ZLob-Installing programs

List of active fake codecs and other misleading ZLob-installers
last updated april 21, 2008
For fake codecs, wich have been taken offline, please look in the graveyard-list (not updated, yet)
Due to technical problems, i'm not able to analyse the ZLob-installers. However, i found that Malwarebytes does an exellent job at that.
If you find new or non-discovered ZLob-installing programs on the web, then please let me know thru email or my forum!
I will take care of the rest :-)

Naam

download-site

home-site

Program-icon

VirusTotal Scan-result

AbcCodec

Domain Name: zeynczuhei7.cn
Registrant Organization: Rafalala Incorporated
Registrant Name: Rafalala Mercinkiewicz
Sponsoring Registrar: å¹¿ä¸œæ—¶ä»£äº’è”ç§‘æŠ€æœ‰é™å…¬å¸
Name Server:ns19.esthost.com
Name Server:ns20.esthost.com
Registration Date: 2007-12-01 06:57
Expiration Date: 2008-12-01 06:57

Registration Service Provided By: ESTDOMAINS INC
Domain Name: ABCCODEC.COM
Registrant: CityCODEC inc - Timothy Seely - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.abccodec.com
ns1.abccodec.com

Date: april 22 2008
File size: 235806 bytes
MD5...: 5eb6807bf40adba83ce310ab2612bf92
SHA1..: 469c66db4d82aa1264b7b2844f2b95cd80092cf3
SHA256: 835a39049ae395e9e0acc33c4375c289c1220decb275a8eb06284abca6b551cc
SHA512: 86fcfad0a9d129a827103e7c8b5541973142ef637e3fc0a83ac5400eec08b95d
f6e5de75a975d515d94048b259d698854295e0bdac5b7ff86cc1196c43735880

AntiVir	2008.04.21	DR/Dldr.DNSChanger.Gen
F-Secure	2008.04.22	Trojan.Win32.DNSChanger.chg
Kaspersky	2008.04.22	Trojan.Win32.DNSChanger.chg
Norman	2008.04.21	W32/Malware
Prevx1	2008.04.22	TROJAN.BHO.A
Sophos	2008.04.22	Troj/Zlobar-Fam
Webwasher-Gateway	2008.04.21	Trojan.Dropper.Dldr.DNSChanger.Gen

XeroCodec

Registration Service Provided By: PW INET
Domain Name: IOPRD.NET
Registrant: PrivacyProtect.org -Moergestel - NL
Creation Date: 21-Mar-2008
Expiration Date: 21-Mar-2009
Domain servers in listed order:
ns2.ioprd.net
ns1.ioprd.net

Registration Service Provided By: ESTDOMAINS INC
Domain Name: MEHMETCIKLERIMIZ.COM
Registrant: CityCODEC inc - Timothy Seely - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.xerocodec.com
ns1.xerocodec.com

Date: april 19 2008

File size: 235178 bytes

MD5...: 8a2a9e436d9079d3e5ef9e9115f5478e

SHA1..: 8d507440f06fa2037ddc6ebbb1790e22cc7d7129

SHA256: d3839ae3e26a5e8c5c36549b6018f2c81b5e417b569088d134a316d412435a52

SHA512: 96426500a3fb7c0175daeffb524e5c3f1b4c894ffdf8c4c316df078c01b0b589
a8f9ba8df94ef860233e19ef448f914cb695e88eb91eb34ee0697f846739dcb1

AntiVir	2008.04.18	DR/Dldr.DNSChanger.Gen
Avast	2008.04.18	Win32:Trojan-gen {Other}
AVG	2008.04.18	DNSChanger.AA
BitDefender	2008.04.19	Dropped:Trojan.DNSChanger.SB
CAT-QuickHeal	2008.04.18	Win32.Trojan-Proxy.Agent.aab.5
ClamAV	2008.04.19	Trojan.DNSChanger-3046
eSafe	2008.04.17	Win32.Agent.aab
F-Secure	2008.04.19	W32/Malware
Fortinet	2008.04.19	W32/Agent.AAB!tr
Kaspersky	2008.04.19	Trojan-Proxy.Win32.Agent.aab
Microsoft	2008.04.19	Trojan:Win32/Agent
Norman	2008.04.18	Agent.FCOL
Prevx1	2008.04.19	TROJAN.PROXY.G
Rising	2008.04.19	Trojan.Win32.DNSChanger.gpo
Sophos	2008.04.19	Mal/Generic-A
Sunbelt	2008.04.17	Trojan.DNSChanger.SB
TheHacker	2008.04.18	Trojan/Proxy.Agent.aab
VBA32	2008.04.16	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	2008.04.18	Trojan.Dropper.Dldr.DNSChanger.Gen

AccessMediaSetup
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: DOLCEVIDO.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 04-Apr-2008
Expiration Date: 04-Apr-2009
Domain servers in listed order:
ns2.dolcevido.com
ns1.dolcevido.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: ONLINESOFTWAREXCHANGE.NET
Registrant: PrivacyProtect.org - Moergestel -NL
Creation Date: 18-Apr-2008
Expiration Date: 18-Apr-2009
Domain servers in listed order:
ns1.onlinesoftwarexchange.net
ns2.onlinesoftwarexchange.net

Date: april 19 2008

File size: 90112 bytes

MD5...: 754462eecbdb912cf4777f55dee8e1c8

SHA1..: bca4ddec98d370996085e084834e5ddc2e04b69b

SHA256: 91ef5095a95b942bfc2ca8002934f754ded03486baff24fccdc2682d8693e484

SHA512: f069933cb34f281d6de5d0f7cde569d8b51818e738f5beac5ff90834197ab594
88ec81e6b049204757180c95f46621185b7a71679b327ec0316002574ec13ffb

eSafe	2008.04.17	Suspicious File
eTrust-Vet	2008.04.19	Win32/Burgspill!generic
F-Secure	2008.04.19	Trojan-Downloader.Win32.Peregar.cb
Fortinet	2008.04.19	W32/Fake.B!tr.dldr
Ikarus	2008.04.19	Virus.Win32.Delf.JHW
Kaspersky	2008.04.19	Trojan-Downloader.Win32.Peregar.cb
Microsoft	2008.04.19	Trojan:Win32/Delflob.I
NOD32v2	2008.04.19	Win32/Adware.IeDefender.NDD
Panda	2008.04.19	Suspicious file
Rising	2008.04.19	Trojan.DL.Win32.Delf.zaj
Sophos	2008.04.19	Mal/Heuri-E
VBA32	2008.04.16	suspected of Win32.Trojan.Downloader

Setup.exe
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: BESTDAILYVIDS.COM
Registrant: n/a - Nikolay Fedorov - Novosibirsk - RU
Creation Date: 22-Nov-2007
Expiration Date: 22-Nov-2008
Domain servers in listed order:
ns2.bestdailyvids.com
ns1.bestdailyvids.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: SWFUTILITY.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 14-Apr-2008
Expiration Date: 14-Apr-2009
Domain servers in listed order:
ns2.swfutility.com
ns1.swfutility.com

Date: april 19 2008

File size: 12288 bytes

MD5...: f21430c67a76fc2b424e787af9ddbda8

SHA1..: 7b1d7aca34c95adedc6e419d80662f175e40c087

SHA256: 779c8a3aa187a875566b6b07e97eb398fa20e3a0ea7a25a1e27a0b78126fdb93

SHA512: aa029c7fe3958bce2d05ec1475afb26e5661724351f0bc9dac30f34f7c9151ce
0bb4cf2416b5de4078c6f3fca778b5a90625d2266d0b2d7c274fe2bdad91a22e

AntiVir	2008.04.18	TR/Crypt.CFI.Gen
ClamAV	2008.04.19	Trojan.Zlob-3762
eSafe	2008.04.17	suspicious Trojan/Worm
Ikarus	2008.04.19	Trojan-Downloader.Win32.Zlob.abw
Kaspersky	2008.04.19	Trojan-Downloader.Win32.Zlob.lkk
Microsoft	2008.04.19	TrojanDownloader:Win32/Zlob.gen!AW
Symantec	2008.04.19	Trojan.Zlob
VBA32	2008.04.16	suspected of Downloader.Zlob.3
Webwasher-Gateway	2008.04.18	Trojan.Crypt.CFI.Gen

MediaTubeCodec
(changed again)

Domain Name:VIDEOXXX-EMY.INFO
Created On:03-Jan-2008 01:53:04 UTC
Last Updated On:06-Mar-2008 20:39:54 UTC
Expiration Date:03-Jan-2009 01:53:04 UTC
Sponsoring Registrar:Blog.com Digital Communications Inc. (R315-LRMS)
Registrant Name:Domain Admin
Registrant Organization:PrivacyProtect.org
Registrant City:Moergestel
Registrant Country:NL
Name Server:DNS1.VIDEOXXX-EMY.INFO
Name Server:DNS2.VIDEOXXX-EMY.INFO

Registration Service Provided By: ESTDOMAINS INC
Domain Name: BIGHOT18-CODEC2008.COM
Registrant: PrivacyProtect.org - Moergestel -NL
Creation Date: 14-Apr-2008
Expiration Date: 14-Apr-2009
Domain servers in listed order:
ns2.bighot18-codec2008.com
ns1.bighot18-codec2008.com

Date: april 19 2008

File size: 113664 bytes

MD5...: dde6c0ecaeb644b5190b3efe0284b35c

SHA1..: 12eb3a5e3412081065e846ba9e30781f46cdae44

SHA256: 2a444b9f06ebc6d7e179fb856bd0e16ce6501a129fc735a51b0ef48592e6fbb5

SHA512: aa86bd4f40e4da146615112759251cf02c61af2ad569a6b300fdb6eab26fbc8f
3f76b331adaa4d4f5e1e089b4f512ea35f05281c7a403ff496da0251d8f7539b

CAT-QuickHeal	2008.04.18	(Suspicious) - DNAScan
eSafe	2008.04.17	Suspicious File
Fortinet	2008.04.19	W32/PolyZlob!tr.dldr
Ikarus	2008.04.19	MalwareScope.Worm.Nuwar-Glowa.1
Kaspersky	2008.04.19	Trojan-Downloader.Win32.Zlob.lkj
Microsoft	2008.04.19	Trojan:Win32/Tibs.gen!lds
Panda	2008.04.19	Suspicious file
Prevx1	2008.04.19	Generic.Dropper.xCodec
Sophos	2008.04.19	Mal/EncPk-DA
VBA32	2008.04.16	MalwareScope.Worm.Nuwar-Glowa.1

Setup.exe
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: PORNWIZARDRY.COM
Registrant: n/a - Igor Feklistov - Ufa - RU
Creation Date: 07-Feb-2008
Expiration Date: 07-Feb-2009
Domain servers in listed order:
ns2.pornwizardry.com
ns1.pornwizardry.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: FLWSOLUTION.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 07-Apr-2008
Expiration Date: 07-Apr-2009
Domain servers in listed order:
ns2.flwsolution.com
ns1.flwsolution.com

Date: april 12 2008

File size: 12288 bytes

MD5...: 4319adedcbf177ca6ff5e75878e2b10f

SHA1..: 82ac96f781907d7a2ce3f03b875addf3b6ff4522

SHA256: 819fce6d1a3e49ccff869e3b0b6e86a90508c4cdec07e0a39a08c529a17de366

SHA512: 38d10942bd5a4392955ac7330e745daaa257cee3202393678cf1df76e4b8237d
2d1fafd71569a3fa5cc6f898a6a19b2daa2b2eba76dbe99edd0ef4a7ff31f9b3

AntiVir	2008.04.11	TR/Crypt.CFI.Gen
eSafe	2008.04.09	suspicious Trojan/Worm
Ikarus	2008.04.12	Trojan-Downloader.Win32.Zlob.abw
Kaspersky	2008.04.12	Trojan-Downloader.Win32.Zlob.las
Microsoft	2008.04.12	TrojanDownloader:Win32/Zlob.gen!AW
Prevx1	2008.04.12	Generic.Malware
VBA32	2008.04.06	suspected of Downloader.Zlob.3
Webwasher-Gateway	2008.04.11	Trojan.Crypt.CFI.Gen

AccessMediaSetup
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: HDTV-ONLINERIP.COM
Registrant:
PrivacyProtect.org - Moergestel - NL
Creation Date: 11-Apr-2008
Expiration Date: 11-Apr-2009
Domain servers in listed order:
ns2.hdtv-onlinerip.com
ns1.hdtv-onlinerip.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: GLOBALSOFTWAREAGREEMENT.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 11-Apr-2008
Expiration Date: 11-Apr-2009
Domain servers in listed order:
ns2.globalsoftwareagreement.com
ns1.globalsoftwareagreement.com

Date: april12 2008

File size: 93710 bytes

MD5...: d5abdc969ecb81cf757c7509a65477b8

SHA1..: 988818fd5694c73f851b0d59ba5dbc0800c4bf96

SHA256: d93b098a4d91b775c1e75893b5e37d9760fcfffd96219ef39709be03bf850d58

SHA512: 3a5b09aec9254914eab6920d25132c79bd9fbc00d8b03847c0fd0034873343f9
3132259dc857b353d6d616ec59d44170fe22d05e27eda2b7d58079030fb8058b

eSafe	2008.04.09	Suspicious File
eTrust-Vet	2008.04.11	Win32/Burgspill!generic
F-Secure	2008.04.11	Trojan-Downloader.Win32.Delf.goh
Fortinet	2008.04.12	W32/Fake.B!tr.dldr
Ikarus	2008.04.12	Virus.Win32.Delf.JHW
Kaspersky	2008.04.12	Trojan-Downloader.Win32.Delf.goh
Microsoft	2008.04.12	Trojan:Win32/Delflob.I
Panda	2008.04.11	Suspicious file
Sophos	2008.04.12	Mal/DelpDldr-E
VBA32	2008.04.06	suspected of Win32.Trojan.Downloader

GameCodec

Registration Service Provided By: PW INET
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 21-Mar-2008
Expiration Date: 21-Mar-2009
Domain servers in listed order:
ns2.ioprd.net
ns1.ioprd.net

Registration Service Provided By: ESTDOMAINS INC
Domain Name: GAMECODEC.COM
Registrant: CityCODEC inc - Timothy Seely- New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.gamecodec.com
ns1.gamecodec.com

Date: april 11 2008

File size: 235178 bytes

MD5...: 8a2a9e436d9079d3e5ef9e9115f5478e

SHA1..: 8d507440f06fa2037ddc6ebbb1790e22cc7d7129

SHA256: d3839ae3e26a5e8c5c36549b6018f2c81b5e417b569088d134a316d412435a52

SHA512: 96426500a3fb7c0175daeffb524e5c3f1b4c894ffdf8c4c316df078c01b0b589
a8f9ba8df94ef860233e19ef448f914cb695e88eb91eb34ee0697f846739dcb1

