Author Topic: www.astrumavrpro.com  (Read 3442 times)

0 Members and 1 Guest are viewing this topic.

January 06, 2009, 05:27:55 pm
Read 3442 times

hhhobbit

  • Special Access
  • Full Member

  • Offline
  • *

  • 54
Now that you have removed all of the front ends that redirect to the warntoprotect.com host (toolbarfornew.com, urlsofdnserrors.com, waysofsecurity.com, websclinks.com, whyisdnserror.com, et al) you may want to consider blocking it.  I don't think it meets your critera.  It does meet mine since a FlashPlayer display on Linux showing all the stuff I have wrong although humorous is false advertising.  The warntoprotect.com can actually be nobbled by just blocking js.warntoprotect.com.  It does not trap you (no browser exploit).

The actual download though comes from this host and the astrumavrpro.com will take you the same place.  The scan of the file is here:

http://www.virustotal.com/analisis/f5447ab9f04fa90cef88158c1e4a1c88

Lots of pretty red markers for a file that actually has a 16-l copyright string in it.  But I am not going to block the host unless you do.  I will be blocking warntoprotect though.  That is an exploit from my classification scheme.  Pretending to scan a system when you aren't doing it at all is wrong.

January 06, 2009, 08:27:18 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Now that you have removed all of the front ends that redirect to the warntoprotect.com host (toolbarfornew.com, urlsofdnserrors.com, waysofsecurity.com, websclinks.com, whyisdnserror.com, et al) you may want to consider blocking it.  I don't think it meets your critera.  It does meet mine since a FlashPlayer display on Linux showing all the stuff I have wrong although humorous is false advertising.  The warntoprotect.com can actually be nobbled by just blocking js.warntoprotect.com.  It does not trap you (no browser exploit).

The actual download though comes from this host and the astrumavrpro.com will take you the same place.  The scan of the file is here:


Front ends have been removed because all lead to a unresponsive site. Maybe this a disadvantage of automatic site verification.

Code: [Select]
--2008-12-30 05:35:20--  http://toolbarfornew.com/
Resolving toolbarfornew.com... 94.247.3.23
Connecting to toolbarfornew.com|94.247.3.23|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://scan.freescanner-antispyware.com/225/6/ [following]
--2008-12-30 05:35:21--  http://scan.freescanner-antispyware.com/225/6/
Resolving scan.freescanner-antispyware.com... 94.247.2.72
Connecting to scan.freescanner-antispyware.com|94.247.2.72|:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Giving up.




I have added astrumavrpro.com to list.

domain warntoprotect.com has been suspended . Visit the site and you will see the message.
Ruining the bad guy's day