online-antivirus-2009.com

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Warning: New threat, be very careful NOT to visit the site mentioned
below.

It seems online-antivirus-2009.com is a rogue website, the domain name
was registered Oct 24 2008. Anything else probably fake.

In some way users are trapped with a message saying they need to
update theior Online Windows Security scanner, then visiting this site
manages to contaminate even otherwise up-to-date systems, in presence
of a virus scanner.

Couldn't find any details yet using Google search, please post any
update details what this site does, how it is working, how to get rid
of this contamination.





Re: online-antivirus-2009.com


| Warning: New threat, be very careful NOT to visit the site mentioned
| below.

| It seems online-antivirus-2009.com is a rogue website, the domain name
| was registered Oct 24 2008. Anything else probably fake.

| In some way users are trapped with a message saying they need to
| update theior Online Windows Security scanner, then visiting this site
| manages to contaminate even otherwise up-to-date systems, in presence
| of a virus scanner.

| Couldn't find any details yet using Google search, please post any
| update details what this site does, how it is working, how to get rid
| of this contamination.

AhnLab-V3 2008.10.24.3 2008.10.25 Win-Trojan/Downloader.185856.BB
AntiVir 7.9.0.9 2008.10.25 TR/Dldr.Small.aetn
Authentium 5.1.0.4 2008.10.26 W32/FakeAlert.3!Generic
Avast 4.8.1248.0 2008.10.25 Win32:Trojan-gen
AVG 8.0.0.161 2008.10.25 Generic11.ASYW
BitDefender 7.2 2008.10.26 Trojan.FakeAV.1.Gen
CAT-QuickHeal 9.50 2008.10.25 TrojanDownloader.Small.aetn
DrWeb 4.44.0.09170 2008.10.26 Trojan.Fakealert.1321
eSafe 7.0.17.0 2008.10.26 Suspicious File
eTrust-Vet 31.6.6168 2008.10.25 Win32/FakeAlert.FX
F-Prot 4.4.4.56 2008.10.26 W32/FakeAlert.3!Generic
F-Secure 8.0.14332.0 2008.10.26 Trojan-Downloader.Win32.Small.aetn
Fortinet 3.113.0.0 2008.10.26 W32/Small.AETN!tr
GData 19 2008.10.26 Trojan.FakeAV.1.Gen
Ikarus T3.1.1.44.0 2008.10.26 Trojan-Downloader.Win32.Renos.AU
Kaspersky 7.0.0.125 2008.10.26 Trojan-Downloader.Win32.Small.aetn
McAfee 5415 2008.10.25 FakeAlert-AG.gen.a
Microsoft 1.4005 2008.10.26 TrojanDownloader:Win32/Renos.gen!AU
NOD32 3556 2008.10.26 a variant of Win32/TrojanDownloader.FakeAlert.DR
Panda 9.0.0.4 2008.10.25 Adware/AntiMalware2009
Prevx1 V2 2008.10.26 Cloaked Malware
SecureWeb-Gateway 6.7.6 2008.10.25 Trojan.Dldr.Small.aetn
Sophos 4.35.0 2008.10.26 Mal/EncPk-CZ
Sunbelt 3.1.1753.1 2008.10.25 Trojan-Downloader.Win32.Small.aetn
Symantec 10 2008.10.26 Packed.Generic.188
TheHacker 6.3.1.1.129 2008.10.25 Trojan/Downloader.Small.aetn
TrendMicro 8.700.0.1004 2008.10.24 TROJ_SMALL.LNL
ViRobot 2008.10.24.1436 2008.10.24 Trojan.Win32.Downloader.185856.BG
VirusBuster 4.5.11.0 2008.10.25 Trojan.FakeAlert.Gen!Pac.2


Mirrored from scanner<dot>win-antivir-2008.com         by HTTrack Website
Copier/3.x
[XR&CO'2007], Sun, 27 Jul 2008

Mirrored from 0scan<dot>com       by HTTrack Website Copier/3.x [XR&CO'2007],
Sun, 07 Sep
2008



The site may be knew but as you can see above, it is a mirror of a previous site
and the
files are recognized therefore MBAM should be able to remove this threat from an
infected
PC.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: online-antivirus-2009.com


I forgot to mention...

It downloads 17.gif which is a graphic that uses steganography to embed an EXE
file within
the GIF.

AntiVir 7.9.0.9 2008.10.25 TR/FakeScanner.F
PCTools 4.4.2.0 2008.10.26 Trojan.GIFembed
SecureWeb-Gateway 6.7.6 2008.10.25 Trojan.FakeScanner.F



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline