Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Faked Host Name - 209.44.111.62
This section provides some notes on how Antivirus System PRO added entries to C:\WINDOWS\system32\drivers\etc\hosts to link faked host names to its Web site at IP address of 209.44.111.62.
More notes on what I did to remove Antivirus System PRO and related malicious programs.
24. Looking at file, C:\WINDOWS\system32\drivers\etc\hosts. New entries are there:
... 127.0.0.1 localhost ::1 localhost 209.44.111.62 surety.microsoft.com 209.44.111.62 aware-protect.com 209.44.111.62 www.aware-protect.com
25. Deleting all 209.44.111.62 entries from C:\WINDOWS\system32\drivers\etc\hosts.
26. Looking at IP address, 209.44.111.62, on www.whois.ws. It is registered to Netelligent Hosting Services Inc. in Canada:
OrgName: Netelligent Hosting Services Inc. OrgID: NHS-31 Address: 1396 Franklin Drive City: Laval StateProv: QC PostalCode: H7W-1K6 Country: CA NetRange: 209.44.96.0 - 209.44.127.255 CIDR: 209.44.96.0/19 NetName: NETEL-ARIN-BLK02 NetHandle: NET-209-44-96-0-1 Parent: NET-209-0-0-0-0 NetType: Direct Allocation NameServer: NS1.NETELLIGENT.CA NameServer: NS2.NETELLIGENT.CA NameServer: NS3.NETELLIGENT.CA Comment: RegDate: 2006-08-01 Updated: 2007-03-20
Some quick conclusions:
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
MS08-001 Vulnerability on Windows Systems
Antivirus System PRO - Fake Security Alert
Antivirus System PRO - Task Bar Icon Message
Malicious Progarm - WinSpywareProtect sysguard.exe
Malicious Programs - pp10.exe and ld12.exe
►Faked Host Name - 209.44.111.62