Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
VrusTR/Click.Outtol.A
Data em que surgiu:13/07/2010
Tipo:Trojan
Includo na lista "In The Wild"Sim
Nvel de danos:De baixo a mdio
Nvel de distribuio:Baixo
Nvel de risco:Mdio
Ficheiro esttico:Sim
Tamanho:237.568 Bytes
MD5 checksum:1acddaae2e00b99fd33794cfcad6f2f1
Verso IVDF:7.10.09.77 - terça-feira, 13 de julho de 2010

 Vulgarmente Alias:
   •  Bitdefender: Trojan.Agent.VB.BMU
   •  Panda: Trj/KillAV.NK
   •  Eset: Win32/AutoRun.VB.RF


Sistemas Operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efeitos secundrios:
   • Bloqueia o acesso a Web sites de segurana
   • Baixa as definies de segurana
   • Descarrega ficheiros maliciosos
   • Descarrega ficheiros maliciosos
   • Altera o registo do Windows

 Ficheiros Autocopia-se para a seguinte localizao:
   • %HOME%\%nome do utilizador actual%1\winlogon.exe



Elimina o seguinte ficheiro:
   • %HOME%\%valores hex%\wlo.exe



So criados os seguintes ficheiros:

%HOME%\%nome do utilizador actual%1\VERSION.TXT
%HOME%\%valores hex%\wlo.exe Alm disso executa-se depois de gerado. Outras investigaes apontam para que este ficheiro, tambm, seja malware. Detectado como: Worm/Esfury.A.361

%HOME%\%nome do utilizador actual%1\wlo.exe Alm disso executa-se depois de gerado. Outras investigaes apontam para que este ficheiro, tambm, seja malware. Detectado como: TR/Agent.cfn

%HOME%\%valores hex%\winlogon.exe Alm disso executa-se depois de gerado. Outras investigaes apontam para que este ficheiro, tambm, seja malware. Detectado como: Worm/Esfury.A.361

%SYSDIR%\drivers\etc\hosts Outras investigaes apontam para que este ficheiro, tambm, seja malware. Detectado como: TR/AntiHosts.Gen

C:\winlogon.exe Outras investigaes apontam para que este ficheiro, tambm, seja malware. Detectado como: TR/Agent.cfn

%ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogon.exe Outras investigaes apontam para que este ficheiro, tambm, seja malware. Detectado como: TR/Agent.cfn




Tenta efectuar o download de alguns ficheiros:

A partir da seguinte localizao:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/**********


A partir das seguintes localizaes:
   • http://%caracteres%.che**********.info/?PWaevb7Nu6Pppnsx6gbJMPnnDHUPqa5W9MLXtueIMdn1UfoRhsYDY8CbrOJ2YW04vJu4DpIcWdQXStTkQpLfTX8JfIwCy04EIgcRu2UZn1MvgwU3RG5QM5jqXgCDmq84LTikYxahcv97XSH58hkn2TklKhDm7qqWQpLfTX8JfIwCy04EIgcRg9FZGYCYZCcOiNZSAtq1DtN1pCkFSIZOW0sqa0jm=%caracteres%
   • http://%caracteres%.che**********.info/?imp_728*90=%caracteres%


A partir da seguinte localizao:
   • http://whos.amung.us/widget/**********/


A partir da seguinte localizao:
   • http://widgets.amung.us/small/07/**********


A partir da seguinte localizao:
   • http://whos.amung.us/swidget/**********


A partir da seguinte localizao:
   • http://0-1-0-0-1-0-0-0-1-0-1-1-0-1-1-1-1-0-1-1-1-0-0-0-1-1-1-1-1-1-1-.0-0-0-0-0-0-0-0-0-0-0-0-0-60-0-0-0-0-0-0-0-0-0-0-0-0-0.info/flv/**********


A partir da seguinte localizao:
   • http://widgets.amung.us/classic/02/**********




Tenta executar o seguinte ficheiro:

Executa um dos seguintes ficheiros:
   • "%HOME%\%valores hex%\winlogon.exe" ctfmon.exe

 Registry (Registo do Windows) So adicionados os seguintes valores ao registo de forma a que os processos sejam executados depois do computador ser reiniciado:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%uma srie de caracteres aleatrios%"="%HOME%\%valores hex%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%nome do utilizador actual%1\winlogon.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "%uma srie de caracteres aleatrios%"="%HOME%\%valores hex%\winlogon.exe"
   • "NVIDIA Media Center Library"="%HOME%\%nome do utilizador actual%1\winlogon.exe"



Adiciona a seguinte chave ao registo do Windows para executar o servio ao iniciar o sistema:

[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   • "Start"=dword:0x00000004



Os valores da seguinte chave Registo so eliminados:



Os valores das seguintes chaves registo do windows so eliminados:

–  [HKLM\SOFTWARE\Classes\lnkfile]
   • IsShortcut



Cria as seguintes entradas de forma a fazer um bypass firewall do Windows XP:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile]
   • "DisableNotifications"=dword:0x00000001
   • "DoNotAllowExceptions"=dword:0x00000000
   • "EnableFirewall"=dword:0x00000000

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valores hex%\winlogon.exe"="%HOME%\%valores
      hex%
\winlogon.exe:*:Enabled:@xpsp2res.dll,-53342401"



