********.info/?PWaevb7Nu6Pppnsx6gbJMPnnDHUPqa5W9MLXtueIMdn1UfoRhsYDY8CbrOJ2YW04vJu4DpIcWdQXStTkQpLfTX8JfIwCy04EIgcRu2UZn1MvgwU3RG5QM5jqXgCDmq84LTikYxahcv97XSH58hkn2TklKhDm7qqWQpLfTX8JfIwCy04EIgcRg9FZGYCYZCcOiNZSAtq1DtN1pCkFSIZOW0sqa0jm=%stringa carattere%
   • http://%stringa carattere%.che**********.info/?imp_728*90=%stringa carattere%

– La posizione è la seguente:
   • http://whos.amung.us/widget/**********/

– La posizione è la seguente:
   • http://widgets.amung.us/small/07/**********

– La posizione è la seguente:
   • http://whos.amung.us/swidget/**********

– La posizione è la seguente:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/flv/**********

– La posizione è la seguente:
   • http://widgets.amung.us/classic/02/**********

Prova ad eseguire il seguente file:

– Nome del file:
   • "%HOME%\%valori esadecimali%\winlogon.exe" ctfmon.exe

Registro Le seguenti chiavi di registro vengono aggiunte per eseguire i processi dopo il riavvio:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%stringa di caratteri casuale%"="%HOME%\%valori esadecimali%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%nome utente corrente%1\winlogon.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "%stringa di caratteri casuale%"="%HOME%\%valori esadecimali%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%nome utente corrente%1\winlogon.exe"

Le seguenti chiavi di registro vengono aggiunte per caricare il servizio dopo il riavvio:

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   • "Start"=dword:0x00000004

I valori della seguente chiave di registro vengono rimossi:

I valori delle seguenti chiavi di registro vengono rimossi:

– [HKLM\SOFTWARE\Classes\lnkfile]
   • IsShortcut

Crea le seguenti righe con lo scopo di bypassare il firewall di Windows XP:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000
   • "EnableFirewall"=dword:0x00000000

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valori esadecimali%\winlogon.exe"="%HOME%\%valori
      esadecimali%\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"

Vengono aggiunte le seguenti chiavi di registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FPAVServer.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ChromeSetup.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\88[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\055[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFile"=dword:0x00000001
   • "NoFolderOptions"=dword:0x00000001
   • "NoRun"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\002.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\074[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "ConsentPromptBehaviorAdmin"=dword:0x00000000
   • "EnableLUA"=dword:0x00000000
   • "PromptOnSecureDesktop"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\633[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\432[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:0x00000001
   • "DisableTaskMgr"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   http\UserChoice]
   • "Progid"="IE.HTTP"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valori esadecimali%\winlogon.exe"="RUNASADMIN"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\035[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\053.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\005[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecFirewall]
   • "DisableMonitoring"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\13.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
   .htm\UserChoice]
   • "Progid"="IE.AssocFile.HTM"

– [HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valori esadecimali%\winlogon.exe"="%HOME%\%valori esadecimali%\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246"

– [HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EHttpSrv.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\BullGuard.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

– [HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel]
   • "HomePage"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
   • "DisableMonitoring"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\864[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\081[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKCU\Software\Policies\Microsoft\Windows\System]
   • "DisableCMD"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center\Svc]
   • "AntiSpywareOverride"=dword:0x00000000
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000000
   • "FirstRunDisabled"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "UpdatesDisableNotify"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FirewallControlPanel.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\091[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   • "NoAutoRebootWithLoggedOnUsers"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valori esadecimali%\winlogon.exe"="RUNASADMIN"

– [HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile]
   • "EnableFirewall"=dword:0x00000000

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   ftp\UserChoice]
   • "Progid"="IE.FTP"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   • "Default_Page_URL"="http://5k32pez9uwowdo0.directorio-w.com"
   • "Default_Search_URL"="http://61ohz4fld059059.directorio-w.com"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\027[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\082.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile]
   • "EnableFirewall"=dword:0x00000000

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\004.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Filemon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\06.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valori esadecimali%\winlogon.exe"="%HOME%\%valori esadecimali%\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861"

– [HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiSpyWareDisableNotify"=dword:0x00000001
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "AutoUpdateDisableNotify"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "InternetSettingsDisableNotify"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "cval"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\051.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'rorre' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\084.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\021[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\061[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ComboFix.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\006.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\827[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Diskmon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\09.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

– [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecAntiVirus]
   • "DisableMonitoring"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   https\UserChoice]
   • "Progid"="IE.HTTPS"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\
   003[[=s rav;eslaf=p rav;eslaf=b rav;ib.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

Vengono cambiate le seguenti chiavi di registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Nuovo valore:
   • "DisableSR"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\ftp\shell\open\command]
   Nuovo valore:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKLM\SYSTEM\CurrentControlSet\Services\Sr]
   Nuovo valore:
   • "Start"=dword:0x00000004

– [HKLM\SOFTWARE\Classes\https\shell\open\command]
   Nuovo valore:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKCU\Control Panel\Sound]
   Nuovo valore:
   • "Beep"="no"

