Dangerous trojans on the loose

Discussion in 'malware problems & news' started by TNT, Jun 22, 2006.

Thread Status:
Not open for further replies.
  1. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    New site:

    fovr1xnatt7p.com
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    @ J-Mac,

    All pertinent posts related to your Counterspy and Gromozon issue have been split out of this thread and placed in the below thread for further discussion\assistance.

    This thread---> Counterspy found Gromozon infection

    Bubba
     
  3. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    fovr1xnatt7p.com

    New IP Range:

    195.238.242.0 - 195.238.242.255
    195.238.242.0/24
     
  4. EASTER.2010

    EASTER.2010 Guest

    What's the key to getting to land within some of those "dangerous trogons on the loose" ranges posted if you don't mind? I read someplace at CC on a procedure but didn't pan out on this end and is likely it's changed by now.

    Carry On.
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    New domains:

    auad5dow9xjh.com 195.234.159.200
    pujkhpev.com 195.234.159.151
     
  6. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    IRC That infection avenue went down around the same timeline as the American servers back in November:thumb:

    Now it is an Italian problem :'(
     
  7. EASTER.2010

    EASTER.2010 Guest

    Umm, that's right, it's the Italaians on the quest for freedom from it :cool:

    No matter, i got plenty of avenues of open game but only a few i can honestly report for certain which are testing their new craftiwork :ninja:
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    are any AVs on the case with these threats or are they always just catching up, or not even that?! any of the AVs famed for their heuristics managing to recognise any of the ones that are appearing?
     
  9. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    None "recognized" the last one I got. The farthest they went is flagging it as suspicious through heuristics, which is frankly pretty bad since the same AVs flag quite a few legitimate files the same way.
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    :thumbd: I beg to differ because in those cases they would have offered a checkpoint against Gromozon gaining a foothold on their user's PC.

    If the enduser's are forwarned that packed files are predominently used by malware files as opposed to legitimate code then this extra chance at stopping(check point) today's malicious code is no bad thing:thumb:
     
  11. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    New domain:

    tjvjhz5yy.com 195.234.159.243
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    New domains:

    atecxgas.com
    Address: 195.234.159.235

    atrnnkbe.com
    Address: 195.234.159.237

    auttz9cxz.com
    Address: 195.234.159.235

    ays1mvckyu.com
    Address: 195.234.159.237

    bknroe85r8.com
    Address: 195.238.242.8

    cmwk8bbayi.com
    Address: 195.238.242.7

    cppdgxswm.com
    Address: 195.234.159.237

    fef7l4wm.com
    Address: 195.234.159.239

    fzntgllkvv.com
    Address: 195.234.159.232

    hmzqduxwh.com
    Address: 195.238.242.8

    hwo6jrlgw.com
    Address: 195.234.159.236

    johnsik.org
    Address: 69.50.182.21

    jzhbhrxc.com
    Address: 195.234.159.239

    mibyrytdfgkh.com
    Address: 195.238.242.7

    opnj6mnbetga.com
    Address: 195.234.159.236

    pa6mo6z3d6.com
    Address: 195.234.159.235

    pdculbahu6qc.com
    Address: 195.238.242.8

    pydlz4vtuh6.com
    Address: 195.234.159.231

    rolbb1nms7z.com
    Address: 195.234.159.232

    sertphvb.com
    Address: 195.234.159.232

    tczcsuvffor6.com
    Address: 195.238.242.7

    wcxlrokeo.com
    Address: 195.234.159.231

    wielyk6k1sq.com
    Address: 195.234.159.239

    xatkwoncqr7f.com
    Address: 195.234.159.231

    zwtzx8ie2y.com
    Address: 195.234.159.236
     
  13. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    New domains:

    dfetu8ctzbre.com @ 195.234.159.141
    wnydtq1qp7.com @ 195.234.159.149
    kovtcs9wbl7.com @ 195.234.159.158
    sslqkohf.com @ 195.234.159.186
    iddidjvil.com @ 195.234.159.189
    sjb7popthvt.com @ 195.234.159.195
     
  14. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Good lord, I wish these guys had a tracking device so you could just follow the pings, plow through the Siberian ice and snow, and give them a surprise knock on their door. :ninja: ;)
     
  15. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    New domains:
    tbmnubig.com @ 195.238.242.59
     
  16. DDCchik

    DDCchik Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    39
    Which is the most up to date hosts file for protection from these sites. I have many users that can't handle blocking IP ranges. I've been using the mvps hosts file. Is there a better one for this?
     
  17. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    There isn't. The most up-to-date information is here, and even then, I wouldn't rely on blocking the domains appearing here alone.
    The MVPS hosts file is way too slow in updates and misses most of gromozon domains. To be fair, there is not really better or worse, meaning they're all pretty much useless. Blocking the IP range is the way to go.
     
  18. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    New domains:

    cc3tn2lzqyk.com @ 195.238.242.14
     
  19. DDCchik

    DDCchik Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    39
    I've been following this thread since it started. You guys have done some great work keeping up with this. :thumb: Having removed it from two machines in the last week, I think prevention is better than cure :ninja:

    Thanks TNT, I was just hoping I might be able to go the hosts file way. It's easier for some people than configuring a firewall.

