MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

8.29.2010

Litter Korean rogue lurking V

Another piece of rogue from Korea and belonging to the family of PrivacyKeep, PrivacyCorp and PCScan.

ProtectInfo

protectinfo.co.kr - 114.108.168.8 - DACOM-NET LG DACOM


The IP address also resolves the following domains:
ad-clear.com
privacycop.co.kr
privacykeep.co.kr
protectinfo.co.kr

protectinfo_home.exe (a48e62c64f68a2b32dc601efffa2973d)

update.protectinfo.co.kr/instchk.php

226
[COUNTER]
NUM=6

[CHECK1]
HKEY=HKLM
REGPATH=............
REGNAME=DisplayName
REGVALUE=............

[CHECK2]
HKEY=HKLM
REGPATH=PrivacyCheck
REGNAME=DisplayName
REGVALUE=.......... ....

[CHECK3]
HKEY=HKLM
REGPATH=............
REGNAME=DisplayName
REGVALUE=............

[CHECK4]
HKEY=HKLM
REGPATH=............
REGNAME=DisplayName
REGVALUE=............

[CHECK5]
HKEY=HKLM
REGPATH=..........
REGNAME=DisplayName
REGVALUE=..........

[CHECK6]
HKEY=HKLM
REGPATH=privacykeep
REGNAME=DisplayName
REGVALUE=............

[HISTORYREG]
PATH="............"


protectinfo.co.kr/app_linkage/app_install.php?addr=000C29CA888C&ptn=infocode0067
protectinfo.co.kr/app_linkage/app_setting.php?mac=00-0C-29-CA-88-8C

3d
payed=0
pw_usr=
pw_sup=1470
hp1=
hp2=
hp3=
small=300
big=300


log.adsence.co.kr/logexp.php?aid=protectinfo&pid=infocode0067&kind=inst
file.protectinfo.co.kr/update.php

protectinfo.exe=0.325
pnfoupdater.exe=0.113
pnfohk.dll=0.110
pnfouninst.exe=0.1
pnfowcher.exe=0.116
pnfopopd.dll=0.1


protectinfo.co.kr/app_linkage/app_boot.php?ver=.0.398
protectinfo.co.kr/popup_settle.html?addr=00-0C-29-CA-88-8C
protectinfo.co.kr/settlement/paysys/mobile/Deliver.php
protectinfo.co.kr/settlement/paysys/pbill/Deliver.php
protectinfo.co.kr/settlement/paysys/ars/Deliver.php



Countermeasures

Uninstall from Program Files
Running updated antivirus

Related information



Litter Korean rogue lurking IV
Litter Korean rogue lurking III
Litter Korean rogue lurking II
Litter Korean rogue lurking I
PC Defender Antivirus rogue update system registry
Phoenix Exploit's Kit and Pay-per-Install via PC Defender Antivirus
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Desktop Hijack by Internet Security 2010. Your System Is Infected!

Jorge Mieres 

0 comentarios:

Post a Comment