– [HKLM\SOFTWARE\Classes\http\shell\open\command]
   Nuovo valore:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

– [HKLM\SOFTWARE\Classes\http\shell\open\ddeexec\Application]
   Nuovo valore:
   • "@"="IExplore"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Nuovo valore:
   • "Disable Script Debugger"="Yes"
   • "Local Page"="http://j4d1677o5i4b992.directorio-w.com"
   • "Search Page"="http://z027305rxhiu861.directorio-w.com"
   • "Start Page"="http://oou30vs938ikf65.directorio-w.com"

– [HKLM\SOFTWARE\Classes\https\shell\open\ddeexec\Application]
   Nuovo valore:
   • "@"="IExplore"

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN]
   Nuovo valore:
   • "Default_Page_URL"="http://g1sp91vn21u1rm1.directorio-w.com"
   • "Default_Search_URL"="http://589980kqkmulj48.directorio-w.com"
   • "Local Page"="http://cw356qr302m63gl.directorio-w.com"
   • "Search Page"="http://tft17fi9ekwn7u0.directorio-w.com"
   • "Start Page"="http://j147m23v4t1n5ai.directorio-w.com"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuovo valore:
   • "Hidden"=dword:0x00000002
   • "HideFileExt"=dword:0x00000003
   • "ShowSuperHidden"=dword:0x00000000
   • "SuperHidden"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\Application]
   Nuovo valore:
   • "@"="IExplore"

Host L'host del file viene modificato come spiegato:

– In questo caso i dati immessi già esistenti vengono cancellati.

