SecurityHome.eu Worm:Win32/Virauto.A

Home / malware PDF

Worm:Win32/Virauto.A

First posted on 18 June 2009.
Source: SecurityHome
Aliases :
Worm:Win32/Virauto.A is also known as Also Known As:Win32/SillyAutorun.AMZ (CA), Worm.Win32.AutoRun.aasp (Kaspersky), W32/Autorun-AAA (Sophos), Worm.AutoRun.LJV (VirusBuster), W32/Autorun.worm.gen (McAfee), :W32/Autorun.IWT (Panda), WORM_AUTORUN.JFZ (Trend Micro).
Explanation :
Worm:Win32/Virauto.A is a worm that propagates by copying itself to drives in the system. It may also add its copy to archived ZIP files in the system. It has backdoor capabilities and may also download other files. It modifies the HOSTS file to prevent the system from downloading antivirus updates.

Symptoms
System changesThe following system changes may indicate the presence of this malware:
The presence of the following files:
%ProgramFiles%Windows NTexplorer.exe
%ProgramFiles%Windows NTcmd32.exe
%ProgramFiles%Windows NTantivir.dll
The presence of the following registry modifications:
Added value: "@"
With data: "%ProgramFiles%Windows NTexplorer.exe "%1" %*"
To subkey: HKLMSOFTWAREClassesexefileshellsyntax0command
Your HOSTS file contains entries for the following sites:
download0.avast.com
download1.avast.com
download2.avast.com
download3.avast.com
download4.avast.com
download5.avast.com
download6.avast.com
download7.avast.com
download72.avast.com
download73.avast.com
download74.avast.com
download75.avast.com
download76.avast.com
download77.avast.com
download78.avast.com
download79.avast.com
download80.avast.com
download81.avast.com
download82.avast.com
download83.avast.com
download84.avast.com
download85.avast.com
download91.avast.com
download92.avast.com
download93.avast.com
download94.avast.com
download95.avast.com
download96.avast.com
download97.avast.com
download98.avast.com
download99.avast.com
download100.avast.com
download200.avast.com
download201.avast.com
download202.avast.com
download203.avast.com
download204.avast.com
download205.avast.com
download206.avast.com
download207.avast.com
download208.avast.com
download209.avast.com
download210.avast.com
download211.avast.com
download212.avast.com
download213.avast.com
download214.avast.com
download501.avast.com
download502.avast.com
download503.avast.com
download504.avast.com
download505.avast.com
download511.avast.com
download512.avast.com
download513.avast.com
download514.avast.com
download515.avast.com
download516.avast.com
download600.avast.com
download601.avast.com
download602.avast.com
download603.avast.com
download604.avast.com
download605.avast.com
download606.avast.com
download607.avast.com
download608.avast.com
download609.avast.com
download617.avast.com
download618.avast.com
download619.avast.com
download620.avast.com
download621.avast.com
download622.avast.com
download623.avast.com
download624.avast.com
download625.avast.com
download626.avast.com
download627.avast.com
download628.avast.com
download629.avast.com
download630.avast.com
download631.avast.com
download632.avast.com
download633.avast.com
download634.avast.com
download635.avast.com
download636.avast.com
download637.avast.com
download638.avast.com
download639.avast.com
download640.avast.com
download641.avast.com
download642.avast.com
download643.avast.com
download644.avast.com
download645.avast.com
download646.avast.com
download647.avast.com
download648.avast.com
download649.avast.com
download650.avast.com
download651.avast.com
download652.avast.com
download653.avast.com
download654.avast.com
download655.avast.com
download656.avast.com
download657.avast.com
download658.avast.com
download659.avast.com
download660.avast.com
download661.avast.com
download662.avast.com
download663.avast.com
download664.avast.com
download665.avast.com
download666.avast.com
download667.avast.com
download668.avast.com
download669.avast.com
download670.avast.com
download671.avast.com
download672.avast.com
download673.avast.com
download674.avast.com
download675.avast.com
download676.avast.com
download677.avast.com
download678.avast.com
download679.avast.com
download680.avast.com
download681.avast.com
download682.avast.com
download683.avast.com
download684.avast.com
download685.avast.com
download686.avast.com
download687.avast.com
download688.avast.com
download689.avast.com
download690.avast.com
download691.avast.com
download692.avast.com
download693.avast.com
download694.avast.com
download695.avast.com
download696.avast.com
download697.avast.com
download698.avast.com
download699.avast.com
download700.avast.com
download701.avast.com
download702.avast.com
download703.avast.com
download704.avast.com
download705.avast.com
download706.avast.com
download707.avast.com
download708.avast.com
download709.avast.com
download900.avast.com
download901.avast.com
download902.avast.com
download903.avast.com
download904.avast.com
download905.avast.com
download906.avast.com
download907.avast.com
download908.avast.com
download909.avast.com
download910.avast.com
download911.avast.com
download912.avast.com
download913.avast.com
download914.avast.com
download915.avast.com
download916.avast.com
download917.avast.com
download918.avast.com
download919.avast.com
download920.avast.com
download921.avast.com
download922.avast.com
download923.avast.com
download924.avast.com
download925.avast.com
download926.avast.com
download927.avast.com
download928.avast.com
download929.avast.com
download930.avast.com
download931.avast.com
download932.avast.com
download933.avast.com
download934.avast.com
download935.avast.com
download936.avast.com
download937.avast.com
download938.avast.com
download939.avast.com
download940.avast.com
download941.avast.com
download942.avast.com
download943.avast.com
download944.avast.com
download945.avast.com
download946.avast.com
download947.avast.com
download948.avast.com
download949.avast.com
download950.avast.com
download951.avast.com
download952.avast.com
download953.avast.com
download954.avast.com
download955.avast.com
download956.avast.com
download957.avast.com
download958.avast.com
download959.avast.com
download960.avast.com
download961.avast.com
download962.avast.com
download963.avast.com
download964.avast.com
download965.avast.com
download966.avast.com
download967.avast.com
download968.avast.com
download969.avast.com
download970.avast.com
download971.avast.com
download972.avast.com
download973.avast.com
download974.avast.com
download975.avast.com
download976.avast.com
download977.avast.com
download978.avast.com
download979.avast.com
download980.avast.com
update.avgfrance.com
update.avg.com
guru.avg.com
update.grisoft.com
free.grisoft.com
shadow.grisoft.cz
free.grisoft.cz
update.grisoft.cz
dl1.avgate.net
dl2.avgate.net
dl3.avgate.net
dl4.avgate.net
dl5.avgate.net
dl6.avgate.net
dl7.avgate.net
dl8.freeav.net
dl9.freeav.net
dl10.freeav.net
dl1.antivir-pe.de