So adicionadas as seguintes chaves ao registo:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FPAVServer.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ChromeSetup.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\88[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\055[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFile"=dword:0x00000001
   • "NoFolderOptions"=dword:0x00000001
   • "NoRun"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\002.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\074[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "ConsentPromptBehaviorAdmin"=dword:0x00000000
   • "EnableLUA"=dword:0x00000000
   • "PromptOnSecureDesktop"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\633[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\432[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\521.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   • "DisableRegistryTools"=dword:0x00000001
   • "DisableTaskMgr"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   http\UserChoice]
   • "Progid"="IE.HTTP"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\003.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valores hex%\winlogon.exe"="RUNASADMIN"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\035[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\053.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\005[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecFirewall]
   • "DisableMonitoring"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\13.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
   .htm\UserChoice]
   • "Progid"="IE.AssocFile.HTM"

[HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valores hex%\winlogon.exe"="%HOME%\%valores hex%\winlogon.exe:*:Enabled:@xpsp2res.dll,-28956246"

[HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EHttpSrv.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\BullGuard.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings]
   • "Enabled"="0"

[HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel]
   • "HomePage"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
   • "DisableMonitoring"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\864[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\081[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\042.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKCU\Software\Policies\Microsoft\Windows\System]
   • "DisableCMD"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
   • "AntiSpywareOverride"=dword:0x00000000
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000000
   • "FirstRunDisabled"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "UpdatesDisableNotify"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FirewallControlPanel.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\091[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   • "NoAutoRebootWithLoggedOnUsers"=dword:0x00000001

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%HOME%\%valores hex%\winlogon.exe"="RUNASADMIN"

[HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile]
   • "EnableFirewall"=dword:0x00000000

[HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   ftp\UserChoice]
   • "Progid"="IE.FTP"

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "Default_Page_URL"="http://5k32pez9uwowdo0.directorio-w.com"
   • "Default_Search_URL"="http://61ohz4fld059059.directorio-w.com"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\027[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\082.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile]
   • "EnableFirewall"=dword:0x00000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\004.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Filemon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\06.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%HOME%\%valores hex%\winlogon.exe"="%HOME%\%valores hex%\winlogon.exe:*:Enabled:@xpsp2res.dll,-57951861"

[HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiSpyWareDisableNotify"=dword:0x00000001
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000000
   • "AutoUpdateDisableNotify"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "InternetSettingsDisableNotify"=dword:0x00000001
   • "UacDisableNotify"=dword:0x00000001
   • "cval"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\051.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\'rorre' .exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\084.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\021[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\061[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\052.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ComboFix.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\006.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\827[.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Diskmon.exe]
   • "Debugger"=""%HOME%\27F6471627473796E696D64614\winlogon.exe""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\09.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""

[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\
   SymantecAntiVirus]
   • "DisableMonitoring"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
   https\UserChoice]
   • "Progid"="IE.HTTPS"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\
   003[[=s rav;eslaf=p rav;eslaf=b rav;ib.exe]
   • "Debugger"=""%WINDIR%\twunk_16.exe""



Altera as seguintes chaves de registo do Windows:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Valor recente:
   • "DisableSR"=dword:0x00000001

[HKLM\SOFTWARE\Classes\ftp\shell\open\command]
   Valor recente:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

[HKLM\SYSTEM\CurrentControlSet\Services\Sr]
   Valor recente:
   • "Start"=dword:0x00000004

[HKLM\SOFTWARE\Classes\https\shell\open\command]
   Valor recente:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

[HKCU\Control Panel\Sound]
   Valor recente:
   • "Beep"="no"

[HKLM\SOFTWARE\Classes\http\shell\open\command]
   Valor recente:
   • "@"=""%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE""

[HKLM\SOFTWARE\Classes\http\shell\open\ddeexec\Application]
   Valor recente:
   • "@"="IExplore"

[HKCU\Software\Microsoft\Internet Explorer\Main]
   Valor recente:
   • "Disable Script Debugger"="Yes"
   • "Local Page"="http://j4d1677o5i4b992.directorio-w.com"
   • "Search Page"="http://z027305rxhiu861.directorio-w.com"
   • "Start Page"="http://oou30vs938ikf65.directorio-w.com"

[HKLM\SOFTWARE\Classes\https\shell\open\ddeexec\Application]
   Valor recente:
   • "@"="IExplore"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN]
   Valor recente:
   • "Default_Page_URL"="http://g1sp91vn21u1rm1.directorio-w.com"
   • "Default_Search_URL"="http://589980kqkmulj48.directorio-w.com"
   • "Local Page"="http://cw356qr302m63gl.directorio-w.com"
   • "Search Page"="http://tft17fi9ekwn7u0.directorio-w.com"
   • "Start Page"="http://j147m23v4t1n5ai.directorio-w.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Valor recente:
   • "Hidden"=dword:0x00000002
   • "HideFileExt"=dword:0x00000003
   • "ShowSuperHidden"=dword:0x00000000
   • "SuperHidden"=dword:0x00000001

[HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\Application]
   Valor recente:
   • "@"="IExplore"

 Hospedeiros O ficheiro hospedeiro sofre as seguintes alteraes:

Neste caso valores existentes sero alterados.

