CLEAN MX realtime database    
public access query for virus URL statistics
Totally watched: 4704304 As of 2014-07-11 22:22:33 CEST
Subscribe to the VirusWatch Mailing list, updated hourly

This database consists of Virus URI, collected and verified since Feb 2006
Tweet
Recently we pushed out notifications with "unrated site" these are totally clean sites, we apologize this!

If you detect URI'S concerning your netblock, already closed... you have made a good job, otherwise please close them as soon as possible.

to look at some nice charts, there are complete statisticsstatistics for this database
Attention: all URI'S are manually verified, but not cross-checked for real viruses function in this moment you make this query.(Sites may have been closed already..)
Our automatic Viruswalker process is scheduled every hour, so you may see now a incident and this one will be resolved later on.
So please keep on sending close-feedbacks to us...

if you have questions, criticism, wishes or ... do not hesitate to contact us at abuse@clean-mx.de
Our PBX is down you may reach us by cell phone +49 171 4802507 ...
Query as xml: Same query as xml output
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
1 follow up this item(33710931) 33710931 Report false positive Report closed case make a suggestion 2014-07-11 13:04:26     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (48fb259cc478400354fe1d9d552b7173)follow up this md5sum(48fb259cc478400354fe1d9d552b7173)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zt.3adisk.com/mypane.aspx?down=ok ...  up alive follow up this ip (ip=61.166.55.16) as RSS-FeedSenderBaselookup 61.166.55.16 at virustotallookup 61.166.55.16 at Rus CERT university stuttgart germanylookup 61.166.55.16 at apnicfollow up this item(ip) in same window 61.166.55.16 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=61.166.55.16) as RSS-FeedSenderBaselookup 61.166.55.16 at virustotallookup 61.166.55.16 at Rus CERT university stuttgart germanylookup 61.166.55.16 at apnicfollow up this item(review) in same window 61.166.55.16 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zt.3adisk.com/mypane.aspx?down=ok ... follow up this domain (3adisk.com) as RSS-Feedlookup 3adisk.com at virustotalfollow up this domain(3adisk.com) 3adisk.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ynipm@126.com) as RSS-Feed ynipm@126.com follow up this itemfollow up this item 61.166.0.0 - 61.166.255.255 follow up this item CHINANET-YN follow up this item CHINANET Yunnan province network follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zt.3adisk.com/mypane.aspx?down=ok ...
2 follow up this item(33710930) 33710930 Report false positive Report closed case make a suggestion 2014-07-11 13:04:26     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
40/52 (76.9%) 
 
Generic33.HAR
Trojan.MicroFake!Nyu0d5RIIDk
TR/ATRAPS.Gen
Trojan/Win32.MicroFake
Win32:Nitol-A
Trj
Trojan.Win32.FakeMS.aeO
Gen:Variant.Graftor.17698
W32.FamVT.FakeLpkMVb.Worm
Trojan.Nitol.A
Win.Trojan.Agent-750188
W32/Trojan.SITA-0826
TrojWare.Win32.Serv 
 lookup in virustotal.com (a1e682d378545ace2877b4f291a9c978)-->[http://www.virustotal.com/latest-report.html?resource=a1e682d378545ace2877b4f291a9c978]follow up this md5sum(a1e682d378545ace2877b4f291a9c978)follow up this itemfollow up this virusname (TR%2FATRAPS.Gen) as RSS-Feedlookup Virusname at avirafollow up this malware(TR%2FATRAPS.Gen) for scanner (avira) in md5 table40/52 (76.9%) TR/ATRAPS.Gen
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zsjy.sdflc.com/jiuye/UploadFiles/ ...  up alive follow up this ip (ip=124.133.46.245) as RSS-FeedSenderBaselookup 124.133.46.245 at virustotallookup 124.133.46.245 at Rus CERT university stuttgart germanylookup 124.133.46.245 at apnicfollow up this item(ip) in same window 124.133.46.245 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4837) in networks tablefollow up this itemfollow up this AS (AS4837) as RSS-Feed AS4837 follow up this ip (review=124.133.46.245) as RSS-FeedSenderBaselookup 124.133.46.245 at virustotallookup 124.133.46.245 at Rus CERT university stuttgart germanylookup 124.133.46.245 at apnicfollow up this item(review) in same window 124.133.46.245 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zsjy.sdflc.com/jiuye/UploadFiles/ ... follow up this domain (sdflc.com) as RSS-Feedlookup sdflc.com at virustotalfollow up this domain(sdflc.com) sdflc.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 124.128.0.0 - 124.135.255.255 follow up this item UNICOM-SD follow up this item China Unicom Shandong province networkChina UnicomCNC Group CHINA169 Shandong Province Network follow up this item ns3.dnsv3.com follow up this item ns4.dnsv3.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zsjy.sdflc.com/jiuye/UploadFiles/ ...
3 follow up this item(33710925) 33710925 Report false positive Report closed case make a suggestion 2014-07-11 13:04:26     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
29/52 (55.8%) 
 
Trojan.Agent!0qf/j4d+0Mc
TR/Agent.2125824.12
Trojan/Win32.Agent
Win32:Malware-gen
Trojan.Win32.Agent.AP
Trojan.Generic.8513430
Trojan.Agen.g5
W32/Trojan.XORK-5698
UnclassifiedMalware
Trojan.Generic.8513430
(B)
Trojan.Generic.8513430
(B)
Trojan.Generic.8 
 lookup in virustotal.com (751e5c4958ea1d7d8bb4c7c7dc0b36b0)-->[http://www.virustotal.com/latest-report.html?resource=751e5c4958ea1d7d8bb4c7c7dc0b36b0]follow up this md5sum(751e5c4958ea1d7d8bb4c7c7dc0b36b0)follow up this itemfollow up this virusname (TR%2FAgent.2125824.12) as RSS-Feedlookup Virusname at avirafollow up this malware(TR%2FAgent.2125824.12) for scanner (avira) in md5 table29/52 (55.8%) TR/Agent.2125824.12
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.oyksoft.com/oyksoft.com/2012/% ...  up alive follow up this ip (ip=117.21.191.51) as RSS-FeedSenderBaselookup 117.21.191.51 at virustotallookup 117.21.191.51 at Rus CERT university stuttgart germanylookup 117.21.191.51 at apnicfollow up this item(ip) in same window 117.21.191.51 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=117.21.191.51) as RSS-FeedSenderBaselookup 117.21.191.51 at virustotallookup 117.21.191.51 at Rus CERT university stuttgart germanylookup 117.21.191.51 at apnicfollow up this item(review) in same window 117.21.191.51 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.oyksoft.com/oyksoft.com/2012/% ... follow up this domain (oyksoft.com) as RSS-Feedlookup oyksoft.com at virustotalfollow up this domain(oyksoft.com) oyksoft.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 117.21.0.0 - 117.21.255.255 follow up this item CHINANET-JX follow up this item CHINANET Jiangxi province networkChina TelecomNo.31,jingrong streetBeijing 100032 follow up this item dns13.hichina.com follow up this item dns14.hichina.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.oyksoft.com/oyksoft.com/2012/% ...
4 follow up this item(33710924) 33710924 Report false positive Report closed case make a suggestion 2014-07-11 13:04:26     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
2/52 (3.8%) 
 