– L'accesso ai seguenti domini è reindirizzato ad altre destinazioni:
   • 208.109.220.95 viabcp.com; 208.109.220.95 www.viabcp.com;
      208.109.220.95 bcpzonasegura.viabcp.com; 173.236.65.132
      www.produbanco.com; 173.236.65.132 produbanco.com; 173.236.65.132
      www.pichincha.com; 173.236.65.132 pichincha.com; 173.236.65.132
      wwwp1.pichincha.com; 173.236.65.132 wwwp2.pichincha.com;
      173.236.65.132 wwwp3.pichincha.com; 173.236.65.132
      wwwp4.pichincha.com; 173.236.65.132 wwww01.pichincha.com;
      173.236.65.132 wwww02.pichincha.com; 173.236.65.132
      wwww03.pichincha.com; 173.236.65.132 wwww04.pichincha.com;
      69.162.96.136 bn.com.pe; 69.162.96.136 www.bn.com.pe; 69.162.96.136
      zonasegura1.bn.com.pe; 69.162.96.136 www.zonasegura1.bn.com.pe;
      173.236.69.68 www.interbank.com.pe; 173.236.69.68 interbank.com.pe;
      130.108.67.190 iniciorapido.info; 8.228.150.60 www.iniciorapido.info;
      72.173.58.80 buscalo.in; 149.199.47.113 www.buscalo.in; 50.239.117.227
      buscafacil.com; 221.103.12.98 www.buscafacil.com; 28.48.176.49
      emsisoft.com; 105.75.165.150 ahnlab.com; 6.114.235.196 antivir.es;
      177.234.62.135 antiy.net; 240.180.226.87 authentium.com;
      61.206.215.120 avast.com; 219.245.29.233 avg.com; 133.178.180.172
      bitdefender.com; 197.55.88.124 quickheal.com; 17.81.77.157 clamav.net;
      175.189.148.15 comodo.com; 89.53.231.141 drweb.com; 153.254.139.161
      aladdin.com; 230.212.128.194 ca.com; 63.64.198.240 f-prot.com;
      46.184.25.179 f-secure.com; 41.129.1.130 fortinet.com; 186.156.246.163
      gdata.es; 19.195.248.21 ikarus.at; 2.59.143.216 jiangmin.com;
      254.5.51.168 kaspersky.com; 142.31.40.201 mcafee.com; 232.70.110.58
      microsoft.com; 214.191.193.185 eset.es; 210.136.169.205 norman.com;
      30.162.158.238 nprotect.com; 188.202.161.28 pandasecurity.com;
      170.66.56.222 pctools.com; 166.11.220.174 prevx.com; 243.37.209.207
      rising-global.com; 144.145.23.65 sophos.com; 127.9.106.4
      sunbeltsoftware.com; 122.210.14.211 symantec.com; 199.169.3.244
      hacksoft.com.pe; 100.20.73.102 trendmicro.com; 83.140.224.229
      anti-virus.by; 79.86.132.249 hauri.net; 155.44.121.26 virusbuster.hu;
      57.151.191.139 www.emsisoft.com; 39.16.18.10 www.ahnlab.com;
      35.217.182.218 www.antivir.es; 111.243.171.251 www.antiy.net;
      13.27.242.109 www.authentium.com; 251.147.69.47 www.avast.com;
      247.92.45.255 www.avg.com; 68.118.34.32 www.bitdefender.com;
      225.158.36.146 www.quickheal.com; 208.22.187.17 www.clamav.net;
      203.223.95.36 www.comodo.com; 24.250.84.69 www.drweb.com;
      181.33.154.183 www.aladdin.com; 164.221.237.54 www.ca.com;
      159.167.213.6 www.f-prot.com; 236.125.202.39 www.f-secure.com;
      138.232.204.152 www.fortinet.com; 52.97.99.91 www.gdata.es;
      116.42.7.43 www.ikarus.at; 192.0.252.76 www.jiangmin.com;
      94.108.67.190 www.kaspersky.com; 8.228.150.60 www.mcafee.com;
      72.173.58.80 www.microsoft.com; 149.199.47.113 www.eset.es;
      50.239.117.227 www.norman.com; 221.103.12.98 www.nprotect.com;
      28.48.176.49 www.pandasecurity.com; 105.75.165.150 www.pctools.com;
      6.114.235.196 www.prevx.com; 177.234.62.135 www.rising-global.com;
      240.180.226.87 www.sophos.com; 61.206.215.120 www.sunbeltsoftware.com;
      219.245.29.233 www.symantec.com; 133.178.180.172 www.hacksoft.com.pe;
      197.55.88.124 www.trendmicro.com; 17.81.77.157 www.anti-virus.by;
      175.189.148.15 www.hauri.net; 89.53.231.141 www.virusbuster.hu;
      153.254.139.161 www.emsisoft.com; 230.212.128.194 www.anti-trojan.net;
      63.64.198.240 malwarescan.emsisoft.com; 46.184.25.179
      forum.emsisoft.com; 41.129.1.130 www.emsisoft.net; 186.156.246.163
      www.emsisoft.it; 19.195.248.21 www.emsisoft.de; 2.59.143.216
      www.anti-trojan-software.net; 254.5.51.168 mamutu.com; 142.31.40.201
      www.emsisoft.es; 232.70.110.58 malwarescan.emsisoft.de;
      214.191.193.185 ww.emsisoft.com; 210.136.169.205 www.emsisoft.fr;
      30.162.158.238 www.emsisoft.nl; 188.202.161.28
      onlinecheck.emsisoft.com; 170.66.56.222 onlinecheck.emsisoft.de;
      166.11.220.174 www.emsisoft.org; 243.37.209.207 scan.anti-trojan.net;
