PC Antispyware 2010's Scheming Password Protection
The decoded file contains the following
- RAR password used to decompress downloaded files
- Registry keys to create
- Malware related domains (update, download and report)
- Download username and password
Users are advised to avoid surfing the URLs mentioned below; except for the domains in DOMAINS_SKIP, those are legit websites.
-------------------------------------------------------------------------
[REGISTRY]
REG_AUTORUN=Software\Microsoft\Windows\CurrentVersion\Run
REG_MICROSOFT_SC=SOFTWARE\Microsoft\Security Center
[ALIEN]
EXE=%system%\pphcjkrj0etfg.exe
EXE=%programfiles%\rhcnkrj0etfg\rhcnkrj0etfg.exe
MISC=%windows%\qegbdmwf.dll
MISC=%windows%\pntqkflv.dll
[MISCELLANEOUS]
RAR_PASSWORD=abcd012345efgh
DWN_USERNAME=user
DWN_PASSWORD=
IE_BLOCK_CONTENT=1
IE_OUR_WINDOW_ONLY=0
[DOMAINS]
DOMAINS_SKIP=aol,att,btconnect,bellsouth,charter,comcast,mail,msn,traust,yahoo,google
DOMAINS_SKIP=youtube,facebook,live.com,blogger,wikipedia,baidu,myspace,qq.com,twitter
DOMAINS_SKIP=rapidshare,microsoft,sina.com,bing.com,ebay,craigslist,fc2,yandex,amazon
DOMAIN_FEEDBACK=hulieropedaso {dot} com
DOMAIN_FEEDBACK=rvertundfertug {dot} com
DOMAIN_FEEDBACK=xcuidflofertun {dot} com
DOMAIN_FEEDBACK=ertubedewse {dot} com
DOMAIN_FEEDBACK=huladopkaert {dot} com
DOMAIN_FEEDBACK=iobacebauiler {dot} com
DOMAIN_FEEDBACK=ewaxertulio {dot} com
DOMAIN_FEEDBACK=arosakilomen {dot} com
DOMAIN_FEEDBACK=osaertugern {dot} com
DOMAIN_FEEDBACK=koliopewaqs {dot} com
DOMAIN_FEEDBACK=kasonkertub {dot} com
DOMAIN_FEEDBACK=tahulavumbak {dot} com
DOMAIN_BILLING=paysecuresystem {dot} com
DOMAIN_BILLING=pay-solution24 {dot} com
DOMAIN_BILLING=billing-365-solution {dot} com
DOMAIN_BILLING=cc-payment-sys24 {dot} com
DOMAIN_BILLING=billing365solution {dot} com
DOMAIN_BILLING=ccpaymentsys24 {dot} com
DOMAIN_BILLING=cc-pay-system {dot} com
DOMAIN_BILLING=cc-paysystem {dot} com
DOMAIN_BILLING=pay-cc-24 {dot} com
DOMAIN_BILLING=payment-solution365 {dot} com
DOMAIN_BILLING=pay-securesystem {dot} com
DOMAIN_BILLING=billsolution365 {dot} com
DOMAIN_BILLING=cred-card365 {dot} com
DOMAIN_BILLING=pay-cc24 {dot} com
DOMAIN_BILLING=bill-solution-365 {dot} com
DOMAIN_BILLING=billsystem-24 {dot} com
DOMAIN_BILLING=bill-service-365 {dot} com
DOMAIN_BILLING=cc-process24 {dot} com
DOMAIN_BILLING=365daysbilling {dot} com
DOMAIN_BILLING=payment-cc24 {dot} com
DOMAIN_BILLING=gateway-pay24 {dot} com
DOMAIN_BILLING=billsystem365 {dot} com
DOMAIN_BILLING=paymentsystem24 {dot} com
DOMAIN_BILLING=paymentnow24 {dot} com
DOMAIN_BILLING=processing-24 {dot} com
DOMAIN_UPDATE=hulieropedaso {dot} com
DOMAIN_UPDATE=rvertundfertug {dot} com
DOMAIN_UPDATE=xcuidflofertun {dot} com
