CLEAN MX realtime database
public access query for virus URL statistics
Totally watched: 20607 As of 2010-09-02 23:01:53 CEST
Subscribe to the VirusWatch Mailing list, updated hourly

This database consists of Virus URI, collected and verified since Feb 2006

If you detect URI'S concerning your netblock, already closed... you have made a good job, otherwise please close them as soon as possible.

to look at some nice charts, there are complete statisticsstatistics for this database
Attention: all URI'S are manually verified, but not cross-checked for real viruses function in this moment you make this query.(Sites may have been closed already..)
Our automatic Viruswalker process is scheduled every hour, so you may see now a incident and this one will be resolved later on.
So please keep on sending close-feedbacks to us...

if you have questions, criticism, wishes or ... do not hesitate to contact us at abuse@clean-mx.de
Our PBX is down you may reach us by cell phone +49 171 4802507 ...
Welcome back, would be fine to get some feedback from your site..
Query as xml: Same query as xml output
TIMERS: Runtime Query: 0.7305 Seconds
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
1 646032Report false positive Report closed case make a suggestion 2010-09-02 22:40:02     follow up this itemfollow up this contributor (sub13) as RSS-Feed sub13possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (57bf6e803dc7b503dc82156ef5f3845c)lookup in threatexpert.comlookup the sha256(92004ae94949a957b957e6eaef13014e578c2442926340cd3a4f9c2f44fe5d33) in comodo.comfollow up this md5sum(57bf6e803dc7b503dc82156ef5f3845c)follow up this itemfollow up this virusname (unknown_exe) as RSS-Feedfollow up this malware(unknown_exe) for scanner (undef) in md5 table unknown_exe
 Safe Virus-Viewer and Analyser may take a minute to complete http://facerbookz.net/photos.php  up No previous evidence recordedSaved evidence (106496 Bytes) of last contact as txt September 02 2010 23:01:37 CEST. aliveSaved log of last contact as txt September 02 2010 23:01:37 CEST. SenderBaselookup 67.195.140.218 at Rus CERT university stuttgart germanylookup 67.195.140.218 at ARINfollow up this item(ip) in same window 67.195.140.218 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS36647) in networks tablefollow up this itemfollow up this AS (AS36647) as RSS-Feed AS36647 SenderBaselookup 67.195.140.220 at Rus CERT university stuttgart germanylookup 67.195.140.220 at ARINfollow up this item(review) in same window 67.195.140.220 Safe Virus-Viewer and Analyser may take a minute to complete http://facerbookz.net/photos.php follow up this domain(facerbookz.net) facerbookz.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (network-abuse@cc.yahoo-inc.com) as RSS-Feed network-abuse@cc.yahoo-inc.com follow up this itemfollow up this item 67.195.0.0 - 67.195.255.255 follow up this item A-YAHOO-US8 follow up this item Yahoo! Inc. YHOO 701 First Ave Sunnyvale CA 94089 follow up this item yns2.yahoo.com follow up this item ns8.san.yahoo.com follow up this item ns9.san.yahoo.com follow up this item yns1.yahoo.com follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://facerbookz.net/photos.php
2 646035Report false positive Report closed case make a suggestion 2010-09-02 22:12:08     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (843a19504c73909068ae2c2f73695b80)follow up this md5sum(843a19504c73909068ae2c2f73695b80)follow up this itemfollow up this virusname (unknown_html_RFI_php) as RSS-Feedfollow up this malware(unknown_html_RFI_php) for scanner (undef) in md5 table unknown_html_RFI_php
 Safe Virus-Viewer and Analyser may take a minute to complete http://democratie.nu/templates/id.txt?  up No previous evidence recordedSaved evidence (71 Bytes) of last contact as txt September 02 2010 21:36:21 CEST. aliveSaved log of last contact as txt September 02 2010 23:01:29 CEST. SenderBaselookup 94.23.43.102 at Rus CERT university stuttgart germanylookup 94.23.43.102 at Ripefollow up this item(ip) in same window 94.23.43.102 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS16276) in networks tablefollow up this itemfollow up this AS (AS16276) as RSS-Feed AS16276 SenderBaselookup 94.23.43.102 at Rus CERT university stuttgart germanylookup 94.23.43.102 at Ripefollow up this item(review) in same window 94.23.43.102 Safe Virus-Viewer and Analyser may take a minute to complete http://democratie.nu/templates/id.txt? follow up this domain(democratie.nu) democratie.nu follow up this itemfollow up this country (FR) as RSS-Feed FR follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@ovh.net) as RSS-Feed abuse@ovh.net follow up this itemfollow up this item 94.23.0.0 - 94.23.63.255 follow up this item OVH follow up this item OVH SASDedicated Servershttp follow up this item ns1.ns-1.be follow up this item ns2.ns-1.be follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://democratie.nu/templates/id.txt?
3 646037Report false positive Report closed case make a suggestion 2010-09-02 22:07:58     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (35457cb718ba8980fd642a6b790a5152)follow up this md5sum(35457cb718ba8980fd642a6b790a5152)follow up this itemfollow up this virusname (PHP%2FC99Shell.L) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FC99Shell.L) for scanner (avira) in md5 table PHP/C99Shell.L
 Safe Virus-Viewer and Analyser may take a minute to complete http://as-fan.com/bbs/icon/private_icon/ ...  up No previous evidence recordedSaved evidence (2767 Bytes) of last contact as txt September 02 2010 01:15:30 CEST. aliveSaved log of last contact as txt September 02 2010 23:01:26 CEST. SenderBaselookup 110.45.165.26 at Rus CERT university stuttgart germanylookup 110.45.165.26 at apnicfollow up this item(ip) in same window 110.45.165.26 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS3786) in networks tablefollow up this itemfollow up this AS (AS3786) as RSS-Feed AS3786 SenderBaselookup 110.45.165.26 at Rus CERT university stuttgart germanylookup 110.45.165.26 at apnicfollow up this item(review) in same window 110.45.165.26 Safe Virus-Viewer and Analyser may take a minute to complete http://as-fan.com/bbs/icon/private_icon/ ... follow up this domain(as-fan.com) as-fan.com follow up this itemfollow up this country (KR) as RSS-Feed KR follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (support@kidc.net) as RSS-Feed support@kidc.net follow up this itemfollow up this item 110.45.128.0 - 110.45.255.255 follow up this item KIDC-KR follow up this item LG DACOM KIDC follow up this item ns2.elogin.co.kr follow up this item ns1.elogin.co.kr follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://as-fan.com/bbs/icon/private_icon/ ...
4 646036Report false positive Report closed case make a suggestion 2010-09-02 22:04:09     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (bf4dcd069d039e4012c2fb8d02e4061b)follow up this md5sum(bf4dcd069d039e4012c2fb8d02e4061b)follow up this itemfollow up this virusname (PHP%2FSmall.Awi.1026) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FSmall.Awi.1026) for scanner (avira) in md5 table PHP/Small.Awi.1026
 Safe Virus-Viewer and Analyser may take a minute to complete http://wenda.zoomshare.com/files/respon. ...  up No previous evidence recordedSaved evidence (1231 Bytes) of last contact as txt August 31 2010 22:32:05 CEST. aliveSaved log of last contact as txt September 02 2010 23:01:27 CEST. SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(ip) in same window 64.94.37.195 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS10912) in networks tablefollow up this itemfollow up this AS (AS10912) as RSS-Feed AS10912 SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(review) in same window 64.94.37.195 Safe Virus-Viewer and Analyser may take a minute to complete http://wenda.zoomshare.com/files/respon. ... follow up this domain(zoomshare.com) zoomshare.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@internap.com) as RSS-Feed abuse@internap.com follow up this itemfollow up this item 64.94.0.0 - 64.95.255.255 follow up this item PNAP-05-2000 follow up this item Internap Network Services PNAP 250 Williams Street Suite E100 Atlanta GA 30303 9 Riverside Road Weston MA 02493 follow up this item ambiguity.i-2.com follow up this item ns.i-2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://wenda.zoomshare.com/files/respon. ...
5 646034Report false positive Report closed case make a suggestion 2010-09-02 21:57:55     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (daf5d99955c443dce1e5571b7aba224d)follow up this md5sum(daf5d99955c443dce1e5571b7aba224d)follow up this itemfollow up this virusname (PHP%2FPbot.G) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FPbot.G) for scanner (avira) in md5 table PHP/Pbot.G
 Safe Virus-Viewer and Analyser may take a minute to complete http://POLLPONETR.interfree.it/dark2?  up No previous evidence recordedSaved evidence (26281 Bytes) of last contact as txt September 02 2010 21:55:14 CEST. aliveSaved log of last contact as txt September 02 2010 23:01:31 CEST. SenderBaselookup 213.158.72.68 at Rus CERT university stuttgart germanylookup 213.158.72.68 at Ripefollow up this item(ip) in same window 213.158.72.68 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS15360) in networks tablefollow up this itemfollow up this AS (AS15360) as RSS-Feed AS15360 SenderBaselookup 213.158.72.68 at Rus CERT university stuttgart germanylookup 213.158.72.68 at Ripefollow up this item(review) in same window 213.158.72.68 Safe Virus-Viewer and Analyser may take a minute to complete http://POLLPONETR.interfree.it/dark2? follow up this domain(interfree.it) interfree.it follow up this itemfollow up this country (IT) as RSS-Feed IT follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (networkadm@interfree.it) as RSS-Feed networkadm@interfree.it follow up this itemfollow up this item 213.158.64.0 - 213.158.83.255 follow up this item IFREE-NET1 follow up this item Interfree srlPisa - ItalyIFREE-NET1Interfree spa follow up this item dns2.interfree.it follow up this item dns.interfree.it follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://POLLPONETR.interfree.it/dark2?