      144.145.23.65 www.trojaner.info; 127.9.106.4 onlinecheck.emsisoft.org;
      122.210.14.211 onlinecheck.emsisoft.net; 199.169.3.244 blitzblank.com;
      100.20.73.102 www.emsisoft.at; 83.140.224.229 www.emsisoft.jp;
      79.86.132.249 www.mamutu.com; 155.44.121.26 malwarescan.emsisoft.es;
      57.151.191.139 www.mamutu.de; 39.16.18.10 download5.emsisoft.com;
      35.217.182.218 download1.emsisoft.com; 111.243.171.251
      download4.emsisoft.com; 13.27.242.109 global.ahnlab.com; 251.147.69.47
      www.hackshields.com; 247.92.45.255 www.internationalservicecheck.com;
      68.118.34.32 www.irangoals.com; 225.158.36.146 ixomodels.com;
      208.22.187.17 www.indielisboa.com; 203.223.95.36
      www.latin-mass-society.org; 24.250.84.69 www.arpia.be; 181.33.154.183
      www.owen.org; 164.221.237.54 www.prdouglas.co.uk; 159.167.213.6
      www.zarya.info; 236.125.202.39 www.willsee.com; 138.232.204.152
      halmapr.com; 52.97.99.91 karuna-shechen.org; 116.42.7.43
      www.barder.com; 192.0.252.76 www.antivir.es; 94.108.67.190
      www.buraka.tv; 8.228.150.60 www.dr-bull.com; 72.173.58.80
      www.manchester-offices.co.uk; 149.199.47.113 saverssite.com;
      50.239.117.227 canada.karuna-shechen.org; 221.103.12.98
      developmentdrums.org; 28.48.176.49 www.imddomains.co.uk;
      105.75.165.150 cutlines.org; 6.114.235.196 elblogdemanu.com;
      177.234.62.135 ruben.bzin.net; 240.180.226.87 welkam.co.jp;
      61.206.215.120 www.cambridge-steiner-school.co.uk; 219.245.29.233
      naturesimages.net; 133.178.180.172 www.1stavenuelimousines.co.uk;
      197.55.88.124 www.mtr-design.com; 17.81.77.157 dev.depeuter.org;
      175.189.148.15 www.emeraldclassic.co.uk; 89.53.231.141
      www.peterhearnwaste.co.uk; 153.254.139.161 etrr.co.uk; 230.212.128.194
      www.avoncourt.com; 63.64.198.240 sarahmcconnellphotography.net;
      46.184.25.179 www.ixomodels.com; 41.129.1.130 natsko.com;
      186.156.246.163 www.nottinghampoetryseries.com; 19.195.248.21
      www.sheffieldmind.co.uk; 2.59.143.216 ixostore.ixomodels.com;
      254.5.51.168 www.flairweddings.co.uk; 142.31.40.201 www.fimasys.com;
      232.70.110.58 cohartuk.com; 214.191.193.185 qqjkw.net; 210.136.169.205
      vivo-austin.com; 30.162.158.238 www.freeality.com; 188.202.161.28
      bestofewan.com; 170.66.56.222 www.handwritingforkids.com;
      166.11.220.174 cowsmo.com; 243.37.209.207 www.2xlgames.com;
      144.145.23.65 kimzimmer.net; 127.9.106.4 basetendencies.com;
      122.210.14.211 trackingtheworld.com; 199.169.3.244
      www.reviewsofbooks.com; 100.20.73.102 www.collectedcurios.com;
      83.140.224.229 www.renningers.com; 79.86.132.249 ccslaughterspdx.com;
      155.44.121.26 www.briarhurst.com; 57.151.191.139 www.smf.org;
      39.16.18.10 ribbonwarehouse.com; 35.217.182.218 www.garryowen.com;
      111.243.171.251 45pounds.com; 13.27.242.109 isotopecomics.com;
      251.147.69.47 roysephotos.com; 247.92.45.255 www.stadiumpage.com;
      68.118.34.32 www.elvis-express.com; 225.158.36.146
      www.tomorrowsedge.net; 208.22.187.17 www.beautybar.com; 203.223.95.36
      pineleafboys.com; 24.250.84.69 www.mountainlakeslodge.com;
      181.33.154.183 pvtc.org; 164.221.237.54 bhsbees.com; 159.167.213.6
      baristamagazine.com; 236.125.202.39 www.gokidding.com; 138.232.204.152
      defalcos.com; 52.97.99.91 www.celticmerchant.com; 116.42.7.43
      www.hxproduction.com; 192.0.252.76 www.wellgousa.com; 94.108.67.190
      blog.titanium-jewelry.com; 8.228.150.60 www.brightoctober.com;
      72.173.58.80 hishomeforchildren.com; 149.199.47.113
      www.phoenixtrikeworks.com; 50.239.117.227 www.professorbeyer.com;
      221.103.12.98 www.secondchanceboxer.com; 28.48.176.49
      www.residentphotography.com; 105.75.165.150 woottonfootball.com;
      6.114.235.196 www.deborahshelton.net; 177.234.62.135 bobbondart.com;
      240.180.226.87 www.authentium.com; 61.206.215.120 asap.authentium.com;
      219.245.29.233 www.authentium.com.au; 133.178.180.172 avast.com;
      197.55.88.124 www.avast.com; 17.81.77.157 files.avast.com;
      175.189.148.15 download535.avast.com; 89.53.231.141 avg.com;
      153.254.139.161 www.avg.com; 230.212.128.194 grisoft.com;
      63.64.198.240 www.grisoft.com; 46.184.25.179 antivirus-tools.com;
