Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 19 March 2010 A quick followup

Just an update to this folks. never responded, the support@ address didn't bounce (so presumably they did actually receive it), but the postmaster@ address did. is no longer a Paretologic affiliate, but instead, is now peddling a much much worse "fully fledged" rogue - RegTool. And what have' hosting company had to say? Well, disgustingly "Robert R., Abuse Coordinator" at DreamHost, had this to say;

Upon review of the \"regCure\" software we found none of the major anti-spyware/malware/virus providers identified the file as malicious. We will be keeping an eye on the domain and account hosting it for any signs of malicious activity and take appropriate action when sufficient evidence is present.

As for the google search result, that is something google needs to be notified of to block the domains from their search results pages in a more permanent fashion.

FYI, I never said the site WAS peddling RegCure, I said it USED TO (until Paretologic killed it). Alas, he's evidently incapable of analysis, relying solely on VT results (presumably that's what he used, find it difficult to believe he used multiple scanners himself). Oh and Robert, NOD32 blocks before the site even loads - so whilst the app itself may not yet be detected (nope, I don't know why it's taking so long either), the site certainly is ;o)

I am however, guessing our dear Robert, didn't check with Malwarebytes AntiMalware, else he'd have seen it is indeed detected by a pretty big player in the AM field;


1 comment:

Bluebee said...

This is interesting!
Three days ago my laptop got an infection by the so-called Nuqel.E - for a second time - first time it took me two days to get rid of it, by using a combination between AVG and Combifix.exe. AVG did slow down my laptop to unusability, so I switched to Avira (was not easy, needed special software).
When doing the Bankerfox (that's the other name) research, I read other victim's comments that even Kapersky couldn't fix it.
This time - after a three hours unsuccessful Avira-run - I had to do much more research with trial and error, but finally after three days I found a recommendation for Malwarebytes' Anti-Malware at CP-Net. This sounded to me the trustworthiest compared to all others.
And surprise and glory to Malwarebytes: it took only 8 Minutes to find these culprits, and one click to get it fixed.
The only little tear is that I have to get IE to work again, that's why I am writing this comment on Firefox, which works fine.
Despite getting no connection to the Internet (I have DSL, IE8 should get a connection by itself, but doesn't,t), I looked up my IE8 history to find a website I do not remember, and there it was: Asking Yahoo about errorsguru showed 3 answers - your blog and a web-registration-index.
Google claims to have 151 links, one linking to presenting the line "Disclaimer: is not affiliated with Microsoft Corporation, nor claim any such implied or direct affiliation".
And what a surprise - your blog shows Malwarebytes' - Anti-Malware as a tool to find this culprit. May be you have been not aware of the infamous Nuqel.E and Bankerfox threat - that's what these malware calls itself - a hint would bring you glory and praise from all the poor victims. I hope this will be changed now with my comment.

But anyway, thanks a lot to give evidence that I recognized the website which infected my computer and made a loss of three days. I read a lot of comments where people wrote they like to throw their computer out of the window or buy a Mac. I myself could do all my research using Puppy-Linux, until I switched to Windows safe mode.

Best Regards,