6 646033Report false positive Report closed case make a suggestion 2010-09-02 21:44:40     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
lookup in virustotal.com (fb89d16e646d9ae82e66004d80fc5aae)follow up this md5sum(fb89d16e646d9ae82e66004d80fc5aae)follow up this itemfollow up this virusname (unknown_html_RFI_php) as RSS-Feedfollow up this malware(unknown_html_RFI_php) for scanner (undef) in md5 table unknown_html_RFI_php
 Safe Virus-Viewer and Analyser may take a minute to complete http://pctipforum.com/juh.txt??  up No previous evidence recordedSaved evidence (66024 Bytes) of last contact as txt September 02 2010 18:52:11 CEST. aliveSaved log of last contact as txt September 02 2010 23:01:34 CEST. SenderBaselookup 74.52.59.130 at Rus CERT university stuttgart germanylookup 74.52.59.130 at ARINfollow up this item(ip) in same window 74.52.59.130 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS21844) in networks tablefollow up this itemfollow up this AS (AS21844) as RSS-Feed AS21844 SenderBaselookup 74.52.59.130 at Rus CERT university stuttgart germanylookup 74.52.59.130 at ARINfollow up this item(review) in same window 74.52.59.130 Safe Virus-Viewer and Analyser may take a minute to complete http://pctipforum.com/juh.txt?? follow up this domain(pctipforum.com) pctipforum.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@theplanet.com) as RSS-Feed abuse@theplanet.com follow up this itemfollow up this item 74.52.0.0 - 74.53.255.255 follow up this item NETBLK-THEPLANET-BLK-14 follow up this item ThePlanet.com Internet Services, Inc. TPCM 1333 North Stemmons Freeway Suite 110 Dallas TX 75207 follow up this item ns283.hostgator.com follow up this item ns284.hostgator.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://pctipforum.com/juh.txt??
7 645708Report false positive Report closed case make a suggestion 2010-09-02 21:41:35     follow up this itemfollow up this contributor (sub18) as RSS-Feed sub18possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
18/39 (46,15%) PHP/HackTool SPR/PHP.ID Trojan/PHP.PHPInfo PHP:PHPInfo-A PHP/BackDoor.H PHP.Id-14 UnclassifiedMalware PHP/Coverka.A PHP/Zapchast.YR!tr PHP:PHPInfo-A Trojan.PHP.PHPInfo Trojan.PHP.PHPInfo.g PHP/PHPInfo.G PHP/Zapchast.A Mal/PHPInfo-A TROJ_GEN.0X2412S Tro lookup in virustotal.com (6ea2e1590b7fa2a8ed22b43d149df1a5)-->[http://www.virustotal.com/file-scan/report.html?id=b5dd16a1312abb5be872746bb3218a3ecf9b01cf710b3f12eedebbde37473c2a-1283457878]follow up this md5sum(6ea2e1590b7fa2a8ed22b43d149df1a5)follow up this itemfollow up this virusname (SPR%2FPHP.ID) as RSS-Feedlookup Virusname at avirafollow up this malware(SPR%2FPHP.ID) for scanner (avira) in md5 table18/39 (46,15%) SPR/PHP.ID
 Safe Virus-Viewer and Analyser may take a minute to complete http://www.arena-atletiek.nl/components/ ...  up No previous evidence recordedSaved evidence (1358 Bytes) of last contact as txt September 02 2010 19:08:52 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:30 CEST. SenderBaselookup 89.31.97.233 at Rus CERT university stuttgart germanylookup 89.31.97.233 at Ripefollow up this item(ip) in same window 89.31.97.233 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS35470) in networks tablefollow up this itemfollow up this AS (AS35470) as RSS-Feed AS35470 SenderBaselookup 89.31.97.233 at Rus CERT university stuttgart germanylookup 89.31.97.233 at Ripefollow up this item(review) in same window 89.31.97.233 Safe Virus-Viewer and Analyser may take a minute to complete http://www.arena-atletiek.nl/components/ ... follow up this domain(arena-atletiek.nl) arena-atletiek.nl follow up this itemfollow up this country (NL) as RSS-Feed NL follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@xl-is.net) as RSS-Feed abuse@xl-is.net follow up this itemfollow up this item 89.31.97.0 - 89.31.97.255 follow up this item XLIS-VPS10 follow up this item XL Internet Services Amsterdam Network follow up this item dns1.qdc.nl follow up this item dns3.qdc.nl follow up this item dns2.qdc.nl follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://www.arena-atletiek.nl/components/ ...
8 645709Report false positive Report closed case make a suggestion 2010-09-02 21:41:35     follow up this itemfollow up this contributor (sub18) as RSS-Feed sub18possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
13/39 (33,33%) PHP/IRCBOT.E.29297 Backdoor/PHP.Agent PHP:IRCBot-G PHP.IRCBot-3 PHP/Pbot.H PHP:IRCBot-G Backdoor.PHP.IRCBot Backdoor.PHP.IRCBot.hh Backdoor:PHP/Phricbot.B PHP/IRCBot.E Bck/IRCBot.CYG PHP_IRCBOT.SMOZ PHP.ShellBot.N lookup in virustotal.com (1b19c0ea7bfab43ad77f79bb10f15deb)-->[http://www.virustotal.com/file-scan/report.html?id=eb25af9db9ea96700c92a5aed239a52e82a606eca1c10baa2646a16aed08e687-1283457755]follow up this md5sum(1b19c0ea7bfab43ad77f79bb10f15deb)follow up this itemfollow up this virusname (PHP%2FIRCBOT.E.29297) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FIRCBOT.E.29297) for scanner (avira) in md5 table13/39 (33,33%) PHP/IRCBOT.E.29297
 Safe Virus-Viewer and Analyser may take a minute to complete http://yesi.fileave.com/bot.txt?  up No previous evidence recordedSaved evidence (31621 Bytes) of last contact as txt August 29 2010 03:57:22 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:28 CEST. SenderBaselookup 64.62.181.43 at Rus CERT university stuttgart germanylookup 64.62.181.43 at ARINfollow up this item(ip) in same window 64.62.181.43 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS6939) in networks tablefollow up this itemfollow up this AS (AS6939) as RSS-Feed AS6939 SenderBaselookup 64.62.181.43 at Rus CERT university stuttgart germanylookup 64.62.181.43 at ARINfollow up this item(review) in same window 64.62.181.43 Safe Virus-Viewer and Analyser may take a minute to complete http://yesi.fileave.com/bot.txt? follow up this domain(fileave.com) fileave.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@he.net) as RSS-Feed abuse@he.net follow up this itemfollow up this item 64.62.128.0 - 64.62.255.255 follow up this item HURRICANE-4 follow up this item Hurricane Electric, Inc. HURC 760 Mission Court Fremont CA 94539 follow up this item ns2.ripside.com follow up this item ns1.ripside.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://yesi.fileave.com/bot.txt?
9 645695Report false positive Report closed case make a suggestion 2010-09-02 21:40:02     follow up this itemfollow up this contributor (sub13) as RSS-Feed sub13possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 22:09:38 CEST.8/39 (20,51%) Gen:Trojan.Heur.DP.bG0@ainxvQec Gen:Trojan.Heur.DP.bG0@ainxvQec Gen:Trojan.Heur.DP.bG0@ainxvQec Trojan.Win32.Qhost.obf probably a variant of Win32/Qhost.PBV W32/Malware BehavesLike.Win32.Malware.sfd (mx-v) suspected of Unknown.Win32Virus lookup in virustotal.com (e11a334c8599e79fd756c0389cc0ab1c)-->[http://www.virustotal.com/file-scan/report.html?id=f0787871ac1ab704536bd4f0b1fbed5074d326c3b0ad634e6d6136692ae484e4-1283457713]lookup in threatexpert.comlookup the sha256(f0787871ac1ab704536bd4f0b1fbed5074d326c3b0ad634e6d6136692ae484e4) in comodo.comfollow up this md5sum(e11a334c8599e79fd756c0389cc0ab1c)follow up this itemfollow up this virusname (Gen%3ATrojan.Heur.DP.bG0%40ainxvQec) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Gen%3ATrojan.Heur.DP.bG0%40ainxvQec) for scanner (BitDefender) in md5 table8/39 (20,51%) Gen:Trojan.Heur.DP.bG0@ainxvQec
 Safe Virus-Viewer and Analyser may take a minute to complete http://ssezamd.co.cc/x/load/svchost.exe  up No previous evidence recordedSaved evidence (17408 Bytes) of last contact as txt September 02 2010 18:14:00 CEST. aliveSaved log of last contact as txt September 02 2010 22:01:12 CEST. SenderBaselookup 77.78.240.211 at Rus CERT university stuttgart germanylookup 77.78.240.211 at Ripefollow up this item(ip) in same window 77.78.240.211 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS42560) in networks tablefollow up this itemfollow up this AS (AS42560) as RSS-Feed AS42560 SenderBaselookup 77.78.240.211 at Rus CERT university stuttgart germanylookup 77.78.240.211 at Ripefollow up this item(review) in same window 77.78.240.211 Safe Virus-Viewer and Analyser may take a minute to complete http://ssezamd.co.cc/x/load/svchost.exe follow up this domain(ssezamd.co.cc) ssezamd.co.cc follow up this itemfollow up this country (BA) as RSS-Feed BA follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@globalnet.ba) as RSS-Feed abuse@globalnet.ba follow up this itemfollow up this item 77.78.192.0 - 77.78.255.255 follow up this item BA-GLOBALNET-BH-20070309 follow up this item GLOBALNETGlobalNET Internet Service ProviderBosnia and Herzegovina follow up this item ns2.dnsdomaininfo.com follow up this item ns1.dns-server-name.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://ssezamd.co.cc/x/load/svchost.exe
10 645704Report false positive Report closed case make a suggestion 2010-09-02 21:38:29     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
3/39 (7,69%) HTML/Zones.Gen PHP.C99-7 Backdoor.HTML.PHPShell-Interface (v) lookup in virustotal.com (5c2e996182cb33867701c430f3d30947)-->[http://www.virustotal.com/file-scan/report.html?id=6913caa5cd79acf16396fe5c7bd696a808a123e91e3d948497a6b3a2341ade98-1283457735]follow up this md5sum(5c2e996182cb33867701c430f3d30947)follow up this itemfollow up this virusname (HTML%2FZones.Gen) as RSS-Feedlookup Virusname at avirafollow up this malware(HTML%2FZones.Gen) for scanner (avira) in md5 table3/39 (7,69%) HTML/Zones.Gen
 Safe Virus-Viewer and Analyser may take a minute to complete http://wyrd.spectre.fr/e107_plugins/a/ad ...  up No previous evidence recordedSaved evidence (18124 Bytes) of last contact as txt September 02 2010 22:00:46 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:48 CEST. SenderBaselookup 80.93.93.80 at Rus CERT university stuttgart germanylookup 80.93.93.80 at Ripefollow up this item(ip) in same window 80.93.93.80 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS21409) in networks tablefollow up this itemfollow up this AS (AS21409) as RSS-Feed AS21409 SenderBaselookup 80.93.93.80 at Rus CERT university stuttgart germanylookup 80.93.93.80 at Ripefollow up this item(review) in same window 80.93.93.80 Safe Virus-Viewer and Analyser may take a minute to complete http://wyrd.spectre.fr/e107_plugins/a/ad ... follow up this domain(spectre.fr) spectre.fr follow up this itemfollow up this country (fr) as RSS-Feed fr follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (ikoula@ikoula.com) as RSS-Feed ikoula@ikoula.com follow up this itemfollow up this item 80.93.92.0 - 80.93.95.255 follow up this item IKOULA follow up this item Dedicated Servers follow up this item ns37a.haisoft.net follow up this item ns37b.haisoft.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://wyrd.spectre.fr/e107_plugins/a/ad ...
11 645703Report false positive Report closed case make a suggestion 2010-09-02 21:31:24     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
10/39 (25,64%) JS/Redirect.qrk Trojan/HTML.Agent PHP:Small-L Trojan.Script.406637 UnclassifiedMalware JS/Redir.A Trojan.Script.406637 Trojan.Script.406637 Trojan-Clicker.HTML.Agent.w Trojan.Script.406637 lookup in virustotal.com (4cc7681efb9734a6e64cada77c612e23)-->[http://www.virustotal.com/file-scan/report.html?id=af040423f76cd38e605e1b49bc623213ce0c7662ef98f5666587749dfce6ce9a-1283457772]follow up this md5sum(4cc7681efb9734a6e64cada77c612e23)follow up this itemfollow up this virusname (JS%2FRedirect.qrk) as RSS-Feedlookup Virusname at avirafollow up this malware(JS%2FRedirect.qrk) for scanner (avira) in md5 table10/39 (25,64%) JS/Redirect.qrk
 Safe Virus-Viewer and Analyser may take a minute to complete http://saldiri.org/zaco.txt?  up No previous evidence recordedSaved evidence (15848 Bytes) of last contact as txt July 10 2010 00:45:23 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:50 CEST. SenderBaselookup 174.37.131.90 at Rus CERT university stuttgart germanylookup 174.37.131.90 at ARINfollow up this item(ip) in same window 174.37.131.90 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS36351) in networks tablefollow up this itemfollow up this AS (AS36351) as RSS-Feed AS36351 SenderBaselookup 174.37.131.90 at Rus CERT university stuttgart germanylookup 174.37.131.90 at ARINfollow up this item(review) in same window 174.37.131.90 Safe Virus-Viewer and Analyser may take a minute to complete http://saldiri.org/zaco.txt? follow up this domain(saldiri.org) saldiri.org follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (ipadmin@softlayer.com) as RSS-Feed ipadmin@softlayer.com follow up this itemfollow up this item 174.36.0.0 - 174.37.255.255 follow up this item SOFTLAYER-4-7 follow up this item SoftLayer Technologies Inc. SOFTL 1950 N Stemmons Freeway Dallas TX 75207 follow up this item ns3.boxsecured.com follow up this item ns4.boxsecured.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://saldiri.org/zaco.txt?
12 645699Report false positive Report closed case make a suggestion 2010-09-02 21:29:23     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
16/39 (41,03%) PHP/Mailar PHP/Small.Awi.1026 Trojan/PHP.Mailar PHP/Mailer.B PHP:Agent-AR PHP.Id-34 UnclassifiedMalware PHP/Mailer.B PHP/Pmail.SLK!tr PHP:Agent-AR Trojan-Spy.PHP.Mailar Trojan Trojan-Spy.PHP.Mailar.h PHP/Exploit.I Trojan.Gen Trojan.Gen lookup in virustotal.com (bf4dcd069d039e4012c2fb8d02e4061b)-->[http://www.virustotal.com/file-scan/report.html?id=cc2fe5b8231d51624916f0720e5a73e4073a4e72f15ad445acd279a5898ab277-1283457707]follow up this md5sum(bf4dcd069d039e4012c2fb8d02e4061b) multiple instances recorded!follow up this itemfollow up this virusname (PHP%2FSmall.Awi.1026) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FSmall.Awi.1026) for scanner (avira) in md5 table16/39 (41,03%) PHP/Small.Awi.1026
 Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ...  up No previous evidence recordedSaved evidence (1231 Bytes) of last contact as txt September 02 2010 13:51:00 CEST. aliveSaved log of last contact as txt September 02 2010 22:01:01 CEST. SenderBaselookup 66.147.225.53 at Rus CERT university stuttgart germanylookup 66.147.225.53 at ARINfollow up this item(ip) in same window 66.147.225.53 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4323) in networks tablefollow up this itemfollow up this AS (AS4323) as RSS-Feed AS4323 SenderBaselookup 66.147.225.53 at Rus CERT university stuttgart germanylookup 66.147.225.53 at ARINfollow up this item(review) in same window 66.147.225.53 Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ... follow up this domain(hrwebservices.net) hrwebservices.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (john@hostrocket.com) as RSS-Feed john@hostrocket.com follow up this itemfollow up this item 66.147.224.0 - 66.147.239.255 follow up this item HRWEBSERVICES-2 follow up this item HostRocket Web Services HRWE 21 Corporate Drive - Suite 203 Clifton Park NY 12065 follow up this item dns1.hrnoc.net follow up this item dns2.hrnoc.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ...
13 645697Report false positive Report closed case make a suggestion 2010-09-02 21:13:41     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
14/20 (70%) PHP/Shellbot.7642 PHP/Pbot.A Trojan.Dropper.RYF PHP.Bot PHP/Pbot.D PHP/Pbot.A Trojan.Dropper.RYF Backdoor.PHP.Pbot Backdoor Backdoor.PHP.Pbot.a Backdoor:PHP/Hiebot.B Trojan.Dropper.RYF Mal/PBot-A Net-Worm.Win32.Nimda lookup in virustotal.com (d01ca5eaa8d7c833d7d73bb294472201)-->[http://www.virustotal.com/file-scan/report.html?id=cedafebad950ef32b994c2c1b6347d2e00f1b0814bf14c5b3d516217873dd276-1283458108]follow up this md5sum(d01ca5eaa8d7c833d7d73bb294472201)follow up this itemfollow up this virusname (PHP%2FShellbot.7642) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FShellbot.7642) for scanner (avira) in md5 table14/20 (70%) PHP/Shellbot.7642
 Safe Virus-Viewer and Analyser may take a minute to complete http://arena-atletiek.nl/components/com_ ...  up No previous evidence recordedSaved evidence (23400 Bytes) of last contact as txt September 02 2010 19:40:08 CEST. aliveSaved log of last contact as txt September 02 2010 22:01:06 CEST. SenderBaselookup 89.31.97.233 at Rus CERT university stuttgart germanylookup 89.31.97.233 at Ripefollow up this item(ip) in same window 89.31.97.233 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS35470) in networks tablefollow up this itemfollow up this AS (AS35470) as RSS-Feed AS35470 SenderBaselookup 89.31.97.233 at Rus CERT university stuttgart germanylookup 89.31.97.233 at Ripefollow up this item(review) in same window 89.31.97.233 Safe Virus-Viewer and Analyser may take a minute to complete http://arena-atletiek.nl/components/com_ ... follow up this domain(arena-atletiek.nl) arena-atletiek.nl follow up this itemfollow up this country (NL) as RSS-Feed NL follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@xl-is.net) as RSS-Feed abuse@xl-is.net follow up this itemfollow up this item 89.31.97.0 - 89.31.97.255 follow up this item XLIS-VPS10 follow up this item XL Internet Services Amsterdam Network follow up this item dns3.qdc.nl follow up this item dns1.qdc.nl follow up this item dns2.qdc.nl follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://arena-atletiek.nl/components/com_ ...
14 645696Report false positive Report closed case make a suggestion 2010-09-02 21:13:32     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
18/39 (46,15%) PHP/HackTool SPR/PHP.ID Trojan/PHP.PHPInfo PHP:PHPInfo-A PHP/BackDoor.H PHP.Id-14 UnclassifiedMalware PHP/Coverka.A PHP/Zapchast.YR!tr PHP:PHPInfo-A Trojan.PHP.PHPInfo Trojan.PHP.PHPInfo.g PHP/PHPInfo.G PHP/Zapchast.A Mal/PHPInfo-A TROJ_GEN.0X2412S Tro lookup in virustotal.com (6ea2e1590b7fa2a8ed22b43d149df1a5)-->[http://www.virustotal.com/file-scan/report.html?id=b5dd16a1312abb5be872746bb3218a3ecf9b01cf710b3f12eedebbde37473c2a-1283457782]follow up this md5sum(6ea2e1590b7fa2a8ed22b43d149df1a5) multiple instances recorded!follow up this itemfollow up this virusname (SPR%2FPHP.ID) as RSS-Feedlookup Virusname at avirafollow up this malware(SPR%2FPHP.ID) for scanner (avira) in md5 table18/39 (46,15%) SPR/PHP.ID
 Safe Virus-Viewer and Analyser may take a minute to complete http://arena-atletiek.nl/components/com_ ...  up No previous evidence recordedSaved evidence (1358 Bytes) of last contact as txt September 02 2010 19:08:52 CEST. aliveSaved log of last contact as txt September 02 2010 22:01:07 CEST. SenderBaselookup 89.31.97.233 at Rus CERT university stuttgart germanylookup 89.31.97.233 at Ripefollow up this item(ip) in same window 89.31.97.233 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS35470) in networks tablefollow up this itemfollow up this AS (AS35470) as RSS-Feed AS35470 SenderBaselookup 89.31.97.233 at Rus CERT university stuttgart germanylookup 89.31.97.233 at Ripefollow up this item(review) in same window 89.31.97.233 Safe Virus-Viewer and Analyser may take a minute to complete http://arena-atletiek.nl/components/com_ ... follow up this domain(arena-atletiek.nl) arena-atletiek.nl follow up this itemfollow up this country (NL) as RSS-Feed NL follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@xl-is.net) as RSS-Feed abuse@xl-is.net follow up this itemfollow up this item 89.31.97.0 - 89.31.97.255 follow up this item XLIS-VPS10 follow up this item XL Internet Services Amsterdam Network follow up this item dns3.qdc.nl follow up this item dns1.qdc.nl follow up this item dns2.qdc.nl follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://arena-atletiek.nl/components/com_ ...
15 645701Report false positive Report closed case make a suggestion 2010-09-02 21:09:29     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
23/39 (58,97%) PHP/Small.C PHP/Pbot.A PHP:Pbot-A PHP/BackDoor.K Trojan.Dropper.RYF PHP.Bot PHP/Pbot.D PHP/Pbot.A Trojan.Dropper.RYF Trojan.Dropper.RYF Backdoor.PHP.Pbot Backdoor Backdoor.PHP.Pbot.a Backdoor:PHP/Hiebot.B PHP/Agent.W Trojan.Dropper.RYF Bck/Pbot.B Backdo lookup in virustotal.com (e16b6b3337d52603bb947eac8db99ac7)-->[http://www.virustotal.com/file-scan/report.html?id=730f47ed8ba7c76d8bd32f5542d97e37a4a49e0f8542e6d10e15e239adca0e77-1283457728]follow up this md5sum(e16b6b3337d52603bb947eac8db99ac7) multiple instances recorded!follow up this itemfollow up this virusname (PHP%2FSmall.C) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FSmall.C) for scanner (avira) in md5 table23/39 (58,97%) PHP/Small.C
 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...  up No previous evidence recordedSaved evidence (23255 Bytes) of last contact as txt August 31 2010 05:33:10 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:58 CEST. SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(ip) in same window 64.94.37.195 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS10912) in networks tablefollow up this itemfollow up this AS (AS10912) as RSS-Feed AS10912 SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(review) in same window 64.94.37.195 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ... follow up this domain(zoomshare.com) zoomshare.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@internap.com) as RSS-Feed abuse@internap.com follow up this itemfollow up this item 64.94.0.0 - 64.95.255.255 follow up this item PNAP-05-2000 follow up this item Internap Network Services PNAP 250 Williams Street Suite E100 Atlanta GA 30303 9 Riverside Road Weston MA 02493 follow up this item ambiguity.i-2.com follow up this item ns.i-2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...
16 645700Report false positive Report closed case make a suggestion 2010-09-02 21:09:26     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
23/39 (58,97%) PHP/Small.C PHP/Pbot.A PHP:Pbot-A PHP/BackDoor.K Trojan.Dropper.RYF PHP.Bot PHP/Pbot.D PHP/Pbot.A Trojan.Dropper.RYF Trojan.Dropper.RYF Backdoor.PHP.Pbot Backdoor Backdoor.PHP.Pbot.a Backdoor:PHP/Hiebot.B PHP/Agent.W Trojan.Dropper.RYF Bck/Pbot.B Backdo lookup in virustotal.com (e16b6b3337d52603bb947eac8db99ac7)-->[http://www.virustotal.com/file-scan/report.html?id=730f47ed8ba7c76d8bd32f5542d97e37a4a49e0f8542e6d10e15e239adca0e77-1283457880]follow up this md5sum(e16b6b3337d52603bb947eac8db99ac7) multiple instances recorded!follow up this itemfollow up this virusname (PHP%2FSmall.C) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FSmall.C) for scanner (avira) in md5 table23/39 (58,97%) PHP/Small.C
 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...  up No previous evidence recordedSaved evidence (23255 Bytes) of last contact as txt August 31 2010 05:33:10 CEST. aliveSaved log of last contact as txt September 02 2010 22:01:00 CEST. SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(ip) in same window 64.94.37.195 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS10912) in networks tablefollow up this itemfollow up this AS (AS10912) as RSS-Feed AS10912 SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(review) in same window 64.94.37.195 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ... follow up this domain(zoomshare.com) zoomshare.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@internap.com) as RSS-Feed abuse@internap.com follow up this itemfollow up this item 64.94.0.0 - 64.95.255.255 follow up this item PNAP-05-2000 follow up this item Internap Network Services PNAP 250 Williams Street Suite E100 Atlanta GA 30303 9 Riverside Road Weston MA 02493 follow up this item ambiguity.i-2.com follow up this item ns.i-2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...
17 645706Report false positive Report closed case make a suggestion 2010-09-02 21:09:23     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
23/39 (58,97%) PHP/Small.C PHP/Pbot.A PHP:Pbot-A PHP/BackDoor.K Trojan.Dropper.RYF PHP.Bot PHP/Pbot.D PHP/Pbot.A Trojan.Dropper.RYF Trojan.Dropper.RYF Backdoor.PHP.Pbot Backdoor Backdoor.PHP.Pbot.a Backdoor:PHP/Hiebot.B PHP/Agent.W Trojan.Dropper.RYF Bck/Pbot.B Backdo lookup in virustotal.com (e16b6b3337d52603bb947eac8db99ac7)-->[http://www.virustotal.com/file-scan/report.html?id=730f47ed8ba7c76d8bd32f5542d97e37a4a49e0f8542e6d10e15e239adca0e77-1283457731]follow up this md5sum(e16b6b3337d52603bb947eac8db99ac7)follow up this itemfollow up this virusname (PHP%2FSmall.C) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FSmall.C) for scanner (avira) in md5 table23/39 (58,97%) PHP/Small.C
 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...  up No previous evidence recordedSaved evidence (23255 Bytes) of last contact as txt August 31 2010 05:33:10 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:42 CEST. SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(ip) in same window 64.94.37.195 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS10912) in networks tablefollow up this itemfollow up this AS (AS10912) as RSS-Feed AS10912 SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(review) in same window 64.94.37.195 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ... follow up this domain(zoomshare.com) zoomshare.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@internap.com) as RSS-Feed abuse@internap.com follow up this itemfollow up this item 64.94.0.0 - 64.95.255.255 follow up this item PNAP-05-2000 follow up this item Internap Network Services PNAP 250 Williams Street Suite E100 Atlanta GA 30303 9 Riverside Road Weston MA 02493 follow up this item ambiguity.i-2.com follow up this item ns.i-2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...
18 645705Report false positive Report closed case make a suggestion 2010-09-02 21:09:19     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
23/39 (58,97%) PHP/Small.C PHP/Pbot.A PHP:Pbot-A PHP/BackDoor.K Trojan.Dropper.RYF PHP.Bot PHP/Pbot.D PHP/Pbot.A Trojan.Dropper.RYF Trojan.Dropper.RYF Backdoor.PHP.Pbot Backdoor Backdoor.PHP.Pbot.a Backdoor:PHP/Hiebot.B PHP/Agent.W Trojan.Dropper.RYF Bck/Pbot.B Backdo lookup in virustotal.com (e16b6b3337d52603bb947eac8db99ac7)-->[http://www.virustotal.com/file-scan/report.html?id=730f47ed8ba7c76d8bd32f5542d97e37a4a49e0f8542e6d10e15e239adca0e77-1283457753]follow up this md5sum(e16b6b3337d52603bb947eac8db99ac7) multiple instances recorded!follow up this itemfollow up this virusname (PHP%2FSmall.C) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FSmall.C) for scanner (avira) in md5 table23/39 (58,97%) PHP/Small.C
 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...  up No previous evidence recordedSaved evidence (23255 Bytes) of last contact as txt August 31 2010 05:33:10 CEST. aliveSaved log of last contact as txt September 02 2010 22:00:44 CEST. SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(ip) in same window 64.94.37.195 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS10912) in networks tablefollow up this itemfollow up this AS (AS10912) as RSS-Feed AS10912 SenderBaselookup 64.94.37.195 at Rus CERT university stuttgart germanylookup 64.94.37.195 at ARINfollow up this item(review) in same window 64.94.37.195 Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ... follow up this domain(zoomshare.com) zoomshare.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@internap.com) as RSS-Feed abuse@internap.com follow up this itemfollow up this item 64.94.0.0 - 64.95.255.255 follow up this item PNAP-05-2000 follow up this item Internap Network Services PNAP 250 Williams Street Suite E100 Atlanta GA 30303 9 Riverside Road Weston MA 02493 follow up this item ambiguity.i-2.com follow up this item ns.i-2.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://bye515.zoomshare.com/files/pbot.t ...
19 645686Report false positive Report closed case make a suggestion 2010-09-02 21:00:56     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:56:06 CEST.11/39 (28,21%) Trojan/Win32.Scar.gen Win32:Malware-gen Generic19.DEW Gen:Trojan.Heur.ZGY.5 (Suspicious) - DNAScan Gen:Trojan.Heur.ZGY.5 Gen:Trojan.Heur.ZGY.5 Trojan.Win32.Scar.crez Artemis!6EE6AC3D8451 Artemis!6EE6AC3D8451 Trj/CI.A lookup in virustotal.com (6ee6ac3d845195f3795db865f3d8985c)-->[http://www.virustotal.com/file-scan/report.html?id=45360ac5b728502eebedcb7cde01af4cb9493f55a4cab961c20b9199f6a3887e-1283454182]lookup in threatexpert.comlookup the sha256(45360ac5b728502eebedcb7cde01af4cb9493f55a4cab961c20b9199f6a3887e) in comodo.comfollow up this md5sum(6ee6ac3d845195f3795db865f3d8985c)follow up this itemfollow up this virusname (Trojan%2FWin32.Scar.gen) as RSS-Feedfollow up this malware(Trojan%2FWin32.Scar.gen) for scanner (Antiy_AVL) in md5 table11/39 (28,21%) Trojan/Win32.Scar.gen
 Safe Virus-Viewer and Analyser may take a minute to complete http://polozarchitects.com/Atualizacao_D ...  up No previous evidence recordedSaved evidence (450560 Bytes) of last contact as txt September 02 2010 13:40:24 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:00 CEST. SenderBaselookup 74.220.202.16 at Rus CERT university stuttgart germanylookup 74.220.202.16 at ARINfollow up this item(ip) in same window 74.220.202.16 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS11798) in networks tablefollow up this itemfollow up this AS (AS11798) as RSS-Feed AS11798 SenderBaselookup 74.220.202.16 at Rus CERT university stuttgart germanylookup 74.220.202.16 at ARINfollow up this item(review) in same window 74.220.202.16 Safe Virus-Viewer and Analyser may take a minute to complete http://polozarchitects.com/Atualizacao_D ... follow up this domain(polozarchitects.com) polozarchitects.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@bluehost.com) as RSS-Feed abuse@bluehost.com follow up this itemfollow up this item 74.220.192.0 - 74.220.207.255 follow up this item BLUEHOST-NETWORK-2 follow up this item Bluehost Inc. BLUEH-2 1548 North Technology Way #D13 Orem UT 84097 follow up this item ns2.hostmonster.com follow up this item ns1.hostmonster.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://polozarchitects.com/Atualizacao_D ...
20 645698Report false positive Report closed case make a suggestion 2010-09-02 20:54:25     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
6/39 (15,38%) Backdoor/PHP.PhpShell PHP:Agent-BE PHP:Agent-BE Backdoor.PHP.PhpShell Backdoor.PHP.PhpShell.be PHP/Shellbot.F lookup in virustotal.com (624927fd425c98840fbfda3018162ef9)-->[http://www.virustotal.com/file-scan/report.html?id=173ebcfb864c0696a27f1af39f507ae3f4b2b2f4ac3cad114399afefc91f13b3-1283457695]follow up this md5sum(624927fd425c98840fbfda3018162ef9)follow up this itemfollow up this virusname (Backdoor%2FPHP.PhpShell) as RSS-Feedfollow up this malware(Backdoor%2FPHP.PhpShell) for scanner (Antiy_AVL) in md5 table6/39 (15,38%) Backdoor/PHP.PhpShell
 Safe Virus-Viewer and Analyser may take a minute to complete http://tunisieconsommateur.com/administr ...  up No previous evidence recordedSaved evidence (180 Bytes) of last contact as txt September 02 2010 16:31:04 CEST. aliveSaved log of last contact as txt September 02 2010 22:01:03 CEST. SenderBaselookup 69.89.31.201 at Rus CERT university stuttgart germanylookup 69.89.31.201 at ARINfollow up this item(ip) in same window 69.89.31.201 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS11798) in networks tablefollow up this itemfollow up this AS (AS11798) as RSS-Feed AS11798 SenderBaselookup 69.89.31.201 at Rus CERT university stuttgart germanylookup 69.89.31.201 at ARINfollow up this item(review) in same window 69.89.31.201 Safe Virus-Viewer and Analyser may take a minute to complete http://tunisieconsommateur.com/administr ... follow up this domain(tunisieconsommateur.com) tunisieconsommateur.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (support@bluehost.com) as RSS-Feed support@bluehost.com follow up this itemfollow up this item 69.89.16.0 - 69.89.31.255 follow up this item BLUEHOST-NETWORK-1 follow up this item Bluehost Inc. BLUEH-2 1958 South 950 East Provo UT 84606 follow up this item ns2.bluehost.com follow up this item ns1.bluehost.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://tunisieconsommateur.com/administr ...
21 645675Report false positive Report closed case make a suggestion 2010-09-02 20:40:03     follow up this itemfollow up this contributor (sub12) as RSS-Feed sub12possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
0/39 (0.00%) virustotal no evidence lookup in virustotal.com (5fc9211d9be36de9f5a4453fa021770a)-->[http://www.virustotal.com/file-scan/report.html?id=90846d46bcf1244935eb92b192445f3ec51c56cb5e214cbdcbac8371c7824376-1283454208]follow up this md5sum(5fc9211d9be36de9f5a4453fa021770a)follow up this itemfollow up this virusname (unknown_html) as RSS-Feedfollow up this malware(unknown_html) for scanner (undef) in md5 table0/39 (0.00%) unknown_html
 Safe Virus-Viewer and Analyser may take a minute to complete http://211.104.39.245/invite/91.exe  up No previous evidence recordedSaved evidence (27136 Bytes) of last contact as txt September 02 2010 12:39:44 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:27 CEST. SenderBaselookup 211.104.39.245 at Rus CERT university stuttgart germanylookup 211.104.39.245 at apnicfollow up this item(ip) in same window 211.104.39.245 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4766) in networks tablefollow up this itemfollow up this AS (AS4766) as RSS-Feed AS4766 SenderBaselookup 211.104.39.245 at Rus CERT university stuttgart germanylookup 211.104.39.245 at apnicfollow up this item(review) in same window 211.104.39.245 Safe Virus-Viewer and Analyser may take a minute to complete http://211.104.39.245/invite/91.exe follow up this domain(211.104.39.245) 211.104.39.245 follow up this itemfollow up this country (KR) as RSS-Feed KR follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@kornet.net) as RSS-Feed abuse@kornet.net follow up this itemfollow up this item 211.104.0.0 - 211.105.255.255 follow up this item KORNET-KR follow up this item Korea Telecom follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://211.104.39.245/invite/91.exe
22 645679Report false positive Report closed case make a suggestion 2010-09-02 20:36:27     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
27/39 (69,23%) HTML/Agent PHP/BackDoor.AR Backdoor/PHP.Agent PHP/Agent.AK PHP:Agent-L PHP/BackDoor.AN Trojan.Script.248269 PHP.Shell-8 UnclassifiedMalware PHP.Shellbot.10 PHP/Coverka.B PHP/Agent.AK Trojan.Script.248269 Trojan.Script.248269 Backdoor.PHP.Agent Backdoor lookup in virustotal.com (81ca16c92e50478ca1112d1332352080)-->[http://www.virustotal.com/file-scan/report.html?id=9feb2b97ecf60ed845dbd57b3d79347e7c3a29a3525cf63da75b220367d022fe-1283454208]follow up this md5sum(81ca16c92e50478ca1112d1332352080)follow up this itemfollow up this virusname (PHP%2FBackDoor.AR) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FBackDoor.AR) for scanner (avira) in md5 table27/39 (69,23%) PHP/BackDoor.AR
 Safe Virus-Viewer and Analyser may take a minute to complete http://getemgirlfriday.com/news//list/id ...  up No previous evidence recordedSaved evidence (2162 Bytes) of last contact as txt August 29 2010 01:44:13 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:20 CEST. SenderBaselookup 75.126.202.88 at Rus CERT university stuttgart germanylookup 75.126.202.88 at ARINfollow up this item(ip) in same window 75.126.202.88 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS36351) in networks tablefollow up this itemfollow up this AS (AS36351) as RSS-Feed AS36351 SenderBaselookup 75.126.202.88 at Rus CERT university stuttgart germanylookup 75.126.202.88 at ARINfollow up this item(review) in same window 75.126.202.88 Safe Virus-Viewer and Analyser may take a minute to complete http://getemgirlfriday.com/news//list/id ... follow up this domain(getemgirlfriday.com) getemgirlfriday.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (ipadmin@softlayer.com) as RSS-Feed ipadmin@softlayer.com follow up this itemfollow up this item 75.126.0.0 - 75.126.255.255 follow up this item SOFTLAYER-4-3 follow up this item SoftLayer Technologies Inc. SOFTL 1950 N Stemmons Freeway Dallas TX 75207 follow up this item ns101.whbdns.com follow up this item ns100.whbdns.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://getemgirlfriday.com/news//list/id ...
23 645678Report false positive Report closed case make a suggestion 2010-09-02 20:36:23     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
11/39 (28,21%) TR/Script.77 PHP/Generic Trojan.Script.468510 PHP.Id-30 Trojan.Script.468510 Trojan.Script.468510 Virus.PHP.SuspectCRC IrcBot.BBNF Trojan.Script.468510 Malware.PHP-Backdoor PHP.Backdoor.Trojan lookup in virustotal.com (dc7b2fd7417f4ea1917ac8b7284fecba)-->[http://www.virustotal.com/file-scan/report.html?id=608d00cd945efcc2c71ce8102b4ba806881e1f0d4ad755597c31e0700c75fd1d-1283454280]follow up this md5sum(dc7b2fd7417f4ea1917ac8b7284fecba)follow up this itemfollow up this virusname (TR%2FScript.77) as RSS-Feedlookup Virusname at avirafollow up this malware(TR%2FScript.77) for scanner (avira) in md5 table11/39 (28,21%) TR/Script.77
 Safe Virus-Viewer and Analyser may take a minute to complete http://getemgirlfriday.com/news//list/id ...  up No previous evidence recordedSaved evidence (77 Bytes) of last contact as txt August 29 2010 01:43:54 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:21 CEST. SenderBaselookup 75.126.202.88 at Rus CERT university stuttgart germanylookup 75.126.202.88 at ARINfollow up this item(ip) in same window 75.126.202.88 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS36351) in networks tablefollow up this itemfollow up this AS (AS36351) as RSS-Feed AS36351 SenderBaselookup 75.126.202.88 at Rus CERT university stuttgart germanylookup 75.126.202.88 at ARINfollow up this item(review) in same window 75.126.202.88 Safe Virus-Viewer and Analyser may take a minute to complete http://getemgirlfriday.com/news//list/id ... follow up this domain(getemgirlfriday.com) getemgirlfriday.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (ipadmin@softlayer.com) as RSS-Feed ipadmin@softlayer.com follow up this itemfollow up this item 75.126.0.0 - 75.126.255.255 follow up this item SOFTLAYER-4-3 follow up this item SoftLayer Technologies Inc. SOFTL 1950 N Stemmons Freeway Dallas TX 75207 follow up this item ns101.whbdns.com follow up this item ns100.whbdns.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://getemgirlfriday.com/news//list/id ...
24 645677Report false positive Report closed case make a suggestion 2010-09-02 20:26:06     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
20/39 (51,28%) PHP/Pbot.A.10 PHP/Pbot.A PHP:Pbot-A PHP/BackDoor.Q Backdoor.PHP.Pbot.A PHP.Shell-11 PHP.Shellbot.8 PHP/Pbot.A Backdoor.PHP.Pbot.A Backdoor.PHP.Pbot.A not-a-virus:NetTool.PHP.Pbot Trojan Backdoor.PHP.Pbot.g PHP/Ircbot.BBPU Malware.PHP-Backdoor Mal/PBot-A lookup in virustotal.com (57335d85311ed6e70c4c40ae0f1a6fc8)-->[http://www.virustotal.com/file-scan/report.html?id=8356efbe6308bdaa1e82c21c83f45a100e660a29f591768eeed207fad3cca9e8-1283454185]follow up this md5sum(57335d85311ed6e70c4c40ae0f1a6fc8)follow up this itemfollow up this virusname (PHP%2FPbot.A.10) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FPbot.A.10) for scanner (avira) in md5 table20/39 (51,28%) PHP/Pbot.A.10
 Safe Virus-Viewer and Analyser may take a minute to complete http://nani69.fileave.com/moro2.txt?  up No previous evidence recordedSaved evidence (8116 Bytes) of last contact as txt August 29 2010 13:32:41 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:23 CEST. SenderBaselookup 64.62.181.43 at Rus CERT university stuttgart germanylookup 64.62.181.43 at ARINfollow up this item(ip) in same window 64.62.181.43 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS6939) in networks tablefollow up this itemfollow up this AS (AS6939) as RSS-Feed AS6939 SenderBaselookup 64.62.181.43 at Rus CERT university stuttgart germanylookup 64.62.181.43 at ARINfollow up this item(review) in same window 64.62.181.43 Safe Virus-Viewer and Analyser may take a minute to complete http://nani69.fileave.com/moro2.txt? follow up this domain(fileave.com) fileave.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@he.net) as RSS-Feed abuse@he.net follow up this itemfollow up this item 64.62.128.0 - 64.62.255.255 follow up this item HURRICANE-4 follow up this item Hurricane Electric, Inc. HURC 760 Mission Court Fremont CA 94539 follow up this item ns2.ripside.com follow up this item ns1.ripside.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://nani69.fileave.com/moro2.txt?
25 645681Report false positive Report closed case make a suggestion 2010-09-02 20:16:36     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
29/38 (76,32%) HTML/Xema BDS/PHP.ali.1 Backdoor/PHP.Agent PHP/Small.D PHP:C99Shell-F BackDoor.Generic_c.BTI Backdoor.PHP.ALI PHP.Shell-23 UnclassifiedMalware PHP/Small.A PHP/Small.D Exploit:PHP/Preamble.A Backdoor.PHP.ALI Backdoor.PHP.Small.o Backdoor Backdoor.PHP.Age lookup in virustotal.com (f1a9b4e4b207cd38641061e1b72d4775)-->[http://www.virustotal.com/file-scan/report.html?id=0b3eef46d7111939962db133d2e75530fbb7946d92a33195ca6b7f2e1affe43a-1283454246]follow up this md5sum(f1a9b4e4b207cd38641061e1b72d4775)follow up this itemfollow up this virusname (BDS%2FPHP.ali.1) as RSS-Feedlookup Virusname at avirafollow up this malware(BDS%2FPHP.ali.1) for scanner (avira) in md5 table29/38 (76,32%) BDS/PHP.ali.1
 Safe Virus-Viewer and Analyser may take a minute to complete http://danpshy.freewebhostx.com/test.txt ...  up No previous evidence recordedSaved evidence (1165 Bytes) of last contact as txt September 02 2010 06:58:15 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:16 CEST. SenderBaselookup 69.162.119.163 at Rus CERT university stuttgart germanylookup 69.162.119.163 at ARINfollow up this item(ip) in same window 69.162.119.163 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS46475) in networks tablefollow up this itemfollow up this AS (AS46475) as RSS-Feed AS46475 SenderBaselookup 69.162.119.163 at Rus CERT university stuttgart germanylookup 69.162.119.163 at ARINfollow up this item(review) in same window 69.162.119.163 Safe Virus-Viewer and Analyser may take a minute to complete http://danpshy.freewebhostx.com/test.txt ... follow up this domain(freewebhostx.com) freewebhostx.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@limestonenetworks.com) as RSS-Feed abuse@limestonenetworks.com follow up this itemfollow up this item 69.162.64.0 - 69.162.127.255 follow up this item LSN-DLLSTX-2 follow up this item Limestone Networks, Inc. LIMES-2 400 S. Akard Street Suite 200 Dallas TX 75202 follow up this item ns2.freewebhostx.com follow up this item ns1.freewebhostx.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://danpshy.freewebhostx.com/test.txt ...
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
26 645680Report false positive Report closed case make a suggestion 2010-09-02 20:12:42     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
22/39 (56,41%) PHP/Limworm.172478 PHP/C99Shell.I PHP:C99Shell-F PHP/BackDoor.C99Shell Backdoor.PHP.ALI HTM/C99shell.G PHP.Shell-22 PHP.Shellbot.9 PHP/Shell.B PHP/C99Shell.I Backdoor.PHP.ALI Backdoor.PHP.ALI Backdoor.PHP.Agent Backdoor Backdoor.PHP.Agent.cr Backdoor:PH lookup in virustotal.com (fa62a9d1bdc10b9862aee9ea347846ad)-->[http://www.virustotal.com/file-scan/report.html?id=21f4bd5898211a126877d0eafdba11b7d4f7c71630eff8fc421047e60fdd5281-1283454225]follow up this md5sum(fa62a9d1bdc10b9862aee9ea347846ad)follow up this itemfollow up this virusname (PHP%2FLimworm.172478) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FLimworm.172478) for scanner (avira) in md5 table22/39 (56,41%) PHP/Limworm.172478
 Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ...  up No previous evidence recordedSaved evidence (172458 Bytes) of last contact as txt September 02 2010 13:55:55 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:18 CEST. SenderBaselookup 66.147.225.53 at Rus CERT university stuttgart germanylookup 66.147.225.53 at ARINfollow up this item(ip) in same window 66.147.225.53 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4323) in networks tablefollow up this itemfollow up this AS (AS4323) as RSS-Feed AS4323 SenderBaselookup 66.147.225.53 at Rus CERT university stuttgart germanylookup 66.147.225.53 at ARINfollow up this item(review) in same window 66.147.225.53 Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ... follow up this domain(hrwebservices.net) hrwebservices.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (john@hostrocket.com) as RSS-Feed john@hostrocket.com follow up this itemfollow up this item 66.147.224.0 - 66.147.239.255 follow up this item HRWEBSERVICES-2 follow up this item HostRocket Web Services HRWE 21 Corporate Drive - Suite 203 Clifton Park NY 12065 follow up this item dns1.hrnoc.net follow up this item dns2.hrnoc.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ...
27 645685Report false positive Report closed case make a suggestion 2010-09-02 20:06:25     follow up this itemfollow up this contributor (sub5) as RSS-Feed sub5possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
21/39 (53,85%) PHP/Backdoor PHP/Pbot.A PHP/Pbot.A PHP:Pbot-A PHP/BackDoor.Q Backdoor.PHP.Pbot.A PHP.Bot PHP.Shellbot.8 PHP/Phircbot.A PHP/Pbot.A Backdoor.PHP.Pbot.A Backdoor.PHP.Pbot.A Backdoor.PHP.Pbot Trojan Backdoor.PHP.Pbot.g Backdoor:PHP/Phricbot.A IRCBot.BCEL Ma lookup in virustotal.com (1f4e3791717b86fe6a994b6807586b5b)-->[http://www.virustotal.com/file-scan/report.html?id=33b5b033f33a059c281acdde3d622c4164ce1c22c607283ff89ce7b10f50cadf-1283454176]follow up this md5sum(1f4e3791717b86fe6a994b6807586b5b)follow up this itemfollow up this virusname (PHP%2FPbot.A) as RSS-Feedlookup Virusname at avirafollow up this malware(PHP%2FPbot.A) for scanner (avira) in md5 table21/39 (53,85%) PHP/Pbot.A
 Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ...  up No previous evidence recordedSaved evidence (17408 Bytes) of last contact as txt September 02 2010 13:00:22 CEST. aliveSaved log of last contact as txt September 02 2010 21:02:06 CEST. SenderBaselookup 66.147.225.53 at Rus CERT university stuttgart germanylookup 66.147.225.53 at ARINfollow up this item(ip) in same window 66.147.225.53 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS4323) in networks tablefollow up this itemfollow up this AS (AS4323) as RSS-Feed AS4323 SenderBaselookup 66.147.225.53 at Rus CERT university stuttgart germanylookup 66.147.225.53 at ARINfollow up this item(review) in same window 66.147.225.53 Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ... follow up this domain(hrwebservices.net) hrwebservices.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (john@hostrocket.com) as RSS-Feed john@hostrocket.com follow up this itemfollow up this item 66.147.224.0 - 66.147.239.255 follow up this item HRWEBSERVICES-2 follow up this item HostRocket Web Services HRWE 21 Corporate Drive - Suite 203 Clifton Park NY 12065 follow up this item dns2.hrnoc.net follow up this item dns1.hrnoc.net follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://host67.hrwebservices.net/~allstag ...
28 645647Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:43:20 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (f06587355212447c8d3fe61f322ccaf7)-->[http://www.virustotal.com/file-scan/report.html?id=4293ee1dbda4f9eea5fa22886b7dbabc5ebaf549b97fafa7d4f26fa029c9acca-1283451122]lookup in threatexpert.comlookup the sha256(4293ee1dbda4f9eea5fa22886b7dbabc5ebaf549b97fafa7d4f26fa029c9acca) in comodo.comfollow up this md5sum(f06587355212447c8d3fe61f322ccaf7)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595144 Bytes) of last contact as txt August 26 2010 04:37:11 CEST. aliveSaved log of last contact as txt September 02 2010 20:09:21 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
29 645648Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:40:14 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (e9ea1f261d5e0475d5f625d4f425fd98)-->[http://www.virustotal.com/file-scan/report.html?id=24526a2f46b785616008166252fa207fd7ccfe7486ba20ff66f0e3deb8b29f1e-1283451002]lookup in threatexpert.comlookup the sha256(24526a2f46b785616008166252fa207fd7ccfe7486ba20ff66f0e3deb8b29f1e) in comodo.comfollow up this md5sum(e9ea1f261d5e0475d5f625d4f425fd98)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595088 Bytes) of last contact as txt August 26 2010 04:37:32 CEST. aliveSaved log of last contact as txt September 02 2010 20:09:00 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
30 645649Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:36:44 CEST.8/38 (21,05%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (fd6374ba8e54adfb28274d4e9c3f8d7d)-->[http://www.virustotal.com/file-scan/report.html?id=9570c2ef86a347651c1e34dc45c8c2ffb73b543bc081a7016e1e7788f7ef064e-1283451068]lookup in threatexpert.comlookup the sha256(9570c2ef86a347651c1e34dc45c8c2ffb73b543bc081a7016e1e7788f7ef064e) in comodo.comfollow up this md5sum(fd6374ba8e54adfb28274d4e9c3f8d7d)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/38 (21,05%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595136 Bytes) of last contact as txt August 26 2010 04:37:48 CEST. aliveSaved log of last contact as txt September 02 2010 20:08:42 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
31 645650Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:33:12 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (ec0e541c92d9541b9d8e34b4eab6aea1)-->[http://www.virustotal.com/file-scan/report.html?id=c48d0a233da3920ee5fa47a5764cb0b596799ae427bf75389c9eca6b4da6f678-1283450992]lookup in threatexpert.comlookup the sha256(c48d0a233da3920ee5fa47a5764cb0b596799ae427bf75389c9eca6b4da6f678) in comodo.comfollow up this md5sum(ec0e541c92d9541b9d8e34b4eab6aea1)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595152 Bytes) of last contact as txt August 26 2010 04:38:00 CEST. aliveSaved log of last contact as txt September 02 2010 20:08:24 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
32 645651Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:29:44 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (1ceed451487261161d272393c482bbbb)-->[http://www.virustotal.com/file-scan/report.html?id=97876a4c42b9427ed6fc7ce7fe60b847b305ee52fa5e3cf4e8b8008179d2f7b2-1283450968]lookup in threatexpert.comlookup the sha256(97876a4c42b9427ed6fc7ce7fe60b847b305ee52fa5e3cf4e8b8008179d2f7b2) in comodo.comfollow up this md5sum(1ceed451487261161d272393c482bbbb)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1594912 Bytes) of last contact as txt August 26 2010 04:38:10 CEST. aliveSaved log of last contact as txt September 02 2010 20:08:02 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
33 645652Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:26:14 CEST.8/38 (21,05%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (0d722ab7f9a0f1c1b70390b0b24f368f)-->[http://www.virustotal.com/file-scan/report.html?id=c071246fb2f094753b112a42c7df7346d9c4652062b7c3ef991d66810e07497b-1283451068]lookup in threatexpert.comlookup the sha256(c071246fb2f094753b112a42c7df7346d9c4652062b7c3ef991d66810e07497b) in comodo.comfollow up this md5sum(0d722ab7f9a0f1c1b70390b0b24f368f)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/38 (21,05%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595160 Bytes) of last contact as txt August 26 2010 04:38:20 CEST. aliveSaved log of last contact as txt September 02 2010 20:07:48 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
34 645653Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:22:44 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (633d37b521b8bf59e1a0ba925b3eb9da)-->[http://www.virustotal.com/file-scan/report.html?id=bf75c7f29817ba6d0b15487fd39607677c9071808e5dca04b7234ae2b4232df2-1283450926]lookup in threatexpert.comlookup the sha256(bf75c7f29817ba6d0b15487fd39607677c9071808e5dca04b7234ae2b4232df2) in comodo.comfollow up this md5sum(633d37b521b8bf59e1a0ba925b3eb9da)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1594944 Bytes) of last contact as txt August 26 2010 04:38:36 CEST. aliveSaved log of last contact as txt September 02 2010 20:07:32 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
35 645654Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:19:38 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (f9d9fdcd6523b736a64feeb6d00a5201)-->[http://www.virustotal.com/file-scan/report.html?id=0068891132ea90c730c0890c087ece01e0693e1d71c549f7c89dd3959bcdbb68-1283450939]lookup in threatexpert.comlookup the sha256(0068891132ea90c730c0890c087ece01e0693e1d71c549f7c89dd3959bcdbb68) in comodo.comfollow up this md5sum(f9d9fdcd6523b736a64feeb6d00a5201)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595160 Bytes) of last contact as txt August 26 2010 04:38:51 CEST. aliveSaved log of last contact as txt September 02 2010 20:07:16 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
36 645655Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:16:16 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (1e8f6c1a62f3b43dbffd9a5e0d98a106)-->[http://www.virustotal.com/file-scan/report.html?id=e06bfc83f78695426d372c5b735d45a2f0be6d5e1be242defe8c92d0f37a7275-1283450893]lookup in threatexpert.comlookup the sha256(e06bfc83f78695426d372c5b735d45a2f0be6d5e1be242defe8c92d0f37a7275) in comodo.comfollow up this md5sum(1e8f6c1a62f3b43dbffd9a5e0d98a106)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595168 Bytes) of last contact as txt August 26 2010 04:39:05 CEST. aliveSaved log of last contact as txt September 02 2010 20:07:00 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
37 645656Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:12:36 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (b7b0825d53334f290f6eaa054cb0f5b1)-->[http://www.virustotal.com/file-scan/report.html?id=d0a9480e24d0b1b397d2921c2af2394f5f4cdeffca050d25cb902d5e0c39007a-1283450956]lookup in threatexpert.comlookup the sha256(d0a9480e24d0b1b397d2921c2af2394f5f4cdeffca050d25cb902d5e0c39007a) in comodo.comfollow up this md5sum(b7b0825d53334f290f6eaa054cb0f5b1)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595040 Bytes) of last contact as txt August 26 2010 04:39:19 CEST. aliveSaved log of last contact as txt September 02 2010 20:06:43 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
38 645657Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:09:08 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (dcf4f8155f093fa29203081a388575cd)-->[http://www.virustotal.com/file-scan/report.html?id=731a639e1462ee8b5c212a28774f4125430111f9bf865ffa67a7c9c82e3961b4-1283450862]lookup in threatexpert.comlookup the sha256(731a639e1462ee8b5c212a28774f4125430111f9bf865ffa67a7c9c82e3961b4) in comodo.comfollow up this md5sum(dcf4f8155f093fa29203081a388575cd)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595032 Bytes) of last contact as txt August 26 2010 04:39:40 CEST. aliveSaved log of last contact as txt September 02 2010 20:06:28 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
39 645658Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:05:44 CEST.7/38 (18,42%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Suspicious file lookup in virustotal.com (108108da13e726d49e917a745ef91e32)-->[http://www.virustotal.com/file-scan/report.html?id=6243558b11f3f3da3cf41f1ef5431d0f1a0094635c7ace00e4832865deb5a9e1-1283450885]lookup in threatexpert.comlookup the sha256(6243558b11f3f3da3cf41f1ef5431d0f1a0094635c7ace00e4832865deb5a9e1) in comodo.comfollow up this md5sum(108108da13e726d49e917a745ef91e32)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table7/38 (18,42%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595056 Bytes) of last contact as txt August 26 2010 04:39:51 CEST. aliveSaved log of last contact as txt September 02 2010 20:06:11 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
40 645659Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 21:02:12 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (2af23b883ff1a66459463b7af7ca8563)-->[http://www.virustotal.com/file-scan/report.html?id=00e947e7711365aa064a9c59a2e97d84672b99b1e8ec8157ecb55e8ac43451dd-1283450880]lookup in threatexpert.comlookup the sha256(00e947e7711365aa064a9c59a2e97d84672b99b1e8ec8157ecb55e8ac43451dd) in comodo.comfollow up this md5sum(2af23b883ff1a66459463b7af7ca8563)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1594992 Bytes) of last contact as txt August 26 2010 04:40:08 CEST. aliveSaved log of last contact as txt September 02 2010 20:05:52 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
41 645660Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:59:06 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (997da1fb3b5a2b7f82932ba68392b1eb)-->[http://www.virustotal.com/file-scan/report.html?id=9bd4e4436260be8ba1f55c3c208e838925e6243f12e9a7d464b3761f2739fa40-1283450941]lookup in threatexpert.comlookup the sha256(9bd4e4436260be8ba1f55c3c208e838925e6243f12e9a7d464b3761f2739fa40) in comodo.comfollow up this md5sum(997da1fb3b5a2b7f82932ba68392b1eb)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1595040 Bytes) of last contact as txt August 26 2010 04:40:17 CEST. aliveSaved log of last contact as txt September 02 2010 20:05:37 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
42 645661Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:55:42 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (1550970585670905a62c8cdc4f7c0727)-->[http://www.virustotal.com/file-scan/report.html?id=44a6e942ab15f2e66746993857c207ac2bd71ba29e2f38b578b20be9876d15ff-1283451286]lookup in threatexpert.comlookup the sha256(44a6e942ab15f2e66746993857c207ac2bd71ba29e2f38b578b20be9876d15ff) in comodo.comfollow up this md5sum(1550970585670905a62c8cdc4f7c0727)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1594760 Bytes) of last contact as txt August 26 2010 04:40:29 CEST. aliveSaved log of last contact as txt September 02 2010 20:05:21 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
43 645662Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:52:26 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (c5bfe272ebd3ba95a2e0ba04f65a320c)-->[http://www.virustotal.com/file-scan/report.html?id=c88b2d1dbeb71862c7aa4134856375d2534a98a91808de93df9ff1902bf172e4-1283450861]lookup in threatexpert.comlookup the sha256(c88b2d1dbeb71862c7aa4134856375d2534a98a91808de93df9ff1902bf172e4) in comodo.comfollow up this md5sum(c5bfe272ebd3ba95a2e0ba04f65a320c)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1583864 Bytes) of last contact as txt August 26 2010 04:40:38 CEST. aliveSaved log of last contact as txt September 02 2010 20:05:07 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
44 645663Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:50:06 CEST.9/39 (23,08%) ADSPY/Rozena.B Trojan/Win32.Agent.gen TrojWare.Win32.TrojanDownloader.Delf.AOQ0 Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (683ba7d18e45cb029b8fdb69fecb927f)-->[http://www.virustotal.com/file-scan/report.html?id=f3db521c64406b1e9a7454de052c86aa8aa5a2559409059236067d958f088431-1283451275]lookup in threatexpert.comlookup the sha256(f3db521c64406b1e9a7454de052c86aa8aa5a2559409059236067d958f088431) in comodo.comfollow up this md5sum(683ba7d18e45cb029b8fdb69fecb927f)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table9/39 (23,08%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1606488 Bytes) of last contact as txt August 26 2010 04:40:52 CEST. aliveSaved log of last contact as txt September 02 2010 20:04:51 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
45 645664Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:46:42 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (b2fc4acda7e70533858a2f15136cb76c)-->[http://www.virustotal.com/file-scan/report.html?id=635afa73ec1a341934e2ca6081582bf182b3feeee1079457e6886b5891ad2eb2-1283450953]lookup in threatexpert.comlookup the sha256(635afa73ec1a341934e2ca6081582bf182b3feeee1079457e6886b5891ad2eb2) in comodo.comfollow up this md5sum(b2fc4acda7e70533858a2f15136cb76c)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1583608 Bytes) of last contact as txt August 26 2010 04:41:02 CEST. aliveSaved log of last contact as txt September 02 2010 20:04:37 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
46 645665Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:42:58 CEST.9/39 (23,08%) ADSPY/Rozena.B Trojan/Win32.Agent.gen TrojWare.Win32.TrojanDownloader.Delf.AOQ0 Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (f5f8c68917fb2d33f2d6ece117cacc7f)-->[http://www.virustotal.com/file-scan/report.html?id=383bcea788db9683684df11fdcd21d34e10a1918a28981cb4cf3bfebad62f5d6-1283451280]lookup in threatexpert.comlookup the sha256(383bcea788db9683684df11fdcd21d34e10a1918a28981cb4cf3bfebad62f5d6) in comodo.comfollow up this md5sum(f5f8c68917fb2d33f2d6ece117cacc7f)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table9/39 (23,08%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1609304 Bytes) of last contact as txt August 26 2010 04:41:10 CEST. aliveSaved log of last contact as txt September 02 2010 20:04:22 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
47 645666Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:39:20 CEST.9/39 (23,08%) ADSPY/Rozena.B Trojan/Win32.Agent.gen TrojWare.Win32.TrojanDownloader.Delf.AOQ0 Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (9c15e330a49196fa5e6fefac93d3e3e1)-->[http://www.virustotal.com/file-scan/report.html?id=36eced79d7f9360485e497735b38e39ace5ef0ceedf38e13460dd8c9f7a96712-1283450844]lookup in threatexpert.comlookup the sha256(36eced79d7f9360485e497735b38e39ace5ef0ceedf38e13460dd8c9f7a96712) in comodo.comfollow up this md5sum(9c15e330a49196fa5e6fefac93d3e3e1)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table9/39 (23,08%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1609440 Bytes) of last contact as txt August 26 2010 04:41:20 CEST. aliveSaved log of last contact as txt September 02 2010 20:04:03 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
48 645667Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:35:54 CEST.9/39 (23,08%) ADSPY/Rozena.B Trojan/Win32.Agent.gen TrojWare.Win32.TrojanDownloader.Delf.AOQ0 Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (d63d6502a8e868dd0896bab0dad31eb9)-->[http://www.virustotal.com/file-scan/report.html?id=f076e51bacff7c9d6c65f88bbe6bc78195224f44a5352d67efc94826f1b2bd1d-1283450891]lookup in threatexpert.comlookup the sha256(f076e51bacff7c9d6c65f88bbe6bc78195224f44a5352d67efc94826f1b2bd1d) in comodo.comfollow up this md5sum(d63d6502a8e868dd0896bab0dad31eb9)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table9/39 (23,08%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1609288 Bytes) of last contact as txt August 26 2010 04:41:28 CEST. aliveSaved log of last contact as txt September 02 2010 20:03:48 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
49 645668Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:31:48 CEST.8/39 (20,51%) ADSPY/Rozena.B Trojan/Win32.Agent.gen Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (5feaf4664afb1af84ba010fabd454b44)-->[http://www.virustotal.com/file-scan/report.html?id=77c4f96b99880216622a9dc6d8abfb0e73aab1ffdcc565bf9148f8e8ffd51534-1283450815]lookup in threatexpert.comlookup the sha256(77c4f96b99880216622a9dc6d8abfb0e73aab1ffdcc565bf9148f8e8ffd51534) in comodo.comfollow up this md5sum(5feaf4664afb1af84ba010fabd454b44)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table8/39 (20,51%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1583776 Bytes) of last contact as txt August 26 2010 04:41:37 CEST. aliveSaved log of last contact as txt September 02 2010 20:03:25 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
50 645669Report false positive Report closed case make a suggestion 2010-09-02 20:00:49     follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox September 02 2010 20:27:54 CEST.9/39 (23,08%) ADSPY/Rozena.B Trojan/Win32.Agent.gen TrojWare.Win32.TrojanDownloader.Delf.AOQ0 Suspicious:W32/Malware!Gemini Virus.Downloader.Rozena TrojanDownloader.Agent.cvwz Trojan-Downloader.Win32.Agent.ehpd Artemis!7ED890858813 Suspicious file lookup in virustotal.com (1d3b1333a656ebd5901b7c04bf1b192d)-->[http://www.virustotal.com/file-scan/report.html?id=f185ad84407867df31ba9aca7249b72b88cf9dc61a4a6856f6a2c619e8daa33e-1283450699]lookup in threatexpert.comlookup the sha256(f185ad84407867df31ba9aca7249b72b88cf9dc61a4a6856f6a2c619e8daa33e) in comodo.comfollow up this md5sum(1d3b1333a656ebd5901b7c04bf1b192d)follow up this itemfollow up this virusname (ADSPY%2FRozena.B) as RSS-Feedlookup Virusname at avirafollow up this malware(ADSPY%2FRozena.B) for scanner (avira) in md5 table9/39 (23,08%) ADSPY/Rozena.B
 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...  up No previous evidence recordedSaved evidence (1609568 Bytes) of last contact as txt August 26 2010 04:41:56 CEST. aliveSaved log of last contact as txt September 02 2010 20:03:06 CEST. SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(ip) in same window 58.253.235.84 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS17816) in networks tablefollow up this itemfollow up this AS (AS17816) as RSS-Feed AS17816 SenderBaselookup 58.253.235.84 at Rus CERT university stuttgart germanylookup 58.253.235.84 at apnicfollow up this item(review) in same window 58.253.235.84 Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ... follow up this domain(downxia.net) downxia.net follow up this itemfollow up this country (CN) as RSS-Feed CN follow up this itemfollow up this region (APNIC) as RSS-Feed APNIC follow up this itemfollow up this enail (abuse@chinaunicom.cn) as RSS-Feed abuse@chinaunicom.cn follow up this itemfollow up this item 58.248.0.0 - 58.255.255.255 follow up this item UNICOM-GD follow up this item China Unicom Guangdong province networkChina UnicomCNC Group CHINA169 Guangdong Province Network follow up this item ns5.ename.net follow up this item ns2.ename.net follow up this item ns6.ename.net follow up this item ns3.ename.net follow up this item ns4.ename.net Safe Virus-Viewer and Analyser may take a minute to complete http://d1.downxia.net/products/0826/8/IE ...
Click here for other vital incidents