      41.129.1.130 archive.bitdefender.com; 186.156.246.163
      avx.rob-have.net; 19.195.248.21 b-have.orgbitdefender-ar.com;
      2.59.143.216 bitdefender.com; 254.5.51.168 bitdefender.org;
      142.31.40.201 bitdefenderchina.com; 232.70.110.58
      bitdefenderguatemala.com; 214.191.193.185 bitdefendermalaysia.com;
      210.136.169.205 bitdefendertaiwan.com; 30.162.158.238
      bitdefenderuruguay.com; 120.134.93.216 bitdefenderusa.com;
      102.254.244.154 buy.bitdefender-es.com; 98.199.152.106
      buy.bitdefender.com; 175.225.141.139 buy.bitdefender.de; 76.77.211.253
      de.bitdefender.com; 59.197.38.192 fr.bitdefender.com; 54.142.202.143
      futurenow.bitdefender.com; 131.101.191.176 it.bitdefender.com;
      32.208.5.34 jobs.bitdefender.com; 15.72.156.161 kb.bitdefender.com;
      11.18.64.181 kb.bitdefender.de; 87.232.53.214 kb.bitdefender.us;
      245.83.123.71 latin.bitdefender.com; 227.204.206.198
      linux.bitdefender.com; 223.149.114.150 malwarecity.com; 43.175.103.183
      malwarecity.netmalwarecity.org; 201.215.174.41 malwarepedia.com;
      183.79.1.235 neunet.orgnews.bitdefender.com; 179.24.233.187
      nl.bitdefender.com; 0.50.222.220 renewals.bitdefender.com;
      157.90.224.78 sales.bitdefender.com; 140.210.119.205
      square.bitdefender.com; 135.155.27.224 store.bitdefender.com;
      212.182.16.1 store.de.bitdefender.com; 113.221.86.115
      us.bitdefender.com; 96.153.169.242 virusscanonline.net; 92.99.145.194
      wedoantivirus.com; 168.57.134.227 www.antivirus-tools.com;
      70.164.136.84 www.avx.ro; 240.29.31.23 www.bit-defender.de;
      48.230.195.231 www.bitdefende.de; 124.188.184.8
      www.bitdefender-es.com; 26.40.255.122 www.bitdefender.be;
      196.160.82.180 www.bitdefender.cl; 192.37.178.200
      www.bitdefender.co.uk; 13.64.167.233 www.bitdefender.com;
      170.103.237.91 www.bitdefender.com.au; 85.223.132.218
      www.bitdefender.com.sg; 148.168.40.169 www.bitdefender.com.tw;
      225.195.29.14 www.bitdefender.com.vn; 126.234.99.60
      www.bitdefender.de; 41.98.182.255 www.bitdefender.es; 105.44.90.207
      www.bitdefender.fr; 181.70.79.240 www.bitdefender.hk; 83.109.149.97
      www.bitdefender.us; 253.42.44.36 www.bitdefenderme.com; 61.175.208.244
      www.malwarecity.com; 137.201.197.21 www.malwarecity.fr; 39.53.12.135
      quickheal.com; 209.173.95.5 www.quickheal.com; 17.118.3.25
      www.clamav.net; 94.77.248.58 cgi.clamav.net; 183.184.62.104
      lurker.clamav.net; 166.48.145.43 wwws.clamav.net; 161.249.121.250
      lists.clamav.net; 238.208.42.215 bugs.clamav.net; 71.247.44.73
      system-cleaner.comodo.com; 54.111.195.12 backup.comodo.com;
      50.57.103.220 www.comodoantispam.com; 194.83.92.253
      easy-vpn.comodo.com; 28.122.162.110 www.trustlogo.com; 10.243.245.237
      ztl.comodo.com; 6.188.221.1 www.livepcsupport.com; 82.214.210.34
      www.whichssl.com; 240.254.213.80 www.trustix.com; 222.118.108.18
      disk-encryption.comodo.com; 218.63.16.226 speedtest.comodo.com;
      39.90.5.3 www.contentverification.com; 196.197.75.117 idauthority.com;
      179.61.158.56 www.comodo.tv; 174.6.66.7 online-backup.comodo.com;
      251.221.55.40 www.testmypcsecurity.com; 152.72.125.154
      www.ccssforum.org; 135.192.20.25 i-vault.comodo.com; 131.138.184.45
      internetsecurity.comodo.com; 207.96.173.78 www.comodopartners.com;
      109.203.243.191 timestamp.comodoca.com; 91.68.70.62
      secure-email.comodo.com; 87.13.234.14 timestamp.wosign.com;
      163.39.224.47 rover800.gaima.co.uk; 65.79.38.161 www.nsclean.com;
      47.199.121.99 www.contentverification.com; 43.144.97.51
      new-estore.drweb.com; 120.171.86.84 support.drweb.com; 50.238.116.226
      pda.drweb.com; 32.103.11.97 updates.drweb.com; 28.48.175.117
      drweb.com; 104.74.164.150 vms.drweb.com; 6.114.235.8
      solutions.drweb.com; 244.46.62.134 news.drweb.com; 240.247.38.86
      my.drweb.com; 61.206.27.119 buy.drweb.com; 218.57.29.233
      products.drweb.com; 133.177.180.172 new-support.drweb.com;
      196.122.88.123 promotions.drweb.com; 17.81.77.156 network.drweb.com;
      174.188.147.14 customers.drweb.com; 89.52.230.141 store.drweb.com;
      153.254.138.161 company.drweb.com; 229.24.127.194 training.drweb.com;