AntiVir	7.6.0.81	2008.04.10	DR/Dldr.DNSChanger.Gen
AVG	7.5.0.516	2008.04.10	DNSChanger.AA
BitDefender	7.2	2008.04.11	Dropped:Trojan.DNSChanger.SB
CAT-QuickHeal	9.50	2008.04.10	Win32.Trojan-Proxy.Agent.aab.5
ClamAV	None	2008.04.10	Trojan.DNSChanger-3046
eSafe	7.0.15.0	2008.04.09	Win32.Agent.aab
F-Secure	6.70.13260.0	2008.04.11	W32/Malware
Fortinet	3.14.0.0	2008.04.10	W32/Agent.AAB!tr
Kaspersky	7.0.0.125	2008.04.11	Trojan-Proxy.Win32.Agent.aab
Microsoft	1.3408	2008.04.11	Trojan:Win32/Agent
Norman	5.80.02	2008.04.10	Agent.FCOL
Prevx1	V2	2008.04.11	TROJAN.PROXY.G
Rising	20.39.32.00	2008.04.10	Trojan.Win32.DNSChanger.gpo
Sophos	4.28.0	2008.04.11	Mal/Generic-A
TheHacker	6.2.92.273	2008.04.11	Trojan/Proxy.Agent.aab
VBA32	3.12.6.4	2008.04.06	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	6.6.2	2008.04.10	Trojan.Dropper.Dldr.DNSChanger.Gen

MediaTubeCodec
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: ADULT-FREETUBE-8.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 18-Mar-2008
Expiration Date: 18-Mar-2009
Domain servers in listed order:
ns2.adult-freetube-8.com
ns1.adult-freetube-8.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: HOTSTARS2008-17.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 01-Apr-2008
Expiration Date: 01-Apr-2009
Domain servers in listed order:
ns2.hotstars2008-17.com
ns1.hotstars2008-17.com

Date: april 11 2008

ile size: 100864 bytes

MD5...: b1fba9a72cffd952c5001f1c10d18762

SHA1..: 928b2ddea2d10a6f8d203950f55e9286e199b4e8

SHA256: 6a2d15ba15265832c678c2b9c6383f1377cf0791656fa65bfe357d9effd247f3

SHA512: 86395714732b200d970d8bc1ffb627c4594469f2f76d1d8147e09aeaac8e0478
b99847b1f9949736e38daa1356d6fc7da710419e688fe9fd00ae858ae520bac2

AVG	2008.04.10	Downloader.Zlob.12.AD
CAT-QuickHeal	2008.04.10	(Suspicious) - DNAScan
eSafe	2008.04.09	Suspicious File
Fortinet	2008.04.10	W32/PolyZlob!tr.dldr
Ikarus	2008.04.11	MalwareScope.Worm.Nuwar-Glowa.1
Kaspersky	2008.04.11	Trojan-Downloader.Win32.Zlob.kxp
Microsoft	2008.04.11	Trojan:Win32/Tibs.gen!lds
Prevx1	2008.04.11	Downloader.Zlob.12.AD
Sophos	2008.04.11	Mal/EncPk-DA
VBA32	2008.04.06	MalwareScope.Worm.Nuwar-Glowa.1

AccessMediaSetup
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: FUNFUCKPORN.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 14-Mar-2008
Expiration Date: 14-Mar-2009
Domain servers in listed order:
ns2.funfuckporn.com
ns1.funfuckporn.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: SOFTWAREDESTRIBUTIONONLINECORP.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 18-Mar-2008
Expiration Date: 18-Mar-2009
Domain servers in listed order:
ns2.softwaredestributiononlinecorp.com
ns1.softwaredestributiononlinecorp.com

Date: april 11 2008

ile size: 93595 bytes

MD5...: a6b1671c8cafde00367b2f5272b12257

SHA1..: 41ccd905738f61eb21bb821baf9f9d96e6761694

SHA256: 54afb90c4ed06c439799bb38fb233aceda98e2a179134a2d984f0475685bf693

SHA512: 729377590e320c44db63df7ea754a4328eba944968b0474073a315f732ea1932
d115f651260f6bf1cae45390d98c334182fd5230d663f04ca2ae8b4041a7c064

AVG	2008.04.10	Downloader.Delf
eSafe	2008.04.09	Suspicious File
eTrust-Vet	2008.04.10	Win32/Burgspill!generic
F-Secure	2008.04.11	Suspicious:W32/Malware!Gemini
Fortinet	2008.04.10	W32/Fake.B!tr.dldr
Ikarus	2008.04.11	Virus.Win32.Delf.JHW
Microsoft	2008.04.11	Trojan:Win32/Delflob.I
Panda	2008.04.10	Suspicious file
Sophos	2008.04.11	Mal/DelpDldr-E
VBA32	2008.04.06	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.04.10	Win32.Malware.dam (suspicious)

MediaTubeCodec
(changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: FREE-PORNTUBE-8.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 18-Mar-2008
Expiration Date: 18-Mar-2009
Domain servers in listed order:
ns2.free-porntube-8.com
ns1.free-porntube-8.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: SEXCODECSTARS.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 01-Apr-2008
Expiration Date: 01-Apr-2009
Domain servers in listed order:
ns2.sexcodecstars.com
ns1.sexcodecstars.com

Date: april 8 2008

File size: 100880 bytes

MD5...: 97d0029983ce5df4ae55d938a0889423

SHA1..: 9987e17e126aa0f8e13b0aed0e3a5327c9de7753

SHA256: 6c60204b2dc9bd4eca5213b5887a46da3e25d480e457ea8a2741f24c70dc09a6

SHA512: 48bcfd3ea3806c03cfae6c9483c2b782743cf0a02fcfdf8ad92e968fa9682cff
5da73f42ef535e4d16f34d9d691571134b2708506b11fc092482eb566b65e0c9

AntiVir	2008.04.07	TR/Crypt.XPACK.Gen
AVG	2008.04.07	Downloader.Zlob.VTI
CAT-QuickHeal	2008.04.05	(Suspicious) - DNAScan
eSafe	2008.04.01	Suspicious File
eTrust-Vet	2008.04.08	Win32/Pripecs.NY
F-Secure	2008.04.08	Trojan-Downloader.Win32.Zlob.kpv
Kaspersky	2008.04.08	Trojan-Downloader.Win32.Zlob.kpv
Microsoft	2008.04.06	Trojan:Win32/Tibs.gen!G
Prevx1	2008.04.08	Generic.Dropper.xCodec
Sophos	2008.04.08	Mal/EncPk-DA
VBA32	2008.04.06	suspected of MalwareScope.Worm.Nuwar-Glowa.1 (paranoid heuristics)
VirusBuster	2008.04.07	Trojan.DL.Agent.ECVY
Webwasher-Gateway	2008.04.07	Trojan.Crypt.XPACK.Gen

AccessMediaDownload
(... and changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: ONLINE-DVDRIP.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 12-Mar-2008
Expiration Date: 12-Mar-2009
Domain servers in listed order:
ns2.online-dvdrip.com
ns1.online-dvdrip.com

Date: april 8 2008

File size: 99767 bytes

MD5...: 53d6354cafd91fc649671f2105eeb43e

SHA1..: 84a4001457e03551153b09728ecb48fab3df002c

SHA256: 0dda3e3e71ab1cf684885a171f965b3c848cd3360dd49baa82c450821448c7c1

SHA512: df1ad3c234efc113695cc7ae89b5539d081b822e88ff8a7719c095b947e346ee
ef4a67adf5f4cce205ba3feef6a683796186dc2acfbaf2b193617b151c603714

AVG	2008.04.07	Downloader.Delf
DrWeb	2008.04.08	Trojan.MulDrop.14424
eSafe	2008.04.01	Suspicious File
eTrust-Vet	2008.04.08	Win32/Burgspill!generic
F-Secure	2008.04.08	Trojan-Downloader.Win32.Peregar.ac
Fortinet	2008.04.07	W32/Fake.B!tr.dldr
Kaspersky	2008.04.08	Trojan-Downloader.Win32.Peregar.ac
Microsoft	2008.04.06	Trojan:Win32/Delflob.I
Panda	2008.04.07	Suspicious file
Prevx1	2008.04.08	Generic.Malware
Sophos	2008.04.08	Mal/DelpDldr-E
VBA32	2008.04.06	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.04.07	Win32.Malware.dam (suspicious)