    I'll keep doing what I'm doing then .......
     
  20. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    New domains:

    etozqzlf.com @ 195.238.242.70
    jnqmqnb4sv.com @ 195.238.242.27
    lh6gyw4pr.com @ 195.238.242.39
    pzd8iaf58f.com @ 195.238.242.34
    udh2lijx.com @ 195.238.242.10
    vmhox3vz.com @ 195.238.242.118
    vz7ciome.com @ 195.238.242.118
    zfas76jaku.com @ 195.238.242.11
     
  21. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
    New domains:

    auad5dow9xjh.com @ 195.238.242.79
    bhg0apc8d.com @ 195.238.242.15
    ccdqdadh.com @ 195.238.242.77
    cesyqpritwso.com @ 195.238.242.39
    dayiowzfif5.com @ 195.238.242.113
    drqa5bpf6.com @ 195.238.242.71
    ejcuewyil.com @ 195.238.242.45
    erorb2jlwh.com @ 195.238.242.113
    fxvgg2jodxnz.com @ 195.238.242.77
    gavzydlmi.com @ 195.234.159.131
    gdqden5yyp9.com @ 195.238.242.94
    ihjhzjrejm.com @ 195.238.242.79
    jijw0ahxiscb.com @ 195.238.242.76
    kbfqbi8c.com @ 195.238.242.79
    kliwtbrdj1be.com @ 195.238.242.78
    lcgtcn3sptux.com @ 195.238.242.73
    nb2ysj3khwvl.com @ 195.238.242.115
    nkavgticojg4.com @ 195.238.242.77
    qcqeie5srflj.com @ 195.238.242.20
    rbrljdltj.com @ 195.238.242.78
    rsdihuzihqr.com @ 195.238.242.115
    rwib6pfioc.com @ 195.238.242.20
    uvyo3metw6r3.com @ 195.238.242.113
    vajpqk2owf.com @ 195.238.242.60
    weqsa9keeypb.com @ 195.238.242.76
    xwrlrxtayq.com @ 195.238.242.76
    yjbeloja4.com @ 195.238.242.95
    yznc0xleecpc.com @ 195.238.242.31
    ztktvuftcfs.com @ 195.238.242.66
     
  22. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Depending on your firewall, block out:
    195.238.242.0/24
    OR
    195.238.242.0 - 195.238.242.255
     
  23. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    New domains:

    jbhfyrtuh.com - 195.238.242.11
    cpuhlvqxezsb.com - 195.238.242.32
    oxouugzl.com - 195.238.242.21
    iddidjvil.com - 195.238.242.69
     
  24. jamesy1074

    jamesy1074 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    1
    hi there, ive just found an exploit html virus on my pc, how can i get rid of this. my pc is running so slow, and im concerned now. tried cleaning it up with f-secure, but wouldnt have it. any advice, and do you know how to get rid of it, and get my pc running faster again?

    cheers
     
  25. schwab

    schwab Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    4
    hi all, i've just collected all the gromozon domains in this thread, i think that the list is updated, if not please post the addictions ;)
    i prefer to work with hosts file, rather than firewall blocking
    thanks to all, really a great work !!! :thumb:

