See: https://www.virustotal.com/nl/url/21a0a42184dafc7fbef169c65673c4fd98d9272e705c2413b8e63fa871ce4450/analysis/1382389734/
the file scan: https://www.virustotal.com/nl/file/4bc32b53f851333382c890fac5d95539da67ac2004c475c8ae62efd503830c55/analysis/1382389737/
the alerts: http://urlquery.net/report.php?id=7020769
IDS alert for ET POLICY PE EXE or DLL Windows file download severity 1
Trojan.ChinAd.A is a family of trojans that display fake security alerts…

polonus

Changes your homepage. Will look into Roaming folders etc…

First submission 2013-02-03 03:37:30 UTC ( 8 months, 2 weeks ago )

creates folder in the Roaming folder. Haven’t check the Reg

Hi Pondus,

But there new variants just being released: http://support.clean-mx.com/clean-mx/viruses.php?ip=61.187.182.21&sort=id%20DESC
For instance alive since: 2013-10-21 19:26:22 and will probably be up and alive for under 4 hours
https://www.virustotal.com/en/file/29d88bb898210bc67dde5a1b3fc9e2294b81c8f8d90c0b12a4d06893204773e0/analysis/

Analysis for alan1998 here: http://camas.comodo.com/cgi-bin/submit?file=29d88bb898210bc67dde5a1b3fc9e2294b81c8f8d90c0b12a4d06893204773e0

This one has been up for 3 days: https://www.virustotal.com/en/file/d9c01085e7f8af6485bbe0032a9446593702fa9fff592cf891a56fb54b577a0a/analysis/#item-detail - last seen Oct 21st

See: http://anubis.iseclab.org/?action=result&task_id=1344eac6d712e39d489f5b3ae46652fa8
For the unnamed file there see: htxp://www.hackforums.net/showthread.php%3Fpid%3D25196097%2Bunnamed+file+0x00120028&oe=utf-8&hl=en&ct=clnk
only available via Google cache for the security aware - (subject: htxp://www.blackhatlibrary.net/Buffer_overflow)

and more on that IP: https://www.virustotal.com/en/ip-address/61.187.182.21/information/

polonus

URL from this link is blocked: https://www.virustotal.com/de/url/21a0a42184dafc7fbef169c65673c4fd98d9272e705c2413b8e63fa871ce4450/analysis/1382389734/

All URLs from the Clean Mx are blocked.