IxCodec

Registration Service Provided By: PW INET
Domain Name: UYTIE.NET
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 21-Mar-2008
Expiration Date: 21-Mar-2009
Domain servers in listed order:
ns2.uytie.net
ns1.uytie.net

Registration Service Provided By: ESTDOMAINS INC
Domain Name: IXCODEC.COM
Registrant: CityCODEC inc - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.ixcodec.com
ns1.ixcodec.com

Datum: april 7 2008

File size: 235178 bytes

MD5...: 8a2a9e436d9079d3e5ef9e9115f5478e

SHA1..: 8d507440f06fa2037ddc6ebbb1790e22cc7d7129

SHA256: d3839ae3e26a5e8c5c36549b6018f2c81b5e417b569088d134a316d412435a52

SHA512: 96426500a3fb7c0175daeffb524e5c3f1b4c894ffdf8c4c316df078c01b0b5

AntiVir	2008.04.07	DR/Dldr.DNSChanger.Gen
AVG	2008.04.07	DNSChanger.AA
BitDefender	2008.04.07	Dropped:Trojan.DNSChanger.SB
CAT-QuickHeal	2008.04.05	Win32.Trojan-Proxy.Agent.aab.5
ClamAV	2008.04.07	Trojan.DNSChanger-3046
F-Secure	2008.04.07	W32/Malware
Fortinet	2008.04.07	W32/Agent.AAB!tr
Kaspersky	2008.04.07	Trojan-Proxy.Win32.Agent.aab
Microsoft	2008.04.06	Trojan:Win32/Agent
Norman	2008.04.07	Agent.FCOL
Prevx1	2008.04.07	TROJAN.PROXY.G
Sophos	2008.04.07	Mal/Generic-A
Symantec	2008.04.07	Trojan.Zlob
TheHacker	2008.04.07	Trojan/Proxy.Agent.aab
VBA32	2008.04.06	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	2008.04.07	Trojan.Dropper.Dldr.DNSChanger.Gen

UinCodec

Domain Name:JSFEED.INFO
Created On:27-Dec-2006
Last Updated On:03-Feb-2008
Expiration Date:27-Dec-2008
Registrant Name:Homer Simpson
Registrant Organization:N/A
Registrant City:Pekin
Registrant Country:CN
Name Server:NS1.GRAYRESELLER.COM
Name Server:NS2.GRAYRESELLER.COM

Registration Service Provided By: ESTDOMAINS INC
Domain Name: UINCODEC.COM
Registrant: CityCODEC inc - Timothy Seely - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.uincodec.com
ns1.uincodec.com

Date: april 6 2008

File size: 235602 bytes

MD5...: 0389953824819032bcb418afd8653795

SHA1..: 7d780ed9294e36354d97d78d41f2c93d665c97eb

SHA256: 34d18ed4211a45dccfca586293bc4488d8a64f2875894e46fa90f554c313adb6

SHA512: 99f789fcbfb175bf498985195154485af5f7c876208949f272ff93f8e66d6a18<br />829c1b70463df1b7d0364fa4e6e394074ad7112a209fe540eb4d57db736e16da

AntiVir	2008.04.05	DR/Dldr.DNSChanger.Gen
AVG	2008.04.05	DNSChanger.AA
BitDefender	2008.04.06	Dropped:Trojan.Downloader.Zlob.ABOU
F-Prot	2008.04.05	W32/Trojan2.AIES
F-Secure	2008.04.06	W32/Malware
Fortinet	2008.04.06	W32/DNSChanger.ARN!tr
Ikarus	2008.04.06	Trojan.Win32.DNSChanger.arn
Kaspersky	2008.04.06	Trojan.Win32.DNSChanger.arn
Norman	2008.04.04	W32/Malware
Prevx1	2008.04.06	Generic.Dropper.xCodec
Sophos	2008.04.06	Mal/Generic-A
Symantec	2008.04.06	Trojan.Zlob
VBA32	2008.04.06	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	2008.04.05	Trojan.Dropper.Dldr.DNSChanger.Gen

Setup.exe
(... and changed again)

Registration Service Provided By: ESTDOMAINS INC
Domain Name: HOTVIDEOSTUBE.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 06-Feb-2008
Expiration Date: 06-Feb-2009
Domain servers in listed order:
ns2.hotvideostube.com
ns1.hotvideostube.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: AVIDIRECTION.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 31-Mar-2008
Expiration Date: 31-Mar-2009
Domain servers in listed order:
ns2.avidirection.com
ns1.avidirection.com

Date: april 06 2008

File size: 12800 bytes

MD5...: ce751f6cc445a1ac3f877a9a6cf9958c

SHA1..: fc5dae3309d0b0642fc031d4bcf835322b15a52b

SHA256: 427c04925cc8e9680162a7f573a79895c122da62417fcf7e1c97e7f977cf3a2e

SHA512: b7d094f46fb65d695fb8279f58cd77b54c718a3d5f62f3180a6c75a2f7599dfc<br />bdb3e7ebb4cadc74acc607fdb5a315ff15db1d6dc77668e3caaffbc1822d744c

AntiVir	2008.04.05	TR/Dldr.Zlob.12800
Authentium	2008.04.05	W32/Downldr2.BMKO
F-Prot	2008.04.05	W32/Downldr2.BMKO
Microsoft	2008.04.06	TrojanDownloader:Win32/Zlob.AMP
Webwasher-Gateway	2008.04.05	Trojan.Dldr.Zlob.12800

Setup.exe
(... and changed again)

Domain Name: BESTDAILYVIDS.COM
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS1.BESTDAILYVIDS.COM
Name Server: NS2.BESTDAILYVIDS.COM
Status: ok
Updated Date: 21-jan-2008
Creation Date: 22-nov-2007
Expiration Date: 22-nov-2008

Registration Service Provided By: ESTDOMAINS INC
Domain Name: MOVHELPER.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 31-Mar-2008
Expiration Date: 31-Mar-2009
Domain servers in listed order:
ns2.movhelper.com
ns1.movhelper.com

Date: april 4 2008

File size: 12800 bytes

MD5: 52cdb30619de70dd4fa3e2f3014181a5

SHA1: 578ca3808f248332a6d76405c2cdcde297680f93

AntiVir	2008.04.03	TR/Dldr.Zlob.12800
eSafe	2008.04.01	suspicious Trojan/Worm
Microsoft	2008.04.03	TrojanDownloader:Win32/Zlob.AMP
Prevx1	2008.04.04	Trojan.Zlob
Webwasher-Gateway	2008.04.03	Trojan.Dldr.Zlob.12800

AccessMediaDownload
(changed again)

Date: april 4 2008

File size: 83886 bytes

MD5: 0a66c59ca86df81c27a06a6946bf8866

SHA1: 6c1da87747f323d3b21917f9ee69acc57a51686a

AVG	2008.04.04	Downloader.Delf
eSafe	2008.04.01	Suspicious File
eTrust-Vet	2008.04.03	Win32/Burgspill!generic
F-Secure	2008.04.04	Suspicious:W32/Malware!Gemini
Microsoft	2008.04.03	Trojan:Win32/Delflob.I
Panda	2008.04.04	Suspicious file
Sophos	2008.04.04	Mal/Heuri-E
VBA32	2008.03.25	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.04.03	Win32.Malware.dam (suspicious)

JetCodec

Domain Name:JSFEED.INFO
Created On:27-Dec-2006 13:36:57 UTC
Last Updated On:03-Feb-2008 13:07:00 UTC
Expiration Date:27-Dec-2008 13:36:57 UTC
Sponsoring Registrar:Direct Information Pvt. Ltd. d/b/a PublicDomainRegistry.com (R159-LRMS)
Registrant Name:Homer Simpson
Registrant Organization:N/A
Registrant Country:CN
Name Server:NS1.GRAYRESELLER.COM
Name Server:NS2.GRAYRESELLER.COM

