WORM_VBNA
Windows 2000, Windows XP, Windows Server 2003
Tipo di minaccia informatica:
Worm
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
Llega tras conectar las unidades extraíbles afectadas a un sistema. Puede haberlo infiltrado otro malware. Puede haberlo descargado inadvertidamente un usuario mientras visitaba sitios Web maliciosos.
Elimina entradas de registro para causar el funcionamiento incorrecto de aplicaciones y programas.
Infiltra copias de sí mismo en todas las unidades extraíbles y físicas del sistema. Infiltra un archivo AUTORUN.INF para que ejecute automáticamente las copias que infiltra cuando un usuario accede a las unidades de un sistema afectado.
Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado.
Modifica los archivos HOSTS del sistema afectado. Esto impide el acceso de los usuarios a determinados sitios Web.
Dettagli tecnici
Detalles de entrada
Llega tras conectar las unidades extraíbles afectadas a un sistema.
Puede haberlo infiltrado otro malware.
Puede haberlo descargado inadvertidamente un usuario mientras visitaba sitios Web maliciosos.
Instalación
Crea las siguientes copias de sí mismo en el sistema afectado y las ejecuta:
- %Application Data%\{malware file name}.exe
- %Start Menu%\{malware file name}.exe
- %Start Menu%\{random}\{malware file name}.exe
- %System Root%\{random}\{malware file name}.exe
- %User Profile%\{random file name}.exe
(Nota: %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).
. %Start Menu% es la carpeta Menú Inicio del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Menú Inicio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Menú Inicio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Menú Inicio).. %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).. %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).)Crea las carpetas siguientes:
- %User Profile%\{random1}
(Nota: %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).
)Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
{random} = "%User Profile%\{random1}\winlogon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Windows Update System = "%Application Data%\{random.exe}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Update System = "%Application Data%\{random.exe}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{random file name} = "%User Profile%\{random file name}.exe"
Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
Windows Update System = "%Application Data%\{malware file name}.exe"
HKEY_CURRENT_USER\Software\Policies\
Microsoft\Internet Explorer\Control Panel
HomePage = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Download
RunInvalidSignatures = "1"
HKEY_CURRENT_USER\Software\Microsoft
Internet Explorer\Main = Default_Search_URL
(Note: The default value data of the said registry entry is "http://{BLOCKED}1bzn0b8ng.{BLOCKED}orio-w.com".)
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Default_Page_URL = "http://{BLOCKED}1ysw3av7o.directorio-w.com"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Associations
LowRiskFileTypes = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
System
DisableRegistryTools = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
System
DisableTaskMgr = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoRun = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoFile = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoFolderOptions = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Layers
%User Profile%\{random1}\winlogon.exe = "RUNASADMIN"
HKEY_CURRENT_USER\Software\Microsoft\
Windows Script Host\Settings
Enabled = "0"
HKEY_CURRENT_USER\Software\Policies\
Microsoft\Windows\System
DisableCMD = "1"
HKEY_CURRENT_USER\Software\Policies\
Microsoft\Internet Explorer\Control Panel
HomePage = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
UacDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AntiSpyWareDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AutoUpdateDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
cval = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
InternetSettingsDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiVirusDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiVirusOverride = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirewallDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirewallOverride = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirstRunDisabled = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
UpdatesDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
UacDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiSpywareOverride = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Monitoring
DisableMonitoring = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Monitoring\SymantecAntiVirus
DisableMonitoring = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Monitoring\SymantecFirewall
DisableMonitoring = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer
NoFolderOptions = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
ConsentPromptBehaviorAdmin = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
PromptOnSecureDesktop = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
{application name}
Debugger = "%User Profile%\{random}\{malware file name}.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows Script Host\Settings
Enabled = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\WindowsFirewall\DomainProfile
EnableFirewall = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\WindowsFirewall\StandardProfile
EnableFirewall = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate\
AU
NoAutoRebootWithLoggedOnUsers = "1"
Modifica las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Download
CheckExeSignatures = "No"
(Note: The default value data of the said registry entry is Yes.)
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Local Page = "http://{BLOCKED}c7n3830a.directorio-w.com"
(Note: The default value data of the said registry entry is {user-defined}.)
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Mai
Start Page = "http://{BLOCKED}8a280nwvc.directorio-w.com"
(Note: The default value data of the said registry entry is {user-defined}.)
Elimina las siguientes claves de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
{application name}
Elimina las siguientes entradas de registro:
HKEY_CLASSES_ROOT\lnkfile
IsShortcut =
HKEY_CLASSES_ROOT\piffile
IsShortcut =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
lnkfile
IsShortcut =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
piffile
IsShortcut =
Propagación
Infiltra copias de sí mismo en todas las unidades extraíbles y físicas del sistema.
Infiltra un archivo AUTORUN.INF para que ejecute automáticamente las copias que infiltra cuando un usuario accede a las unidades de un sistema afectado.