O acesso aos seguintes domnios redireccionado para outros destinos:
   • 208.109.220.95 viabcp.com; 208.109.220.95 www.viabcp.com;
      208.109.220.95 bcpzonasegura.viabcp.com; 173.236.65.132
      www.produbanco.com; 173.236.65.132 produbanco.com; 173.236.65.132
      www.pichincha.com; 173.236.65.132 pichincha.com; 173.236.65.132
      wwwp1.pichincha.com; 173.236.65.132 wwwp2.pichincha.com;
      173.236.65.132 wwwp3.pichincha.com; 173.236.65.132
      wwwp4.pichincha.com; 173.236.65.132 wwww01.pichincha.com;
      173.236.65.132 wwww02.pichincha.com; 173.236.65.132
      wwww03.pichincha.com; 173.236.65.132 wwww04.pichincha.com;
      69.162.96.136 bn.com.pe; 69.162.96.136 www.bn.com.pe; 69.162.96.136
      zonasegura1.bn.com.pe; 69.162.96.136 www.zonasegura1.bn.com.pe;
      173.236.69.68 www.interbank.com.pe; 173.236.69.68 interbank.com.pe;
      130.108.67.190 iniciorapido.info; 8.228.150.60 www.iniciorapido.info;
      72.173.58.80 buscalo.in; 149.199.47.113 www.buscalo.in; 50.239.117.227
      buscafacil.com; 221.103.12.98 www.buscafacil.com; 28.48.176.49
      emsisoft.com; 105.75.165.150 ahnlab.com; 6.114.235.196 antivir.es;
      177.234.62.135 antiy.net; 240.180.226.87 authentium.com;
      61.206.215.120 avast.com; 219.245.29.233 avg.com; 133.178.180.172
      bitdefender.com; 197.55.88.124 quickheal.com; 17.81.77.157 clamav.net;
      175.189.148.15 comodo.com; 89.53.231.141 drweb.com; 153.254.139.161
      aladdin.com; 230.212.128.194 ca.com; 63.64.198.240 f-prot.com;
      46.184.25.179 f-secure.com; 41.129.1.130 fortinet.com; 186.156.246.163
      gdata.es; 19.195.248.21 ikarus.at; 2.59.143.216 jiangmin.com;
      254.5.51.168 kaspersky.com; 142.31.40.201 mcafee.com; 232.70.110.58
      microsoft.com; 214.191.193.185 eset.es; 210.136.169.205 norman.com;
      30.162.158.238 nprotect.com; 188.202.161.28 pandasecurity.com;
      170.66.56.222 pctools.com; 166.11.220.174 prevx.com; 243.37.209.207
      rising-global.com; 144.145.23.65 sophos.com; 127.9.106.4
      sunbeltsoftware.com; 122.210.14.211 symantec.com; 199.169.3.244
      hacksoft.com.pe; 100.20.73.102 trendmicro.com; 83.140.224.229
      anti-virus.by; 79.86.132.249 hauri.net; 155.44.121.26 virusbuster.hu;
      57.151.191.139 www.emsisoft.com; 39.16.18.10 www.ahnlab.com;
      35.217.182.218 www.antivir.es; 111.243.171.251 www.antiy.net;
      13.27.242.109 www.authentium.com; 251.147.69.47 www.avast.com;
      247.92.45.255 www.avg.com; 68.118.34.32 www.bitdefender.com;
      225.158.36.146 www.quickheal.com; 208.22.187.17 www.clamav.net;
      203.223.95.36 www.comodo.com; 24.250.84.69 www.drweb.com;
      181.33.154.183 www.aladdin.com; 164.221.237.54 www.ca.com;
      159.167.213.6 www.f-prot.com; 236.125.202.39 www.f-secure.com;
      138.232.204.152 www.fortinet.com; 52.97.99.91 www.gdata.es;
      116.42.7.43 www.ikarus.at; 192.0.252.76 www.jiangmin.com;
      94.108.67.190 www.kaspersky.com; 8.228.150.60 www.mcafee.com;
      72.173.58.80 www.microsoft.com; 149.199.47.113 www.eset.es;
      50.239.117.227 www.norman.com; 221.103.12.98 www.nprotect.com;
      28.48.176.49 www.pandasecurity.com; 105.75.165.150 www.pctools.com;
      6.114.235.196 www.prevx.com; 177.234.62.135 www.rising-global.com;
      240.180.226.87 www.sophos.com; 61.206.215.120 www.sunbeltsoftware.com;
      219.245.29.233 www.symantec.com; 133.178.180.172 www.hacksoft.com.pe;
      197.55.88.124 www.trendmicro.com; 17.81.77.157 www.anti-virus.by;
      175.189.148.15 www.hauri.net; 89.53.231.141 www.virusbuster.hu;
      153.254.139.161 www.emsisoft.com; 230.212.128.194 www.anti-trojan.net;
      63.64.198.240 malwarescan.emsisoft.com; 46.184.25.179
      forum.emsisoft.com; 41.129.1.130 www.emsisoft.net; 186.156.246.163
      www.emsisoft.it; 19.195.248.21 www.emsisoft.de; 2.59.143.216
      www.anti-trojan-software.net; 254.5.51.168 mamutu.com; 142.31.40.201
      www.emsisoft.es; 232.70.110.58 malwarescan.emsisoft.de;
      214.191.193.185 ww.emsisoft.com; 210.136.169.205 www.emsisoft.fr;
      30.162.158.238 www.emsisoft.nl; 188.202.161.28
      onlinecheck.emsisoft.com; 170.66.56.222 onlinecheck.emsisoft.de;