Registration Service Provided By: ESTDOMAINS INC
Domain Name: JETCODEC.COM -
Registrant: - CityCODEC inc - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.jetcodec.com
ns1.jetcodec.com

Date: april 2 2008

File size: 235602 bytes

MD5: 0389953824819032bcb418afd8653795

SHA1: 7d780ed9294e36354d97d78d41f2c93d665c97eb

AntiVir	2008.04.01	DR/Dldr.DNSChanger.Gen
AVG	2008.04.01	DNSChanger.AA
BitDefender	2008.04.02	Dropped:Trojan.Downloader.Zlob.ABOU
ClamAV	2008.04.02	Trojan.Zlob-2395
F-Prot	2008.04.01	W32/Trojan2.AIES
F-Secure	2008.04.02	W32/Malware
Kaspersky	2008.04.02	Trojan.Win32.DNSChanger.arn
Norman	2008.04.01	W32/Malware
Symantec	2008.04.02	Trojan.Zlob
VBA32	2008.03.25	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	2008.04.01	Trojan.Dropper.Dldr.DNSChanger.Gen

AccessMediaDownload
(changed again)

Date: april 1 2008

File size: 92648 bytes

MD5: 4228b1724a11315417f2d47c27d89438

SHA1: ca7d95c8e1f75cdd210645eaf6f05708dc3ac052

AntiVir	2008.04.01	DR/Delphi.Gen
AVG	2008.04.01	Downloader.Delf.BBF
eSafe	2008.03.31	Suspicious File
eTrust-Vet	2008.04.01	Win32/Burgspill!generic
F-Prot	2008.03.31	W32/Heuristic-MU3!Eldorado
F-Secure	2008.04.01	Suspicious:W32/Malware!Gemini
Fortinet	2008.04.01	W32/Fake.B!tr.dldr
Kaspersky	2008.04.01	Trojan-Downloader.Win32.Delf.gfy
McAfee	2008.04.01	Downloader.gen.a
Microsoft	2008.04.01	Trojan:Win32/Delflob.I
Panda	2008.03.31	Suspicious file
Prevx1	2008.04.01	Generic.Dropper.xCodec
Sophos	2008.04.01	Mal/Heuri-E
VBA32	2008.03.25	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.04.01	Trojan.Dropper.Delphi.Gen

MediaTubeCodec
(changed again)

Domain Name:VIDEOXXX-EMY.INFO
Created On:03-Jan-2008
Last Updated On:06-Mar-2008
Expiration Date:03-Jan-2009
Registrant Organization:PrivacyProtect.org - Moergestel - NL
Name Server:DNS1.VIDEOXXX-EMY.INFO
Name Server:DNS2.VIDEOXXX-EMY.INFO

Registration Service Provided By: ESTDOMAINS INC
Domain Name: HOTCODECADULTGS.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 24-Mar-2008
Expiration Date: 24-Mar-2009
Domain servers in listed order:
ns2.hotcodecadultgs.com
ns1.hotcodecadultgs.com

AntiVir	2008.03.28	TR/Crypt.XPACK.Gen
AVG	2008.03.30	Downloader.Zlob.12.I
CAT-QuickHeal	2008.03.28	(Suspicious) - DNAScan
eSafe	2008.03.30	Suspicious File
F-Secure	2008.03.30	Trojan-Downloader.Win32.Zlob.jbe
Kaspersky	2008.03.30	Trojan-Downloader.Win32.Zlob.jbe
Microsoft	2008.03.30	TrojanDownloader:Win32/Small.ZZB
Prevx1	2008.03.30	Generic.Dropper.xCodec
Webwasher-Gateway	2008.03.30	Win32.Malware.gen!94

Setup.exe
(Yep. changed again)

Domain Name: coterwaste.cn
Registrant Organization: Berkju
Registrant Name: Dermin Conrad
Administrative Email: domenownik@gmail.com
Sponsoring Registrar: åŽ¦é—¨åŽå•†ç››ä¸–ç½‘ç»œæœ‰é™å…¬å¸
Name Server:ns1.celdasdecarga.info
Name Server:ns2.celdasdecarga.info
Registration Date: 2007-08-23 05:44
Expiration Date: 2008-08-23 05:44

www.mpggadget.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: MPGGADGET.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 24-Mar-2008
Expiration Date: 24-Mar-2009
Domain servers in listed order:
ns2.mpggadget.com
ns1.mpggadget.com

Date: march 29 2008

File size: 12800 bytes

MD5: 979c1af34f4c7b2f82341c7c81ee424f

SHA1: cf68eddcc4410cfd59103e98862bd482b6ea4d1c

BitDefender	2008.03.29	Trojan.Downloader.Zlob.ABQX
eSafe	2008.03.18	suspicious Trojan/Worm
F-Secure	2008.03.29	Trojan-Downloader.Win32.Zlob.khk
Kaspersky	2008.03.29	Trojan-Downloader.Win32.Zlob.khk
Prevx1	2008.03.29	Trojan.Downloader
VBA32	2008.03.25	suspected of Downloader.Zlob.3

HeroCodec

Registration Service Provided By: PW INET
Domain Name: BORAR.NET
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 14-Mar-2008
Expiration Date: 14-Mar-2009
Domain servers in listed order:
ns2.borar.net
ns1.borar.net

Registration Service Provided By: ESTDOMAINS INC
Domain Name: HEROCODEC.COM
Registrant: CityCODEC inc - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.herocodec.com
ns1.herocodec.com

Date: March 29 2008

File size: 235178 bytes

MD5: 8a2a9e436d9079d3e5ef9e9115f5478e

SHA1: 8d507440f06fa2037ddc6ebbb1790e22cc7d7129

AntiVir	2008.03.28	DR/Dldr.DNSChanger.Gen
Avast	2008.03.28	Win32:DNSChanger-SF
AVG	2008.03.28	DNSChanger.AA
BitDefender	2008.03.29	Dropped:Trojan.DNSChanger.SB
CAT-QuickHeal	2008.03.28	Win32.Trojan-Proxy.Agent.aab.5
F-Secure	2008.03.28	W32/Malware
Kaspersky	2008.03.29	Trojan-Proxy.Win32.Agent.aab
Norman	2008.03.28	W32/Malware
Prevx1	2008.03.29	TROJAN.PROXY.G
TheHacker	2008.03.29	Trojan/Proxy.Agent.aab
VBA32	2008.03.25	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	2008.03.29	Trojan.Dropper.Dldr.DNSChanger.Gen

AccessMediaDownload
(changed pushing-site)

Date: march 29 2008
File size: 93216 bytes
MD5: c36208fbc5dfc05a6c0b668d6672efb7
SHA1: 109bfbaff9e1f8af30173e2b3dc042ffd291d998

AntiVir	2008.03.28	TR/Dldr.Delf.gcc
AVG	2008.03.28	SHeur.BBIO
ClamAV	2008.03.29	Trojan.Zlob-2392
DrWeb	2008.03.28	Trojan.DownLoader.54115
eSafe	2008.03.18	Suspicious File
eTrust-Vet	2008.03.29	Win32/Burgspill!generic
F-Secure	2008.03.28	Suspicious:W32/Malware!Gemini
Fortinet	2008.03.29	W32/Fake.B!tr.dldr
Kaspersky	2008.03.29	Trojan-Downloader.Win32.Delf.gdw
Microsoft	2008.03.28	Trojan:Win32/Delflob.I
NOD32v2	2008.03.29	Win32/Adware.IeDefender.NCM
Panda	2008.03.29	Suspicious file
Prevx1	2008.03.29	Generic.Malware
Sophos	2008.03.29	Mal/Heuri-E
Symantec	2008.03.29	Downloader
TheHacker	2008.03.29	Trojan/Downloader.Delf.gdx
VBA32	2008.03.25	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.03.29	Trojan.Dldr.Delf.gcc