dl2.antivir-pe.de
dl3.antivir-pe.de
dl4.antivir-pe.de
dl1.antivir-pe.com
dl2.antivir-pe.com
dl3.antivir-pe.com
dl4.antivir-pe.com
dl1.antivir.de
dl2.antivir.de
dl3.antivir.de
dl4.antivir.de
notifier.antivir-pe.de
pccreg.antivirus.com
symantec-ese.baynote.net
update.bitdefender.com
buddy.bitdefender.com
upgrade.bitdefender.com
upgrade1.bitdefender.com
upgrade2.bitdefender.com
upgrade3.bitdefender.com
upgrade4.bitdefender.com
kb.bitdefender.com
ftp.bitdefender.com
fr.bitdefender.com
updates.drweb.com
update.drweb.com
msk.drweb.com
msk1.drweb.com
msk2.drweb.com
msk3.drweb.com
msk4.drweb.com
msk5.drweb.com
msk6.drweb.com
msk7.drweb.com
fr.drweb.com
fr1.drweb.com
fr2.drweb.com
fr3.drweb.com
fr4.drweb.com
fr5.drweb.com
fr6.drweb.com
fr7.drweb.com
dnl-cd1.kaspersky-labs.com
dnl-cd10.kaspersky-labs.com
dnl-cd11.kaspersky-labs.com
dnl-cd12.kaspersky-labs.com
dnl-cd13.kaspersky-labs.com
dnl-cd14.kaspersky-labs.com
dnl-cd2.kaspersky-labs.com
dnl-cd3.kaspersky-labs.com
dnl-cd4.kaspersky-labs.com
dnl-cd5.kaspersky-labs.com
dnl-cd6.kaspersky-labs.com
dnl-cd7.kaspersky-labs.com
dnl-cd8.kaspersky-labs.com
dnl-cd9.kaspersky-labs.com
dnl-cn1.kaspersky-labs.com
dnl-cn10.kaspersky-labs.com
dnl-cn11.kaspersky-labs.com
dnl-cn12.kaspersky-labs.com
dnl-cn13.kaspersky-labs.com
dnl-cn14.kaspersky-labs.com
dnl-cn15.kaspersky-labs.com
dnl-cn2.kaspersky-labs.com
dnl-cn3.kaspersky-labs.com
dnl-cn4.kaspersky-labs.com
dnl-cn5.kaspersky-labs.com
dnl-cn6.kaspersky-labs.com
dnl-cn7.kaspersky-labs.com
dnl-cn8.kaspersky-labs.com
dnl-cn9.kaspersky-labs.com
dnl-eu1.kaspersky-labs.com
dnl-eu10.kaspersky-labs.com
dnl-eu11.kaspersky-labs.com
dnl-eu12.kaspersky-labs.com
dnl-eu13.kaspersky-labs.com
dnl-eu14.kaspersky-labs.com
dnl-eu15.kaspersky-labs.com
dnl-eu2.kaspersky-labs.com
dnl-eu3.kaspersky-labs.com
dnl-eu4.kaspersky-labs.com
dnl-eu5.kaspersky-labs.com
dnl-eu6.kaspersky-labs.com
dnl-eu7.kaspersky-labs.com
dnl-eu8.kaspersky-labs.com
dnl-eu9.kaspersky-labs.com
dnl-jp1.kaspersky-labs.com
dnl-jp10.kaspersky-labs.com
dnl-jp11.kaspersky-labs.com
dnl-jp12.kaspersky-labs.com
dnl-jp13.kaspersky-labs.com
dnl-jp14.kaspersky-labs.com
dnl-jp15.kaspersky-labs.com
dnl-jp2.kaspersky-labs.com
dnl-jp3.kaspersky-labs.com
dnl-jp4.kaspersky-labs.com
dnl-jp5.kaspersky-labs.com
dnl-jp6.kaspersky-labs.com
dnl-jp7.kaspersky-labs.com
dnl-jp8.kaspersky-labs.com
dnl-jp9.kaspersky-labs.com
dnl-kr1.kaspersky-labs.com
dnl-kr10.kaspersky-labs.com
dnl-kr11.kaspersky-labs.com
dnl-kr12.kaspersky-labs.com
dnl-kr13.kaspersky-labs.com
dnl-kr14.kaspersky-labs.com
dnl-kr15.kaspersky-labs.com
dnl-kr2.kaspersky-labs.com
dnl-kr3.kaspersky-labs.com
dnl-kr4.kaspersky-labs.com
dnl-kr5.kaspersky-labs.com
dnl-kr6.kaspersky-labs.com
dnl-kr7.kaspersky-labs.com
dnl-kr8.kaspersky-labs.com
dnl-kr9.kaspersky-labs.com
dnl-ru1.kaspersky-labs.com
dnl-ru10.kaspersky-labs.com
dnl-ru11.kaspersky-labs.com
dnl-ru12.kaspersky-labs.com
dnl-ru13.kaspersky-labs.com
dnl-ru14.kaspersky-labs.com
dnl-ru15.kaspersky-labs.com
dnl-ru2.kaspersky-labs.com
dnl-ru3.kaspersky-labs.com
dnl-ru4.kaspersky-labs.com
dnl-ru5.kaspersky-labs.com
dnl-ru6.kaspersky-labs.com
dnl-ru7.kaspersky-labs.com
dnl-ru8.kaspersky-labs.com
dnl-ru9.kaspersky-labs.com
dnl-us1.kaspersky-labs.com
dnl-us10.kaspersky-labs.com
dnl-us11.kaspersky-labs.com
dnl-us12.kaspersky-labs.com
dnl-us13.kaspersky-labs.com
dnl-us14.kaspersky-labs.com
dnl-us15.kaspersky-labs.com
dnl-us2.kaspersky-labs.com
