Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

More fake codecs – nvidcodec, media-codec

Found new fake codec – nvidcodec. The codec is malicious programecs that deliver popup advertisements and hijack search engine results. Some AV vendors detected the codec as Trojan.Downloader.Zlob

Homepage for the codec – nvidcodec[dot]com have not link to terms of use (EULA). For read it, i have downloaded and run nvidcodec for install. Installer manager opens window with terms of use, and what i have found:

SOFTWARE INSTALLATION: Components bundled with our software may report to Licensor and/or its affiliates the installation status of certain marketing offers, such as toolbars, and also generalized installation information, such as language preference and operating system version, to assist Licensor in its product development. No personal information will be communicated to PORNMAGPASS or its affiliates during this process. Licensor may change homepage on user’s computer and may offer additional components through our version of checking/update system. These components include: toolbar, popup ads manager, advertisements messenger, pc protection software, shortcuts manager.

Read EULA from my previous post: Pornmagpass – free pass to get popups, rogue antispyware, toolbar.

Also i have found link to another site – media-codec[dot]com, the site also have similar Terms of use:

Licensor may change homepage on user’s computer and may offer additional components through our version of checking/update system. These components include: toolbar, popup ads manager, advertisements messenger, pc protection software, shortcuts manager….

After that, i have checked whois info for media-codec[dot]com, nvidcodec[dot]com, pornmagpass[dot]com

whois media-codec[dot]com:

Registration Service Provided By: ESTDOMAINS
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: MEDIA-CODEC.COM

Registrant:
n/a
Lemos Adamantios (lemos@securitywarnings.net)
aktis 119, vouliagmeni
athens
,n/a
GR
Tel. +030.2108960081

Creation Date: 08-Apr-2006
Expiration Date: 08-Apr-2007

Domain servers in listed order:
ns2.media-codec.com
ns1.media-codec.com

Administrative Contact:
n/a
Lemos Adamantios (lemos@securitywarnings.net)
aktis 119, vouliagmeni
athens
,n/a
GR
Tel. +030.2108960081

whois nvidcodec[dot]com:

Registration Service Provided By: ESTDOMAINS
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: NVIDCODEC.COM

Registrant:
na
Zuska Karel (zuska@needupdate.com)
Trebanska 764, Revnice
Praha
,11776
CZ
Tel. +420.257720734

Creation Date: 25-Apr-2006
Expiration Date: 25-Apr-2007

Domain servers in listed order:
ns2.nvidcodec.com
ns1.nvidcodec.com

Administrative Contact:
na
Zuska Karel (zuska@needupdate.com)
Trebanska 764, Revnice
Praha
,11776
CZ
Tel. +420.257720734

whois pornmagpass[dot]com:

Registration Service Provided By: ESTDOMAINS
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: PORNMAGPASS.COM

Registrant:
-
Mario Maxime (nt@chmails.com)
88 r Duhesme
Paris
null,75018
FR
Tel. +7.9219745516

Creation Date: 27-Mar-2006
Expiration Date: 27-Mar-2007

Domain servers in listed order:
ns2.pornmagpass.com
ns1.pornmagpass.com

Administrative Contact:
-
Mario Maxime (nt@chmails.com)
88 r Duhesme
Paris
null,75018
FR
Tel. +7.9219745516

As you can see, all domains have one owner.

Related artcles: How to remove malicious codecs.

Share and Enjoy:

  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Slashdot
  • Twitter
June 6, 2006 on 9:22 pm | In Malware, Trojan | No Comments |


No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.