Mr Clean's dirt

[Mr Clean]

Code: [Select]

hxxp://google.analytics.com.jtmqypcgt.info/nte/AVORP1KAV3%20.asp/eU230d9c2eHe009f529V0100f070006R8c538070107Tab6086a7201l0409K6b683931318J0d0006010

$ dig google.analytics.com.jtmqypcgt.info +short
174.142.53.148

$ md5sum eU230d9c2eHe009f529V0100f070006R8c538070107Tab6086a7201l0409K6b683931318J0d0006010
6c672682db19ad638a8b17738a4df288  eU230d9c2eHe009f529V0100f070006R8c538070107Tab6086a7201l0409K6b683931318J0d0006010

$ file eU230d9c2eHe009f529V0100f070006R8c538070107Tab6086a7201l0409K6b683931318J0d0006010
eU230d9c2eHe009f529V0100f070006R8c538070107Tab6086a7201l0409K6b683931318J0d0006010: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

http://www.virustotal.com/analisis/84a08ae7d2aecda94e022d526ef62a30a9233cb512ee681496925424e55e7209-1265193029 13/40


google.analytics.com.jtmqypcgt.info

[Mr Clean]

Code: [Select]

hxxp://letitbit.zinnko.pl/XXXXXXXXXXXXXXXXXXX/PhotoArchive.exe

$ dig letitbit.zinnko.pl +short
58.27.166.149
69.79.104.11
75.172.59.17
93.177.185.72
94.240.225.56
95.56.84.252
112.202.136.44
116.111.184.185
117.205.52.39
189.78.52.247
189.196.21.17
190.39.129.16
190.213.162.152
201.43.68.23
41.141.51.123

$ md5sum PhotoArchive.exe
0448e3d62da49e65be650e441b601714  PhotoArchive.exe

http://www.virustotal.com/analisis/04aef82e6036c97c1287dec5f8789384b3ab539210750f262b4d4715835c37c5-1265207237 6/40


letitbit.zinnko.pl

[Mr Clean]

Code: [Select]

hxxp://hd.yourweekends.net/Flash.Player.HD.v11.exe

$ dig hd.yourweekends.net +short
89.248.168.120

$ md5sum Flash.Player.HD.v11.exe
5184bac49bec6245de467dede16648a1  Flash.Player.HD.v11.exe

http://www.virustotal.com/analisis/302f9cef52017c8a7ee0facbe7f580021ac094ab31686fb19c9769bfe2bafa99-1266376705 8/40


yourweekends.net
+
buy-security-essentials.com                                                                                             
get-key-se10.com                                                                                                       
buy-security-essentials.com                                                                                             
download-soft-package.com                                                                                               
download-software-package.com                                                                                           
get-key-se10.com                                                                                                       
is-software-download.com   

[Mr Clean]

Code: [Select]

hxxp://google.analytics.com.byuigracdnjj.info/lee/TATRA10.exe

$ dig google.analytics.com.byuigracdnjj.info +short
72.51.41.155

http://anubis.iseclab.org/?action=result&task_id=1d16ee2329edbc3f459997192802c2d51

http://www.virustotal.com/analisis/604e53e3389aada7fcc5fa7f41bb5e981c0d206a9d36587ac749c7db82a45a22-1266603029 2/40


byuigracdnjj.info
+
windows-liveaver.com   
antispyware-comp.com   
antiviruscare-com.com   
pc-guard2010.com       
spyware-destroyerone.com

[Mr Clean]

Code: [Select]

hxxp://moremediaplugins.net/flash-HQ-plugin.48421.exe

$ dig moremediaplugins.net +short
62.212.66.108

$ md5sum flash-HQ-plugin.48421.exe
b13d7b310b2cfe432d3df4f25066596d  flash-HQ-plugin.48421.ex

http://www.virustotal.com/analisis/fbcd21eaae97a4f0d4c2b4551c62ea38ee50353810c67515913d7a48064fa162-1266869627 5/40


moremediaplugins.net