dnl-us3.kaspersky-labs.com
dnl-us4.kaspersky-labs.com
dnl-us5.kaspersky-labs.com
dnl-us6.kaspersky-labs.com
dnl-us7.kaspersky-labs.com
dnl-us8.kaspersky-labs.com
dnl-us9.kaspersky-labs.com
u0.eset.com
u1.eset.com
u2.eset.com
u3.eset.com
u4.eset.com
u5.eset.com
u6.eset.com
u7.eset.com
u8.eset.com
u9.eset.com
u10.eset.com
u11.eset.com
u12.eset.com
u13.eset.com
u14.eset.com
u15.eset.com
u16.eset.com
u17.eset.com
u18.eset.com
u19.eset.com
u20.eset.com
u21.eset.com
u22.eset.com
u23.eset.com
u24.eset.com
u25.eset.com
u26.eset.com
u27.eset.com
u28.eset.com
u29.eset.com
u30.eset.com
u31.eset.com
u32.eset.com
u33.eset.com
u34.eset.com
u35.eset.com
u36.eset.com
u37.eset.com
u38.eset.com
u39.eset.com
u40.eset.com
u41.eset.com
u42.eset.com
u43.eset.com
u44.eset.com
u45.eset.com
u46.eset.com
u47.eset.com
u48.eset.com
u49.eset.com
u50.eset.com
u51.eset.com
u52.eset.com
u53.eset.com
u54.eset.com
u55.eset.com
u56.eset.com
u57.eset.com
u58.eset.com
u59.eset.com
u60.eset.com
u61.eset.com
u62.eset.com
u63.eset.com
u64.eset.com
u65.eset.com
u66.eset.com
u67.eset.com
u68.eset.com
u69.eset.com
u70.eset.com
u71.eset.com
u72.eset.com
u73.eset.com
u74.eset.com
u75.eset.com
u76.eset.com
u77.eset.com
u78.eset.com
u79.eset.com
u80.eset.com
u81.eset.com
u82.eset.com
u83.eset.com
u84.eset.com
u85.eset.com
u86.eset.com
u87.eset.com
u88.eset.com
u89.eset.com
u90.eset.com
u91.eset.com
u92.eset.com
u93.eset.com
u94.eset.com
u95.eset.com
u96.eset.com
u97.eset.com
u98.eset.com
u99.eset.com
u100.eset.com
nod32.datsec.de
up1.nod123.cn
niufour.norman.no
download.norman.no
niuone.norman.no
niusix.norman.no
niutwo.norman.no
niuseven.norman.no
niuthree.norman.no
niunine.norman.no
niufive.norman.no
niueight.norman.no
sandbox.norman.com
stats.norton.com
liveupdate.symantec.com
update.symantec.com
updates.symantec.com
customer.symantec.com
renewalcenter.symantec.com
security.symantec.com
shop.symantec.com
securityresponse.symantec.com
ftp.symantec.com
rads.mcafee.com
fr.mcafee.com
mast.mcafee.com
us.mcafee.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
ftp.nai.com
download1.quickheal.com
download2.quickheal.com
download3.quickheal.com
download4.quickheal.com
download5.quickheal.com
download6.quickheal.com
download7.quickheal.com
download8.quickheal.com
download9.quickheal.com
download10.quickheal.com
update.quickheal.com
sophos1.ucd.ie
sophos2.ucd.ie
sophos3.ucd.ie
sophos4.ucd.ie
sophos5.ucd.ie
sophos6.ucd.ie
sophos7.ucd.ie
sophos8.ucd.ie
sophos9.ucd.ie
sophos10.ucd.ie
update.sophos.com
pccreg.trendmicro.com
housecall.trendmicro.com
cn.trendmicro.com
update.trendmicro.com
files.trendmicro-europe.com
ieupdate.gdata.de
ieupdate6.gdata.de
ieupdate5.gdata.de
ieupdate4.gdata.de
ieupdate3.gdata.de
ieupdate2.gdata.de
ieupdate1.gdata.de
acs.pandasoftware.com
downloads.My-eTrust.com
antivirus.cai.com
ftp.ca.co
ftp.esafe.com
updates.f-prot.com
ftp.f-prot.com
update.ikarus-software.at
avu.zonelabs.com
windowsupdate.microsoft.com
ftp.microworldsystems.com
update.aladdin.com
update.authentium.com
update.bitdefender.com
update.ewido.com
update.hispasec.com
up.duba.net
update.ikaka.com

Worm:Win32/Virauto.A is a worm that propagates by copying itself to drives in the system. It may also add its copy to archived ZIP files in the system. It has backdoor capabilities and may also download other files. It modifies the HOSTS file to prevent the system from downloading antivirus updates.