      166.11.220.174 www.emsisoft.org; 243.37.209.207 scan.anti-trojan.net;
      144.145.23.65 www.trojaner.info; 127.9.106.4 onlinecheck.emsisoft.org;
      122.210.14.211 onlinecheck.emsisoft.net; 199.169.3.244 blitzblank.com;
      100.20.73.102 www.emsisoft.at; 83.140.224.229 www.emsisoft.jp;
      79.86.132.249 www.mamutu.com; 155.44.121.26 malwarescan.emsisoft.es;
      57.151.191.139 www.mamutu.de; 39.16.18.10 download5.emsisoft.com;
      35.217.182.218 download1.emsisoft.com; 111.243.171.251
      download4.emsisoft.com; 13.27.242.109 global.ahnlab.com; 251.147.69.47
      www.hackshields.com; 247.92.45.255 www.internationalservicecheck.com;
      68.118.34.32 www.irangoals.com; 225.158.36.146 ixomodels.com;
      208.22.187.17 www.indielisboa.com; 203.223.95.36
      www.latin-mass-society.org; 24.250.84.69 www.arpia.be; 181.33.154.183
      www.owen.org; 164.221.237.54 www.prdouglas.co.uk; 159.167.213.6
      www.zarya.info; 236.125.202.39 www.willsee.com; 138.232.204.152
      halmapr.com; 52.97.99.91 karuna-shechen.org; 116.42.7.43
      www.barder.com; 192.0.252.76 www.antivir.es; 94.108.67.190
      www.buraka.tv; 8.228.150.60 www.dr-bull.com; 72.173.58.80
      www.manchester-offices.co.uk; 149.199.47.113 saverssite.com;
      50.239.117.227 canada.karuna-shechen.org; 221.103.12.98
      developmentdrums.org; 28.48.176.49 www.imddomains.co.uk;
      105.75.165.150 cutlines.org; 6.114.235.196 elblogdemanu.com;
      177.234.62.135 ruben.bzin.net; 240.180.226.87 welkam.co.jp;
      61.206.215.120 www.cambridge-steiner-school.co.uk; 219.245.29.233
      naturesimages.net; 133.178.180.172 www.1stavenuelimousines.co.uk;
      197.55.88.124 www.mtr-design.com; 17.81.77.157 dev.depeuter.org;
      175.189.148.15 www.emeraldclassic.co.uk; 89.53.231.141
      www.peterhearnwaste.co.uk; 153.254.139.161 etrr.co.uk; 230.212.128.194
      www.avoncourt.com; 63.64.198.240 sarahmcconnellphotography.net;
      46.184.25.179 www.ixomodels.com; 41.129.1.130 natsko.com;
      186.156.246.163 www.nottinghampoetryseries.com; 19.195.248.21
      www.sheffieldmind.co.uk; 2.59.143.216 ixostore.ixomodels.com;
      254.5.51.168 www.flairweddings.co.uk; 142.31.40.201 www.fimasys.com;
      232.70.110.58 cohartuk.com; 214.191.193.185 qqjkw.net; 210.136.169.205
      vivo-austin.com; 30.162.158.238 www.freeality.com; 188.202.161.28
      bestofewan.com; 170.66.56.222 www.handwritingforkids.com;
      166.11.220.174 cowsmo.com; 243.37.209.207 www.2xlgames.com;
      144.145.23.65 kimzimmer.net; 127.9.106.4 basetendencies.com;
      122.210.14.211 trackingtheworld.com; 199.169.3.244
      www.reviewsofbooks.com; 100.20.73.102 www.collectedcurios.com;
      83.140.224.229 www.renningers.com; 79.86.132.249 ccslaughterspdx.com;
      155.44.121.26 www.briarhurst.com; 57.151.191.139 www.smf.org;
      39.16.18.10 ribbonwarehouse.com; 35.217.182.218 www.garryowen.com;
      111.243.171.251 45pounds.com; 13.27.242.109 isotopecomics.com;
      251.147.69.47 roysephotos.com; 247.92.45.255 www.stadiumpage.com;
      68.118.34.32 www.elvis-express.com; 225.158.36.146
      www.tomorrowsedge.net; 208.22.187.17 www.beautybar.com; 203.223.95.36
      pineleafboys.com; 24.250.84.69 www.mountainlakeslodge.com;
      181.33.154.183 pvtc.org; 164.221.237.54 bhsbees.com; 159.167.213.6
      baristamagazine.com; 236.125.202.39 www.gokidding.com; 138.232.204.152
      defalcos.com; 52.97.99.91 www.celticmerchant.com; 116.42.7.43
      www.hxproduction.com; 192.0.252.76 www.wellgousa.com; 94.108.67.190
      blog.titanium-jewelry.com; 8.228.150.60 www.brightoctober.com;
      72.173.58.80 hishomeforchildren.com; 149.199.47.113
      www.phoenixtrikeworks.com; 50.239.117.227 www.professorbeyer.com;
      221.103.12.98 www.secondchanceboxer.com; 28.48.176.49
      www.residentphotography.com; 105.75.165.150 woottonfootball.com;
      6.114.235.196 www.deborahshelton.net; 177.234.62.135 bobbondart.com;
      240.180.226.87 www.authentium.com; 61.206.215.120 asap.authentium.com;
      219.245.29.233 www.authentium.com.au; 133.178.180.172 avast.com;
      197.55.88.124 www.avast.com; 17.81.77.157 files.avast.com;
      175.189.148.15 download535.avast.com; 89.53.231.141 avg.com;
