Re: Haven't seen a Zlob link for a few weeks

From: "Duh_OZ" <ozzy.kopec@xxxxxxxxx>

| Until tonight anyway.
|
| activexmediasource.com
|

Thanx. That's a new one.

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: ACTIVEXMEDIASOURCE.COM

Registrant:
vl ltd
Von Linstow (wm@xxxxxxxxxxxxxxxx)
Dalbergsgade 7
Viborg
null,8800
DK
Tel. +045.26881927

Creation Date: 17-Jan-2007
Expiration Date: 17-Jan-2008



So is this one...


Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: VIDEOACTIVEXSOFTWARE.COM

Registrant:
AXV
Ase Traving (at@xxxxxxxxxxxxxxxx)
Figenvej 125
Nustved
null,4700
DK
Tel. +045.26468496

Creation Date: 17-Jan-2007
Expiration Date: 17-Jan-2008



videoactivexsoftware.com

[quote]Complete scanning result of "setupvax.exe", processed in VirusTotal at 01/20/2007 05:11:22
(CET).

[ file data ]
* name: setupvax.exe
* size: 60720
* md5.: 759b8fb8b9f0ede2f0689b7eec750a68
* sha1: ba9bd46ccefe625080eff11994c8805a93753f46

[ scan result ]
AntiVir 7.3.0.26/20070120 found [DR/Zlob.Gen]
BitDefender 7.2/20070120 found [Trojan.Zlob.IN]
eSafe 7.0.14.0/20070120 found [suspicious Trojan/Worm]
Fortinet 2.82.0.0/20070119 found [suspicious]
Prevx1 V2/20070120 found [Malicious]

[ notes ]
packers: UPX
packers: UPX, BINARYRES, BINARYRES
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=bca071748737


Right now there are MORE DNSChanger sites than ZLob installer sites. All owned by the same
group and all registered through ESTDOMAINS INC

NOTE: The email addresses of the registered owners of the sites point to OTHER sites as
well.

I have quite an extensive list of both active and closed sites. Email me and I'll provide
it to you. I don't want to post it publicly.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.