Installation
Worm:Win32/Virauto.A drops the following files upon execution:
%ProgramFiles%Windows NTexplorer.exe - copy of itself
%ProgramFiles%Windows NTcmd32.exe - worm component also detected as Worm:Win32/Virauto.A
%ProgramFiles%Windows NTantivir.dll - DLL file use to monitor MSN Messenger sessions; detected as TrojanSpy:Win32/Delf
If the system is currently running Windows Vista, this worm also drops the following files:
C:Program Files (x86)Windows NTexplorer.exe - copy of itself
C:Program Files (x86)Windows NTcmd32.exe - worm component also detected as Worm:Win32/Virauto.A
It also creates the following ZIP files, which contain a copy of itself:
%Temp%<YYYYMMDD>(<Number>).zip where <YYYYMMDD> is the current year, month, and day, and <number> is a random number. For example: %Temp%20090617(0).zip It modifies the following registry entries so that its dropped copy automatically runs every time an executable file is run: Adds value: "@"
With data: "syntax0"
To subkey: HKLMSOFTWAREClassesexefileshell Adds value: "@"
With data: "%ProgramFiles%Windows NTexplorer.exe "%1" %*"
To subkey: HKLMSOFTWAREClassesexefileshellsyntax0command It also creates the following mutexes: MessegnerPlusMutexObject2
sh0w-m3-wh4t-y0u-g0t-l1l-m4m4-<number>Spreads via...Logical drives Worm:Win32/Virauto.A drops the following files in drives found in the system:
kkk.exe - copy of the worm
autorun.inf - configuration file used to automatically execute the worm copy when the drive is accessed
ZIP filesWorm:Win32/Virauto.A also searches for ZIP files in the system. When found, it adds a worm copy to the archive file with the following format:
<string>.gif<white space>.scr where <string> is a random string and <white space> is a series of space characters. For example:
nvnFJb1.gif .scr

Payload
Performs backdoor functionalityWorm:Win32/Virauto.A has backdoor functionalities, which an attacker can use to perform the following actions on the system:
Retrieve email addresses
Perform DDOS attacks
Execute mIRC commands
Distribute copy through P2P file sharing programs such as BitComet, BitTorrent, Azureus, BitSpir, UTorrent
Download and execute component files
Downloads additional filesWorm:Win32/Virauto.A may connect to the following domains to download additional files:
www.max-gate.com
tehaqa.hopto.org
Modifies HOSTS file
Worm:Win32/Virauto.A modifies the HOSTS file to prevent access to the following sites, which may supply antivirus signature updates: download0.avast.com
download1.avast.com
download2.avast.com
download3.avast.com
download4.avast.com
download5.avast.com
download6.avast.com
download7.avast.com
download72.avast.com
download73.avast.com
download74.avast.com
download75.avast.com
download76.avast.com
download77.avast.com
download78.avast.com
download79.avast.com
download80.avast.com
download81.avast.com
download82.avast.com
download83.avast.com
download84.avast.com
download85.avast.com
download91.avast.com
download92.avast.com
download93.avast.com
download94.avast.com
download95.avast.com
download96.avast.com
download97.avast.com
download98.avast.com
download99.avast.com
download100.avast.com
download200.avast.com
download201.avast.com
download202.avast.com
download203.avast.com
download204.avast.com
download205.avast.com
download206.avast.com
download207.avast.com
download208.avast.com
download209.avast.com
download210.avast.com
download211.avast.com
download212.avast.com
download213.avast.com
download214.avast.com
download501.avast.com
download502.avast.com
download503.avast.com
download504.avast.com
download505.avast.com
download511.avast.com
download512.avast.com
download513.avast.com
download514.avast.com
download515.avast.com
download516.avast.com
download600.avast.com
download601.avast.com
download602.avast.com
download603.avast.com
download604.avast.com
download605.avast.com
download606.avast.com
download607.avast.com
download608.avast.com
download609.avast.com
download617.avast.com
download618.avast.com
download619.avast.com
download620.avast.com
download621.avast.com
download622.avast.com
download623.avast.com
download624.avast.com
download625.avast.com
download626.avast.com
download627.avast.com
download628.avast.com
download629.avast.com
download630.avast.com
download631.avast.com
download632.avast.com
download633.avast.com
download634.avast.com
download635.avast.com
download636.avast.com
download637.avast.com
download638.avast.com
download639.avast.com
download640.avast.com
download641.avast.com
download642.avast.com
download643.avast.com
download644.avast.com
download645.avast.com
download646.avast.com
download647.avast.com
download648.avast.com
download649.avast.com
download650.avast.com
download651.avast.com
download652.avast.com
download653.avast.com
download654.avast.com
download655.avast.com
download656.avast.com
download657.avast.com
download658.avast.com
download659.avast.com
download660.avast.com
download661.avast.com
download662.avast.com
download663.avast.com
download664.avast.com
download665.avast.com
download666.avast.com
download667.avast.com
download668.avast.com
download669.avast.com
download670.avast.com
download671.avast.com
download672.avast.com
download673.avast.com
download674.avast.com
download675.avast.com
download676.avast.com
download677.avast.com
download678.avast.com
download679.avast.com
download680.avast.com
download681.avast.com
download682.avast.com
download683.avast.com
download684.avast.com
download685.avast.com
download686.avast.com
download687.avast.com
download688.avast.com
download689.avast.com
download690.avast.com
download691.avast.com
download692.avast.com
download693.avast.com
download694.avast.com
download695.avast.com
download696.avast.com
download697.avast.com
download698.avast.com
download699.avast.com
download700.avast.com
download701.avast.com
download702.avast.com
download703.avast.com
download704.avast.com
download705.avast.com
download706.avast.com
download707.avast.com
download708.avast.com
download709.avast.com
download900.avast.com
download901.avast.com
download902.avast.com
download903.avast.com
download904.avast.com
download905.avast.com
download906.avast.com
download907.avast.com
download908.avast.com
download909.avast.com
download910.avast.com
download911.avast.com
download912.avast.com
download913.avast.com
download914.avast.com
download915.avast.com
download916.avast.com
download917.avast.com
download918.avast.com
download919.avast.com
download920.avast.com
download921.avast.com
download922.avast.com
download923.avast.com
download924.avast.com
download925.avast.com
download926.avast.com
download927.avast.com
download928.avast.com
download929.avast.com
download930.avast.com
download931.avast.com
download932.avast.com
download933.avast.com
download934.avast.com
download935.avast.com
download936.avast.com
download937.avast.com
download938.avast.com
download939.avast.com
download940.avast.com
download941.avast.com
download942.avast.com
download943.avast.com
download944.avast.com
download945.avast.com
download946.avast.com
download947.avast.com
download948.avast.com
download949.avast.com
download950.avast.com
download951.avast.com
download952.avast.com
download953.avast.com
download954.avast.com
download955.avast.com
download956.avast.com
download957.avast.com
download958.avast.com
download959.avast.com
download960.avast.com
download961.avast.com
