MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

8.21.2010

Litter Korean rogue lurking I

Language issues are not limited to developers of malicious code and the objectives of the criminals are far beyond any border, and although it is usually the largest flow of varieties are in English and, to a lesser extent Russian every now and then the guns are aimed at specific audiences, as in this case: Korean rogue.

MegaVaccine
megavaccine.com - 218.146.255.151 - KORNET KOREA TELECOM

The IP is also the following domains:
goodprivacy.co.kr
megavaccine.com
pc-privacy.co.kr
pc-up.co.kr
pcsweeper.co.kr
pctool.co.kr
privacyboan.com
privacyq.com
rprotect.co.kr
uprivacy.net
wowprotect.co.kr

megavaccine_setup.exe (2234041b04e072aa7585209fa66e8550)

down.megavaccine.com/autoupdate/MegaVaccine/MVaccine.exe
down.megavaccine.com/Update_db/addb.dat
down.megavaccine.com/Update_db/adsub.dat
down.megavaccine.com/Update_db/adtc.dat
down.megavaccine.com/Update_db/avmon.dat
down.megavaccine.com/Update_db/inter.dll
down.megavaccine.com/Update_db/pwdb.dat
down.megavaccine.com/Update_db/vsdb.dat
down.megavaccine.com/Update_info/2010081900-00-.txt
down.megavaccine.com/Update_ini/MegaVaccine/autoupdate.ini
down.megavaccine.com/app/weboard.html

Countermeasure

Uninstall from Program Files
Running updated antivirus


Related information
PC Defender Antivirus rogue update system registry
Phoenix Exploit's Kit and Pay-per-Install via PC Defender Antivirus
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Desktop Hijack by Internet Security 2010. Your System Is Infected!

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)