      153.254.139.161 www.avg.com; 230.212.128.194 grisoft.com;
      63.64.198.240 www.grisoft.com; 46.184.25.179 antivirus-tools.com;
      41.129.1.130 archive.bitdefender.com; 186.156.246.163
      avx.rob-have.net; 19.195.248.21 b-have.orgbitdefender-ar.com;
      2.59.143.216 bitdefender.com; 254.5.51.168 bitdefender.org;
      142.31.40.201 bitdefenderchina.com; 232.70.110.58
      bitdefenderguatemala.com; 214.191.193.185 bitdefendermalaysia.com;
      210.136.169.205 bitdefendertaiwan.com; 30.162.158.238
      bitdefenderuruguay.com; 120.134.93.216 bitdefenderusa.com;
      102.254.244.154 buy.bitdefender-es.com; 98.199.152.106
      buy.bitdefender.com; 175.225.141.139 buy.bitdefender.de; 76.77.211.253
      de.bitdefender.com; 59.197.38.192 fr.bitdefender.com; 54.142.202.143
      futurenow.bitdefender.com; 131.101.191.176 it.bitdefender.com;
      32.208.5.34 jobs.bitdefender.com; 15.72.156.161 kb.bitdefender.com;
      11.18.64.181 kb.bitdefender.de; 87.232.53.214 kb.bitdefender.us;
      245.83.123.71 latin.bitdefender.com; 227.204.206.198
      linux.bitdefender.com; 223.149.114.150 malwarecity.com; 43.175.103.183
      malwarecity.netmalwarecity.org; 201.215.174.41 malwarepedia.com;
      183.79.1.235 neunet.orgnews.bitdefender.com; 179.24.233.187
      nl.bitdefender.com; 0.50.222.220 renewals.bitdefender.com;
      157.90.224.78 sales.bitdefender.com; 140.210.119.205
      square.bitdefender.com; 135.155.27.224 store.bitdefender.com;
      212.182.16.1 store.de.bitdefender.com; 113.221.86.115
      us.bitdefender.com; 96.153.169.242 virusscanonline.net; 92.99.145.194
      wedoantivirus.com; 168.57.134.227 www.antivirus-tools.com;
      70.164.136.84 www.avx.ro; 240.29.31.23 www.bit-defender.de;
      48.230.195.231 www.bitdefende.de; 124.188.184.8
      www.bitdefender-es.com; 26.40.255.122 www.bitdefender.be;
      196.160.82.180 www.bitdefender.cl; 192.37.178.200
      www.bitdefender.co.uk; 13.64.167.233 www.bitdefender.com;
      170.103.237.91 www.bitdefender.com.au; 85.223.132.218
      www.bitdefender.com.sg; 148.168.40.169 www.bitdefender.com.tw;
      225.195.29.14 www.bitdefender.com.vn; 126.234.99.60
      www.bitdefender.de; 41.98.182.255 www.bitdefender.es; 105.44.90.207
      www.bitdefender.fr; 181.70.79.240 www.bitdefender.hk; 83.109.149.97
      www.bitdefender.us; 253.42.44.36 www.bitdefenderme.com; 61.175.208.244
      www.malwarecity.com; 137.201.197.21 www.malwarecity.fr; 39.53.12.135
      quickheal.com; 209.173.95.5 www.quickheal.com; 17.118.3.25
      www.clamav.net; 94.77.248.58 cgi.clamav.net; 183.184.62.104
      lurker.clamav.net; 166.48.145.43 wwws.clamav.net; 161.249.121.250
      lists.clamav.net; 238.208.42.215 bugs.clamav.net; 71.247.44.73
      system-cleaner.comodo.com; 54.111.195.12 backup.comodo.com;
      50.57.103.220 www.comodoantispam.com; 194.83.92.253
      easy-vpn.comodo.com; 28.122.162.110 www.trustlogo.com; 10.243.245.237
      ztl.comodo.com; 6.188.221.1 www.livepcsupport.com; 82.214.210.34
      www.whichssl.com; 240.254.213.80 www.trustix.com; 222.118.108.18
      disk-encryption.comodo.com; 218.63.16.226 speedtest.comodo.com;
      39.90.5.3 www.contentverification.com; 196.197.75.117 idauthority.com;
      179.61.158.56 www.comodo.tv; 174.6.66.7 online-backup.comodo.com;
      251.221.55.40 www.testmypcsecurity.com; 152.72.125.154
      www.ccssforum.org; 135.192.20.25 i-vault.comodo.com; 131.138.184.45
      internetsecurity.comodo.com; 207.96.173.78 www.comodopartners.com;
      109.203.243.191 timestamp.comodoca.com; 91.68.70.62
      secure-email.comodo.com; 87.13.234.14 timestamp.wosign.com;
      163.39.224.47 rover800.gaima.co.uk; 65.79.38.161 www.nsclean.com;
      47.199.121.99 www.contentverification.com; 43.144.97.51
      new-estore.drweb.com; 120.171.86.84 support.drweb.com; 50.238.116.226
      pda.drweb.com; 32.103.11.97 updates.drweb.com; 28.48.175.117
      drweb.com; 104.74.164.150 vms.drweb.com; 6.114.235.8
      solutions.drweb.com; 244.46.62.134 news.drweb.com; 240.247.38.86
      my.drweb.com; 61.206.27.119 buy.drweb.com; 218.57.29.233
      products.drweb.com; 133.177.180.172 new-support.drweb.com;
      196.122.88.123 promotions.drweb.com; 17.81.77.156 network.drweb.com;
      174.188.147.14 customers.drweb.com; 89.52.230.141 store.drweb.com;
      153.254.138.161 company.drweb.com; 229.24.127.194 training.drweb.com;
      131.63.197.51 license.drweb.com; 45.184.92.178 cureit.ru;
      109.129.0.130 free.drweb.com; 185.155.245.231 info.drweb.com;
      87.195.60.21 new-partners.drweb.com; 1.59.143.215 drweb.net;
      65.4.51.167 new-company.drweb.com; 142.31.40.200 new-beta.drweb.com;
      43.70.110.58 new-forum.drweb.com; 214.2.5.253 secure.av-desk.com;
      21.135.169.204 www.av-desk.com; 98.162.158.237
      new-solutions.drweb.com; 255.13.228.95 new-www.drweb.com;
      170.133.55.222 www.freedrweb.ru; 234.79.219.242 daniloff.net;
      54.37.208.19 drweb-inside.com; 144.144.22.64 drwebinside.com;
      126.9.105.3 aladdin.com; 122.210.81.211 alladdin.ru; 10.236.70.244
      chickensroamfree.com; 100.20.73.102 ealaddin.net; 82.140.224.40
      ealaddin.orgeshop.aladdin.com; 78.85.132.248 secureme.com;
      223.111.121.25 www.aks.com; 56.151.191.139 www.aladdin.com;
      39.15.18.10 www.ealaddin.com; 34.216.182.217 www.ealaddin.com;
      43.175.171.250 auwww.ealaddin.nl; 200.214.173.40 www.esafe.com;
      183.78.68.235 www.hasp.se; 179.24.232.187 www.safenet-inc.com;
      255.50.221.220 www3.safenet-inc.com; 157.157.35.77 www.ca.com;
      139.22.118.16 cacomvip.ca.com; 135.223.26.224 www.netegrity.com;
      211.181.16.1 search.ca.com; 113.33.86.115 cai.com; 95.153.237.241
      www.f-prot.com; 91.98.145.5 frisk-software.com; 168.57.134.38
      www.frisk.is; 69.164.204.152 www.frisk-software.com; 52.28.31.23
      f-secure.com; 47.229.195.230 f-secure.frf-secure.hk; 124.0.184.7
      f-secure.nlfsecure.com; 25.39.254.121 fsecure.nlwebyard.com;
      8.159.81.60 www.f-secure.com; 4.105.57.12 www.fsecure.com;
      80.131.46.45 www.virus.fi; 238.170.48.158 fortihero.com; 220.35.199.29
      fortilog.com; 216.236.107.49 fortinet.co.at; 36.6.96.14 fortinet.com;
      126.234.99.128 fortiprotect.com; 108.166.182.254 fortiwifi.com;
      104.111.158.206 www.apsecure.com; 181.70.147.239 www.fortifed.com;
      82.177.149.97 www.fortiid.com; 253.41.44.36 www.fortimail.com;
      60.242.208.243 www.fortinet-apac.com; 137.201.197.20 www.fortinet.ch;
      38.52.11.134 www.fortinet.co.il; 209.172.94.5 www.fortinet.com;
      17.118.2.25 www.fortinet.com; 93.144.247.58 arwww.fortinet.cz;
      251.183.61.171 www.fortinet.net; 165.48.212.42 www.fortinet.nl;
      229.249.120.250 www.fortinet.sg; 49.19.110.95 www.fortinetuk.com;
      207.59.180.141 www.secure-elements.com; 121.179.7.79 gdata.es;
      185.124.171.31 www.gdata.es; 6.151.160.64 ikarus.at; 163.190.230.178
      www.ikarus.at; 78.122.125.117 global.jiangmin.com; 141.255.33.1
      jiangmin.com.cn; 150.214.210.33 jiangmin.com; 51.65.24.147
      www.jiangmin.com.cn; 222.185.107.18 www.kaspersky.com; 30.131.15.38
      forum.kaspersky.com; 106.89.4.71 support.kaspersky.co; 196.196.158.200
      usa.kaspersky.com; 6.145.241.139 brazil.kaspersky.com; 2.90.217.91
      latam.kaspersky.com; 146.116.206.124 kaspersky.com; 236.156.209.238
      me.kaspersky.com; 218.20.104.176 images.kaspersky.com; 214.221.12.128
      www.mcafee.com; 103.247.1.161 support.mcafee.com; 192.31.71.19
      msr.mcafee.com; 175.151.154.146 home.mcafee.com; 170.96.130.165
      networkassociates.com; 247.123.119.198 us.mcafee.com; 148.162.121.244
      tr.mcafee.com; 131.26.16.183 au.mcafee.com; 126.228.180.135
      mx.mcafee.com; 135.186.101.100 networkassociates.nai.com;
      37.37.171.213 go.mcafee.com; 19.158.254.152 fr.mcafee.com;
      15.103.162.104 uk.mcafee.com; 91.61.151.137 de.mcafee.com;
      249.169.222.251 obscgi.mcafee.com; 231.33.117.121 nai.com;
      227.234.25.141 www.entercept.com; 48.192.14.174 jp.mcafee.com;
      205.44.84.32 mcafeeb2b.com; 188.164.167.159 cn.mcafee.com;
      183.109.75.110 service.mcafee.com; 4.136.64.143 br.mcafee.com;
      161.175.134.1 www.mcafee.at; 144.39.217.196 mcafeeretail.com;
      140.241.193.148 it.mcafee.com; 216.11.182.181 tw.mcafee.com;
      118.50.184.38 privacy.microsoft.com; 100.171.79.165 tempuri.org;
      252.16.144.85 schemas.xmlsoap.org; 72.42.133.118 www.microsoft.com;
      230.82.203.232 specs.xmlsoap.org; 213.14.30.103
      www.eugrantsadvisor.ie; 208.215.6.54 schemas.microsoft.com;
      29.174.251.87 encarta.msn.com; 186.25.253.201 www.sysinternals.com;
      101.145.148.140 grv.microsoft.com; 164.91.56.92 www.xmlsoap.org;
      241.49.45.124 www.eugrantsadvisor.se; 142.156.115.238
      www.eugrantsadvisor.com; 57.20.198.109 research.microsoft.com;
      121.222.106.129 www.engyro.com; 197.248.95.162
      www.exchangeyourcareer.com; 99.31.165.19 www.eugrantsadvisor.de;
      13.152.60.146 exchangeyourcareer.net; 77.97.225.98 eugrantsadvisor.de;
      153.123.214.199 eugrantsadvisor.cz; 243.95.216.177 www.eset.es;
      158.215.43.116 demos.eset.es; 221.160.207.67 descargas.eset.es;
      42.187.196.100 blogs.protegerse.com; 199.226.10.214 eos.eset.es;
      114.158.161.153 pedidos.protegerse.com; 177.36.69.105
      reg-int.nod32-es.com; 254.62.58.137 reg.eset.es; 155.169.128.251
      vicentevirtual.com; 70.33.211.122 cou85.com; 134.235.119.142
      www.norman.com; 210.193.108.175 fsc.norman.com; 44.44.178.220
      nprobeta.norman.com; 26.165.5.159 register.norman.com; 22.110.238.111
      webadmin.norman.no; 166.136.227.144 sandbox.norman.com; 0.176.229.2
      www.nprotect.com; 239.40.124.197 global.nprotect.com; 234.241.32.148
      www.nprotect.co.kr; 123.12.21.181 www.npin.co.kr; 144.239.23.227
      siren24.nprotect.com; 127.103.106.98 15660808.co.kr; 122.49.82.118
      biz.nprotect.com; 199.75.71.150 nprotect.net; 101.114.73.196
      www.nprotect.com.br; 83.234.224.135 liveprotect.net; 79.180.132.87
      nprotect.seoul.go.kr; 155.206.121.120 chollian.nprotect.co.kr;
      57.57.191.233 www.pandasecurity.com; 39.178.18.172
      research.pandasecurity.com; 35.123.183.124 support.pandasecurity.com;
      111.81.172.157 pandalabs.pandasecurity.com; 13.189.242.15
      pandasecurity.com; 252.53.137.142 mop.pandasecurity.com;
      247.254.45.161 timeforyourbusi.pandasecurity.com; 68.213.34.194
      cybercrime.pandasecurity.com; 225.64.104.52 free.pandasecurity.com;
      208.184.187.179 cloudprotection.pandasecurity.com; 203.130.95.131
      shop.pandasecurity.com; 24.156.84.163 soporte.pandasecurity.com;
      114.127.86.209 together.pctools.com; 96.248.169.148 www.prevx.com;
      92.193.145.100 info.prevx.com; 168.219.134.133 free.prevx.com;
      70.2.136.246 spywarefiles.prevx.com; 52.123.31.117
      spywaredlls.prevx.com; 48.68.196.137 shield.prevx.com; 124.94.185.170
      www.prevx1.com; 26.134.255.28 howsafeismypc.com; 9.66.82.155
      www.retento.com; 4.11.58.106 www.freerav.com; 81.226.47.139
      www.rising-global.com; 238.77.49.253 www.risingav.com.au;
      153.197.200.192 support.rising-global.com; 216.143.108.144
      superboy2010.com.au; 37.101.97.176 www.sophos.com; 195.208.167.34
      feeds.sophos.com; 109.73.250.161 esp.sophos.com; 173.18.158.181
      cn.sophos.com; 249.44.147.214 tw.sophos.com; 151.83.217.71
      kr.sophos.com; 29.168.76.162 sophos.com; 93.113.240.114
      podcasts.sophos.com; 169.139.230.215 www.sunbeltsoftware.com;
      71.179.44.5 go.sunbeltsoftware.com; 242.43.127.199
      oem.sunbeltsoftware.com; 49.244.35.151 antispam.sunbeltsoftware.com;
      126.15.24.184 antispyware.sunbeltsoftware.com; 27.54.94.42
      antivirus.sunbeltsoftware.com; 198.242.245.237 sunbeltsoftware.com;
      5.119.153.189 shop.sunbeltsoftware.com; 82.146.142.221
      live.sunbeltsoftware.com; 239.253.212.79 firewall.sunbeltsoftware.com;
      154.117.39.206 www.symantec.com; 218.63.203.226 security.symantec.com;
      38.21.192.3 securityrespons.symantec.com; 128.128.6.48
      service1.symantec.com; 110.249.89.243 enterprisesecur.symantec.com;
      106.194.65.195 eval.symantec.com; 250.220.55.228 symantec.com;
      84.4.57.86 definitions.symantec.com; 67.124.208.24
      investor.symantec.com; 62.69.116.232 et.symantec.com; 207.96.105.9
      sfdoccentral.symantec.com; 40.135.175.123 servicenews.symantec.com;
      211.187.190.182 securityrespons.symantec.com; 206.132.166.202
      sea.symantec.com; 27.159.155.234 go.symantec.com; 184.198.157.24