Envía los mensajes siguientes mediante aplicaciones de mensajería instantánea:
Have you seen this? lol! {URL}
olhar para esta lol! {URL}
spojrzec na lol! {URL}
vejte se na mou lol! {URL}
guardare quest lol! {URL}
You know someone tried to kill obama today!? {URL}
bekijk deze lol! {URL}
mira esta lol! {URL}
schau mal das lol! {URL}
regardez cette lol! {URL}
Envía mensajes que contienen enlaces a sitios con copias remotas de sí mismo mediante las siguientes aplicaciones de mensajería instantánea:
- Windows Live Messenger
Rutina de puerta trasera
Este malware abre el/los siguiente(s) puerto(s) donde realiza escuchas sobre comandos remotos:
- 6667
- 8000
Se conecta a uno de los servidores de IRC siguientes:
- {BLOCKED}.{BLOCKED}.82.177
Se une a los canales de IRC siguientes:
- #Ganja
Ejecuta los comandos siguientes desde un usuario remoto malicioso:
- clean - removes the malware from the affected system
- ddoser - performs UDP flooding on specified ports
- KillAv - terminates processes
- speedtest - accesses the following URL for speedtest: http://speedtestfile.com/10mb.bin
- update - performs malware update
- visit - accesses a given URL to download and execute another file
Finalización del proceso
Finaliza los procesos siguientes si detecta que se ejecutan en la memoria del sistema afectado:
- avp.exe
- ccsvchst.exe
- kaspersky.exe
- mcafee.exe
- norton.exe
Modificar el archivo HOSTS
Modifica los archivos HOSTS del sistema afectado para que los usuarios no puedan acceder a los sitios Web siguientes:
- 127.0.0.1 www.virustotal.com
- 127.0.0.1 www.pandasoftware.com
- 127.0.0.1 www.norton.com
- 127.0.0.1 www.nod32.com
- 127.0.0.1 www.microsoft.com
- 127.0.0.1 www.macafee.com
- 127.0.0.1 www.kaspersky-labs.com
- 127.0.0.1 www.hotmail.com
- 127.0.0.1 www.download.mcafee.com
- 127.0.0.1 pandasoftware.com
- 127.0.0.1 norton.com
- 127.0.0.1 nod32.com
- 127.0.0.1 microsoft.com
- 127.0.0.1 macafee.com
- 127.0.0.1 bitdefender.com
- 127.0.0.1 www.virusscan.jotti.org
- 127.0.0.1 www.viruslist.com
- 127.0.0.1 www.virscan.org
- 127.0.0.1 www.trendmicro.com
- 127.0.0.1 www.symantec.com
- 127.0.0.1 www.sophos.com
- 127.0.0.1 www.networkassociates.com
- 127.0.0.1 www.nai.com
- 127.0.0.1 www.my-etrust.com
- 127.0.0.1 www.mcafee.com
- 127.0.0.1 www.kaspersky.com
- 127.0.0.1 www.grisoft.com
- 127.0.0.1 www.f-secure.com
- 127.0.0.1 www.ca.com
- 127.0.0.1 www.avp.com
- 127.0.0.1 virustotal.com
- 127.0.0.1 virusscan.jotti.org
- 127.0.0.1 viruslist.com
- 127.0.0.1 virscan.org
- 127.0.0.1 us.mcafee.com
- 127.0.0.1 updates.symantec.com
- 127.0.0.1 update.symantec.com
- 127.0.0.1 trendmicro.com
- 127.0.0.1 threatexpert.com
- 127.0.0.1 symantec.com
- 127.0.0.1 sophos.com
- 127.0.0.1 securityresponse.symantec.com
- 127.0.0.1 secure.nai.com
- 127.0.0.1 scanner.novirusthanks.org
- 127.0.0.1 rads.mcafee.com
- 127.0.0.1 networkassociates.com
- 127.0.0.1 nai.com
- 127.0.0.1 my-etrust.com
- 127.0.0.1 mcafee.com
- 127.0.0.1 mast.mcafee.com
- 127.0.0.1 liveupdate.symantecliveupdate.com
- 127.0.0.1 liveupdate.symantec.com
- 127.0.0.1 kaspersky.com
- 127.0.0.1 kaspersky-labs.com
- 127.0.0.1 f-secure.com
- 127.0.0.1 download.mcafee.com
- 127.0.0.1 dispatch.mcafee.com
- 127.0.0.1 customer.symantec.com
- 127.0.0.1 ca.com
- 127.0.0.1 avp.com
Este malware modifica los archivos HOSTS del sistema para redireccionar a los usuarios una vez que se accede al/a los sitio(s) Web siguiente(s):
- 184.168.105.79 viabcp.com
- 184.168.105.79 www.viabcp.com
- 184.168.105.79 bcpzonasegura.viabcp.com
- 184.168.105.79 bn.com.pe
- 184.168.105.79 www.bn.com.pe
- 184.168.105.79 zonasegura1.bn.com.pe
- 184.168.105.79 bbvabancocontinental.com
- 184.168.105.79 www.bbvabancocontinental.com
- 184.168.105.79 peb1.bbvanetlatam.com
- 184.168.105.79 www.peb1.bbvanetlatam.com
- 184.168.105.79 scotiabank.com.pe
- 184.168.105.79 www.scotiabank.com.pe
- 184.168.105.79 scotiaenlinea.scotiabank.com.pe
- 33.12.212.57 iniciorapido.info
