Win32/Kuluoz.B
[Aby zobaczyć linki, zarejestruj się tutaj]
Co powoduje dane zagrożenie,a no tyle że próbuje się połączyć ze zdalnym serwerem w celu pobrania i wykonania instrukcji która kieruje do pobrania i załadowania m.in.Winwebsec LiveSecurityPlatinum z tych adresów poniżej:
Internet connection: C:\Windows\System32\svchost.exe Connects to "130.76.32.228" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "138.226.65.237" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "142.195.25.24" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "142.195.251.24" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "148.168.100.83" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "148.168.224.83" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "151.138.253.29" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "159.220.28.53" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "159.220.9.53" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "159.245.16.40" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "159.53.110.159" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "159.53.78.168" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "163.231.6.25" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "163.231.6.5" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "173.194.70.27" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "173.194.71.27" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "173.194.79.27" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "188.138.95.133" on port 84 (TCP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "194.138.37.42" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "194.78.176.102" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "194.78.35.225" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "195.130.217.40" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "195.177.80.26" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "195.234.90.136" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "199.255.28.74" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "199.89.103.56" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "205.228.53.57" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "205.242.229.171" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "207.126.147.10" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "209.85.225.26" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "212.82.111.207" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "213.190.76.26" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "216.172.171.59" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "216.32.180.190" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "216.32.181.178" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "216.66.222.11" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "216.82.249.19" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "216.82.251.230" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "217.194.34.75" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "217.194.34.77" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "217.194.35.76" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "217.194.35.77" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "64.18.4.11" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "65.54.188.72" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "65.55.37.120" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "65.55.88.22" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "65.55.92.136" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "65.55.92.168" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "67.231.152.184" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "69.1.97.34" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "72.55.174.23" on port 84 (TCP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "74.125.127.26" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "74.125.134.26" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "74.208.73.243" on port 84 (TCP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "85.90.76.132" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "91.214.7.40" on port 25 (TCP - SMTP).
Internet connection: C:\Windows\System32\svchost.exe Connects to "91.220.42.23" on port 25 (TCP - SMTP).
Możliwe że za każdym razem będzie ściągał z tych adresów świeże dostawy LiveSecurityPlatinum,chyba że zostaną zablokowane
Ściągnięta próbka FakeAV - WinWebSec - Live Security Platinum
[Aby zobaczyć linki, zarejestruj się tutaj]