Gen:Variant.NSAnti.1
PossibleThreat 
 lookup in virustotal.com (6080a13883cdd333fd2078cf4ebc4013)-->[http://www.virustotal.com/latest-report.html?resource=6080a13883cdd333fd2078cf4ebc4013]follow up this md5sum(6080a13883cdd333fd2078cf4ebc4013)follow up this itemfollow up this virusname (Gen%3AVariant.NSAnti.1) as RSS-Feedfollow up this malware(Gen%3AVariant.NSAnti.1) for scanner (F_Secure) in md5 table2/52 (3.8%) Gen:Variant.NSAnti.1
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201407/zone_16.9_D ...  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201407/zone_16.9_D ... follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201407/zone_16.9_D ...
5 follow up this item(33710923) 33710923 Report false positive Report closed case make a suggestion 2014-07-11 13:04:26     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
follow up this itemfollow up this virusname (PossibleThreat) as RSS-Feedfollow up this malware(PossibleThreat) for scanner (Fortinet) in md5 table1/52 (1.9%) PossibleThreat
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201405/mggj_19.0_D ...  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201405/mggj_19.0_D ... follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201405/mggj_19.0_D ...
6 follow up this item(33710922) 33710922 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
2/52 (3.8%) 
 
Win32/Heur
W32.HfsAutoB.2c2c 
 lookup in virustotal.com (600814ed5daea58e5948806151afb316)-->[http://www.virustotal.com/latest-report.html?resource=600814ed5daea58e5948806151afb316]follow up this md5sum(600814ed5daea58e5948806151afb316)follow up this itemfollow up this virusname (Win32%2FHeur) as RSS-Feedfollow up this malware(Win32%2FHeur) for scanner (AVG) in md5 table2/52 (3.8%) Win32/Heur
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201403/TTtsyb_1.3_ ...  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201403/TTtsyb_1.3_ ... follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201403/TTtsyb_1.3_ ...
7 follow up this item(33710921) 33710921 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
28/48 (58.3%) 
 Artemis!81E9B53A2546
PUP.Hacktool.Patcher
Riskware
Riskware
W32/Patcher.C
Trojan.Gen.2
Suspicious_Gen4.ACZUV
TROJ_GEN.R047C0EGU13
Win.Trojan.Agent-69048
Trojan.Win32.Genome.afolj
Trojan.Genome!FwyRfRdLwuI
Mal/Agent-ACR
UnclassifiedMalware
Trojan.Click2.4 
 lookup in virustotal.com (408f26a5ebded93015b1e50c5f675a30)-->[http://www.virustotal.com/latest-report.html?resource=408f26a5ebded93015b1e50c5f675a30]follow up this md5sum(408f26a5ebded93015b1e50c5f675a30)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner () in md5 table28/48 (58.3%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201112/KillCSS7_Do ...  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201112/KillCSS7_Do ... follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201112/KillCSS7_Do ...
8 follow up this item(33710920) 33710920 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
24/38 (63.2%) 
 Trojan.Agent.eidl
Riskware
Trojan.Win32.Agent.dhzhy
W32/MalwareF.NGJE
Trojan.Gen
W32/Suspicious_Gen2.CESWQ
TROJ_SPNR.03CN11
Win32:Malware-gen
Trojan.Agent!vu4jtYI28g4
TrojWare.Win32.Agent.eidl
Trojan.Win32.Generic!BT
TR/Agent.eidl
TROJ_SPNR.03CN11
VIRUS_ 
 lookup in virustotal.com (e02680a465c421439cec8bfe35af32dd)-->[http://www.virustotal.com/latest-report.html?resource=e02680a465c421439cec8bfe35af32dd]follow up this md5sum(e02680a465c421439cec8bfe35af32dd)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table24/38 (63.2%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201003/PhotoSectio ...  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201003/PhotoSectio ... follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/201003/PhotoSectio ...
9 follow up this item(33710919) 33710919 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
33/46 (71.7%) 
 Rootkit.Agent.cyss
Artemis!80BA6C9202D2
Riskware
Suspicious!SA
W32/SuspPack.AB.gen!Eldorado
Trojan
Horse
Obfuscated_R
TROJ_GEN.RCBOHL3
Win32:Malware-gen
Win32.GenHeur.PT.Yow
Rootkit.Win32.Agent.cyss
Virus.Win32.Gen.ccmw
Mal/Generic-S
MalCrypt.Indus!
Troj 
 lookup in virustotal.com (49adf7437b66560273215590b2bdd437)-->[http://www.virustotal.com/latest-report.html?resource=49adf7437b66560273215590b2bdd437]follow up this md5sum(49adf7437b66560273215590b2bdd437)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table33/46 (71.7%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/200912/qzy.rar  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/200912/qzy.rar follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/200912/qzy.rar
10 follow up this item(33710918) 33710918 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
29/51 (56.9%) 
 
Win32/Induc
Win32.Induc
W32/Induc.iena
Win32:Induc
Win32.Induc.A
W32.Induc.A
W32/Induc.B.gen!Eldorado
Virus.Win32.Induc.A0
Win32.Induc
Win32.Induc.A
(B)
Win32.Induc.A
(B)
W32/Induc.B.gen!Eldorado
Win32.Induc.A
Win32.Induc.A
Backdoor.Win32.Hupigon
Win32/ 
 lookup in virustotal.com (5ac0d202e76b4a1fd91d464c0911a165)-->[http://www.virustotal.com/latest-report.html?resource=5ac0d202e76b4a1fd91d464c0911a165]follow up this md5sum(5ac0d202e76b4a1fd91d464c0911a165)follow up this itemfollow up this virusname (W32%2FInduc.A) as RSS-Feedlookup Virusname at avirafollow up this malware(W32%2FInduc.A) for scanner (avira) in md5 table29/51 (56.9%) W32/Induc.A
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/200906/IPxggj.rar  up alive follow up this ip (ip=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(ip) in same window 61.160.247.196 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.247.196) as RSS-FeedSenderBaselookup 61.160.247.196 at virustotallookup 61.160.247.196 at Rus CERT university stuttgart germanylookup 61.160.247.196 at apnicfollow up this item(review) in same window 61.160.247.196 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/200906/IPxggj.rar follow up this domain (downg.com) as RSS-Feedlookup downg.com at virustotalfollow up this domain(downg.com) downg.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns2.dnspod.net follow up this item f1g1ns1.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zjdx.downg.com/200906/IPxggj.rar
11 follow up this item(33710916) 33710916 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
41/53 (77.4%) 
 Trojan.Generic.4372008
Trojan.Generic.4372008
Trojan.ZAgent.g5
Downloader.Small.Win32.25436
Trojan
(
001e15121
)
Trojan
(
001e15121
)
Trojan/Downloader.Small.cdws
Trojan.DL.Small!rs4OElHZnME
W32/Downloader.FD.gen!Eldorado
Downloader
TROJ_SPNR.15JQ11
Win3 
 lookup in virustotal.com (f648c88ebf59a86891eb99809aaa824e)-->[http://www.virustotal.com/latest-report.html?resource=f648c88ebf59a86891eb99809aaa824e]follow up this md5sum(f648c88ebf59a86891eb99809aaa824e)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table41/53 (77.4%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.9553.com/soft/ZProtect_1.6.0_2 ...  up alive follow up this ip (ip=122.228.193.205) as RSS-FeedSenderBaselookup 122.228.193.205 at virustotallookup 122.228.193.205 at Rus CERT university stuttgart germanylookup 122.228.193.205 at apnicfollow up this item(ip) in same window 122.228.193.205 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=122.228.193.205) as RSS-FeedSenderBaselookup 122.228.193.205 at virustotallookup 122.228.193.205 at Rus CERT university stuttgart germanylookup 122.228.193.205 at apnicfollow up this item(review) in same window 122.228.193.205 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.9553.com/soft/ZProtect_1.6.0_2 ... follow up this domain (9553.com) as RSS-Feedlookup 9553.com at virustotalfollow up this domain(9553.com) 9553.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 122.224.0.0 - 122.239.255.255 follow up this item CHINANET-ZJ follow up this item CHINANET Zhejiang province networkChina TelecomNo.31,jingrong streetBeijing 100032China Telecom Zhejiang Province follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.9553.com/soft/ZProtect_1.6.0_2 ...
12 follow up this item(33710915) 33710915 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
1/53 (1.9%) 
 
W32/Agent.AZOW!tr 
 lookup in virustotal.com (517fb0f53ccd30e4a3f4e5e76900779b)-->[http://www.virustotal.com/latest-report.html?resource=517fb0f53ccd30e4a3f4e5e76900779b]follow up this md5sum(517fb0f53ccd30e4a3f4e5e76900779b)follow up this itemfollow up this virusname (W32%2FAgent.AZOW%21tr) as RSS-Feedfollow up this malware(W32%2FAgent.AZOW%21tr) for scanner (Fortinet) in md5 table1/53 (1.9%) W32/Agent.AZOW!tr
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.9553.com/soft/iSee3Deluxe1006. ...  up alive follow up this ip (ip=60.191.150.35) as RSS-FeedSenderBaselookup 60.191.150.35 at virustotallookup 60.191.150.35 at Rus CERT university stuttgart germanylookup 60.191.150.35 at apnicfollow up this item(ip) in same window 60.191.150.35 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=60.191.150.35) as RSS-FeedSenderBaselookup 60.191.150.35 at virustotallookup 60.191.150.35 at Rus CERT university stuttgart germanylookup 60.191.150.35 at apnicfollow up this item(review) in same window 60.191.150.35 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.9553.com/soft/iSee3Deluxe1006. ... follow up this domain (9553.com) as RSS-Feedlookup 9553.com at virustotalfollow up this domain(9553.com) 9553.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (antispam@dcb.hz.zj.cn) as RSS-Feed antispam@dcb.hz.zj.cn follow up this itemfollow up this item 60.176.0.0 - 60.191.255.255 follow up this item CHINANET-ZJ-HZ follow up this item CHINANET-ZJ Hangzhou node networkZhejiang Telecom follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.9553.com/soft/iSee3Deluxe1006. ...
13 follow up this item(33710914) 33710914 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
37/52 (71.2%) 
 
Win32/Virut
Win32.Virut.Y.Gen
W32/Virut.Gen
Win32:Vitro
Win32.Virtob.Gen.12
W32.Vetor.PE
W32.Virut.G
W32/Virut.AI
Virus.Win32.Virut.CE
Win32.Virut.56
Win32/Virut.NBP
Win32.Virtob.Gen.12
(B)
Win32.Virtob.Gen.12
(B)
W32/Virut.AI
Win32.Virtob.Gen.12
W32/Vi 
 lookup in virustotal.com (6a53b450a166f8ff059fd1abcbf80c0d)-->[http://www.virustotal.com/latest-report.html?resource=6a53b450a166f8ff059fd1abcbf80c0d]follow up this md5sum(6a53b450a166f8ff059fd1abcbf80c0d)follow up this itemfollow up this virusname (W32%2FVirut.Gen) as RSS-Feedlookup Virusname at avirafollow up this malware(W32%2FVirut.Gen) for scanner (avira) in md5 table37/52 (71.2%) W32/Virut.Gen
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/hash-scan ...  up alive follow up this ip (ip=61.174.62.75) as RSS-FeedSenderBaselookup 61.174.62.75 at virustotallookup 61.174.62.75 at Rus CERT university stuttgart germanylookup 61.174.62.75 at apnicfollow up this item(ip) in same window 61.174.62.75 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=61.174.62.75) as RSS-FeedSenderBaselookup 61.174.62.75 at virustotallookup 61.174.62.75 at Rus CERT university stuttgart germanylookup 61.174.62.75 at apnicfollow up this item(review) in same window 61.174.62.75 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/hash-scan ... follow up this domain (7edown.com) as RSS-Feedlookup 7edown.com at virustotalfollow up this domain(7edown.com) 7edown.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.174.56.0 - 61.174.63.255 follow up this item CHINANET-ZJ-LS follow up this item CHINANET-ZJ Lishui node networkZhejiang Telecom follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/hash-scan ...
14 follow up this item(33710912) 33710912 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
17/53 (32.1%) 
 
Trojan.Pasta.Gen.1
Trojan:HEUR/Win32.AGeneric
Trojan.Win32.Generic.axxo
Trojan.Generic.g4
W32/Agent.EW.gen!Eldorado
Worm.Win32.Dropper.RA
Trojan.DownLoader9.42537
a
variant
of
Win32/FlyStudio
W32/Agent.EW.gen!Eldorado
Trojan:W32/DelfInject.R
HEUR:Trojan 
 lookup in virustotal.com (1e78110730fa4de249b3ae69ac26536b)-->[http://www.virustotal.com/latest-report.html?resource=1e78110730fa4de249b3ae69ac26536b]follow up this md5sum(1e78110730fa4de249b3ae69ac26536b)follow up this itemfollow up this virusname (Trojan%3AHEUR%2FWin32.AGeneric) as RSS-Feedfollow up this malware(Trojan%3AHEUR%2FWin32.AGeneric) for scanner (Antiy_AVL) in md5 table17/53 (32.1%) Trojan:HEUR/Win32.AGeneric
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/bbrjscq.r ...  up alive follow up this ip (ip=61.174.62.75) as RSS-FeedSenderBaselookup 61.174.62.75 at virustotallookup 61.174.62.75 at Rus CERT university stuttgart germanylookup 61.174.62.75 at apnicfollow up this item(ip) in same window 61.174.62.75 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=61.174.62.75) as RSS-FeedSenderBaselookup 61.174.62.75 at virustotallookup 61.174.62.75 at Rus CERT university stuttgart germanylookup 61.174.62.75 at apnicfollow up this item(review) in same window 61.174.62.75 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/bbrjscq.r ... follow up this domain (7edown.com) as RSS-Feedlookup 7edown.com at virustotalfollow up this domain(7edown.com) 7edown.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.174.56.0 - 61.174.63.255 follow up this item CHINANET-ZJ-LS follow up this item CHINANET-ZJ Lishui node networkZhejiang Telecom follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/bbrjscq.r ...
15 follow up this item(33710911) 33710911 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
27/53 (50.9%) 
 
BackDoor.Generic16.TYV
Trojan.Agent!+10y+R8ivK4
TR/Rogue.8468190
Trojan:HEUR/Win32.Unknown
Win32:Malware-gen
Trojan.Win32.Generic.aQV
W32/OnlineGames.HI.gen!Eldorado
Worm.Win32.Dropper.RA
a
variant
of
Win32/FlyStudio
W32/OnlineGames.HI.gen!Eldorado
W32/ 
 lookup in virustotal.com (1c25639365e78f62883aa70bbb94b76e)-->[http://www.virustotal.com/latest-report.html?resource=1c25639365e78f62883aa70bbb94b76e]lookup in threatexpert.comlookup the sha256(5e3753094ac299b6b4ee70416c6bae29e4fd92cbf73b12bf79a20aa2706d7aee) in comodo.comfollow up this md5sum(1c25639365e78f62883aa70bbb94b76e)follow up this itemfollow up this virusname (TR%2FRogue.8468190) as RSS-Feedfollow up this malware(TR%2FRogue.8468190) for scanner (AntiVir) in md5 table27/53 (50.9%) TR/Rogue.8468190
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/8mbd.rar  up alive follow up this ip (ip=61.174.62.75) as RSS-FeedSenderBaselookup 61.174.62.75 at virustotallookup 61.174.62.75 at Rus CERT university stuttgart germanylookup 61.174.62.75 at apnicfollow up this item(ip) in same window 61.174.62.75 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=61.174.62.75) as RSS-FeedSenderBaselookup 61.174.62.75 at virustotallookup 61.174.62.75 at Rus CERT university stuttgart germanylookup 61.174.62.75 at apnicfollow up this item(review) in same window 61.174.62.75 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/8mbd.rar follow up this domain (7edown.com) as RSS-Feedlookup 7edown.com at virustotalfollow up this domain(7edown.com) 7edown.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.174.56.0 - 61.174.63.255 follow up this item CHINANET-ZJ-LS follow up this item CHINANET-ZJ Lishui node networkZhejiang Telecom follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zj.7edown.com:808/green/8mbd.rar
16 follow up this item(33710910) 33710910 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
31/53 (58.5%) 
 Gen:Variant.Oficla.12
Backdoor
(
04c4b6651
)
Backdoor
(
04c4b6651
)
Trojan.Win32.Magania.cqxsc
W32/Downldr2.IZGU
Small.DRP
Win32:Malware-gen
Win.Trojan.Agent-745371
Backdoor.Win32.Yoddos.asb
Gen:Variant.Oficla.12
Trojan.Win32.Dropper.cgf
Gen:Variant.Ofic 
 lookup in virustotal.com (1d359f553eac3b4f1b236bbc69728164)-->[http://www.virustotal.com/latest-report.html?resource=1d359f553eac3b4f1b236bbc69728164]follow up this md5sum(1d359f553eac3b4f1b236bbc69728164)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table31/53 (58.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zir.j94vdajc.lolhezi.net:9010/Wdo ...  up alive follow up this ip (ip=122.224.32.49) as RSS-FeedSenderBaselookup 122.224.32.49 at virustotallookup 122.224.32.49 at Rus CERT university stuttgart germanylookup 122.224.32.49 at apnicfollow up this item(ip) in same window 122.224.32.49 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=122.224.4.211) as RSS-FeedSenderBaselookup 122.224.4.211 at virustotallookup 122.224.4.211 at Rus CERT university stuttgart germanylookup 122.224.4.211 at apnicfollow up this item(review) in same window 122.224.4.211 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zir.j94vdajc.lolhezi.net:9010/Wdo ... follow up this domain (lolhezi.net) as RSS-Feedlookup lolhezi.net at virustotalfollow up this domain(lolhezi.net) lolhezi.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 122.224.32.0 - 122.224.35.255 follow up this item CHINANET-ZJ follow up this item CHINANET Zhejiang province networkChina TelecomNo.31,jingrong streetBeijing 100032China Telecom Zhejiang Province follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zir.j94vdajc.lolhezi.net:9010/Wdo ...
17 follow up this item(33710904) 33710904 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (1582c3d1ed8de04e19552a373ace90e7)follow up this md5sum(1582c3d1ed8de04e19552a373ace90e7)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...  up alive follow up this ip (ip=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(ip) in same window 118.122.37.107 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(review) in same window 118.122.37.107 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ... follow up this domain (xzzxjly.com) as RSS-Feedlookup xzzxjly.com at virustotalfollow up this domain(xzzxjly.com) xzzxjly.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 118.120.0.0 - 118.123.255.255 follow up this item CHINANET-SC follow up this item CHINANET Sichuan province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...
18 follow up this item(33710903) 33710903 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (1582c3d1ed8de04e19552a373ace90e7)follow up this md5sum(1582c3d1ed8de04e19552a373ace90e7)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...  up alive follow up this ip (ip=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(ip) in same window 118.122.37.107 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(review) in same window 118.122.37.107 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ... follow up this domain (xzzxjly.com) as RSS-Feedlookup xzzxjly.com at virustotalfollow up this domain(xzzxjly.com) xzzxjly.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 118.120.0.0 - 118.123.255.255 follow up this item CHINANET-SC follow up this item CHINANET Sichuan province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...
19 follow up this item(33710902) 33710902 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (1582c3d1ed8de04e19552a373ace90e7)follow up this md5sum(1582c3d1ed8de04e19552a373ace90e7)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...  up alive follow up this ip (ip=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(ip) in same window 118.122.37.107 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(review) in same window 118.122.37.107 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ... follow up this domain (xzzxjly.com) as RSS-Feedlookup xzzxjly.com at virustotalfollow up this domain(xzzxjly.com) xzzxjly.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 118.120.0.0 - 118.123.255.255 follow up this item CHINANET-SC follow up this item CHINANET Sichuan province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...
20 follow up this item(33710901) 33710901 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (1582c3d1ed8de04e19552a373ace90e7)follow up this md5sum(1582c3d1ed8de04e19552a373ace90e7)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...  up alive follow up this ip (ip=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(ip) in same window 118.122.37.107 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(review) in same window 118.122.37.107 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ... follow up this domain (xzzxjly.com) as RSS-Feedlookup xzzxjly.com at virustotalfollow up this domain(xzzxjly.com) xzzxjly.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 118.120.0.0 - 118.123.255.255 follow up this item CHINANET-SC follow up this item CHINANET Sichuan province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/zhuomian ...
21 follow up this item(33710900) 33710900 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (4a2c108456a7c4b4c1bbe1a3326950a2)follow up this md5sum(4a2c108456a7c4b4c1bbe1a3326950a2)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/xiaozhi/ ...  up alive follow up this ip (ip=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(ip) in same window 118.122.37.107 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=118.122.37.107) as RSS-FeedSenderBaselookup 118.122.37.107 at virustotallookup 118.122.37.107 at Rus CERT university stuttgart germanylookup 118.122.37.107 at apnicfollow up this item(review) in same window 118.122.37.107 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/xiaozhi/ ... follow up this domain (xzzxjly.com) as RSS-Feedlookup xzzxjly.com at virustotalfollow up this domain(xzzxjly.com) xzzxjly.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 118.120.0.0 - 118.123.255.255 follow up this item CHINANET-SC follow up this item CHINANET Sichuan province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://zhainan.xzzxjly.com/down/xiaozhi/ ...
22 follow up this item(33710898) 33710898 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
35/52 (67.3%) 
 
Downloader.Generic13.AORJ
Trojan.DL.Small!CURyGUergbk
TR/Rogue.935374.286
Trojan/Win32.Nbdd
Win32:Malware-gen
Trojan.GenericKDV.935374
Backdoor.Nbdd.r4
TrojWare.Win32.Downloader.Small.JOR
Trojan.AVKill.30720
a
variant
of
Win32/TrojanDownloader.Small.PPQ 
 lookup in virustotal.com (f6663b920959bc2b13430441af077646)-->[http://www.virustotal.com/latest-report.html?resource=f6663b920959bc2b13430441af077646]follow up this md5sum(f6663b920959bc2b13430441af077646)follow up this itemfollow up this virusname (TR%2FRogue.935374.286) as RSS-Feedfollow up this malware(TR%2FRogue.935374.286) for scanner (AntiVir) in md5 table35/52 (67.3%) TR/Rogue.935374.286
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/xuanwuriji.zip? ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/xuanwuriji.zip? ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/xuanwuriji.zip? ...
23 follow up this item(33710897) 33710897 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
41/53 (77.4%) 
 
Downloader.Generic13.AORJ
Trojan.Nbdd!zZ2TANI6LC8
TR/Rogue.935374.82
Win32:Malware-gen
Backdoor.Win32.Nbdd.Afrv
Trojan.GenericKDV.935374
HW32.CDB.Cbf2
Backdoor.Nbdd.r4
W32/Trojan.QFKT-1649
TrojWare.Win32.Downloader.Small.JOR
Trojan.AVKill.30720
a
varian 
 lookup in virustotal.com (8762695a398e5646d45d0c2cca6558de)-->[http://www.virustotal.com/latest-report.html?resource=8762695a398e5646d45d0c2cca6558de]lookup in threatexpert.comlookup the sha256(f57837bff53e04a391cf934b8f0d0cd219cfe8af6f737b265b984a02f72991a9) in comodo.comfollow up this md5sum(8762695a398e5646d45d0c2cca6558de)follow up this itemfollow up this virusname (TR%2FRogue.935374.82) as RSS-Feedfollow up this malware(TR%2FRogue.935374.82) for scanner (AntiVir) in md5 table41/53 (77.4%) TR/Rogue.935374.82
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqxuanwuxianyin ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqxuanwuxianyin ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqxuanwuxianyin ...
24 follow up this item(33710896) 33710896 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (89e3a9c92d0842faae54a2b016db614a)follow up this md5sum(89e3a9c92d0842faae54a2b016db614a)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqxuanwujiyizhu ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqxuanwujiyizhu ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqxuanwujiyizhu ...
25 follow up this item(33710895) 33710895 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
follow up this itemfollow up this virusname (Win32%2FBackdoor.9c3) as RSS-Feedfollow up this malware(Win32%2FBackdoor.9c3) for scanner (undef) in md5 table37/50 (74%) Win32/Backdoor.9c3
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqlianliankan.z ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqlianliankan.z ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqlianliankan.z ...
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
26 follow up this item(33710894) 33710894 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
follow up this itemfollow up this virusname (HEUR%2FMalware.QVM07.Gen) as RSS-Feedfollow up this malware(HEUR%2FMalware.QVM07.Gen) for scanner (undef) in md5 table38/54 (70.4%) HEUR/Malware.QVM07.Gen
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/QQfeichexiaochu ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/QQfeichexiaochu ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/QQfeichexiaochu ...
27 follow up this item(33710893) 33710893 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
26/53 (49.1%) 
 
Downloader.Generic13.AORJ
Trojan.Nbdd!x9MlFVrSHO4
TR/Rogue.935374.171
Win32:Malware-gen
Trojan.GenericKDV.935374
Backdoor.Nbdd.r4
a
variant
of
Win32/TrojanDownloader.Small.PPQ
Trojan.GenericKDV.935374
(B)
Trojan.GenericKDV.935374
(B)
Trojan.GenericKDV.9 
 lookup in virustotal.com (71fbc483029197492d586dbeeb825527)-->[http://www.virustotal.com/latest-report.html?resource=71fbc483029197492d586dbeeb825527]lookup in threatexpert.comlookup the sha256(cc735b4f88d6db4ded3d8dd6d3c85262da792ba7a36fdc931f76d3636a2d12d4) in comodo.comfollow up this md5sum(71fbc483029197492d586dbeeb825527)follow up this itemfollow up this virusname (TR%2FRogue.935374.171) as RSS-Feedfollow up this malware(TR%2FRogue.935374.171) for scanner (AntiVir) in md5 table26/53 (49.1%) TR/Rogue.935374.171
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqfeicheaisi.zi ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqfeicheaisi.zi ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/qqfeicheaisi.zi ...
28 follow up this item(33710892) 33710892 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
15/52 (28.8%) 
 
Dropper.Microjoin
Trojan.Crypt.CG
Win32/TrojanDropper.Agent.NNO
Trojan.Crypt.CG
(B)
Trojan.Crypt.CG
(B)
Trojan.Crypt.CG
W32/Dropper.MLTR!tr
Trojan.Crypt.CG
Trojan-Dropper.Win32.Agent.exc
Generic
Dropper.ce
Generic
Dropper.ce
Trojan.Crypt.CG
TrojanDroppe 
 lookup in virustotal.com (87f073022595ebbabd6e02e161cfb135)-->[http://www.virustotal.com/latest-report.html?resource=87f073022595ebbabd6e02e161cfb135]lookup in threatexpert.comlookup the sha256(97289d49ee0be779df1491b83cf1ddbe220c603670165dc9f09b4aeac8e8ff4f) in comodo.comfollow up this md5sum(87f073022595ebbabd6e02e161cfb135)follow up this itemfollow up this virusname (Dropper.Microjoin) as RSS-Feedfollow up this malware(Dropper.Microjoin) for scanner (AVG) in md5 table15/52 (28.8%) Dropper.Microjoin
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/jiyi.zip?qqdrsi ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/jiyi.zip?qqdrsi ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/jiyi.zip?qqdrsi ...
29 follow up this item(33710891) 33710891 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
44/53 (83%) 
 
