Live Trojan (Zlob + Dnschanger) hosting sites takedown
Goto page 1, 2, 3, 4, 5, 6  Next
 CastleCops -> Web Malware Links
Author: tacktickLocation: USA PostPosted: Sat Jun 30, 2007 6:19 am    Post subject: Live Trojan (Zlob + Dnschanger) hosting sites takedown
I'm reporting these sites:

Sites hosting DNSChanger/Zlob Malware.

Cernel.net
Code:

http://www.plus-codec.com/          = 64.28.184.184
http://plus-codec.com/download/plus-codec1020.exe
(Trojan.Win32.DNSChanger.jb)

http://www.network-ticket.com/     = 64.28.184.202
http://www.network-ticket.com/download/pageticket2000.exe
(Trojan.Win32.DNSChanger.ik)

http://www.useticket.com/             = 64.28.184.201
http://useticket.com/download/useticket2008.exe
(Trojan.Win32.DNSChanger.iu)

http://www.zcodec.com/                = 64.28.181.230
http://zcodec.com/download/ZCodec1000.exe
(Trojan.Win32.DNSChanger.jb)

http://tv-codecs.com/                    = 64.28.181.252
http://tv-codecs.com/download/tvcodec1000.exe
(Trojan.Win32.DNSChanger.jb)



Intercage
Code:

http://www.playercodec.net/            = 216.255.176.178
http://playercodec.net/download/playercodec1000.exe
(Trojan.Win32.DNSChanger.ih)

http://www.dvdaccess.net/               = 216.255.176.180
http://dvdaccess.net/download/dvdaccess1000.exe
(Trojan.Win32.DNSChanger.ih)

http://www.dvds-access.com/           = 216.255.181.155
http://dvds-access.com/download/dvdaccess1000.exe
(Trojan.Win32.DNSChanger.ih)

http://moviecodecs.net/                   = 216.255.181.157
http://moviecodecs.net/download/moviecodec1000.exe
(Trojan.Win32.DNSChanger.ih)

http://www.movies-codecs.com/       = 216.255.182.170
http://movies-codecs.com/download/moviecodec1000.exe
(Trojan.Win32.DNSChanger.ih)

http://dvdsaccess.com/                    = 216.255.181.154
http://dvdsaccess.com/download/dvdaccess1000.exe
(Trojan.Win32.DNSChanger.ih)

http://moviecsodecs.com/                 = 216.255.181.158
http://moviecsodecs.com/download/moviecodec1000.exe
(Trojan.Win32.DNSChanger.ih)

http://access-dvd.com/                     = 216.255.181.156
http://access-dvd.com/download/dvdaccess1000.exe
(Trojan.Win32.DNSChanger.ih)

---

http://www.vidaccess.net/                 = 69.50.170.100
http://vidaccess.net/download/videosaccess1000.exe
(Trojan.Win32.DNSChanger.ih)

http://www.vids-access.com/             = 69.50.170.101
http://vids-access.com/download/videosaccess1000.exe
(Trojan.Win32.DNSChanger.ih)

http://www.activexsource.com/          = 69.50.188.105
http://activexsource.com/main/axssetup.exe
(Trojan-Downloader.Win32.Zlob.bip)

http://playerscodec.com/                   = 69.50.170.98
http://playerscodec.com/download/playercodec1000.exe
(Trojan.Win32.DNSChanger.ih)

http://siteentrances.com/                   = 69.50.170.102
http://siteentrances.com/download/siteentrance2000.exe
(Trojan.DNSChanger)




Yes, Inhoster sites are not on this list, they have been unresponsive
to most abuse complaints, especially on new sites. That whole IP block
needs to be blackholed or something. I figured I would put more effort
into taking malware sites on other networks for now.
Author: tacktickLocation: USA PostPosted: Tue Jul 03, 2007 1:03 am    Post subject:
Thanks to Intercage!
They took down all the sites I reported to them. 13 total!
Even though they haven't sent me a reply yet all these sites are all dead as of today (July 2nd).