DOMAIN_UPDATE=ertubedewse {dot} com
DOMAIN_UPDATE=huladopkaert {dot} com
DOMAIN_UPDATE=iobacebauiler {dot} com
DOMAIN_UPDATE=ewaxertulio {dot} com
DOMAIN_UPDATE=arosakilomen {dot} com
DOMAIN_UPDATE=osaertugern {dot} com
DOMAIN_UPDATE=koliopewaqs {dot} com
DOMAIN_UPDATE=kasonkertub {dot} com
DOMAIN_UPDATE=tahulavumbak {dot} com
DOMAIN_DOWNLOAD=hulieropedaso {dot} com
DOMAIN_DOWNLOAD=rvertundfertug {dot} com
DOMAIN_DOWNLOAD=xcuidflofertun {dot} com
DOMAIN_DOWNLOAD=ertubedewse {dot} com
DOMAIN_DOWNLOAD=huladopkaert {dot} com
DOMAIN_DOWNLOAD=iobacebauiler {dot} com
DOMAIN_DOWNLOAD=ewaxertulio {dot} com
DOMAIN_DOWNLOAD=arosakilomen {dot} com
DOMAIN_DOWNLOAD=osaertugern {dot} com
DOMAIN_DOWNLOAD=koliopewaqs {dot} com
DOMAIN_DOWNLOAD=kasonkertub {dot} com
DOMAIN_DOWNLOAD=tahulavumbak {dot} com
[XP Antispyware 2009]
EXE=XP_Antispyware
REG_MAIN|=Software\XP_Antispyware
[AntiSpywareXP 2009]
EXE=AntiSpywareXP2009
REG_MAIN|=Software\AntiSpywareXP2009
[Antivirus Pro 2009]
EXE=AntivirusPro2009
REG_MAIN|=Software\AntivirusPro2009
[XP Protection Center]
EXE=XPProtectionCenter
REG_MAIN=Software\XPProtectionCenter
[Home Antivirus 2009]
DOMAIN_UNREG=homeantivirus2009 {dot} com
DOMAIN_UNREG=home-antivirus2009 {dot} com
DOMAIN_UNREG=home-anti-virus2009 {dot} com
DOMAIN_UNREG=homeantivirus-2009 {dot} com
DOMAIN_UNREG=homeanti-virus-2009 {dot} com
DOMAIN_UNREG=home-antivirus-2009 {dot} com
DOMAIN_UNREG=home-anti-virus-2009 {dot} com
DOMAIN_UNREG=homeavirus2009 {dot} com
DOMAIN_UNREG=home-avirus2009 {dot} com
DOMAIN_UNREG=homeavirus-2009 {dot} com
DOMAIN_UNREG=home-a-virus-2009 {dot} com
DOMAIN_UNREG=homeantiv2009 {dot} com
DOMAIN_UNREG=home-antiv2009 {dot} com
DOMAIN_UNREG=homeantiv-2009 {dot} com
DOMAIN_UNREG=home-anti-v2009 {dot} com
DOMAIN_REGED=home-anti-v-2009 {dot} com
DOMAIN_REGED=homeav2009 {dot} com
DOMAIN_REGED=home-av2009 {dot} com
DOMAIN_REGED=homeav-2009 {dot} com
DOMAIN_REGED=home-av-2009 {dot} com
DOMAIN_REGED=home-a-v-2009 {dot} com
DOMAIN_REGED=hantivirus2009 {dot} com
DOMAIN_REGED=h-antivirus2009 {dot} com
EXE=HomeAntivirus2009
REG_MAIN=Software\HomeAntivirus2009
[AntiSpywareHome 2009]
DOMAIN_UNREG=ash2009 {dot} com
DOMAIN_REGED=ash2009 {dot} com
EXE=AntiSpywareHome2009
REG_MAIN=Software\AntiSpywareHome2009
[PC Security 2009]
DOMAIN_UNREG=pcsecurity-2009 {dot} com
DOMAIN_UNREG=pc-security-2009 {dot} com
DOMAIN_UNREG=pcsecurity09 {dot} com
DOMAIN_UNREG=pc-security09 {dot} com
DOMAIN_UNREG=pcsecurity-09 {dot} com
DOMAIN_UNREG=pc-security-09 {dot} com
DOMAIN_UNREG=pcsecurity2009 {dot} com
DOMAIN_UNREG=pc-security2009 {dot} com
DOMAIN_REGED=pc-securitysupport {dot} com
DOMAIN_REGED=pcsecurity-support {dot} com
DOMAIN_REGED=pc-security-support {dot} com
