Recent submission to uploadmalware

David H. Lipman · External Since: Jul 04, 2003 Posts: 2116

6B08C812d01
* jQuery 1.2.5 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.

BB2E8847d01
Binary data that could be encoded. Did not try to decode.

599999AFd01.png
Nothing but white graphic

30C0D48Dd01
Graphic of orange shield that could be associated with a rogue anti malware

setup_build7_195.exe
0 hits on Virus Total

Windows Protection Suite installer

Mutex:
VirusDoctorInstallerMutex

Communicates with:
prestotunerst.cn
mysecurityguru.cn
securefield.net
update1.windowsprotectionsuite.com
update2.windowsprotectionsuite.com
pay1.winprotectionsuite.com

Creates folder:
C:\Documents and Settings\All Users\Application Data\XXXXXXX

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WINPS = ""C:\Documents and Settings\All Users\Application Data\XXXXXXX\WinProtector.exe"
/s"

Executes command:
taskkill.exe "C:\WINDOWS\system32\taskkill.exe" /F /IM MSASCui* /IM avg* /IM ash* /IM
McSA*

Where XXXXXXX equals something like...
e394af6
e4a12b7
7439e16

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman · External Since: Jul 04, 2003 Posts: 2116

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

Original file uploader and UploadMalware.Com:

You asked for the above and I provided it.

The lack of a response means there will be a lack of desire on my part to do this again in
the future.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

The Real Truth MVP · External Since: Sep 09, 2009 Posts: 1

Idiot.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:h89fng046c@news3.newsguy.com...
> From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
>
> Original file uploader and UploadMalware.Com:
>
> You asked for the above and I provided it.
>
> The lack of a response means there will be a lack of desire on my part to
> do this again in
> the future.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

Virus Guy · External Since: Aug 05, 2005 Posts: 407

"David H. Lipman" wrote:

> The lack of a response means there will be a lack of desire on my
> part to do this again in the future.

Is it that you wish the submissions to uploadmalware to end?

Or just the posting of results to this newsgroup when requested?

David H. Lipman · External Since: Jul 04, 2003 Posts: 2116

From: "Virus Guy" <Virus RemoveThis @Guy.com>

| "David H. Lipman" wrote:

>> The lack of a response means there will be a lack of desire on my
>> part to do this again in the future.

| Is it that you wish the submissions to uploadmalware to end?

| Or just the posting of results to this newsgroup when requested?

No, please submit. Was that you ?

Anyway, I just can't see why someone would ask to have results posted here and not comment
on said posted results. W/o a response to even acknowledge the results it's not worth the
effort.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp