Faked Host Name - 209.44.111.62

This section provides some notes on how Antivirus System PRO added entries to C:\WINDOWS\system32\drivers\etc\hosts to link faked host names to its Web site at IP address of 209.44.111.62.

More notes on what I did to remove Antivirus System PRO and related malicious programs.

24. Looking at file, C:\WINDOWS\system32\drivers\etc\hosts. New entries are there:

...
127.0.0.1 localhost
::1 localhost
209.44.111.62 surety.microsoft.com
209.44.111.62 aware-protect.com
209.44.111.62 www.aware-protect.com

25. Deleting all 209.44.111.62 entries from C:\WINDOWS\system32\drivers\etc\hosts.

26. Looking at IP address, 209.44.111.62, on www.whois.ws. It is registered to Netelligent Hosting Services Inc. in Canada:

OrgName:    Netelligent Hosting Services Inc.
OrgID:      NHS-31
Address:    1396 Franklin Drive
City:       Laval
StateProv:  QC
PostalCode: H7W-1K6
Country:    CA

NetRange:   209.44.96.0 - 209.44.127.255
CIDR:       209.44.96.0/19
NetName:    NETEL-ARIN-BLK02
NetHandle:  NET-209-44-96-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.NETELLIGENT.CA
NameServer: NS2.NETELLIGENT.CA
NameServer: NS3.NETELLIGENT.CA
Comment:    
RegDate:    2006-08-01
Updated:    2007-03-20 

Some quick conclusions:

Last update: 2009.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

Antivirus System PRO

 Antivirus System PRO - Fake Security Alert

 Antivirus System PRO - Task Bar Icon Message

 Malicious Progarm - WinSpywareProtect sysguard.exe

 Malicious Programs - pp10.exe and ld12.exe

 IE BHO - iehelper.dll

Faked Host Name - 209.44.111.62

 Malicious System Service - drv.dll and drv.sys

 References

 PDF Printing Version