    127.0.0.1 aagxgbdlztw.com
    127.0.0.1 alte6yacvjac.com
    127.0.0.1 atecxgas.com
    127.0.0.1 atgcges51x.com
    127.0.0.1 atrnnkbe.com
    127.0.0.1 auad5dow9xjh.com
    127.0.0.1 auttz9cxz.com
    127.0.0.1 ays1mvckyu.com
    127.0.0.1 bhg0apc8d.com
    127.0.0.1 bknroe85r8.com
    127.0.0.1 bsuzmfqidmi.com
    127.0.0.1 bxbo9tgcgqu.com
    127.0.0.1 cc3tn2lzqyk.com
    127.0.0.1 ccdqdadh.com
    127.0.0.1 cesyqpritwso.com
    127.0.0.1 cfvfrfjwarc.com
    127.0.0.1 cmwk8bbayi.com
    127.0.0.1 cppdgxswm.com
    127.0.0.1 cpuhlvqxezsb.com
    127.0.0.1 cvoesdjd.com
    127.0.0.1 dayiowzfif5.com
    127.0.0.1 deredvfy.com
    127.0.0.1 dfetu8ctzbre.com
    127.0.0.1 drqa5bpf6.com
    127.0.0.1 e-46.com
    127.0.0.1 ejcuewyil.com
    127.0.0.1 erorb2jlwh.com
    127.0.0.1 et2lmgeeol.com
    127.0.0.1 etozqzlf.com
    127.0.0.1 fef7l4wm.com
    127.0.0.1 fgvmwyfstd8.com
    127.0.0.1 fovr1xnatt7p.com
    127.0.0.1 fxvgg2jodxnz.com
    127.0.0.1 fzntgllkvv.com
    127.0.0.1 gavzydlmi.com
    127.0.0.1 gdqden5yyp9.com
    127.0.0.1 ghr5rudiys.com
    127.0.0.1 glgwzqmeqkt.com
    127.0.0.1 gromozon.com
    127.0.0.1 guerdonde.com
    127.0.0.1 hid6vxglr.com
    127.0.0.1 hk1eyenfzjd7.com
    127.0.0.1 hmzqduxwh.com
    127.0.0.1 hwo6jrlgw.com
    127.0.0.1 ib2iql8q5lkb.com
    127.0.0.1 iddidjvil.com
    127.0.0.1 idkqzshcjxr.com
    127.0.0.1 ifiplqkg.com
    127.0.0.1 ihjhzjrejm.com
    127.0.0.1 ivdsdfhsy.com
    127.0.0.1 izohxdu7lah.com
    127.0.0.1 jbhfyrtuh.com
    127.0.0.1 jijw0ahxiscb.com
    127.0.0.1 jnqmqnb4sv.com
    127.0.0.1 johnsik.org
    127.0.0.1 js.gbeb.cc
    127.0.0.1 js.pceb.cc
    127.0.0.1 jzhbhrxc.com
    127.0.0.1 kbfqbi8c.com
    127.0.0.1 kliwtbrdj1be.com
    127.0.0.1 kovtcs9wbl7.com
    127.0.0.1 lah3bum9.com
    127.0.0.1 lcgtcn3sptux.com
    127.0.0.1 lh6gyw4pr.com
    127.0.0.1 lqmubivaei.com
    127.0.0.1 mibyrytdfgkh.com
    127.0.0.1 mioctad.com
    127.0.0.1 mufxggfi.com
    127.0.0.1 nb2ysj3khwvl.com
    127.0.0.1 nkavgticojg4.com
    127.0.0.1 nzebisrizh.com
    127.0.0.1 nzrxadrux.com
    127.0.0.1 opnj6mnbetga.com
    127.0.0.1 ou2dkuz71t.com
    127.0.0.1 oxouugzl.com
    127.0.0.1 ozkkmkdk.com
    127.0.0.1 pa6mo6z3d6.com
    127.0.0.1 pdculbahu6qc.com
    127.0.0.1 pujkhpev.com
    127.0.0.1 pydlz4vtuh6.com
    127.0.0.1 pzd8iaf58f.com
    127.0.0.1 qacegw9j.com
    127.0.0.1 qcqeie5srflj.com
    127.0.0.1 rac5kymzk6u.com
    127.0.0.1 rbrljdltj.com
    127.0.0.1 rolahujkzq.com
    127.0.0.1 rolbb1nms7z.com
    127.0.0.1 rrsmcoooz.com
    127.0.0.1 rsdihuzihqr.com
    127.0.0.1 rwib6pfioc.com
    127.0.0.1 sertphvb.com
    127.0.0.1 sjb7popthvt.com
    127.0.0.1 sslqkohf.com
    127.0.0.1 sxuqxwxuaa4.com
    127.0.0.1 syxjjbift.com
    127.0.0.1 szig0z2rqud.com
    127.0.0.1 szme9fqgwgg2.com
    127.0.0.1 tbmnubig.com
    127.0.0.1 tczcsuvffor6.com
    127.0.0.1 td8eau9td.com
    127.0.0.1 tjvjhz5yy.com
    127.0.0.1 tordok.com
    127.0.0.1 ubfajyin.com
    127.0.0.1 udh2lijx.com
    127.0.0.1 ufvjeev4jrmk.com
    127.0.0.1 uqbvru5am.com
    127.0.0.1 uv97vqm3.com
    127.0.0.1 uvyo3metw6r3.com
    127.0.0.1 vajpqk2owf.com
    127.0.0.1 vaozkn4yi.com
    127.0.0.1 vmhox3vz.com
    127.0.0.1 vz7ciome.com
    127.0.0.1 wbl2ishoweqf.com
    127.0.0.1 wcxlrokeo.com
    127.0.0.1 weqsa9keeypb.com
    127.0.0.1 wielyk6k1sq.com
    127.0.0.1 wlos.net
    127.0.0.1 wnydtq1qp7.com
    127.0.0.1 wqvv3wau.com
    127.0.0.1 xatkwoncqr7f.com
    127.0.0.1 xearl.com
    127.0.0.1 xjgbm5sec6r.com
    127.0.0.1 xjjhd6zk6.com
    127.0.0.1 xoboe.com
    127.0.0.1 xuwdezt1.com
    127.0.0.1 xwrlrxtayq.com
    127.0.0.1 ycvcp1ege8.com
    127.0.0.1 yjbeloja4.com
    127.0.0.1 yqrugkkjqgh.com
    127.0.0.1 yypp6pwk.com
    127.0.0.1 yznc0xleecpc.com
    127.0.0.1 zfas76jaku.com
    127.0.0.1 ztktvuftcfs.com
    127.0.0.1 zwtzx8ie2y.com
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.