IDNSERROR.COM and Troj/Zlob-QK

  • Thread starter Thread starter ibfx.filter
  • Start date Start date
I

ibfx.filter

If you find yourself plagued with pop-ups telling you have a trojan and
directing you to the web site IDNSERROR.COM and/or other sites to buy
(presumably fraudulent) antivirus software, you have in fact installed
the Troj/Zlob-QK trojan (see
http://www.sophos.com/security/analyses/trojzlobqk.html).

I'm submitting this so people searching for that web site will be able
to find information on the trojan.
 
From: <[email protected]>

| If you find yourself plagued with pop-ups telling you have a trojan and
| directing you to the web site IDNSERROR.COM and/or other sites to buy
| (presumably fraudulent) antivirus software, you have in fact installed
| the Troj/Zlob-QK trojan (see
| http://www.sophos.com/security/analyses/trojzlobqk.html).
|
| I'm submitting this so people searching for that web site will be able
| to find information on the trojan.

http://www.dnsstuff.com/tools/whois.ch?ip=IDNSERROR.COM&email=on

The web page is a con job and wants you to install; SystemDoctor2006FreeInstall.exe

Complete scanning result of "SystemDoctor2006FreeInstall.exe", processed in VirusTotal at
11/11/2006 01:25:28 (CET).

[ file data ]
* name: SystemDoctor2006FreeInstall.exe
* size: 95696
* md5.: 93fdbfaae9a3a7e984fc70dfe858e5e6
* sha1: 64486bf0347c1ef8d6bd2a18fed591d23fc18776

[ scan result ]
AntiVir 7.2.0.39/20061110 found nothing
Authentium 4.93.8/20061110 found [Possibly a new variant of
W32/Behavior:SelfStarterInternetTrojan!Maximus]
Avast 4.7.892.0/20061109 found [Win32:Adware-gen.]
AVG 386/20061110 found nothing
BitDefender 7.2/20061111 found nothing
CAT-QuickHeal 8.00/20061110 found nothing
ClamAV devel-20060426/20061110 found nothing
DrWeb 4.33/20061110 found nothing
eTrust-InoculateIT 23.73.51/20061110 found nothing
eTrust-Vet 30.3.3186/20061110 found nothing
Ewido 4.0/20061110 found [Not-A-Virus.Downloader.Win32.WinFixer.q]
F-Prot 3.16f/20061110 found [Possibly a new variant of
W32/Behavior:SelfStarterInternetTrojan!Maximus]
F-Prot4 4.2.1.29/20061110 found [W32/Behavior:SelfStarterInternetTrojan!Maximus]
Fortinet 2.82.0.0/20061110 found nothing
Ikarus 0.2.65.0/20061110 found nothing
Kaspersky 4.0.2.24/20061111 found [not-a-virus:Downloader.Win32.WinFixer.q]
McAfee 4893/20061110 found nothing
Microsoft 1.1609 /20061111 found nothing
NOD32v2 1862/20061110 found [Win32/Adware.WinFixer]
Norman 5.80.02/20061110 found [W32/WinFixer.IJ]
Panda 9.0.0.4/20061110 found [Application/SystemDoctor2006]
Sophos 4.11.0/20061107 found nothing
TheHacker 6.0.1.116/20061109 found nothing
UNA 1.83/20061110 found nothing
VBA32 3.11.1/20061110 found [Application.Win32.Adware.WinFixer]
VirusBuster 4.3.15:9/20061110 found nothing

amaena.com = systemdoctor.com = 66.244.254.64


/* The implications of the above is very interesting ! */
 
Back
Top