Dropper.Generic6.CJNV
Trojan.Renos!xwNBLqwDCsM
BDS/Hupigon.cpes
Win32:Hupigon-MYB
Trj
Trojan.Win32.Generic.aTdD
Trojan.Renos.Gen.1
Trojan.Generic.g3
Win.Trojan.Agent-103290
W32/Hupigon.BD.gen!Eldorado
UnclassifiedMalware
a
variant
of
Win32/TrojanDropper 
 lookup in virustotal.com (d6ea7da73a01c14c9427e0fc2a270dd5)-->[http://www.virustotal.com/latest-report.html?resource=d6ea7da73a01c14c9427e0fc2a270dd5]lookup in threatexpert.comlookup the sha256(5d83c59de46172aa9d00b8c8db1be421ee5a6b68efcc4a304303d8a1e0bfe577) in comodo.comfollow up this md5sum(d6ea7da73a01c14c9427e0fc2a270dd5)follow up this itemfollow up this virusname (BDS%2FHupigon.cpes) as RSS-Feedlookup Virusname at avirafollow up this malware(BDS%2FHupigon.cpes) for scanner (avira) in md5 table44/53 (83%) BDS/Hupigon.cpes
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/feichegongzi.zi ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/feichegongzi.zi ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/feichegongzi.zi ...
30 follow up this item(33710890) 33710890 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
42/54 (77.8%) 
 Trojan.GenericKDV.935374
Trojan.Dropper.SGX
Backdoor.Nbdd.r4
Trojan.Agent
Backdoor.Nbdd.Win32.1958
Trojan
(
0043328f1
)
Trojan
(
0043328f1
)
Trojan.Win32.Nbdd.cmsgjf
W32/Backdoor2.CBFI
WS.Reputation.1
Nbdd.A
TROJ_GE.E40810E1
Win32:Malware-gen
Backdoor.Wi 
 lookup in virustotal.com (36591c3e385bc455594b031a5e975a44)-->[http://www.virustotal.com/latest-report.html?resource=36591c3e385bc455594b031a5e975a44]follow up this md5sum(36591c3e385bc455594b031a5e975a44)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner () in md5 table42/54 (77.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/DNFxiaoyungeili ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/DNFxiaoyungeili ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/DNFxiaoyungeili ...
31 follow up this item(33710889) 33710889 Report false positive Report closed case make a suggestion 2014-07-11 13:04:25     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (430717316b93aa004f37122aa63fb79d)follow up this md5sum(430717316b93aa004f37122aa63fb79d)follow up this malware() for scanner () in md5 table0/43 (0.0%) 
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/dnfquantumiaosh ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/dnfquantumiaosh ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/dnfquantumiaosh ...
32 follow up this item(33710888) 33710888 Report false positive Report closed case make a suggestion 2014-07-11 13:04:24     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
40/54 (74.1%) 
 Trojan.Generic.8710066
Trojan.Generic.8710066
(Suspicious)
-
DNAScan
Artemis!9381F727B1D3
Trojan.Agent
Trojan.Genome.Win32.222708
Trojan
(
0007fbf81
)
Trojan
(
0007fbf81
)
Trojan.Win32.BlackHole.cvyoof
W32/Agent.EW.gen!Eldorado
Trojan.Gen.2
Suspicious_Ge 
 lookup in virustotal.com (363c5e11a48633170b9739b9a8e48c18)-->[http://www.virustotal.com/latest-report.html?resource=363c5e11a48633170b9739b9a8e48c18]follow up this md5sum(363c5e11a48633170b9739b9a8e48c18)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table40/54 (74.1%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/cftiantangchuan ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/cftiantangchuan ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/cftiantangchuan ...
33 follow up this item(33710887) 33710887 Report false positive Report closed case make a suggestion 2014-07-11 13:04:24     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
28/45 (62.2%) 
 Trojan.GenericKDV.935374
Artemis!7068F44840E9
Trojan
Trojan
Trojan.Win32.Black.bwzkhx
WS.Reputation.1
Nbdd.A
TROJ_GEN.R047B01G913
Win32:Malware-gen
Trojan.Win32.Jorik.Nbdd.pfu
Trojan.GenericKDV.935374
Trojan.Packed!z6UHCGvUez0
Mal/Behav-363
TrojWare.Win3 
 lookup in virustotal.com (c29effa40f33155f9ad485462144ac5e)-->[http://www.virustotal.com/latest-report.html?resource=c29effa40f33155f9ad485462144ac5e]follow up this md5sum(c29effa40f33155f9ad485462144ac5e)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table28/45 (62.2%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/cfnitian.zip?qq ...  up alive follow up this ip (ip=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(ip) in same window 58.218.39.216 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=58.218.39.216) as RSS-FeedSenderBaselookup 58.218.39.216 at virustotallookup 58.218.39.216 at Rus CERT university stuttgart germanylookup 58.218.39.216 at apnicfollow up this item(review) in same window 58.218.39.216 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/cfnitian.zip?qq ... follow up this domain (9paiw.com) as RSS-Feedlookup 9paiw.com at virustotalfollow up this domain(9paiw.com) 9paiw.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (ip@jsinfo.net) as RSS-Feed ip@jsinfo.net follow up this itemfollow up this item 58.208.0.0 - 58.223.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088 follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://z2.9paiw.com:8085/cfnitian.zip?qq ...
34 follow up this item(33710883) 33710883 Report false positive Report closed case make a suggestion 2014-07-11 13:04:24     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
31/53 (58.5%) 
 Gen:Variant.Oficla.12
Backdoor
(
04c4b6651
)
Backdoor
(
04c4b6651
)
Trojan.Win32.Magania.cqxsc
W32/Downldr2.IZGU
Small.DRP
Win32:Malware-gen
Win.Trojan.Agent-745371
Backdoor.Win32.Yoddos.asb
Gen:Variant.Oficla.12
Trojan.Win32.Dropper.cgf
Gen:Variant.Ofic 
 lookup in virustotal.com (1d359f553eac3b4f1b236bbc69728164)-->[http://www.virustotal.com/latest-report.html?resource=1d359f553eac3b4f1b236bbc69728164]follow up this md5sum(1d359f553eac3b4f1b236bbc69728164)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table31/53 (58.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yzf0gna7.mflt.lolhezi.net:9010/wd ...  up alive follow up this ip (ip=122.224.4.211) as RSS-FeedSenderBaselookup 122.224.4.211 at virustotallookup 122.224.4.211 at Rus CERT university stuttgart germanylookup 122.224.4.211 at apnicfollow up this item(ip) in same window 122.224.4.211 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4134) in networks tablefollow up this itemfollow up this AS (AS4134) as RSS-Feed AS4134 follow up this ip (review=122.224.4.211) as RSS-FeedSenderBaselookup 122.224.4.211 at virustotallookup 122.224.4.211 at Rus CERT university stuttgart germanylookup 122.224.4.211 at apnicfollow up this item(review) in same window 122.224.4.211 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yzf0gna7.mflt.lolhezi.net:9010/wd ... follow up this domain (lolhezi.net) as RSS-Feedlookup lolhezi.net at virustotalfollow up this domain(lolhezi.net) lolhezi.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 122.224.0.0 - 122.239.255.255 follow up this item CHINANET-ZJ follow up this item CHINANET Zhejiang province networkChina TelecomNo.31,jingrong streetBeijing 100032China Telecom Zhejiang Province follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yzf0gna7.mflt.lolhezi.net:9010/wd ...
35 follow up this item(33710882) 33710882 Report false positive Report closed case make a suggestion 2014-07-11 13:04:24     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
35/54 (64.8%) 
 W32.Clodc82.Trojan.98be
Gen:Heur.Zilix.1
(Suspicious)
-
DNAScan
Backdoor.Hupigon.Win32.174397
Riskware
(
0040eff71
)
Riskware
(
0040eff71
)
Trojan.Win32.Hupigon.bgblqb
Trojan.ADH.2
Troj_Generic.HCXFC
TROJ_SPNR.35CC13
Win32:Malware-gen
Backdoor.Win32.Hupi 
 lookup in virustotal.com (777aef6665ab4d503ecbc00a20b3b89a)-->[http://www.virustotal.com/latest-report.html?resource=777aef6665ab4d503ecbc00a20b3b89a]follow up this md5sum(777aef6665ab4d503ecbc00a20b3b89a)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table35/54 (64.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yz4.newhua.com/down/SLKMultPlay.r ...  up alive follow up this ip (ip=61.160.196.40) as RSS-FeedSenderBaselookup 61.160.196.40 at virustotallookup 61.160.196.40 at Rus CERT university stuttgart germanylookup 61.160.196.40 at apnicfollow up this item(ip) in same window 61.160.196.40 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.196.40) as RSS-FeedSenderBaselookup 61.160.196.40 at virustotallookup 61.160.196.40 at Rus CERT university stuttgart germanylookup 61.160.196.40 at apnicfollow up this item(review) in same window 61.160.196.40 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yz4.newhua.com/down/SLKMultPlay.r ... follow up this domain (newhua.com) as RSS-Feedlookup newhua.com at virustotalfollow up this domain(newhua.com) newhua.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yz4.newhua.com/down/SLKMultPlay.r ...
36 follow up this item(33710881) 33710881 Report false positive Report closed case make a suggestion 2014-07-11 13:04:24     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
20/43 (46.5%) 
 Trojan.Downloader.Agent.AAU
Artemis!B4CEBC3987EB
Trojan
Win32/Toolbar.Sogou
Suspicious_Gen2.IFJI
Win32:Trojan-gen
Win32.Downloader.Nsi
Trojan.Downloader.Agent.AAU
Mal/Generic-L
Trojan.Downloader.Agent.AAU
Adware.QQHelp
DR/Dldr.NSIS.Agent.O.27
Artemis!B4C 
 lookup in virustotal.com (b4cebc3987eb6d15df72934dbe978b26)-->[http://www.virustotal.com/latest-report.html?resource=b4cebc3987eb6d15df72934dbe978b26]follow up this md5sum(b4cebc3987eb6d15df72934dbe978b26)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table20/43 (46.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yz2.newhua.com/down/ha_overdisk01 ...  up alive follow up this ip (ip=61.160.196.43) as RSS-FeedSenderBaselookup 61.160.196.43 at virustotallookup 61.160.196.43 at Rus CERT university stuttgart germanylookup 61.160.196.43 at apnicfollow up this item(ip) in same window 61.160.196.43 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.160.196.43) as RSS-FeedSenderBaselookup 61.160.196.43 at virustotallookup 61.160.196.43 at Rus CERT university stuttgart germanylookup 61.160.196.43 at apnicfollow up this item(review) in same window 61.160.196.43 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yz2.newhua.com/down/ha_overdisk01 ... follow up this domain (newhua.com) as RSS-Feedlookup newhua.com at virustotalfollow up this domain(newhua.com) newhua.com follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (anti-spam@ns.chinanet.cn.net) as RSS-Feed anti-spam@ns.chinanet.cn.net follow up this itemfollow up this item 61.160.0.0 - 61.160.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item ns2.dnsv2.com follow up this item ns1.dnsv2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yz2.newhua.com/down/ha_overdisk01 ...
37 follow up this item(33710846) 33710846 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!0FE40CAEBE85
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (0fe40caebe85797ea946560809ece945)-->[http://www.virustotal.com/latest-report.html?resource=0fe40caebe85797ea946560809ece945]follow up this md5sum(0fe40caebe85797ea946560809ece945)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zrNW_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zrNW_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zrNW_1002_1699.exe
38 follow up this item(33710845) 33710845 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZRbO_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZRbO_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZRbO_1002_1699.exe