download962.avast.com
download963.avast.com
download964.avast.com
download965.avast.com
download966.avast.com
download967.avast.com
download968.avast.com
download969.avast.com
download970.avast.com
download971.avast.com
download972.avast.com
download973.avast.com
download974.avast.com
download975.avast.com
download976.avast.com
download977.avast.com
download978.avast.com
download979.avast.com
download980.avast.com
update.avgfrance.com
update.avg.com
guru.avg.com
update.grisoft.com
free.grisoft.com
shadow.grisoft.cz
free.grisoft.cz
update.grisoft.cz
dl1.avgate.net
dl2.avgate.net
dl3.avgate.net
dl4.avgate.net
dl5.avgate.net
dl6.avgate.net
dl7.avgate.net
dl8.freeav.net
dl9.freeav.net
dl10.freeav.net
dl1.antivir-pe.de
dl2.antivir-pe.de
dl3.antivir-pe.de
dl4.antivir-pe.de
dl1.antivir-pe.com
dl2.antivir-pe.com
dl3.antivir-pe.com
dl4.antivir-pe.com
dl1.antivir.de
dl2.antivir.de
dl3.antivir.de
dl4.antivir.de
notifier.antivir-pe.de
pccreg.antivirus.com
symantec-ese.baynote.net
update.bitdefender.com
buddy.bitdefender.com
upgrade.bitdefender.com
upgrade1.bitdefender.com
upgrade2.bitdefender.com
upgrade3.bitdefender.com
upgrade4.bitdefender.com
kb.bitdefender.com
ftp.bitdefender.com
fr.bitdefender.com
updates.drweb.com
update.drweb.com
msk.drweb.com
msk1.drweb.com
msk2.drweb.com
msk3.drweb.com
msk4.drweb.com
msk5.drweb.com
msk6.drweb.com
msk7.drweb.com
fr.drweb.com
fr1.drweb.com
fr2.drweb.com
fr3.drweb.com
fr4.drweb.com
fr5.drweb.com
fr6.drweb.com
fr7.drweb.com
dnl-cd1.kaspersky-labs.com
dnl-cd10.kaspersky-labs.com
dnl-cd11.kaspersky-labs.com
dnl-cd12.kaspersky-labs.com
dnl-cd13.kaspersky-labs.com
dnl-cd14.kaspersky-labs.com
dnl-cd2.kaspersky-labs.com
dnl-cd3.kaspersky-labs.com
dnl-cd4.kaspersky-labs.com
dnl-cd5.kaspersky-labs.com
dnl-cd6.kaspersky-labs.com
dnl-cd7.kaspersky-labs.com
dnl-cd8.kaspersky-labs.com
dnl-cd9.kaspersky-labs.com
dnl-cn1.kaspersky-labs.com
dnl-cn10.kaspersky-labs.com
dnl-cn11.kaspersky-labs.com
dnl-cn12.kaspersky-labs.com
dnl-cn13.kaspersky-labs.com
dnl-cn14.kaspersky-labs.com
dnl-cn15.kaspersky-labs.com
dnl-cn2.kaspersky-labs.com
dnl-cn3.kaspersky-labs.com
dnl-cn4.kaspersky-labs.com
dnl-cn5.kaspersky-labs.com
dnl-cn6.kaspersky-labs.com
dnl-cn7.kaspersky-labs.com
dnl-cn8.kaspersky-labs.com
dnl-cn9.kaspersky-labs.com
dnl-eu1.kaspersky-labs.com
dnl-eu10.kaspersky-labs.com
dnl-eu11.kaspersky-labs.com
dnl-eu12.kaspersky-labs.com
dnl-eu13.kaspersky-labs.com
dnl-eu14.kaspersky-labs.com
dnl-eu15.kaspersky-labs.com
dnl-eu2.kaspersky-labs.com
dnl-eu3.kaspersky-labs.com
dnl-eu4.kaspersky-labs.com
dnl-eu5.kaspersky-labs.com
dnl-eu6.kaspersky-labs.com
dnl-eu7.kaspersky-labs.com
dnl-eu8.kaspersky-labs.com
dnl-eu9.kaspersky-labs.com
dnl-jp1.kaspersky-labs.com
dnl-jp10.kaspersky-labs.com
dnl-jp11.kaspersky-labs.com
dnl-jp12.kaspersky-labs.com
dnl-jp13.kaspersky-labs.com
dnl-jp14.kaspersky-labs.com
dnl-jp15.kaspersky-labs.com
dnl-jp2.kaspersky-labs.com
dnl-jp3.kaspersky-labs.com
dnl-jp4.kaspersky-labs.com
dnl-jp5.kaspersky-labs.com
dnl-jp6.kaspersky-labs.com
dnl-jp7.kaspersky-labs.com
dnl-jp8.kaspersky-labs.com
dnl-jp9.kaspersky-labs.com
dnl-kr1.kaspersky-labs.com
dnl-kr10.kaspersky-labs.com
dnl-kr11.kaspersky-labs.com
dnl-kr12.kaspersky-labs.com
dnl-kr13.kaspersky-labs.com
dnl-kr14.kaspersky-labs.com
dnl-kr15.kaspersky-labs.com
dnl-kr2.kaspersky-labs.com
dnl-kr3.kaspersky-labs.com
dnl-kr4.kaspersky-labs.com
dnl-kr5.kaspersky-labs.com
dnl-kr6.kaspersky-labs.com
dnl-kr7.kaspersky-labs.com
dnl-kr8.kaspersky-labs.com
dnl-kr9.kaspersky-labs.com
dnl-ru1.kaspersky-labs.com
dnl-ru10.kaspersky-labs.com
dnl-ru11.kaspersky-labs.com
dnl-ru12.kaspersky-labs.com
dnl-ru13.kaspersky-labs.com
dnl-ru14.kaspersky-labs.com
