A new one for you. Got from the fact that MVPHosts author removed uniqueadult.com and I didn't like it because it was still alive. I have learned from hard experience that if the host has not been parked or is dead it is usually still dangerous if it was before. So I pulled that one, then looked at the index.php file and then pulled:
tube-sixnine.com/get.php\?id\=21199\&p\=21
download-all4free.com/FullBSCodecz.21199.exe
The file is partially encrypted, no copyright strings, and only NOD32 and VirusBuster detect it. I have the results of the scan and the file itself encrypted with password "virus" here:
http://www.securemecca.com/MalwareDomainList/FullBSCodecz.21199.exe.BAD.7zhttp://www.securemecca.com/MalwareDomainList/download-all4free.com.pdfI do what I normally do when I am reasonably sure what I am looking at is bad - tack on a ".BAD" extension since then Windows doesn't know what to do with it. Until then the extension I tack on is ".ck". I just bypassed that on this one. The only reason I am putting this one up there is for a time-stamp comparison in case the EXE changes. This time I don't think they will do it but you never know. It is 05:12 15 Dec UTC and I pulled the file down less than 15 minutes ago.
Oh yes - the block of uniqueadult.com continues by me and download-all4free.com has joined it. I can't remember if I pulled this host from your hosts file I gave you yesterday (I don't think so since I removed only dead and parked hosts and it is neither). If I did, you may want to put it back in but the infector file really comes from this host and the other hosts that uniqueadult.com points to.
Ciao
Topic: download-all4free.com (Read 3025 times)