AccessMediaDownload

Domain Name: przybylska.cn
ROID: 20070711s10001s16925401-cn
Domain Status: ok
Registrant Organization: n/a
Registrant Name: Alexander Marvis
Administrative Email: marvis22@gmail.com
Sponsoring Registrar: åŽ¦é—¨åŽå•†ç››ä¸–ç½‘ç»œæœ‰é™å…¬å¸
Name Server:ns1.qpack.cn
Name Server:ns2.qpack.cn
Registration Date: 2007-07-11 11:10
Expiration Date: 2008-07-11 11:10

Date March 28 2008
File size: 93216 bytes
MD5: c58af30901cd4ec51c651b70f615f8dc
SHA1: 111dfe170578faa67cf1336d4fa4613ddcb0f227

AntiVir	2008.03.27	TR/Dldr.Delf.gcc
AVG	2008.03.27	SHeur.BBIO
DrWeb	2008.03.27	Trojan.DownLoader.54115
eSafe	2008.03.18	Suspicious File
eTrust-Vet	2008.03.27	Win32/Burgspill!generic
F-Secure	2008.03.28	Suspicious:W32/Malware!Gemini
Fortinet	2008.03.28	W32/Fake.B!tr.dldr
Kaspersky	2008.03.28	Trojan-Downloader.Win32.Delf.gdw
Microsoft	2008.03.27	Trojan:Win32/Delflob.I
Panda	2008.03.28	Suspicious file
Prevx1	2008.03.28	Generic.Malware
Sophos	2008.03.28	Mal/Heuri-E
TheHacker	2008.03.27	Trojan/Downloader.Delf.gdx
VBA32	2008.03.25	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.03.27	Trojan.Dldr.Delf.gcc

StormCodec

Domain Name: adarand.cn
Registrant Organization: n/a
Registrant Name: Wade Gregory
Sponsoring Registrar: åŽ¦é—¨åŽå•†ç››ä¸–ç½‘ç»œæœ‰é™å…¬å¸
Name Server:ns1.qpack.cn
Name Server:ns2.qpack.cn
Registration Date: 2007-07-11 10:58
Expiration Date: 2008-07-11 10:58

Registration Service Provided By: ESTDOMAINS INC
Domain Name: STORMCODEC.NET
Registrant: CityCODEC inc - Timothy Seely - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.stormcodec.net
ns1.stormcodec.net

Date: march 25 2008
File size: 233855 bytes
MD5: 37a2baa99f2a665578effd72658775cd
SHA1: dbfd6e79d7903bc5001bd349c0259853b70eff56

AntiVir	2008.03.25	DR/Proxy.Agent.aab.425
Avast	2008.03.24	Win32:DNSChanger-SF
BitDefender	2008.03.25	Dropped:Trojan.DNSChanger.SB
F-Secure	2008.03.25	W32/Malware
Fortinet	2008.03.25	W32/Agent.AAB!tr
Kaspersky	2008.03.25	Trojan-Proxy.Win32.Agent.aab
Norman	2008.03.25	W32/Malware
Prevx1	2008.03.25	TROJAN.PROXY.G
TheHacker	2008.03.25	Trojan/Proxy.Agent.aab
VBA32	2008.03.25	MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway	2008.03.25	Trojan.Dropper.Proxy.Agent.aab.425

Setup.exe
(changed again)

Date: march 25 2008
File size: 12800 bytes
MD5: 62c47b5f83e398ae033b93507b37c365
SHA1: 898f277706f26154cb0fe228c81d9666ea8ab178

AntiVir	2008.03.25	TR/Zlob.iyh
Avast	2008.03.24	Win32:Agent-TAA
BitDefender	2008.03.25	Trojan.Downloader.Zlob.ABQX
eSafe	2008.03.18	suspicious Trojan/Worm
F-Secure	2008.03.25	Suspicious:W32/Malware!Gemini
Microsoft	2008.03.25	TrojanDownloader:Win32/Zlob.gen!AV
Prevx1	2008.03.25	Generic.Malware
VBA32	2008.03.25	suspected of Downloader.Zlob.3
Webwasher-Gateway	2008.03.25	Trojan.Zlob.iyh

AccessMediaDownload
(changed)

Domain Name: przybylska.cn
Registrant Organization: n/a
Registrant Name: Alexander Marvis
Administrative Email: marvis22@gmail.com
Sponsoring Registrar: åŽ¦é—¨åŽå•†ç››ä¸–ç½‘ç»œæœ‰é™å…¬å¸
Name Server:ns1.qpack.cn
Name Server:ns2.qpack.cn
Registration Date: 2007-07-11 11:10
Expiration Date: 2008-07-11 11:10

Date: march 24 2008
File size: 91635 bytes
MD5: 4f95cb1689849c9e7631da849a4bb980
SHA1: 10e270923d9a27faa4e41608ba22fdb89b8ebe57

AVG	2008.03.23	Downloader.Delf.BAD
eSafe	2008.03.18	Suspicious File
eTrust-Vet	2008.03.21	Win32/Burgspill!generic
F-Secure	2008.03.24	Trojan-Downloader.Win32.Delf.gax
Fortinet	2008.03.24	W32/Fake.B!tr.dldr
Ikarus	2008.03.24	Trojan-Downloader.Codec.C
Kaspersky	2008.03.24	Trojan-Downloader.Win32.Delf.gax
Microsoft	2008.03.24	Trojan:Win32/Delflob.I
Panda	2008.03.23	Suspicious file
Prevx1	2008.03.24	Generic.Malware
Sophos	2008.03.24	Mal/Heuri-E
VBA32	2008.03.21	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.03.24	Win32.Malware.dam (suspicious)

MediaTubeCodec
(changed)

Same as before

Date: March 22 2008
File size: 93200 bytes
MD5: 7272b992677588c4097a131fe83669a6
SHA1: 3ba7781276192968e6160d140b4a732b5217b49e

CAT-QuickHeal	2008.03.21	Win32.Trojan-Downloader.Zlob.jbe.3
eSafe	2008.03.18	Suspicious File
F-Secure	2008.03.21	Trojan-Downloader.Win32.Zlob.jbe
Fortinet	2008.03.21	W32/PolyZlob!tr.dldr
Kaspersky	2008.03.22	Trojan-Downloader.Win32.Zlob.jbe
Microsoft	2008.03.22	Trojan:Win32/Tibs.gen!G
Prevx1	2008.03.22	TROJAN.AGENT.GEN
Sophos	2008.03.22	Mal/TibsPak

CityCodec

Domain Name: adarand.cn
Registrant Organization: n/a
Registrant Name: Wade Gregory
Administrative Email: gregory582@gmail.com
Sponsoring Registrar: åŽ¦é—¨åŽå•†ç››ä¸–ç½‘ç»œæœ‰é™å…¬å¸
Name Server:ns1.qpack.cn
Name Server:ns2.qpack.cn
Registration Date: 2007-07-11 10:58
Expiration Date: 2008-07-11 10:58

Registration Service Provided By: ESTDOMAINS INC
Domain Name: CITYCODEC.COM
Registrant: CityCODEC inc - Timothy Seely - New York,14462-9515 - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.citycodec.com
ns1.citycodec.com

Date: march 22 2008
File size: 233855 bytes
MD5: 37a2baa99f2a665578effd72658775cd
SHA1: dbfd6e79d7903bc5001bd349c0259853b70eff56