- 9.220.32.83 www.iniciorapido.info
- 254.253.190.122 buscalo.in
- 0.110.172.243 www.buscalo.in
- 151.237.168.188 buscafacil.com
- 59.1.244.214 www.buscafacil.com
- 49.34.146.254 emsisoft.com
- 119.148.129.186 ahnlab.com
- 202.18.124.131 antivir.es
- 178.226.201.90 antiy.net
- 167.3.102.197 authentium.com
- 169.117.17.61 avast.com
- 64.56.80.7 avg.com
- 228.8.157.221 bitdefender.com
- 217.40.58.72 quickheal.com
- 31.154.229.192 clamav.net
- 114.25.37.138 comodo.com
- 22.45.113.164 drweb.com
- 11.78.15.203 aladdin.com
- 81.191.185.68 ca.com
- 232.62.249.13 f-prot.com
- 140.14.69.39 f-secure.com
- 130.115.227.79 fortinet.com
- 200.161.142.199 gdata.es
- 27.99.205.144 ikarus.at
- 191.51.26.171 jiangmin.com
- 180.84.183.210 kaspersky.com
- 250.198.98.142 mcafee.com
- 145.137.161.20 microsoft.com
- 53.89.238.46 eset.es
- 42.121.139.153 norman.com
- 112.235.54.17 nprotect.com
- 195.106.118.219 pandasecurity.com
- 103.126.194.177 pctools.com
- 92.159.28.28 prevx.com
- 162.204.10.149 rising-global.com
- 245.143.6.94 sophos.com
- 221.95.150.120 sunbeltsoftware.com
- 211.128.240.160 symantec.com
- 213.242.223.24 hacksoft.com.pe
- 108.180.218.225 trendmicro.com
- 16.132.107.252 anti-virus.by
- 5.165.196.35 hauri.net
- 75.23.179.155 virusbuster.hu
- 158.150.174.101 www.emsisoft.com
- 134.170.251.127 www.ahnlab.com
- 123.202.152.166 www.antivir.es
- 125.248.135.30 www.antiy.net
- 20.187.131.232 www.authentium.com
- 184.139.207.2 www.avast.com
- 173.172.109.109 www.avg.com
- 243.29.91.230 www.bitdefender.com
- 70.224.87.175 www.quickheal.com
- 234.176.163.133 www.clamav.net
- 224.209.65.241 www.comodo.com
- 38.67.48.105 www.drweb.com
- 189.193.43.50 www.aladdin.com
- 97.213.120.9 www.ca.com
- 86.246.21.116 www.f-prot.com
- 156.104.4.236 www.f-secure.com
- 239.231.255.182 www.fortinet.com
- 147.183.76.208 www.gdata.es
- 136.215.233.247 www.ikarus.at
- 206.73.216.111 www.jiangmin.com
- 33.12.212.57 www.kaspersky.com
- 9.220.32.83 www.mcafee.com
- 254.253.190.122 www.microsoft.com
- 0.110.172.243 www.eset.es
- 151.237.168.188 www.norman.com
- 59.1.244.214 www.nprotect.com
- 49.34.146.254 www.pandasecurity.com
- 119.148.129.186 www.pctools.com
- 202.18.124.131 www.prevx.com
- 178.226.201.90 www.rising-global.com
- 167.3.102.197 www.sophos.com
- 169.117.17.61 www.sunbeltsoftware.com
- 64.56.80.7 www.symantec.com
- 228.8.157.221 www.hacksoft.com.pe
- 217.40.58.72 www.trendmicro.com
- 31.154.229.192 www.anti-virus.by
- 114.25.37.138 www.hauri.net
- 22.45.113.164 www.virusbuster.hu
- 11.78.15.203 www.emsisoft.com
- 81.191.185.68 www.anti-trojan.net
- 232.62.249.13 malwarescan.emsisoft.com
- 140.14.69.39 forum.emsisoft.com
- 130.115.227.79 www.emsisoft.net
- 200.161.142.199 www.emsisoft.it
- 27.99.205.144 www.emsisoft.de
- 191.51.26.171 www.anti-trojan-software.net
- 180.84.183.210 mamutu.com
- 250.198.98.142 www.emsisoft.es
- 145.137.161.20 malwarescan.emsisoft.de
- 53.89.238.46 ww.emsisoft.com
- 42.121.139.153 www.emsisoft.fr
- 112.235.54.17 www.emsisoft.nl
- 195.106.118.219 onlinecheck.emsisoft.com
- 103.126.194.177 onlinecheck.emsisoft.de
- 92.159.28.28 www.emsisoft.org
- 162.204.10.149 scan.anti-trojan.net
- 245.143.6.94 www.trojaner.info
- 221.95.150.120 onlinecheck.emsisoft.org
- 211.128.240.160 onlinecheck.emsisoft.net
- 213.242.223.24 blitzblank.com
- 108.180.218.225 www.emsisoft.at
- 16.132.107.252 www.emsisoft.jp
- 5.165.196.35 www.mamutu.com
- 75.23.179.155 malwarescan.emsisoft.es
- 158.150.174.101 www.mamutu.de
- 134.170.251.127 download5.emsisoft.com
- 123.202.152.166 download1.emsisoft.com
- 125.248.135.30 download4.emsisoft.com
- 20.187.131.232 global.ahnlab.com
- 184.139.207.2 www.hackshields.com
- 173.172.109.109 www.internationalservicecheck.com
- 243.29.91.230 www.irangoals.com
- 70.224.87.175 ixomodels.com
- 234.176.163.133 www.indielisboa.com
- 224.209.65.241 www.latin-mass-society.org
- 38.67.48.105 www.arpia.be
- 189.193.43.50 www.owen.org