      131.63.197.51 license.drweb.com; 45.184.92.178 cureit.ru;
      109.129.0.130 free.drweb.com; 185.155.245.231 info.drweb.com;
      87.195.60.21 new-partners.drweb.com; 1.59.143.215 drweb.net;
      65.4.51.167 new-company.drweb.com; 142.31.40.200 new-beta.drweb.com;
      43.70.110.58 new-forum.drweb.com; 214.2.5.253 secure.av-desk.com;
      21.135.169.204 www.av-desk.com; 98.162.158.237
      new-solutions.drweb.com; 255.13.228.95 new-www.drweb.com;
      170.133.55.222 www.freedrweb.ru; 234.79.219.242 daniloff.net;
      54.37.208.19 drweb-inside.com; 144.144.22.64 drwebinside.com;
      126.9.105.3 aladdin.com; 122.210.81.211 alladdin.ru; 10.236.70.244
      chickensroamfree.com; 100.20.73.102 ealaddin.net; 82.140.224.40
      ealaddin.orgeshop.aladdin.com; 78.85.132.248 secureme.com;
      223.111.121.25 www.aks.com; 56.151.191.139 www.aladdin.com;
      39.15.18.10 www.ealaddin.com; 34.216.182.217 www.ealaddin.com;
      43.175.171.250 auwww.ealaddin.nl; 200.214.173.40 www.esafe.com;
      183.78.68.235 www.hasp.se; 179.24.232.187 www.safenet-inc.com;
      255.50.221.220 www3.safenet-inc.com; 157.157.35.77 www.ca.com;
      139.22.118.16 cacomvip.ca.com; 135.223.26.224 www.netegrity.com;
      211.181.16.1 search.ca.com; 113.33.86.115 cai.com; 95.153.237.241
      www.f-prot.com; 91.98.145.5 frisk-software.com; 168.57.134.38
      www.frisk.is; 69.164.204.152 www.frisk-software.com; 52.28.31.23
      f-secure.com; 47.229.195.230 f-secure.frf-secure.hk; 124.0.184.7
      f-secure.nlfsecure.com; 25.39.254.121 fsecure.nlwebyard.com;
      8.159.81.60 www.f-secure.com; 4.105.57.12 www.fsecure.com;
      80.131.46.45 www.virus.fi; 238.170.48.158 fortihero.com; 220.35.199.29
      fortilog.com; 216.236.107.49 fortinet.co.at; 36.6.96.14 fortinet.com;
      126.234.99.128 fortiprotect.com; 108.166.182.254 fortiwifi.com;
      104.111.158.206 www.apsecure.com; 181.70.147.239 www.fortifed.com;
      82.177.149.97 www.fortiid.com; 253.41.44.36 www.fortimail.com;
      60.242.208.243 www.fortinet-apac.com; 137.201.197.20 www.fortinet.ch;
      38.52.11.134 www.fortinet.co.il; 209.172.94.5 www.fortinet.com;
      17.118.2.25 www.fortinet.com; 93.144.247.58 arwww.fortinet.cz;
      251.183.61.171 www.fortinet.net; 165.48.212.42 www.fortinet.nl;
      229.249.120.250 www.fortinet.sg; 49.19.110.95 www.fortinetuk.com;
      207.59.180.141 www.secure-elements.com; 121.179.7.79 gdata.es;
      185.124.171.31 www.gdata.es; 6.151.160.64 ikarus.at; 163.190.230.178
      www.ikarus.at; 78.122.125.117 global.jiangmin.com; 141.255.33.1
      jiangmin.com.cn; 150.214.210.33 jiangmin.com; 51.65.24.147
      www.jiangmin.com.cn; 222.185.107.18 www.kaspersky.com; 30.131.15.38
      forum.kaspersky.com; 106.89.4.71 support.kaspersky.co; 196.196.158.200
      usa.kaspersky.com; 6.145.241.139 brazil.kaspersky.com; 2.90.217.91
      latam.kaspersky.com; 146.116.206.124 kaspersky.com; 236.156.209.238
      me.kaspersky.com; 218.20.104.176 images.kaspersky.com; 214.221.12.128
      www.mcafee.com; 103.247.1.161 support.mcafee.com; 192.31.71.19
      msr.mcafee.com; 175.151.154.146 home.mcafee.com; 170.96.130.165
      networkassociates.com; 247.123.119.198 us.mcafee.com; 148.162.121.244
      tr.mcafee.com; 131.26.16.183 au.mcafee.com; 126.228.180.135
      mx.mcafee.com; 135.186.101.100 networkassociates.nai.com;
      37.37.171.213 go.mcafee.com; 19.158.254.152 fr.mcafee.com;
      15.103.162.104 uk.mcafee.com; 91.61.151.137 de.mcafee.com;
      249.169.222.251 obscgi.mcafee.com; 231.33.117.121 nai.com;
      227.234.25.141 www.entercept.com; 48.192.14.174 jp.mcafee.com;
      205.44.84.32 mcafeeb2b.com; 188.164.167.159 cn.mcafee.com;
      183.109.75.110 service.mcafee.com; 4.136.64.143 br.mcafee.com;
      161.175.134.1 www.mcafee.at; 144.39.217.196 mcafeeretail.com;
      140.241.193.148 it.mcafee.com; 216.11.182.181 tw.mcafee.com;
      118.50.184.38 privacy.microsoft.com; 100.171.79.165 tempuri.org;
      252.16.144.85 schemas.xmlsoap.org; 72.42.133.118 www.microsoft.com;
      230.82.203.232 specs.xmlsoap.org; 213.14.30.103
      www.eugrantsadvisor.ie; 208.215.6.54 schemas.microsoft.com;
      29.174.251.87 encarta.msn.com; 186.25.253.201 www.sysinternals.com;