AntiVir	2008.03.21	HEUR/Malware
Avast	2008.03.21	Win32:DNSChanger-SF
BitDefender	2008.03.22	Dropped:Trojan.DNSChanger.SB
F-Secure	2008.03.21	W32/Malware
Kaspersky	2008.03.22	Trojan-Proxy.Win32.Agent.aab
Norman	2008.03.20	W32/Malware
Prevx1	2008.03.22	TROJAN.PROXY.G
TheHacker	2008.03.19	Trojan/Proxy.Agent.aab
Webwasher-Gateway	2008.03.22	Heuristic.Malware

AccessMediaSetup

78.129.166.25

Registration Service Provided By: ESTDOMAINS INC
Domain Name: ONLINE-DVDRIP.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 12-Mar-2008
Expiration Date: 12-Mar-2009
Domain servers in listed order:
ns2.online-dvdrip.com
ns1.online-dvdrip.com

Date: march 18 2008
File size: 80864 bytes

eSafe	2008.03.09	Suspicious File
eTrust-Vet	2008.03.17	Win32/Burgspill!generic
F-Secure	2008.03.18	Trojan-Downloader.Win32.Flux.en
Ikarus	2008.03.18	Trojan-Downloader.Win32.Flux.en
Kaspersky	2008.03.18	Trojan-Downloader.Win32.Flux.en
Microsoft	2008.03.17	Trojan:Win32/Delflob.I
Panda	2008.03.17	Suspicious file
Prevx1	2008.03.18	Generic.Dropper.xCodec
Sophos	2008.03.18	Mal/Heuri-E
VBA32	2008.03.17	suspected of Win32.Trojan.Downloader

EndCodec

Domain Name: zeynczuhei7.cn
Registrant Organization: Rafalala Incorporated
Sponsoring Registrar: å¹¿ä¸œæ—¶ä»£äº’è”ç§‘æŠ€æœ‰é™å…¬å¸
Name Server:ns19.esthost.com
Name Server:ns20.esthost.com
Registration Date: 2007-12-01 06:57
Expiration Date: 2008-12-01 06:57

Registration Service Provided By: ESTDOMAINS INC
Domain Name: ENDCODEC.COM
Registrant: QAZcodec - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.endcodec.com
ns1.endcodec.com

Date: march 18 2008
File size: 233151 bytes

AntiVir	2008.03.17	DR/DNSChanger.ARN.434
Avast	2008.03.18	Win32:DNSChanger-SF
F-Secure	2008.03.18	W32/Malware
Kaspersky	2008.03.18	Trojan.Win32.DNSChanger.arn
Norman	2008.03.17	DNSChanger.AGYG
Prevx1	2008.03.18	Generic.Dropper.xCodec
VBA32	2008.03.17	Trojan.Win32.DNSChanger.arn
Webwasher-Gateway	2008.03.17	Trojan.Dropper.DNSChanger.ARN.434

Player_Flash

78.129.166.25
Registration Service Provided By: ESTDOMAINS INC
Domain Name: ONLINE-DVDRIP.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 12-Mar-2008
Expiration Date: 12-Mar-2009
Domain servers in listed order:
ns2.online-dvdrip.com
ns1.online-dvdrip.com

Date: march 16 2008
File size: 80932 bytes
eSafe	2008.03.09	Suspicious File
eTrust-Vet	2008.03.14	Win32/Burgspill!generic
F-Secure	2008.03.14	Suspicious:W32/Malware!Gemini
Ikarus	2008.03.16	Trojan.Delf.OXW
Microsoft	2008.03.16	Trojan:Win32/Delflob.I
Panda	2008.03.15	Suspicious file
Sophos	2008.03.16	Mal/Heuri-E
VBA32	2008.03.13	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.03.14	Trojan.Dropper.Delphi.Gen

NiceCodec

Registration Service Provided By: ESTDOMAINS INC
Domain Name: FREE-ADULT-PORN-4U.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Creation Date: 24-Feb-2008
Expiration Date: 24-Feb-2009
Domain servers in listed order:
ns2.free-adult-porn-4u.com
ns1.free-adult-porn-4u.com

Registration Service Provided By: ESTDOMAINS INC
Domain Name: NICECODEC.COM
Registrant: QAZcodec - New York - US
Creation Date: 04-Oct-2007
Expiration Date: 04-Oct-2008
Domain servers in listed order:
ns2.nicecodec.com
ns1.nicecodec.com

Date: march 15 2008
File size: 234577 bytes

AntiVir	2008.03.14	HEUR/Malware
Avast	2008.03.14	Win32:DNSChanger-SF
F-Secure	2008.03.14	W32/Malware
Kaspersky	2008.03.15	Trojan.Win32.DNSChanger.arn
Norman	2008.03.14	W32/Malware
Prevx1	2008.03.15	Generic.Dropper.xCodec
Webwasher-Gateway	2008.03.14	Heuristic.Malware

WebVideoSetup
(not recognized as ZLob, but also from EstDomains. That's close enough for this list ;-))

Registration Service Provided By: ESTDOMAINS INC
Domain Name: WIDGET-PORN.COM
Registrant:
PrivacyProtect.org - Moergestel - NL
Creation Date: 24-Feb-2008
Expiration Date: 24-Feb-2009
Domain servers in listed order:
ns2.widget-porn.com
ns1.widget-porn.com

78.129.166.25

Registration Service Provided By: ESTDOMAINS INC
Domain Name: WIDGET-PORN.COM
Registrant:
PrivacyProtect.org - Moergestel - NL
Creation Date: 24-Feb-2008
Expiration Date: 24-Feb-2009
Domain servers in listed order:
ns2.widget-porn.com
ns1.widget-porn.com

Date: march 12 2008
File size: 82455 bytes

AntiVir	2008.03.12	DR/Delphi.Gen
eSafe	2008.03.09	Suspicious File
eTrust-Vet	2008.03.12	Win32/Burgspill!generic
Fortinet	2008.03.12	W32/Fake.B!tr.dldr
F-Secure	2008.03.12	Suspicious:W32/Malware!Gemini
Ikarus	2008.03.12	Trojan.Delf.OXW
Microsoft	2008.03.12	Trojan:Win32/Delflob.I
Panda	2008.03.12	Suspicious file
Sophos	2008.03.12	Mal/Heuri-E
Symantec	2008.03.12	Downloader
VBA32	2008.03.05	suspected of Win32.Trojan.Downloader
Webwasher-Gateway	2008.03.12	Trojan.Dropper.Delphi.Gen

Setup.exe
(changed again)

Domain Name: adresy.cn
Registrant Organization: mullers janek
Registrant Name: janekmuller
Administrative Email: mnhx112@gmail.com
Sponsoring Registrar: åŽ¦é—¨åŽå•†ç››ä¸–ç½‘ç»œæœ‰é™å…¬å¸
Name Server:ns1.atreides-technologies.info
Name Server:ns2.atreides-technologies.info
Registration Date: 2007-10-27 19:26

Registration Service Provided By: ESTDOMAINS INC
Domain Name: MOVUTILITY.COM
Registrant:
PrivacyProtect.org - Moergestel - NL
Creation Date: 10-Mar-2008
Expiration Date: 10-Mar-2009
Domain servers in listed order:
ns2.movutility.com
ns1.movutility.com

Date: March 12 2008
File size: 11776 bytes

Avast	2008.03.11	Win32:Agent-TAA
BitDefender	2008.03.12	Trojan.Downloader.Zlob.ABNI
eSafe	2008.03.09	suspicious Trojan/Worm
F-Prot	2008.03.11	W32/Zlob.O.gen!Eldorado
F-Secure	2008.03.12	Suspicious:W32/Malware!Gemini
Kaspersky	2008.03.12	Trojan-Downloader.Win32.Zlob.iyh
Microsoft	2008.03.12	TrojanDownloader:Win32/Zlob.gen!AV
VBA32	2008.03.05	suspected of Downloader.Zlob.3

