0 Members and 1 Guest are viewing this topic.
hxxp://www.profilex-usa.com/confidecial-uid.exe$ dig www.profilex-usa.com +short212.42.245.99
hinetwork-owner already informed by me...
Dear abuse team,please help to close these offending viruses sites(1) so far.status: As of 2009-08-05 17:53:03 CESThttp://support.clean-mx.de/clean-mx/viruses.php?email=alf@ALL.DE&response=alive(for full uri, please scroll to the right end ...You may also subscribe to our MalwareWatch list http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatchThis information has been generated out of our comprehensive real time database, tracking worldwide viruses URI'smost likely also affected pages for these ip may be found via passive dnsplease have a look on these other domains correlated to these ipexample: see http://www.bfk.de/bfk_dnslogger.html?query=212.42.245.99If your review this list of offending site, please do this carefully, pay attention for redirects also!Also, please consider this particular machines may have a root kit installed !So simply deleting some files or dirs or disabling cgi may not really solve the issue !Advice: The appearance of a Virus Site on a server means thatsomeone intruded into the system. The server's owner shoulddisconnect and not return the system into service until anaudit is performed to ensure no data was lost, that all OS andinternet software is up to date with the latest security fixes,and that any backdoors and other exploits left by the intrudersare closed. Logs should be preserved and analyzed and, perhaps,the appropriate law enforcement agencies notified.DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITYPROBLEM, THEY WILL BE BACK!You may forward my information to law enforcement, CERTs,other responsible admins, or similar agencies.+-----------------------------------------------------------------------------------------------|id ip |domain |Url|+-----------------------------------------------------------------------------------------------|136272 TR/Spy.71680.15 212.42.245.99 profilex-usa.com http://www.profilex-usa.com/confidecial-uid.exe+-----------------------------------------------------------------------------------------------Your email address has been pulled out of whois concerning this offending network block(s).If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed caseexplanation of virusnames:==========================unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for injectionunknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for injectionunknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript obfuscationg evalsunknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injectionunknown_html not yet detected by scanners as RFI, but suspious, may be in rare case false positiveunknown_exe not yet detected by scanners as malware, but high risk!all other names malwarename detected by scanners==========================yoursGerhard W. Recher(Geschäftsführer)NETpilot GmbHWilhelm-Riehl-Str. 13D-80687 MünchenTel: ++49 89 547182 0Fax: ++49 89 547182 33GSM: ++49 171 4802507Handelsregister München: HRB 124497w3: http://www.clean-mx.dee-Mail: mailto:abuse@clean-mx.dePGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc
Topic: www.profilex-usa.com (Read 3803 times)