DOMAIN_REGED=pcsecuritysupp {dot} com
DOMAIN_REGED=pcsecurity-supp {dot} com
DOMAIN_REGED=pc-securitysupp {dot} com
DOMAIN_REGED=pc-security-supp {dot} com
DOMAIN_REGED=pcsecuritysupport {dot} com
EXE=PC_Security2009
REG_MAIN=Software\PC_Security2009
[Home Antivirus 2010]
DOMAIN_UNREG=homeantivirus2010 {dot} com
DOMAIN_UNREG=home-antivirus2010 {dot} com
DOMAIN_UNREG=homeantivirus-2010 {dot} com
DOMAIN_UNREG=homeanti-virus2010 {dot} com
DOMAIN_UNREG=home-anti-virus2010 {dot} com
DOMAIN_UNREG=home-anti-virus-2010 {dot} com
DOMAIN_UNREG=home-antivirus-2010 {dot} com
DOMAIN_UNREG=homeanti-virus-2010 {dot} com
DOMAIN_UNREG=homeav2010 {dot} com
DOMAIN_UNREG=home-av2010 {dot} com
DOMAIN_UNREG=homeav-2010 {dot} com
DOMAIN_UNREG=home-av-2010 {dot} com
DOMAIN_REGED=homeantivirussupport {dot} com
DOMAIN_REGED=home-antivirussupport {dot} com
DOMAIN_REGED=homeanti-virussupport {dot} com
DOMAIN_REGED=home-anti-virussupport {dot} com
DOMAIN_REGED=home-antivirus-support {dot} com
DOMAIN_REGED=home-anti-virus-support {dot} com
DOMAIN_REGED=home-avsupport {dot} com
DOMAIN_REGED=homeav-support2010 {dot} com
DOMAIN_REGED=home-avsupport2010 {dot} com
EXE=HomeAntivirus2010
REG_MAIN=Software\HomeAntivirus2010
CODE_NAME=ha21
[PC Antispyware 2010]
DOMAIN_UNREG=pc-anti-spyware-2010 {dot} com
DOMAIN_UNREG=pcanti-spyware-2010 {dot} com
DOMAIN_UNREG=pc-antispy2010 {dot} com
DOMAIN_UNREG=p-c-anti-spyware-2010 {dot} com
DOMAIN_UNREG=pcantispyware20-10 {dot} com
DOMAIN_UNREG=pc-antispyware20-10 {dot} com
DOMAIN_UNREG=pc-anti-spyware2010 {dot} com
DOMAIN_UNREG=pc-antispyware2010 {dot} com
DOMAIN_UNREG=pcantispyware-2010 {dot} com
DOMAIN_UNREG=pc-antispyware-2010 {dot} com
DOMAIN_UNREG=pcantispyware2010 {dot} com
DOMAIN_UNREG=pcantispyware-20-10 {dot} com
DOMAIN_UNREG=pc-antispyware-20-10 {dot} com
DOMAIN_UNREG=pc-anti-spyware20-10 {dot} com
DOMAIN_UNREG=pc-anti-spyware-20-10 {dot} com
DOMAIN_REGED=pc-securitysupport {dot} com
DOMAIN_REGED=pcsecurity-support {dot} com
DOMAIN_REGED=pc-security-support {dot} com
DOMAIN_REGED=pcsecurity-supp {dot} com
DOMAIN_REGED=pc-securitysupp {dot} com
DOMAIN_REGED=pcsecuritysupport {dot} com
EXE=PC_Antispyware2010
REG_MAIN=Software\PC_Antispyware2010
CODE_NAME=pca21
[Antivirus Pro 2010]
DOMAIN_UNREG=avp21 {dot} com
DOMAIN_REGED=avp21 {dot} com
EXE=AntivirusPro2010
REG_MAIN=Software\AntivirusPro2010
CODE_NAME=avp21
-------------------------------------------------------------------------
Have a malware free day!
2 comments:
Well we must aware of which is best and original anti virus like Spy ware software. Anti Spyware
Are you looking for free Facebook Likes?
Did you know that you can get these ON AUTOPILOT & TOTALLY FOR FREE by registering on Like 4 Like?
Post a Comment