Code:

DEAD  http://www.playercodec.net/
DEAD  http://www.dvdaccess.net/
DEAD  http://www.dvds-access.com/
DEAD  http://moviecodecs.net/
DEAD  http://www.movies-codecs.com/
DEAD  http://dvdsaccess.com/
DEAD  http://moviecsodecs.com/
DEAD  http://access-dvd.com/
DEAD  http://www.vidaccess.net/
DEAD  http://www.vids-access.com/
DEAD  http://www.activexsource.com/
DEAD  http://playerscodec.com/
DEAD  http://siteentrances.com/



For comparison I reported 5 zlob sites to Cernel.net and only two are down so far:

Code:

DEAD http://www.plus-codec.com/
DEAD http://www.useticket.com/


Last edited by tacktick on Tue Jul 03, 2007 2:33 pm, edited 1 time in total
Author: mechBgon PostPosted: Tue Jul 03, 2007 7:03 am    Post subject:
Not to be a wet blanket, but I wouldn't extend any credit to Intercage for that. Glancing down the list, those were the actively-used sites some months ago. I haven't seen any of the "end-user" sites sending visitors to any of those for months.

The plus-codec.com and useticket.com sites have already been abandoned by the places I've found that had been using them, too.

http://www.siteadvisor.com/sites/plus-codec.com/summary/

If you check the club-adult.net reference site listed at the very bottom, you can see they're not suffering one bit from the takedown of plus-codec.com Sad because now they're using net-codec.com. In two more days they might be using nasty-sex-codec.com or uber-neato-codec.com, and in six days they'll be on to yet another one.

In the bigger picture, clearly the whole scheme must make boatloads of money Shocked I guess there's no shortage of people who'll run these Trojans and then fall for the OMG YOUR COMPUTER IS INFECTED, GIVE US $50 TO FIX IT (LOL) song and dance.
Author: tacktickLocation: USA PostPosted: Tue Jul 03, 2007 2:45 pm    Post subject:
Yeah, I realize that Mech.
Atleast Intercage seems to read their abuse tickets unlike some.
I take my little victories where I can get them.

If you know of new zlob sites hosted on Intercage, let me know.
Author: mechBgon PostPosted: Tue Jul 03, 2007 3:25 pm    Post subject:
I'll try to post new actively-used Zlob/DNSChanger domains in the sticky thread as I find them. Smile Some mornings, time might be scarce... I get up, make coffee, log onto Malware Research and AIEEEE there's SIX new ones overnight!! Shocked There's barely time (or no time) to get VT results and report them all to SiteAdvisor without being late for work.

Quote:
I take my little victories where I can get them.

cheers
Author: tacktickLocation: USA PostPosted: Fri Jul 06, 2007 5:40 am    Post subject:
Since Inhoster and Cernel are both in Intercage's IP range I am reporting
it all to Intercage now.

Just reported:

Code:

http://activeximagesetup.com = 85.255.117.244
http://activeximagesetup.com/download.php?id=4058
(Trojan-Downloader.Win32.Zlob.bvs)

http://imgaxobject.com = 85.255.117.246
http://imgaxobject.com/download.php?id=107
(Trojan-Downloader.Win32.Zlob.bvs)

http://mediaobjectsetup.com = 85.255.117.243
http://mediaobjectsetup.com/download.php?id=1067
(Trojan-Downloader.Win32.Zlob.bvs)

http://getvideoactivex.com = 85.255.117.246
http://getvideoactivex.com/download.php?id=4040
(Trojan-Downloader.Win32.Zlob.bvs)

http://axobjectinstall.com = 85.255.117.242
http://axobjectinstall.com/download.php?id=1104
(Trojan-Downloader.Win32.Zlob.bvs)

http://getiaxobject.com = 85.255.118.181
http://getiaxobject.com/download.php?id=4058
(Trojan-Downloader.Win32.Zlob.btc)

http://getvaxobject.com = 85.255.118.178
http://getvaxobject.com/download.php?id=4095
(Trojan-Downloader.Win32.Zlob.btc)

http://www.downloadvax.com = 85.255.118.180
http://www.downloadvax.com/download.php?id=107
(Trojan-Downloader.Win32.Zlob.btc)

http://www.vaxdownload.com = 85.255.118.178
http://www.vaxdownload.com/download.php?id=1699
(Trojan-Downloader.Win32.Zlob.btc)