- 97.213.120.9 www.prdouglas.co.uk
- 86.246.21.116 www.zarya.info
- 156.104.4.236 www.willsee.com
- 239.231.255.182 halmapr.com
- 147.183.76.208 karuna-shechen.org
- 136.215.233.247 www.barder.com
- 206.73.216.111 www.antivir.es
- 33.12.212.57 www.buraka.tv
- 9.220.32.83 www.dr-bull.com
- 254.253.190.122 www.manchester-offices.co.uk
- 0.110.172.243 saverssite.com
- 151.237.168.188 canada.karuna-shechen.org
- 59.1.244.214 developmentdrums.org
- 49.34.146.254 www.imddomains.co.uk
- 119.148.129.186 cutlines.org
- 202.18.124.131 elblogdemanu.com
- 178.226.201.90 ruben.bzin.net
- 167.3.102.197 welkam.co.jp
- 169.117.17.61 www.cambridge-steiner-school.co.uk
- 64.56.80.7 naturesimages.net
- 228.8.157.221 www.1stavenuelimousines.co.uk
- 13.92.110.124 www.mtr-design.com
- 83.206.25.244 dev.depeuter.org
- 166.77.89.190 www.emeraldclassic.co.uk
- 74.97.165.216 www.peterhearnwaste.co.uk
- 63.130.67.255 etrr.co.uk
- 133.243.237.120 www.avoncourt.com
- 28.114.45.65 sarahmcconnellphotography.net
- 193.66.121.91 www.ixomodels.com
- 182.167.23.131 natsko.com
- 252.213.194.251 www.nottinghampoetryseries.com
- 79.152.1.196 www.sheffieldmind.co.uk
- 243.103.78.223 ixostore.ixomodels.com
- 232.136.235.6 www.flairweddings.co.uk
- 46.250.150.194 www.fimasys.com
- 197.189.213.72 cohartuk.com
- 105.141.34.98 qqjkw.net
- 94.173.191.205 vivo-austin.com
- 164.31.106.69 www.freeality.com
- 247.158.170.15 bestofewan.com
- 155.178.246.229 www.handwritingforkids.com
- 144.211.80.80 cowsmo.com
- 214.0.62.201 www.2xlgames.com
- 41.195.58.146 kimzimmer.net
- 18.147.202.172 basetendencies.com
- 7.180.36.212 trackingtheworld.com
- 9.38.19.76 www.reviewsofbooks.com
- 160.233.14.21 www.collectedcurios.com
- 68.184.159.48 www.renningers.com
- 57.217.248.87 ccslaughterspdx.com
- 127.75.231.207 www.briarhurst.com
- 210.202.226.153 www.smf.org
- 186.222.47.179 ribbonwarehouse.com
- 175.254.205.218 www.garryowen.com
- 177.44.187.82 45pounds.com
- 72.239.183.28 isotopecomics.com
- 236.191.3.54 roysephotos.com
- 225.224.161.161 www.stadiumpage.com
- 39.81.143.26 www.elvis-express.com
- 122.20.139.227 www.tomorrowsedge.net
- 31.228.215.185 www.beautybar.com
- 20.5.117.37 pineleafboys.com
- 90.119.100.157 www.mountainlakeslodge.com
- 241.246.95.102 pvtc.org
- 149.9.172.61 bhsbees.com
- 138.42.73.168 baristamagazine.com
- 208.156.56.32 www.gokidding.com
- 35.27.51.234 defalcos.com
- 199.235.128.4 www.celticmerchant.com
- 188.11.29.43 www.hxproduction.com
- 2.125.12.163 www.wellgousa.com
- 85.64.8.109 blog.titanium-jewelry.com
- 61.16.84.135 www.brightoctober.com
- 50.49.242.174 hishomeforchildren.com
- 52.162.224.39 www.phoenixtrikeworks.com
- 203.33.220.240 www.professorbeyer.com
- 112.53.40.10 www.secondchanceboxer.com
- 101.86.198.50 www.residentphotography.com
- 171.200.181.238 woottonfootball.com
- 254.71.176.183 www.deborahshelton.net
- 230.22.253.142 bobbondart.com
- 219.55.154.249 www.authentium.com
- 221.169.69.113 asap.authentium.com
- 116.108.132.59 www.authentium.com.au
- 24.60.209.17 avast.com
- 13.92.110.124 www.avast.com
- 83.206.25.244 files.avast.com
- 166.77.89.190 download535.avast.com
- 74.97.165.216 avg.com
- 63.130.67.255 www.avg.com
- 133.243.237.120 grisoft.com
- 28.114.45.65 www.grisoft.com
- 193.66.121.91 antivirus-tools.com
- 182.167.23.131 archive.bitdefender.com
- 252.213.194.251 avx.rob-have.net
- 79.152.1.196 b-have.orgbitdefender-ar.com
- 243.103.78.223 bitdefender.com
- 232.136.235.6 bitdefender.org
- 46.250.150.194 bitdefenderchina.com
- 197.189.213.72 bitdefenderguatemala.com
- 105.141.34.98 bitdefendermalaysia.com
- 94.173.191.205 bitdefendertaiwan.com
- 164.31.106.69 bitdefenderuruguay.com
- 247.158.170.15 bitdefenderusa.com
- 155.178.246.229 buy.bitdefender-es.com
- 144.211.80.80 buy.bitdefender.com
- 214.0.62.201 buy.bitdefender.de
- 41.195.58.146 de.bitdefender.com
- 18.147.202.172 fr.bitdefender.com
- 7.180.36.212 futurenow.bitdefender.com