39 follow up this item(33710842) 33710842 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zQsv_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zQsv_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zQsv_1002_1699.exe
40 follow up this item(33710841) 33710841 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zQJn_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zQJn_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zQJn_1002_1699.exe
41 follow up this item(33710834) 33710834 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/Zmuv_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/Zmuv_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/Zmuv_1002_1699.exe
42 follow up this item(33710815) 33710815 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zgZB_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zgZB_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zgZB_1002_1699.exe
43 follow up this item(33710813) 33710813 Report false positive Report closed case make a suggestion 2014-07-11 13:04:23     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZgrK_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZgrK_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZgrK_1002_1699.exe
44 follow up this item(33710808) 33710808 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/53 (11.3%) 
 Artemis!BDA520020EE6
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (bda520020ee6786d8c3681f8953b2153)-->[http://www.virustotal.com/latest-report.html?resource=bda520020ee6786d8c3681f8953b2153]follow up this md5sum(bda520020ee6786d8c3681f8953b2153)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/53 (11.3%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZFGr_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZFGr_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZFGr_1002_1699.exe
45 follow up this item(33710806) 33710806 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZEyt_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZEyt_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZEyt_1002_1699.exe
46 follow up this item(33710805) 33710805 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zEUH_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zEUH_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zEUH_1002_1699.exe
47 follow up this item(33710804) 33710804 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/53 (11.3%) 
 Artemis!BDA520020EE6
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (bda520020ee6786d8c3681f8953b2153)-->[http://www.virustotal.com/latest-report.html?resource=bda520020ee6786d8c3681f8953b2153]follow up this md5sum(bda520020ee6786d8c3681f8953b2153)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/53 (11.3%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/Zeti_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/Zeti_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/Zeti_1002_1699.exe
48 follow up this item(33710802) 33710802 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZeRS_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZeRS_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZeRS_1002_1699.exe
49 follow up this item(33710798) 33710798 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!0FE40CAEBE85
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (0fe40caebe85797ea946560809ece945)-->[http://www.virustotal.com/latest-report.html?resource=0fe40caebe85797ea946560809ece945]follow up this md5sum(0fe40caebe85797ea946560809ece945)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zDTt_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zDTt_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zDTt_1002_1699.exe
50 follow up this item(33710794) 33710794 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/53 (11.3%) 
 Artemis!BDA520020EE6
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (bda520020ee6786d8c3681f8953b2153)-->[http://www.virustotal.com/latest-report.html?resource=bda520020ee6786d8c3681f8953b2153]follow up this md5sum(bda520020ee6786d8c3681f8953b2153)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/53 (11.3%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZDPS_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZDPS_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/ZDPS_1002_1699.exe
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
51 follow up this item(33710792) 33710792 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zdap_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zdap_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zdap_1002_1699.exe
52 follow up this item(33710786) 33710786 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zavV_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zavV_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/zavV_1002_1699.exe
53 follow up this item(33710780) 33710780 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z6459_1002_8433.exe ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z6459_1002_8433.exe ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z6459_1002_8433.exe ...
54 follow up this item(33710779) 33710779 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!0FE40CAEBE85
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (0fe40caebe85797ea946560809ece945)-->[http://www.virustotal.com/latest-report.html?resource=0fe40caebe85797ea946560809ece945]follow up this md5sum(0fe40caebe85797ea946560809ece945)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z5232_1002_8433.exe ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z5232_1002_8433.exe ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z5232_1002_8433.exe ...
55 follow up this item(33710778) 33710778 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z3463_1002_8433.exe ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z3463_1002_8433.exe ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z3463_1002_8433.exe ...
56 follow up this item(33710773) 33710773 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z16906_1002_8433.ex ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z16906_1002_8433.ex ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z16906_1002_8433.ex ...
57 follow up this item(33710772) 33710772 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z16699_1002_8433.ex ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z16699_1002_8433.ex ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z16699_1002_8433.ex ...
58 follow up this item(33710769) 33710769 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/53 (11.3%) 
 Artemis!BDA520020EE6
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (bda520020ee6786d8c3681f8953b2153)-->[http://www.virustotal.com/latest-report.html?resource=bda520020ee6786d8c3681f8953b2153]follow up this md5sum(bda520020ee6786d8c3681f8953b2153)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/53 (11.3%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z13588_1002_8433.ex ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z13588_1002_8433.ex ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z13588_1002_8433.ex ...
59 follow up this item(33710766) 33710766 Report false positive Report closed case make a suggestion 2014-07-11 13:04:22     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/53 (11.3%) 
 Artemis!BDA520020EE6
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (bda520020ee6786d8c3681f8953b2153)-->[http://www.virustotal.com/latest-report.html?resource=bda520020ee6786d8c3681f8953b2153]follow up this md5sum(bda520020ee6786d8c3681f8953b2153)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/53 (11.3%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z12974_1002_8433.ex ...  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z12974_1002_8433.ex ... follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/z12974_1002_8433.ex ...
60 follow up this item(33710764) 33710764 Report false positive Report closed case make a suggestion 2014-07-11 13:04:21     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!0FE40CAEBE85
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (0fe40caebe85797ea946560809ece945)-->[http://www.virustotal.com/latest-report.html?resource=0fe40caebe85797ea946560809ece945]follow up this md5sum(0fe40caebe85797ea946560809ece945)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yZnX_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yZnX_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yZnX_1002_1699.exe
61 follow up this item(33710762) 33710762 Report false positive Report closed case make a suggestion 2014-07-11 13:04:21     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yyBQ_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yyBQ_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yyBQ_1002_1699.exe
62 follow up this item(33710761) 33710761 Report false positive Report closed case make a suggestion 2014-07-11 13:04:21     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
8/54 (14.8%) 
 Artemis!36C9FFA74245
Suspicious_GEN.F47V0710
HEUR:Trojan.Win32.Generic
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (36c9ffa7424521951b04ac528c20e4e1)-->[http://www.virustotal.com/latest-report.html?resource=36c9ffa7424521951b04ac528c20e4e1]follow up this md5sum(36c9ffa7424521951b04ac528c20e4e1)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table8/54 (14.8%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yxvU_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(ip) in same window 61.147.113.69 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS23650) in networks tablefollow up this itemfollow up this AS (AS23650) as RSS-Feed AS23650 follow up this ip (review=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germanylookup 61.147.113.69 at apnicfollow up this item(review) in same window 61.147.113.69 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yxvU_1002_1699.exe follow up this domain (rmsh.cn) as RSS-Feedlookup rmsh.cn at virustotalfollow up this domain(rmsh.cn) rmsh.cn follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@jsinfo.net) as RSS-Feed abuse@jsinfo.net follow up this itemfollow up this item 61.147.0.0 - 61.147.255.255 follow up this item CHINANET-JS follow up this item CHINANET jiangsu province networkChina TelecomA12,Xin-Jie-Kou-Wai StreetBeijing 100088CHINANET jiangsu province network follow up this item f1g1ns1.dnspod.net follow up this item f1g1ns2.dnspod.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yxvU_1002_1699.exe
63 follow up this item(33710760) 33710760 Report false positive Report closed case make a suggestion 2014-07-11 13:04:21     follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
6/52 (11.5%) 
 Artemis!F103836851CC
Win32.Adware.Malplayer.Auto
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
Win32.Troj.Undef.(kcloud)
suspected
of
Trojan.Downloader.gen.h
Win32/RiskWare.Chindo.B 
 lookup in virustotal.com (f103836851cc14d98495cdc049f7da3b)-->[http://www.virustotal.com/latest-report.html?resource=f103836851cc14d98495cdc049f7da3b]follow up this md5sum(f103836851cc14d98495cdc049f7da3b)follow up this itemfollow up this virusname (Win32%2FRiskWare.Chindo.B) as RSS-Feedfollow up this malware(Win32%2FRiskWare.Chindo.B) for scanner (undef) in md5 table6/52 (11.5%) Win32/RiskWare.Chindo.B
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://yunbo.rmsh.cn/yxVL_1002_1699.exe  up alive follow up this ip (ip=61.147.113.69) as RSS-FeedSenderBaselookup 61.147.113.69 at virustotallookup 61.147.113.69 at Rus CERT university stuttgart germany