Code:

http://popular-ticket.com = 64.28.184.203
http://popular-ticket.com/download/pageticket2000.exe
(Trojan.Win32.DNSChanger.ik)

http://basic-codec.com = 64.28.184.186
http://basic-codec.com/download/playercodec.exe
(Trojan.Win32.DNSChanger.jc)

http://tv-codecs.com = 64.28.181.252
http://tv-codecs.com/download/tvcodec1000.exe
(Trojan.Win32.DNSChanger.jc)

http://zcodec.com = 64.28.181.230
http://zcodec.com/download/ZCodec1000.exe
(Trojan.Win32.DNSChanger.jc)

http://www.page-ticket.net = 64.28.181.253
http://www.page-ticket.net/download/pageticket2000.exe
(Trojan.Win32.DNSChanger.ik)
Author: mechBgon PostPosted: Fri Jul 06, 2007 6:26 pm    Post subject:
getiax.com can be added to the hit list. freeimageheaven.com has reverted to them. Current detection is better than average (although still not great), and it's encouraging to see more heuristic/generic detections.

Oh, and if anyone wants some comic relief, read this: "McAfee continues to be on the lookout for new versions of such threats." Given their dismal detection rates and steadfast ignoring of my WebImmune.net submissions, I'm afraid I don't believe that. Evil or Very Mad

Anyway...

Complete scanning result of "getiaxDOTcom.exe", received in VirusTotal at 07.06.2007, 19:57:57 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 DR/Zlob.Gen
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 DeepScan:Generic.Zlob.7.8964AA09
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 Trojan.Popuper
eSafe 7.0.15.0 07.05.2007 no virus found
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 DNSChanger.gen11
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 Trojan-Downloader.Win32.Zlob.btc
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 TrojanDownloader:Win32/Zlob
NOD32v2 2382 07.06.2007 Win32/TrojanDownloader.Zlob.AYP
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 no virus found
Sophos 4.19.0 07.06.2007 Mal/Zlob-A
Sunbelt 2.2.907.0 07.06.2007 no virus found
Symantec 10 07.06.2007 Trojan.Zlob
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 Trojan.Win32.TrojanDownloader.Zlob.AYP
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 Trojan.Zlob.Gen


Aditional Information
File size: 70801 bytes
MD5: 0b67a2ea9a1095cf1425bac34979a847
SHA1: 991e8e22759f53b362965acc6efbbdd4f76884ce
packers: BINARYRES, BINARYRES
Author: tacktickLocation: USA PostPosted: Fri Jul 06, 2007 10:53 pm    Post subject:
mechBgon wrote:
getiax.com can be added to the hit list. freeimageheaven.com has reverted to them. Current detection is better than average (although still not great), and it's encouraging to see more heuristic/generic detections.

Oh, and if anyone wants some comic relief, read this: "McAfee continues to be on the lookout for new versions of such threats." Given their dismal detection rates and steadfast ignoring of my WebImmune.net submissions, I'm afraid I don't believe that. Evil or Very Mad


I have long ago given up on Mcafee and Symantec to provide reliable
and up-to-date virus definitions. Submitting things to either of them
can take literally months for detections to be added.


And btw, my reporting effort yesterday yielded this today:

Code:

DEAD http://activeximagesetup.com = 85.255.117.244
DEAD http://imgaxobject.com = 85.255.117.246
DEAD http://mediaobjectsetup.com = 85.255.117.243
DEAD http://getvideoactivex.com = 85.255.117.246
DEAD http://axobjectinstall.com = 85.255.117.242
DEAD http://getiaxobject.com = 85.255.118.181
DEAD http://getvaxobject.com = 85.255.118.178
DEAD http://www.downloadvax.com = 85.255.118.180
DEAD http://www.vaxdownload.com = 85.255.118.178


The 64.28.XXX.XXX (cernel.net) ones are still up.
I'm waiting to see if Intercage takes those down.

All the pages I see are using: axvideosetup.com, ie:
hxxp://www.axvideosetup.com/download.php?id=1862

Which I will be reporting shortly. I don't think these criminals are too happy about our efforts right now.
(I'll report getiax.com as well)
Author: mechBgon PostPosted: Fri Jul 06, 2007 11:20 pm    Post subject:
Here's my latest run, including three more new ones that weren't in use this morning:

axvideosetup.com
basic-codec.com
getiax.com
iaxdownload.com (links are out there, but not working)
iaxobjectdownload.com (new)
installvaxobject.com (new)
popular-ticket.com
videoaxdownload.com (new)

If you'd like a copy of my "patrol route" (URLs I check for live links) I can PM one as a Zip file.
Author: tacktickLocation: USA PostPosted: Sun Jul 08, 2007 9:44 pm    Post subject:
Just had some interesting developments.
I got this message from Intercage / Esthost, in response to my reporting the latest batch of Zlob hosting sites.