DemoCodec

Domain Name: zeynczuhei7.cn
ROID: 20071201s10001s32936405-cn
Registrant Organization: Rafalala Incorporated
Registrant Name: Rafalala Mercinkiewicz
Administrative Email: mike2@obla.net
Sponsoring Registrar: å¹¿ä¸œæ—¶ä»£äº’è”ç§‘æŠ€æœ‰é™å…¬å¸
Name Server:ns19.esthost.com
Name Server:ns20.esthost.com
Registration Date: 2007-12-01 06:57

Domain Name: DEMOCODEC.COM
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS1.DEMOCODEC.COM
Name Server: NS2.DEMOCODEC.COM
Status: ok
Updated Date: 08-mar-2008
Creation Date: 04-oct-2007
Expiration Date: 04-oct-2008

Date: march 12 2008
File size: 233151 bytes

AntiVir	2008.03.11	HEUR/Malware
Avast	2008.03.11	Win32:DNSChanger-SF
F-Secure	2008.03.12	W32/Malware
Kaspersky	2008.03.12	Trojan.Win32.DNSChanger.arn
Norman	2008.03.11	W32/Malware
Webwasher-Gateway	2008.03.11	Heuristic.Malware

Setup.exe

Domain Name:CUNTTUBE.INFO
Created On:06-Mar-2008
Last Updated On:06-Mar-2008
Expiration Date:06-Mar-2009
Registrant Name:Domain Admin
Registrant Organization:PrivacyProtect.org
Registrant City:Moergestel
Registrant Country:NL
Name Server:NS1.CUNTTUBE.INFO
Name Server:NS2.CUNTTUBE.INFO

Domain Name: MPGASSISTANT.COM
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS1.MPGASSISTANT.COM
Name Server: NS2.MPGASSISTANT.COM
Status: clientTransferProhibited
Updated Date: 05-mar-2008
Creation Date: 05-mar-2008
Expiration Date: 05-mar-2009

Date: march 8 2008
File size: 12288 bytes

Avast - Win32:Agent-TAA
BitDefender - Trojan.Downloader.Zlob.ABNQ
ClamAV - Trojan.Downloader-25584
eSafe - suspicious Trojan/Worm
F-Secure - Suspicious:W32/Malware!Gemini
Ikarus - Trojan.Zlob.2
Microsoft - TrojanDownloader:Win32/Zlob.gen!AV
Prevx1 - Generic.Malware
VBA32 - suspected of Downloader.Zlob.3

WebSoftCodec

Domain Name:XX-IVK.INFO
Created On:03-Jan-2008
Last Updated On:03-Mar-2008
Expiration Date:03-Jan-2009
Registrant Name:Domain Admin
Registrant Organization:PrivacyProtect.org
Registrant City:Moergestel
Name Server:DNS2.PORCACOM-DFD.INFO
Name Server:DNS1.BALCONE-VME.INFO

Domain Name: ADULT-TUBECODEC08.COM
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: www .estdomains.com
Name Server: NS1.ADULT-TUBECODEC08.COM
Name Server: NS2.ADULT-TUBECODEC08.COM
Status: clientTransferProhibited
Updated Date: 04-mar-2008
Creation Date: 04-mar-2008
Expiration Date: 04-mar-2009

Date: march 8 2008
File size: 85520 bytes

AVG - I-Worm/Nuwar.P
BitDefender - Trojan.Downloader.Zlob.ABNW
CAT-QuickHeal - (Suspicious) - DNAScan
eSafe - Suspicious File
Fortinet - W32/Tibs.AY!worm
Sophos - Mal/TibsPak

MediaTubeCodec

Registration Service Provided By: ESTDOMAINS INC
Domain Name: HOTPORNOTUBE08.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Domain Admin (contact@privacyprotect.org)
Creation Date: 01-Mar-2008
Expiration Date: 01-Mar-2009
Updated Date: 04-mar-2008
Creation Date: 04-mar-2008
Expiration Date: 04-mar-2009
Domain servers in listed order:
ns2.hotpornotube08.com
ns1.hotpornotube08.com

Date: march 8 2008
File size: 85520 bytes

AVG - I-Worm/Nuwar.P
BitDefender - Trojan.Downloader.Zlob.ABNW
CAT-QuickHeal - (Suspicious) - DNAScan
eSafe - Suspicious File
Fortinet - W32/Tibs.AY!worm
Sophos - Mal/TibsPak

BlackCodec

Registration Service Provided By: ESTDOMAINS INC
Domain Name: FREE-ADULT-PORN-4U.COM
Registrant: PrivacyProtect.org - Moergestel - NL
Domain Admin (contact@privacyprotect.org)
Creation Date: 24-Feb-2008
Expiration Date: 24-Feb-2009
Domain servers in listed order:
ns2.free-adult-porn-4u.com
ns1.free-adult-porn-4u.com

Domain Name: BLACKCODEC.NET
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: www .estdomains.com
Name Server: NS1.BLACKCODEC.NET
Name Server: NS2.BLACKCODEC.NET
Status: ok
Updated Date: 05-mar-2008
Creation Date: 04-oct-2007
Expiration Date: 04-oct-2008

Date: march 8 2008
File size: 258103 bytes

AntiVir - DR/Dldr.DNSChanger.Gen
Avast - Win32:DNSChanger-SF
AVG - DNSChanger.V
BitDefender -.Downloader.Zlob.ABLE
CAT-QuickHeal - Win32.Trojan.DNSChanger.dns.35
ClamAV - Trojan.Small-5174
eSafe - Suspicious File
F-Secure - Trojan.Win32.DNSChanger.arn
Kaspersky - Trojan.Win32.DNSChanger.arn
Microsoft - Trojan:Win32/Alureon.gen!G
Sophos - Troj/Zlobar-Fam
Symantec - Trojan.Zlob
TheHacker - Trojan/DNSChanger.axb
Webwasher-Gateway - Trojan.Dropper.Dldr.DNSChanger.Gen

XXXmediaCodec

Domain Name: MYNUDENETWORK.COM
Registrar: ESTDOMAINS, INC.
Name Server: NS1.MYNUDENETWORK.COM
Name Server: NS2.MYNUDENETWORK.COM
Updated Date: 16-feb-2008
Creation Date: 16-feb-2008
Expiration Date: 16-feb-2009

Domain Name: MYNUDENETWORK.COM
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: www .estdomains.com
Name Server: NS1.MYNUDENETWORK.COM
Name Server: NS2.MYNUDENETWORK.COM
Status: clientTransferProhibited
Updated Date: 16-feb-2008
Creation Date: 16-feb-2008
Expiration Date: 16-feb-2009

Date: march 8 2008
File size: 114230 bytes

AntiVir - ADSPY/Chrom.A.21309
Avast - Win32:Delf-EQM
AVG - Downloader.Delf.AYJ
BitDefender - Trojan.Downloader.Zlob.ABNW
CAT-QuickHeal - (Suspicious) - DNAScan
eSafe - suspicious Trojan/Worm
F-Prot - W32/Dropper.C.gen!Eldorado
F-Secure - W32/Zlob.BCYH.dropper
Ikarus - Virus.Win32.Delf.EQM
Kaspersky - Trojan-Downloader.Win32.Zlob.ijd
Norman - W32/Zlob.BEAB
Panda - Suspicious file
Sophos - Mal/Behav-031
Sunbelt - Trojan.StartPage.R (vf)
Symantec - Trojan.Dropper
VBA32 - Trojan-Downloader.Win32.Zlob.ijd
VirusBuster 4- Packed/FSG
Webwasher-Gateway - Ad-Spyware.Chrom.A.21309

For fake codecs, wich have been taken offline, please look in the graveyard-list