- 9.38.19.76 it.bitdefender.com
- 160.233.14.21 jobs.bitdefender.com
- 68.184.159.48 kb.bitdefender.com
- 57.217.248.87 kb.bitdefender.de
- 127.75.231.207 kb.bitdefender.us
- 210.202.226.153 latin.bitdefender.com
- 186.222.47.179 linux.bitdefender.com
- 175.254.205.218 malwarecity.com
- 177.44.187.82 malwarecity.netmalwarecity.org
- 72.239.183.28 malwarepedia.com
- 236.191.3.54 neunet.orgnews.bitdefender.com
- 225.224.161.161 nl.bitdefender.com
- 39.81.143.26 renewals.bitdefender.com
- 122.20.139.227 sales.bitdefender.com
- 31.228.215.185 square.bitdefender.com
- 20.5.117.37 store.bitdefender.com
- 90.119.100.157 store.de.bitdefender.com
- 241.246.95.102 us.bitdefender.com
- 149.9.172.61 virusscanonline.net
- 138.42.73.168 wedoantivirus.com
- 208.156.56.32 www.antivirus-tools.com
- 35.27.51.234 www.avx.ro
- 199.235.128.4 www.bit-defender.de
- 188.11.29.43 www.bitdefende.de
- 2.125.12.163 www.bitdefender-es.com
- 85.64.8.109 www.bitdefender.be
- 61.16.84.135 www.bitdefender.cl
- 50.49.242.174 www.bitdefender.co.uk
- 52.162.224.39 www.bitdefender.com
- 203.33.220.240 www.bitdefender.com.au
- 112.53.40.10 www.bitdefender.com.sg
- 101.86.198.50 www.bitdefender.com.tw
- 171.200.181.238 www.bitdefender.com.vn
- 254.71.176.183 www.bitdefender.de
- 230.22.253.142 www.bitdefender.es
- 219.55.154.249 www.bitdefender.fr
- 221.169.69.113 www.bitdefender.hk
- 116.108.132.59 www.bitdefender.us
- 24.60.209.17 www.bitdefenderme.com
- 13.92.110.124 www.malwarecity.com
- 83.206.25.244 www.malwarecity.fr
- 166.77.89.190 quickheal.com
- 74.97.165.216 www.quickheal.com
- 63.130.67.255 www.clamav.net
- 133.243.237.120 cgi.clamav.net
- 28.114.45.65 lurker.clamav.net
- 193.66.121.91 wwws.clamav.net
- 182.167.23.131 lists.clamav.net
- 252.213.194.251 bugs.clamav.net
- 79.152.1.196 system-cleaner.comodo.com
- 243.103.78.223 backup.comodo.com
- 232.136.235.6 www.comodoantispam.com
- 46.250.150.194 easy-vpn.comodo.com
- 197.189.213.72 www.trustlogo.com
- 105.141.34.98 ztl.comodo.com
- 94.173.191.205 www.livepcsupport.com
- 164.31.106.69 www.whichssl.com
- 247.158.170.15 www.trustix.com
- 155.178.246.229 disk-encryption.comodo.com
- 144.211.80.80 speedtest.comodo.com
- 214.0.62.201 www.contentverification.com
- 41.195.58.146 idauthority.com
- 18.147.202.172 www.comodo.tv
- 7.180.36.212 online-backup.comodo.com
- 9.38.19.76 www.testmypcsecurity.com
- 160.233.14.21 www.ccssforum.org
- 68.184.159.48 i-vault.comodo.com
- 57.217.248.87 internetsecurity.comodo.com
- 127.75.231.207 www.comodopartners.com
- 210.202.226.153 timestamp.comodoca.com
- 186.222.47.179 secure-email.comodo.com
- 175.254.205.218 timestamp.wosign.com
- 177.44.187.82 rover800.gaima.co.uk
- 72.239.183.28 www.nsclean.com
- 236.191.3.54 www.contentverification.com
- 225.224.161.161 new-estore.drweb.com
- 39.81.143.26 support.drweb.com
- 122.20.139.227 pda.drweb.com
- 31.228.215.185 updates.drweb.com
- 20.5.117.37 drweb.com
- 90.119.100.157 vms.drweb.com
- 241.246.95.102 solutions.drweb.com
- 149.9.172.61 news.drweb.com
- 138.42.73.168 my.drweb.com
- 208.156.56.32 buy.drweb.com
- 35.27.51.234 products.drweb.com
- 199.235.128.4 new-support.drweb.com
- 188.11.29.43 promotions.drweb.com
- 2.125.12.163 network.drweb.com
- 85.64.8.109 customers.drweb.com
- 61.16.84.135 store.drweb.com
- 50.49.242.174 company.drweb.com
- 52.162.224.39 training.drweb.com
- 203.33.220.240 license.drweb.com
- 112.53.40.10 cureit.ru
- 101.86.198.50 free.drweb.com
- 171.200.181.238 info.drweb.com
- 254.71.176.183 new-partners.drweb.com
- 230.22.253.142 drweb.net
- 219.55.154.249 new-company.drweb.com
- 221.169.69.113 new-beta.drweb.com
- 116.108.132.59 new-forum.drweb.com
- 24.60.209.17 secure.av-desk.com
- 13.92.110.124 www.av-desk.com
- 83.206.25.244 new-solutions.drweb.com
- 234.145.157.2 new-www.drweb.com
- 142.165.233.28 www.freedrweb.ru
- 131.198.135.67 daniloff.net
- 201.55.49.188 drweb-inside.com
- 96.182.113.133 drwebinside.com
- 5.134.189.159 aladdin.com
- 250.235.91.199 alladdin.ru
- 64.25.6.63 chickensroamfree.com
- 147.219.69.8 ealaddin.net
- 55.171.146.35 ealaddin.orgeshop.aladdin.com
- 44.204.47.74 secureme.com
- 114.62.218.6 www.aks.com
- 9.1.25.140 www.aladdin.com
- 173.209.102.166 www.ealaddin.com
- 162.241.3.17 www.ealaddin.com
- 232.99.174.137 auwww.ealaddin.nl
- 59.226.238.83 www.esafe.com
- 223.246.58.41 www.hasp.se
- 212.23.148.148 www.safenet-inc.com
- 26.68.130.13 www3.safenet-inc.com
- 109.7.126.214 www.ca.com
- 86.215.14.240 cacomvip.ca.com
- 75.248.104.24 www.netegrity.com
- 77.106.87.144 search.ca.com
- 228.44.82.89 cai.com
- 136.252.227.116 www.f-prot.com
- 125.29.60.155 frisk-software.com
- 195.143.43.19 www.frisk.is
- 22.14.38.221 www.frisk-software.com
- 254.34.115.247 f-secure.com
- 243.66.16.30 f-secure.frf-secure.hk
- 245.112.255.150 f-secure.nlfsecure.com
- 140.51.251.96 fsecure.nlwebyard.com
- 48.3.71.122 www.f-secure.com
- 37.36.229.229 www.fsecure.com
- 107.149.211.94 www.virus.fi
- 190.88.207.39 fortihero.com
- 99.40.27.253 fortilog.com
- 88.73.185.105 fortinet.co.at
- 158.187.168.225 fortinet.com
- 53.58.163.170 fortiprotect.com
- 217.77.240.129 fortiwifi.com
- 206.110.141.236 www.apsecure.com
- 20.224.124.100 www.fortifed.com
- 103.95.119.46 www.fortiid.com
- 11.47.196.72 www.fortimail.com
- 0.79.97.111 www.fortinet-apac.com
- 70.193.80.231 www.fortinet.ch
- 153.132.76.177 www.fortinet.co.il
- 129.84.152.203 www.fortinet.com
- 118.117.54.242 www.fortinet.com
- 120.230.36.107 arwww.fortinet.cz
- 15.101.32.52 www.fortinet.net
- 180.121.108.78 www.fortinet.nl
- 169.154.10.118 www.fortinet.sg
- 239.12.249.50 www.fortinetuk.com
- 66.139.244.251 www.secure-elements.com
- 42.90.65.210 gdata.es
- 31.123.222.61 www.gdata.es
- 33.237.137.181 ikarus.at
- 184.176.200.127 www.ikarus.at
- 92.128.21.85 global.jiangmin.com
- 81.160.178.192 jiangmin.com.cn
- 151.18.93.56 jiangmin.com
- 234.145.157.2 www.jiangmin.com.cn
- 142.165.233.28 www.kaspersky.com
- 131.198.135.67 forum.kaspersky.com
- 201.55.49.188 support.kaspersky.co
- 96.182.113.133 usa.kaspersky.com
- 5.134.189.159 brazil.kaspersky.com
- 250.235.91.199 latam.kaspersky.com
- 64.25.6.63 kaspersky.com
- 147.219.69.8 me.kaspersky.com
- 55.171.146.35 images.kaspersky.com
- 44.204.47.74 www.mcafee.com
- 114.62.218.6 support.mcafee.com
- 9.1.25.140 msr.mcafee.com
- 173.209.102.166 home.mcafee.com
- 162.241.3.17 networkassociates.com
- 232.99.174.137 us.mcafee.com
- 59.226.238.83 tr.mcafee.com
- 223.246.58.41 au.mcafee.com
- 212.23.148.148 mx.mcafee.com
- 26.68.130.13 networkassociates.nai.com
- 109.7.126.214 go.mcafee.com
- 86.215.14.240 fr.mcafee.com
- 75.248.104.24 uk.mcafee.com
- 77.106.87.144 de.mcafee.com
- 228.44.82.89 obscgi.mcafee.com
- 136.252.227.116 nai.com
- 125.29.60.155 www.entercept.com
- 195.143.43.19 jp.mcafee.com
- 22.14.38.221 mcafeeb2b.com
- 254.34.115.247 cn.mcafee.com
- 243.66.16.30 service.mcafee.com
- 245.112.255.150 br.mcafee.com
- 140.51.251.96 www.mcafee.at
- 48.3.71.122 mcafeeretail.com
- 37.36.229.229 it.mcafee.com
- 107.149.211.94 tw.mcafee.com
- 190.88.207.39 privacy.microsoft.com
- 151.92.79.49 tempuri.org
- 140.125.237.157 schemas.xmlsoap.org
- 210.239.220.21 www.microsoft.com
- 105.110.215.222 specs.xmlsoap.org
- 13.129.36.181 www.eugrantsadvisor.ie
- 2.162.193.32 schemas.microsoft.com
- 72.20.176.152 encarta.msn.com
- 155.147.171.98 www.sysinternals.com
- 63.99.248.124 grv.microsoft.com
- 52.131.150.163 www.xmlsoap.org
- 122.245.132.28 www.eugrantsadvisor.se
- 205.184.128.229 www.eugrantsadvisor.com
- 181.136.204.255 research.microsoft.com
- 170.169.106.38 www.engyro.com
- 172.26.88.159 www.exchangeyourcareer.com
- 67.153.84.104 www.eugrantsadvisor.de
- 232.173.160.130 exchangeyourcareer.net
- 221.206.62.170 eugrantsadvisor.de
- 35.64.45.102 eugrantsadvisor.cz
- 118.191.40.47 www.eset.es
- 94.142.117.6 demos.eset.es
- 83.175.18.113 descargas.eset.es