Quote:

Hello Mark,

We've received a response this morning from our client in regards to the activex video software.
Please review their response attached at the end of this message.

One thing I did find is that Windows Defender did state the string it found to classify it as the Zlob Trojan,
setup.exe->(nsis-6-$(PLUGINSDIR)\abc.dll).
I have tried to find SOME anti-virus software to detect their software as a Zlob varient, and I haven't found anything.
I've tried the following programs:
Mcafee Anti-Virus
Norton Anti-Virus
Comodo Anti-Virus
AVG Anti-Virus
AVG Anti-Malware
Comodo Anti-Malware

All of the software above was UP-TO-DATE.
It doesn't appear that the software really IS malware.

Please advise if you can provide any more insight in this situation. Also, don't forget the client's response below.

Thank you for your time. Have a great day.

---
Russell XXXXX
InterCage, Inc.


Konstantin XXXXX (Esthost) Posted on 08 Jul 2007 07:45 AM
================================================================
Hi,

Please look at the oiwner's answer below and forward it to the MIRT.

Regards,
Konstantin

"To whom it may concern,

The software you have quoted contains no malware. Video Active-X Object was
created to:
1. Protect adult content from children
2. Protect video content from unauthorized views Video Active-X Objects
includes EULA on the very first page of its install wizzard and install
process can be canceled at any time.
The software can not be defined as virus. We have checked it with Symantec
Norton AV and McAfee AV and no problems were found.
Futhermore, Video Active-X Object has never been distributed through any
security exploits or used in unfair tactics.

Best Regards
Anthony"


In order to provide a thorough and accurate response I did a full in-depth analysis and investigation into the latest zlob malware installer.
This is the full response that I sent them.

Quote:

Greetings,
I will gladly explain to you how this is malware.

Firstly new versions of this trojan are released every few days and sometimes daily
to avoid antivirus detection.

Mcafee and Symantec(Norton) are barely acceptable products, however they sometimes
take weeks to add new malware to their definitions. The Zlob trojan is known
as a "moving target", in which the malware is updated constantly to avoid detection.
The reason why new domains are registered almost daily and malware links are updated
to point to the new domains is to avoid blacklisting and tracking by Antimalware efforts.

There are two good ways to determine whether a file is new malware.

The first is http://www.virustotal.com which scans a file with 29 different antivirus products.
The second is to use Kaspersky's file scanner at: (Kaspersky has a very fast virus
research laboratory)
http://www.kaspersky.com/scanforvirus

In this case Kaspersky has to say:
Scanned file: setup.exe - Infected
...
setup.exe/stream/data0006 - infected by Trojan-Downloader.Win32.Zlob.bwr
...
If click on the for that virus name you will see this:
Malware detected 08.07.2007 17:06:51 Update released 08.07.2007 18:45:05

As you can see this new malware was released today.

Virustotal has this to say: (I have included only the detections)
Complete scanning result of "setup.exe", received in VirusTotal at 07.08.2007, 19:51:51 (CET).
Kaspersky 4.0.2.24 07.08.2007 Trojan-Downloader.Win32.Zlob.bwr
Microsoft 1.2704 07.08.2007 TrojanDownloader:Win32/Zlob
Norman 5.80.02 07.06.2007 DNSChanger.gen10
Sophos 4.19.0 07.06.2007 Mal/Zlob-A

Four Antivirus products detect it as malware at this time.

Now I would like to address your customer's statements:
"The software you have quoted contains no malware. Video Active-X Object was
created to:
1. Protect adult content from children"

I find this statement ridiculous. There is no provision to protect children on the zlob installer
(setup.exe), nor is there any warning of adult content on the sites that direct surfers to
install the zlob 'video codec'.
For example: hxxp://www.adultvideosportal.com/ (porn, no warning)
Another example: hxxp://www.onlyfreepornvideos.com/ (porn, no warning)

They can say that they don't control these websites but it doesnt matter because all
of this is purely a scam and fraud.