      101.145.148.140 grv.microsoft.com; 164.91.56.92 www.xmlsoap.org;
      241.49.45.124 www.eugrantsadvisor.se; 142.156.115.238
      www.eugrantsadvisor.com; 57.20.198.109 research.microsoft.com;
      121.222.106.129 www.engyro.com; 197.248.95.162
      www.exchangeyourcareer.com; 99.31.165.19 www.eugrantsadvisor.de;
      13.152.60.146 exchangeyourcareer.net; 77.97.225.98 eugrantsadvisor.de;
      153.123.214.199 eugrantsadvisor.cz; 243.95.216.177 www.eset.es;
      158.215.43.116 demos.eset.es; 221.160.207.67 descargas.eset.es;
      42.187.196.100 blogs.protegerse.com; 199.226.10.214 eos.eset.es;
      114.158.161.153 pedidos.protegerse.com; 177.36.69.105
      reg-int.nod32-es.com; 254.62.58.137 reg.eset.es; 155.169.128.251
      vicentevirtual.com; 70.33.211.122 cou85.com; 134.235.119.142
      www.norman.com; 210.193.108.175 fsc.norman.com; 44.44.178.220
      nprobeta.norman.com; 26.165.5.159 register.norman.com; 22.110.238.111
      webadmin.norman.no; 166.136.227.144 sandbox.norman.com; 0.176.229.2
      www.nprotect.com; 239.40.124.197 global.nprotect.com; 234.241.32.148
      www.nprotect.co.kr; 123.12.21.181 www.npin.co.kr; 144.239.23.227
      siren24.nprotect.com; 127.103.106.98 15660808.co.kr; 122.49.82.118
      biz.nprotect.com; 199.75.71.150 nprotect.net; 101.114.73.196
      www.nprotect.com.br; 83.234.224.135 liveprotect.net; 79.180.132.87
      nprotect.seoul.go.kr; 155.206.121.120 chollian.nprotect.co.kr;
      57.57.191.233 www.pandasecurity.com; 39.178.18.172
      research.pandasecurity.com; 35.123.183.124 support.pandasecurity.com;
      111.81.172.157 pandalabs.pandasecurity.com; 13.189.242.15
      pandasecurity.com; 252.53.137.142 mop.pandasecurity.com;
      247.254.45.161 timeforyourbusi.pandasecurity.com; 68.213.34.194
      cybercrime.pandasecurity.com; 225.64.104.52 free.pandasecurity.com;
      208.184.187.179 cloudprotection.pandasecurity.com; 203.130.95.131
      shop.pandasecurity.com; 24.156.84.163 soporte.pandasecurity.com;
      114.127.86.209 together.pctools.com; 96.248.169.148 www.prevx.com;
      92.193.145.100 info.prevx.com; 168.219.134.133 free.prevx.com;
      70.2.136.246 spywarefiles.prevx.com; 52.123.31.117
      spywaredlls.prevx.com; 48.68.196.137 shield.prevx.com; 124.94.185.170
      www.prevx1.com; 26.134.255.28 howsafeismypc.com; 9.66.82.155
      www.retento.com; 4.11.58.106 www.freerav.com; 81.226.47.139
      www.rising-global.com; 238.77.49.253 www.risingav.com.au;
      153.197.200.192 support.rising-global.com; 216.143.108.144
      superboy2010.com.au; 37.101.97.176 www.sophos.com; 195.208.167.34
      feeds.sophos.com; 109.73.250.161 esp.sophos.com; 173.18.158.181
      cn.sophos.com; 249.44.147.214 tw.sophos.com; 151.83.217.71
      kr.sophos.com; 29.168.76.162 sophos.com; 93.113.240.114
      podcasts.sophos.com; 169.139.230.215 www.sunbeltsoftware.com;
      71.179.44.5 go.sunbeltsoftware.com; 242.43.127.199
      oem.sunbeltsoftware.com; 49.244.35.151 antispam.sunbeltsoftware.com;
      126.15.24.184 antispyware.sunbeltsoftware.com; 27.54.94.42
      antivirus.sunbeltsoftware.com; 198.242.245.237 sunbeltsoftware.com;
      5.119.153.189 shop.sunbeltsoftware.com; 82.146.142.221
      live.sunbeltsoftware.com; 239.253.212.79 firewall.sunbeltsoftware.com;
      154.117.39.206 www.symantec.com; 218.63.203.226 security.symantec.com;
      38.21.192.3 securityrespons.symantec.com; 128.128.6.48
      service1.symantec.com; 110.249.89.243 enterprisesecur.symantec.com;
      106.194.65.195 eval.symantec.com; 250.220.55.228 symantec.com;
      84.4.57.86 definitions.symantec.com; 67.124.208.24
      investor.symantec.com; 62.69.116.232 et.symantec.com; 207.96.105.9
      sfdoccentral.symantec.com; 40.135.175.123 servicenews.symantec.com;
      211.187.190.182 securityrespons.symantec.com; 206.132.166.202
      sea.symantec.com; 27.159.155.234 go.symantec.com; 184.198.157.24
      dell.symantec.com; 167.62.52.219 sun.symantec.com; 163.8.216.171
      marian.symantec.com; 239.34.205.204 tms.symantec.com; 141.141.19.61
      securitycheck.symantec.com; 123.6.102.0 smallbiz.symantec.com;
      119.207.10.208 www.symantec.com; 195.165.0.241
      visualtracking.symantec.com; 97.17.70.99 search.symantec.com;
      80.137.221.225 liveupdate.symantec.com; 75.82.129.245
      sitedirector.symantec.com; 152.41.118.22 edm.symantec.com;
      53.148.188.136 hostedmailsecur.symantec.com; 36.12.15.7
      www4.symantec.com; 31.213.179.215 education.symantec.com;
      108.240.168.247 vos.symantec.com; 9.23.238.105 www.hacksoft.com.pe;
      248.143.65.44 hacksoft.pe; 244.89.41.252 www.hacksoft.pe; 64.115.30.29
      housecall.trendmicro.com; 222.154.32.142 www.trendmicro.com;
      204.19.183.13 housecall65.trendmicro.com; 200.220.91.33
      us.trendmicro.com; 208.178.13.254 blog.trendmicro.com; 110.218.83.112
      emea.trendmicro.com; 93.150.166.238 housecall60.trendmicro.com;
      88.95.142.190 jp.trendmicro.com; 165.54.131.223 de.trendmicro.com;
      66.161.133.81 it.trendmicro.com; 237.25.28.20 itw.trendmicro.com;
      44.227.192.228 esupport.trendmicro.com; 121.185.181.4
      es.trendmicro.com; 22.36.251.118 br.trendmicro.com; 193.156.78.245
      tw.trendmicro.com; 1.102.242.9 la.trendmicro.com; 77.128.231.42
      uk.trendmicro.com; 235.167.45.155 ru.trendmicro.com; 149.32.196.26
      smbstore.trendmicro.com; 213.233.104.234 apac.trendmicro.com;
      33.3.94.79 store.trendmicro.com; 191.43.164.125
      training.trendmicro.com; 106.163.247.63 trial.trendmicro.com;
      169.108.155.15 ushousecall02.trendmicro.com; 246.135.144.48
      subwiz.trendmicro.com; 147.174.214.162 go.trendmicro.com;
      62.106.109.101 feeds.trendmicro.com; 125.240.17.53
      channelpartner.trendmicro.com; 202.10.6.85 wtc.trendmicro.com;
      35.49.8.131 shop.trendmicro.com; 206.169.91.2 fr.trendmicro.com;
      14.115.255.22 threatinfo.trendmicro.com; 90.73.244.55
      newsletters.trendmicro.com; 180.180.58.100 www.anti-virus.by;
      162.45.141.39 bg.virusblokada.com; 158.246.118.247 www.vba.com.by;
      46.16.107.24 beta.anti-virus.by; 136.56.109.138
      www.bg.virusblokada.com; 119.176.4.76 www.hauri.net; 114.121.168.28
      www.hauri.co.kr; 3.148.157.61 company.hauri.net; 92.187.227.175
      www.globalhauri.com; 75.51.54.46 shop.hauri.co.kr; 70.253.30.66
      hauri.co.kr; 147.23.19.98 pg.hauri.net; 48.62.21.144
      esecurity.livecall.co.kr; 31.182.172.83 mall.hauri.co.kr; 27.128.80.35
      company.hauri.co.kr; 103.154.69.68 haurijapan.com; 5.5.139.181
      virobot.co.kr; 243.126.222.120 www.virusbuster.hu; 11.99.158.100
      virusbuster.hu; 87.57.147.133 scanner.novirusthanks.org;
      245.164.217.246 scanner2.novirusthanks.or; 227.29.112.117
      novirusthanks.org; 223.230.20.137 www.novirusthanks.org; 43.188.10.170
      virustotal.com; 201.40.80.28 www.virustotal.com; 184.160.163.154
      virscan.org; 179.105.71.106 www.virscan.org; 0.132.60.139
      virusscan.jotti.org; 157.171.130.253 jotti.org; 140.35.213.192
      www.jotti.org; 135.237.189.144 viruschief.com; 212.7.178.176
      www.viruschief.com; 113.46.180.34 scanner.virus.org; 96.166.75.161
      virus.org; 92.112.239.181 www.virus.org; 168.138.228.214 scan4you.net;
      70.177.42.71 www.scan4you.net; 52.110.125.198 avhide.com;
      48.55.101.150 www.avhide.com; 56.201.23.115 anubis.iseclab.org;
      214.53.25.229 iseclab.org; 129.173.176.167 www.iseclab.org;
      192.118.84.119 threatexpert.com; 13.77.73.152 www.threatexpert.com

Varie Verifica la presenza di una connessione ad internet contattando il seguente sito web:
• http://www.whatismyip.org

Mutex:
Crea il seguente Mutex:
• @0MPfV5@mqt

Dettagli del file Linguaggio di programmazione:
Il malware è stato scritto in Visual Basic.

Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.

Descrizione inserita da Petre Galan su mercoledì 24 novembre 2010
Descrizione aggiornata da Petre Galan su mercoledì 24 novembre 2010

Indietro . . . .

Prodotti in evidenza

Altri prodotti

I prodotti piu conosciuti

Tutti i prodotti

Per utenti privati

Per aziende

Virus Lab

Ulteriore supporto

Diventa un Partner di Avira

Per utenti privati

Per aziende

Desideri provare un prodotto?

Manuali e Strumenti

Prodotti in evidenza

Altri prodotti

I prodotti piu conosciuti

Tutti i prodotti

Per utenti privati

Per aziende

Virus Lab

Ulteriore supporto

Diventa un Partner di Avira

Per utenti privati

Per aziende

Desideri provare un prodotto?

Manuali e Strumenti