dnl-ru15.kaspersky-labs.com
dnl-ru2.kaspersky-labs.com
dnl-ru3.kaspersky-labs.com
dnl-ru4.kaspersky-labs.com
dnl-ru5.kaspersky-labs.com
dnl-ru6.kaspersky-labs.com
dnl-ru7.kaspersky-labs.com
dnl-ru8.kaspersky-labs.com
dnl-ru9.kaspersky-labs.com
dnl-us1.kaspersky-labs.com
dnl-us10.kaspersky-labs.com
dnl-us11.kaspersky-labs.com
dnl-us12.kaspersky-labs.com
dnl-us13.kaspersky-labs.com
dnl-us14.kaspersky-labs.com
dnl-us15.kaspersky-labs.com
dnl-us2.kaspersky-labs.com
dnl-us3.kaspersky-labs.com
dnl-us4.kaspersky-labs.com
dnl-us5.kaspersky-labs.com
dnl-us6.kaspersky-labs.com
dnl-us7.kaspersky-labs.com
dnl-us8.kaspersky-labs.com
dnl-us9.kaspersky-labs.com
u0.eset.com
u1.eset.com
u2.eset.com
u3.eset.com
u4.eset.com
u5.eset.com
u6.eset.com
u7.eset.com
u8.eset.com
u9.eset.com
u10.eset.com
u11.eset.com
u12.eset.com
u13.eset.com
u14.eset.com
u15.eset.com
u16.eset.com
u17.eset.com
u18.eset.com
u19.eset.com
u20.eset.com
u21.eset.com
u22.eset.com
u23.eset.com
u24.eset.com
u25.eset.com
u26.eset.com
u27.eset.com
u28.eset.com
u29.eset.com
u30.eset.com
u31.eset.com
u32.eset.com
u33.eset.com
u34.eset.com
u35.eset.com
u36.eset.com
u37.eset.com
u38.eset.com
u39.eset.com
u40.eset.com
u41.eset.com
u42.eset.com
u43.eset.com
u44.eset.com
u45.eset.com
u46.eset.com
u47.eset.com
u48.eset.com
u49.eset.com
u50.eset.com
u51.eset.com
u52.eset.com
u53.eset.com
u54.eset.com
u55.eset.com
u56.eset.com
u57.eset.com
u58.eset.com
u59.eset.com
u60.eset.com
u61.eset.com
u62.eset.com
u63.eset.com
u64.eset.com
u65.eset.com
u66.eset.com
u67.eset.com
u68.eset.com
u69.eset.com
u70.eset.com
u71.eset.com
u72.eset.com
u73.eset.com
u74.eset.com
u75.eset.com
u76.eset.com
u77.eset.com
u78.eset.com
u79.eset.com
u80.eset.com
u81.eset.com
u82.eset.com
u83.eset.com
u84.eset.com
u85.eset.com
u86.eset.com
u87.eset.com
u88.eset.com
u89.eset.com
u90.eset.com
u91.eset.com
u92.eset.com
u93.eset.com
u94.eset.com
u95.eset.com
u96.eset.com
u97.eset.com
u98.eset.com
u99.eset.com
u100.eset.com
nod32.datsec.de
up1.nod123.cn
niufour.norman.no
download.norman.no
niuone.norman.no
niusix.norman.no
niutwo.norman.no
niuseven.norman.no
niuthree.norman.no
niunine.norman.no
niufive.norman.no
niueight.norman.no
sandbox.norman.com
stats.norton.com
liveupdate.symantec.com
update.symantec.com
updates.symantec.com
customer.symantec.com
renewalcenter.symantec.com
security.symantec.com
shop.symantec.com
securityresponse.symantec.com
ftp.symantec.com
rads.mcafee.com
fr.mcafee.com
mast.mcafee.com
us.mcafee.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
ftp.nai.com
download1.quickheal.com
download2.quickheal.com
download3.quickheal.com
download4.quickheal.com
download5.quickheal.com
download6.quickheal.com
download7.quickheal.com
download8.quickheal.com
download9.quickheal.com
download10.quickheal.com
update.quickheal.com
sophos1.ucd.ie
sophos2.ucd.ie
sophos3.ucd.ie
sophos4.ucd.ie
sophos5.ucd.ie
sophos6.ucd.ie
sophos7.ucd.ie
sophos8.ucd.ie
sophos9.ucd.ie
sophos10.ucd.ie
update.sophos.com
pccreg.trendmicro.com
housecall.trendmicro.com
cn.trendmicro.com
update.trendmicro.com
files.trendmicro-europe.com
ieupdate.gdata.de
ieupdate6.gdata.de
ieupdate5.gdata.de
ieupdate4.gdata.de
ieupdate3.gdata.de
ieupdate2.gdata.de
ieupdate1.gdata.de
acs.pandasoftware.com
downloads.My-eTrust.com
antivirus.cai.com
ftp.ca.co
ftp.esafe.com
updates.f-prot.com
ftp.f-prot.com
update.ikarus-software.at
avu.zonelabs.com
windowsupdate.microsoft.com
ftp.microworldsystems.com
update.aladdin.com
update.authentium.com
update.bitdefender.com
update.ewido.com
update.hispasec.com
up.duba.net
update.ikaka.com

Analysis by Elda Dimakiling
Last update 18 June 2009

TOP

Malware :

Last 20

Family:

Worm:Win32/Virauto.A