- 85.33.189.233 blogs.protegerse.com
- 236.228.252.179 eos.eset.es
- 144.180.73.137 pedidos.protegerse.com
- 133.212.231.244 reg-int.nod32-es.com
- 203.70.145.109 reg.eset.es
- 30.197.209.54 vicentevirtual.com
- 194.217.29.80 cou85.com
- 183.250.187.119 www.norman.com
- 253.107.101.240 fsc.norman.com
- 148.234.165.185 nprobeta.norman.com
- 57.186.241.211 register.norman.com
- 46.31.143.251 webadmin.norman.no
- 116.77.58.115 sandbox.norman.com
- 199.16.121.60 www.nprotect.com
- 107.223.198.87 global.nprotect.com
- 96.0.99.126 www.nprotect.co.kr
- 166.114.14.58 www.npin.co.kr
- 61.53.77.192 siren24.nprotect.com
- 225.5.154.218 15660808.co.kr
- 214.37.56.69 biz.nprotect.com
- 28.151.226.190 nprotect.net
- 111.22.34.135 www.nprotect.com.br
- 19.42.110.93 liveprotect.net
- 8.75.200.200 nprotect.seoul.go.kr
- 78.120.182.65 chollian.nprotect.co.kr
- 161.59.178.10 www.pandasecurity.com
- 138.11.66.36 research.pandasecurity.com
- 127.44.156.76 support.pandasecurity.com
- 129.158.139.196 pandalabs.pandasecurity.com
- 24.97.134.141 pandasecurity.com
- 188.48.23.168 mop.pandasecurity.com
- 177.81.112.207 timeforyourbusi.pandasecurity.com
- 247.195.95.71 cybercrime.pandasecurity.com
- 74.66.90.17 free.pandasecurity.com
- 50.86.167.43 cloudprotection.pandasecurity.com
- 39.118.69.82 shop.pandasecurity.com
- 41.164.51.203 soporte.pandasecurity.com
- 192.103.47.148 together.pctools.com
- 100.55.123.174 www.prevx.com
- 89.88.25.25 info.prevx.com
- 159.201.7.146 free.prevx.com
- 242.140.3.91 spywarefiles.prevx.com
- 151.92.79.49 spywaredlls.prevx.com
- 140.125.237.157 shield.prevx.com
- 210.239.220.21 www.prevx1.com
- 105.110.215.222 howsafeismypc.com
- 13.129.36.181 www.retento.com
- 2.162.193.32 www.freerav.com
- 72.20.176.152 www.rising-global.com
- 155.147.171.98 www.risingav.com.au
- 63.99.248.124 support.rising-global.com
- 52.131.150.163 superboy2010.com.au
- 122.245.132.28 www.sophos.com
- 205.184.128.229 feeds.sophos.com
- 249.204.16.67 esp.sophos.com
- 238.237.174.106 cn.sophos.com
- 240.94.156.227 tw.sophos.com
- 135.221.152.172 kr.sophos.com
- 44.241.228.198 sophos.com
- 33.18.130.238 podcasts.sophos.com
- 103.132.113.170 www.sunbeltsoftware.com
- 186.3.108.115 go.sunbeltsoftware.com
- 162.210.185.74 oem.sunbeltsoftware.com
- 151.243.86.181 antispam.sunbeltsoftware.com
- 153.101.1.45 antispyware.sunbeltsoftware.com
- 48.40.64.247 antivirus.sunbeltsoftware.com
- 212.248.141.205 sunbeltsoftware.com
- 201.24.43.56 shop.sunbeltsoftware.com
- 15.138.213.176 live.sunbeltsoftware.com
- 98.9.21.122 firewall.sunbeltsoftware.com
- 6.29.97.148 www.symantec.com
- 251.62.255.187 security.symantec.com
- 65.175.169.52 securityrespons.symantec.com
- 216.46.233.253 service1.symantec.com
- 125.254.53.23 enterprisesecur.symantec.com
- 114.99.211.63 eval.symantec.com
- 184.145.126.183 symantec.com
- 11.84.189.128 definitions.symantec.com
- 175.35.10.155 investor.symantec.com
- 164.68.167.194 et.symantec.com
- 234.182.82.126 sfdoccentral.symantec.com
- 129.121.145.4 servicenews.symantec.com
- 37.73.222.30 securityrespons.symantec.com
- 26.105.124.137 sea.symantec.com
- 96.219.38.1 go.symantec.com
- 179.90.102.203 dell.symantec.com
- 87.110.178.161 sun.symantec.com
- 76.143.12.12 marian.symantec.com
- 146.188.250.133 tms.symantec.com
- 229.127.246.78 securitycheck.symantec.com
- 206.79.134.104 smallbiz.symantec.com
- 195.112.224.144 www.symantec.com
- 197.226.207.8 visualtracking.symantec.com
- 92.165.202.209 search.symantec.com
- 0.116.91.236 liveupdate.symantec.com
- 245.149.180.19 sitedirector.symantec.com
- 59.7.163.139 edm.symantec.com
- 142.134.158.85 hostedmailsecur.symantec.com
- 118.154.235.111 www4.symantec.com
- 107.186.137.150 education.symantec.com
- 109.232.119.14 vos.symantec.com
- 4.171.115.216 www.hacksoft.com.pe
- 168.123.191.242 hacksoft.pe
- 157.156.93.93 www.hacksoft.pe
- 227.13.75.214 housecall.trendmicro.com
- 54.208.71.159 www.trendmicro.com