      dell.symantec.com; 167.62.52.219 sun.symantec.com; 163.8.216.171
      marian.symantec.com; 239.34.205.204 tms.symantec.com; 141.141.19.61
      securitycheck.symantec.com; 123.6.102.0 smallbiz.symantec.com;
      119.207.10.208 www.symantec.com; 195.165.0.241
      visualtracking.symantec.com; 97.17.70.99 search.symantec.com;
      80.137.221.225 liveupdate.symantec.com; 75.82.129.245
      sitedirector.symantec.com; 152.41.118.22 edm.symantec.com;
      53.148.188.136 hostedmailsecur.symantec.com; 36.12.15.7
      www4.symantec.com; 31.213.179.215 education.symantec.com;
      108.240.168.247 vos.symantec.com; 9.23.238.105 www.hacksoft.com.pe;
      248.143.65.44 hacksoft.pe; 244.89.41.252 www.hacksoft.pe; 64.115.30.29
      housecall.trendmicro.com; 222.154.32.142 www.trendmicro.com;
      204.19.183.13 housecall65.trendmicro.com; 200.220.91.33
      us.trendmicro.com; 208.178.13.254 blog.trendmicro.com; 110.218.83.112
      emea.trendmicro.com; 93.150.166.238 housecall60.trendmicro.com;
      88.95.142.190 jp.trendmicro.com; 165.54.131.223 de.trendmicro.com;
      66.161.133.81 it.trendmicro.com; 237.25.28.20 itw.trendmicro.com;
      44.227.192.228 esupport.trendmicro.com; 121.185.181.4
      es.trendmicro.com; 22.36.251.118 br.trendmicro.com; 193.156.78.245
      tw.trendmicro.com; 1.102.242.9 la.trendmicro.com; 77.128.231.42
      uk.trendmicro.com; 235.167.45.155 ru.trendmicro.com; 149.32.196.26
      smbstore.trendmicro.com; 213.233.104.234 apac.trendmicro.com;
      33.3.94.79 store.trendmicro.com; 191.43.164.125
      training.trendmicro.com; 106.163.247.63 trial.trendmicro.com;
      169.108.155.15 ushousecall02.trendmicro.com; 246.135.144.48
      subwiz.trendmicro.com; 147.174.214.162 go.trendmicro.com;
      62.106.109.101 feeds.trendmicro.com; 125.240.17.53
      channelpartner.trendmicro.com; 202.10.6.85 wtc.trendmicro.com;
      35.49.8.131 shop.trendmicro.com; 206.169.91.2 fr.trendmicro.com;
      14.115.255.22 threatinfo.trendmicro.com; 90.73.244.55
      newsletters.trendmicro.com; 180.180.58.100 www.anti-virus.by;
      162.45.141.39 bg.virusblokada.com; 158.246.118.247 www.vba.com.by;
      46.16.107.24 beta.anti-virus.by; 136.56.109.138
      www.bg.virusblokada.com; 119.176.4.76 www.hauri.net; 114.121.168.28
      www.hauri.co.kr; 3.148.157.61 company.hauri.net; 92.187.227.175
      www.globalhauri.com; 75.51.54.46 shop.hauri.co.kr; 70.253.30.66
      hauri.co.kr; 147.23.19.98 pg.hauri.net; 48.62.21.144
      esecurity.livecall.co.kr; 31.182.172.83 mall.hauri.co.kr; 27.128.80.35
      company.hauri.co.kr; 103.154.69.68 haurijapan.com; 5.5.139.181
      virobot.co.kr; 243.126.222.120 www.virusbuster.hu; 11.99.158.100
      virusbuster.hu; 87.57.147.133 scanner.novirusthanks.org;
      245.164.217.246 scanner2.novirusthanks.or; 227.29.112.117
      novirusthanks.org; 223.230.20.137 www.novirusthanks.org; 43.188.10.170
      virustotal.com; 201.40.80.28 www.virustotal.com; 184.160.163.154
      virscan.org; 179.105.71.106 www.virscan.org; 0.132.60.139
      virusscan.jotti.org; 157.171.130.253 jotti.org; 140.35.213.192
      www.jotti.org; 135.237.189.144 viruschief.com; 212.7.178.176
      www.viruschief.com; 113.46.180.34 scanner.virus.org; 96.166.75.161
      virus.org; 92.112.239.181 www.virus.org; 168.138.228.214 scan4you.net;
      70.177.42.71 www.scan4you.net; 52.110.125.198 avhide.com;
      48.55.101.150 www.avhide.com; 56.201.23.115 anubis.iseclab.org;
      214.53.25.229 iseclab.org; 129.173.176.167 www.iseclab.org;
      192.118.84.119 threatexpert.com; 13.77.73.152 www.threatexpert.com


 Informaes diversas  Procura uma ligao de internet contactando o seguinte web site:
   • http://www.whatismyip.org


Mutex:
Cria o seguinte Mutex:
   • @0MPfV5@mqt

 Detalhes do ficheiro Linguagem de programao:
O programa de malware est escrito em Visual Basic.


Empacotador de Runtime:
De forma a agravar a deteco e reduzir o tamanho do ficheiro lanado com um empacotador de runtime.

Descrição enviada por Petre Galan em quarta-feira, 24 de novembro de 2010
Descrição atualizada por Petre Galan em quarta-feira, 24 de novembro de 2010

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.