- 219.160.147.117 housecall65.trendmicro.com
- 208.193.49.225 us.trendmicro.com
- 22.51.32.89 blog.trendmicro.com
- 173.178.27.34 emea.trendmicro.com
- 81.197.104.249 housecall60.trendmicro.com
- 70.230.5.100 jp.trendmicro.com
- 140.88.244.220 de.trendmicro.com
- 223.215.239.166 it.trendmicro.com
- 131.167.60.192 itw.trendmicro.com
- 120.199.218.231 esupport.trendmicro.com
- 190.57.200.95 es.trendmicro.com
- 197.176.119.220 br.trendmicro.com
- 173.127.196.247 tw.trendmicro.com
- 162.160.97.30 la.trendmicro.com
- 164.18.80.150 uk.trendmicro.com
- 59.145.76.96 ru.trendmicro.com
- 223.165.152.122 smbstore.trendmicro.com
- 212.198.54.161 apac.trendmicro.com
- 26.55.36.94 store.trendmicro.com
- 109.182.32.39 training.trendmicro.com
- 85.134.108.253 trial.trendmicro.com
- 75.167.10.105 ushousecall02.trendmicro.com
- 77.25.180.225 subwiz.trendmicro.com
- 228.219.244.170 go.trendmicro.com
- 136.171.65.129 feeds.trendmicro.com
- 125.204.222.236 channelpartner.trendmicro.com
- 195.62.137.100 wtc.trendmicro.com
- 22.189.200.45 shop.trendmicro.com
- 186.208.21.72 fr.trendmicro.com
- 175.241.178.111 threatinfo.trendmicro.com
- 245.99.93.231 newsletters.trendmicro.com
- 140.226.157.177 www.anti-virus.by
- 48.178.233.203 bg.virusblokada.com
- 37.23.135.242 www.vba.com.by
- 107.68.49.107 beta.anti-virus.by
- 190.7.113.52 www.bg.virusblokada.com
- 98.215.189.78 www.hauri.net
- 88.248.91.118 www.hauri.co.kr
- 158.106.5.50 company.hauri.net
- 53.44.69.183 www.globalhauri.com
- 217.252.146.210 shop.hauri.co.kr
- 206.29.47.61 hauri.co.kr
- 20.143.218.181 pg.hauri.net
- 103.14.25.126 esecurity.livecall.co.kr
- 11.33.102.85 mall.hauri.co.kr
- 0.66.191.192 company.hauri.co.kr
- 70.112.174.56 haurijapan.com
- 153.51.170.2 virobot.co.kr
- 129.3.58.28 www.virusbuster.hu
- 118.36.148.67 virusbuster.hu
- 120.149.130.188 scanner.novirusthanks.org
- 15.88.126.133 scanner2.novirusthanks.or
- 179.40.14.159 novirusthanks.org
- 169.73.104.199 www.novirusthanks.org
- 239.187.86.63 virustotal.com
- 66.57.82.8 www.virustotal.com
- 42.77.159.35 virscan.org
- 31.110.60.74 www.virscan.org
- 33.156.43.194 virusscan.jotti.org
- 184.95.38.139 jotti.org
- 92.47.115.166 www.jotti.org
- 81.79.16.17 viruschief.com
- 151.193.255.137 www.viruschief.com
- 234.132.251.83 scanner.virus.org
- 142.84.71.41 virus.org
- 131.117.229.148 www.virus.org
- 201.230.211.13 scan4you.net
- 96.101.207.214 www.scan4you.net
- 4.121.27.172 avhide.com
- 250.154.185.24 www.avhide.com
- 64.12.167.144 anubis.iseclab.org
- 147.138.163.89 iseclab.org
- 55.90.240.116 www.iseclab.org
- 44.123.141.155 threatexpert.com
- 114.237.124.19 www.threatexpert.com
- 197.176.119.220 forospyware.com
- 173.127.196.247 www.forospyware.com
- 162.160.97.30 in.answers.yahoo.com
- 232.86.148.218 es.answers.yahoo.com
- 127.213.144.164 kioskea.net
- 35.233.220.190 www.kioskea.net
- 24.10.122.229 es.kioskea.net
- 94.123.104.162 mygeekside.com
- 177.250.100.107 www.mygeekside.com
- 153.202.176.65 www.tecniservicioslys.com
- 142.235.78.173 tecniservicioslys.com
- 145.93.248.37 virusfreezone.info
- 40.31.56.238 www.virusfreezone.info
- 204.239.133.197 intranet.cidiroax.ipn.mx
- 193.16.34.48 spycheck.es
- 7.130.205.168 www.spycheck.es
- 90.1.12.113 antivirus.hispavista.com
- 254.20.89.140 computing.net
- 243.53.246.179 www.computing.net
- 57.167.161.43 spycheck.co.uk
- 208.38.225.245 www.spycheck.co.uk
- 116.246.45.15 midescargas.com
- 105.91.203.54 www.midescargas.com
- 175.136.117.175 static.yoreparo.com
- 2.75.181.120 softfaq.com
- 166.27.1.146 www.softfaq.com
- 156.60.159.186 configurarequipos.com
- 226.174.73.118 www.configurarequipos.com
- 121.112.137.251 seasonsecurity.com
- 29.64.214.22 www.seasonsecurity.com
- 18.97.115.129 removetrojanvirus.org
- 88.211.30.249 www.removetrojanvirus.org
- 171.82.93.194 ibusca.me
- 79.101.170.153 www.ibusca.me
- 68.134.3.4 busco.in
- 138.180.242.124 www.busco.in
- 221.119.238.70 inicioid.com
- 197.71.126.96 www.inicioid.com