"2. Protect video content from unauthorized views Video Active-X Objects"

This is a false statement. Most of the time, there is no actual porn videos to see on these
sites once you install the zlob 'video codec'.
When I installed the zlob 'video codec' and then attempted to view a video all I got was a
blank video. I tried this on numerous zlob 'video' sites.
Proof: http://img2.freeimagehosting.net/uploads/5d2fa74ecd.jpg

"includes EULA on the very first page of its install wizzard and install
process can be canceled at any time."

Just because it has a EULA, doesnt mean it is good. The presence of the EULA is only to
fool people into thinking this is legitimate software. The Accept box is also pre-checked.

"The software can not be defined as virus. We have checked it with Symantec
Norton AV and McAfee AV and no problems were found."

I addressed this at the beggining of this message.

"Futhermore, Video Active-X Object has never been distributed through any
security exploits or used in unfair tactics."

Security exploits are not used for the most part, there is a more reliable method of
infecting a users machine. It is called 'Social Engineering'.

Unfair tactics:
Portraying the product as a Video codec or object is wrong, when no actual codec or
video object is installed. Upon installing the 'video object', there is still no video to be seen.
If hijacking your computer with fake security software, fake security toolbar, fake security popups is a 'video activex object', then I must not understand english.

Here are some screenshots of what this 'video activex object' does to your computer.
Hijacks your homepage and gives a fake security warning:
http://img2.freeimagehosting.net/uploads/06ff74994a.jpg

Fake Protection Center made to look like the legitimate one:
http://img2.freeimagehosting.net/uploads/44105aae18.jpg

Installs a rogue security software which goads you into purchasing it by displaying
that it found threats. (notice that the software itself shows Video Activex Access as malware, ironic)
The whole goal of this is to get you to spend money and buy one of their
fake security products.
http://img2.freeimagehosting.net/uploads/e9cdf41218.jpg

Uses scare tactics on your IE homepage to get you to install another fake security product.
http://img2.freeimagehosting.net/uploads/711b5db3b0.jpg

Attempting to uninstall these things manually from the control panel is an exercise in futility.
After numerous reboots, my system tray was still hijacked and a malicious process was still running. Most normal people would not even know what to uninstall from the control panel.
This malware adds 5 different things to that list, some of which do nothing when you try
to uninstall them.

This is the relavant parts of my hijackthis log after many reboots and attempting to uninstall.

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll

System tray still hijacked:
http://img2.freeimagehosting.net/uploads/fb04ca3a8e.jpg

I hope this is enough explanation and proof to show how "Video activex object" (zlob) is malicious. Nothing good comes from these people, their only thought is how to make money in fraudulent ways and to escape the detection of those opposed to malware and law enforcement.

I believe you would be in your best interest to cease all business with them.

Thank you for your time and attention.
Regards,
Mark XXXXXX
Castlecops MIRT


Last edited by tacktick on Mon Jul 09, 2007 2:49 am, edited 1 time in total
Author: tacktickLocation: USA PostPosted: Tue Jul 10, 2007 2:52 am    Post subject:
I got a reply from the Video Activex Access / Object people on the Intercage ticket system, but I cannot post it
because there was a confidentiality statement attached to the message.

I will however post my reply, which I release without any restrictions.


--------------------------------------------------------

To the Video Activex Object(zlob) people, and whomever else it concerns,

I'm not going to argue with you, whoever you are, about whether or not your
video activex object does what you says it does.
The point is that it is detected as malware by a multitude of antivirus companies.
If it is detected as malware, I learn about it and report it.

If you don't like the fact that it is classified as malware, then you should change your
practices and take up the issue with the antivirus companies themselves.

As you can see, more companies detect your installer from yesterday once I reported it
to them:

Complete scanning result of "setup.exe", received in VirusTotal at 07.10.2007, 02:24:00 (CET).
Antivirus Version Update Result
AntiVir 7.4.0.39 07.09.2007 DR/Dldr.Zlob.bwr
BitDefender 7.2 07.10.2007 Trojan.Downloader.Zlob.AABE
DrWeb 4.33 07.09.2007 Trojan.Popuper
Kaspersky 4.0.2.24 07.10.2007 Trojan-Downloader.Win32.Zlob.bwr
Microsoft 1.2704 07.10.2007 TrojanDownloader:Win32/Zlob
NOD32v2 2386 07.09.2007 Win32/TrojanDownloader.Zlob.AZB
Norman 5.80.02 07.09.2007 DNSChanger.gen10
Sophos 4.19.0 07.06.2007 Mal/Zlob-A
Webwasher-Gateway 6.0.1 07.10.2007 Trojan.Dldr.Zlob.bwr

File size: 70714 bytes
MD5: 242fc1e42b2462000f3cd17ca2aea516


I notice you neglect to mention any of my other assertions about how your software
is detected as malware and the screenshots of the hijackings your software does.
Edit: Screenshots of hijackings I saw.
http://img2.freeimagehosting.net/uploads/06ff74994a.jpg
http://img2.freeimagehosting.net/uploads/44105aae18.jpg
http://img2.freeimagehosting.net/uploads/e9cdf41218.jpg
http://img2.freeimagehosting.net/uploads/711b5db3b0.jpg
http://img2.freeimagehosting.net/uploads/fb04ca3a8e.jpg

Also the fact that your software is extremely hard to remove manually without
assistance from anti-spyware or antivirus software.
A quick search turns of plenty of people pleading for help to remove Video Activex Access.

http://forums.tomcoyote.org/Video_Activex_Access_t80730.html
http://forums.spybot.info/showthread.php?t=15048
http://forums.techguy.org/security/587379-need-some-help-some-viruses.html
http://www.bleepingcomputer.com/forums/topic92282.html

As far as EULA, the FTC has determined that it is not enough to bury the real purpose and activities of your program into pages of EULA text like you have done.
I suggest you read here:
http://www.ftc.gov/opa/2005/10/odysseus.shtm
I quote:
------
The FTC charged that the defendants have an obligation to disclose that their “free” software download caused spyware and adware to be installed on consumers’ computers. But instead, the FTC alleges, they hide their disclosure in the middle of a two-page end-user licensing agreement buried in the “Terms and Conditions” section of their Web site. In addition, the FTC alleges that the defendants deliberately make their software difficult to detect and impossible to remove using standard software utilities. Although the defendants purport to offer their own “uninstall” tool, it does not work. In fact, it installs additional software, according to the FTC’s complaint.
-------


If you want to be taken seriously and have your software seen as legitimate, you need
to
1) stop hiding your identity
2) stop changing your software constantly to avoid detection
3) stop registering multiple domains constantly and changing your links
4) stop using your software to hijack a users computer in many ways
5) provide clear and detailed disclosure in plain language in your installer about what your software does. (not buried in a EULA)
6) allow your software to be easily and completely uninstalled with ONE entry in the Add/Remove Programs
7) Brand your software clearly with a company name and permanent Website
Cool Distribute your software solely from one website, that has a clear description about
your company and your software, along with instructions on how to remove it.

I challenge you to reply to this on the castlecops website forum thread instead of through
this ISP ticket system. I think the good people of Intercage/Esthost have better things to do than convey this discussion.
The forum thread link is here:
CastleCops Link/postitle193662-0-0-.html

Thank you,
Mark
Castlecops MIRT
CastleCops Link/c55-MIRT.html

Last edited by tacktick on Thu Jul 12, 2007 3:20 am, edited 1 time in total
Author: iamthelostLocation: 127.0.0.1 PostPosted: Tue Jul 10, 2007 3:09 am    Post subject:
That was a good one!!!!!!
Author: faxLocation: It depends, Europe for sure! PostPosted: Tue Jul 10, 2007 12:44 pm    Post subject:
Absolutely Brilliant!
All my support...

GREAT Job!!!!! Very Happy

Fax
Author: AnthWLocation: USA PostPosted: Tue Jul 10, 2007 6:15 pm    Post subject: Reply
Hello Mark
My name in Anthony and I am project manager for the team, who created this software.
First of all, noone is hiding. That’s why I am here. I will be glad to explain everything and make some changes to our software.
Lets start with EULA. Ok, we will modify it and provide clear and detailed disclosure about what software does and how to uninstall it. Then, we will modify the uninstaller and make it much simpler and easier. Everything will be removable from Add/Remove Programs in Windows.
As for multiple domain names, believe me, we do not own ALL of domain names listed in this topic. They are usually associated with us by mistake. Yes, we do change our links, but this is something we have to do. There are multiple reasons for that. As an example, I can say that sometimes our adware products are used by our affiliates in unfair tactics such as exploits and stuff. We strongly prohibit this and we block any webmaster’s account found breaking our rules. However we can not predict everything and sometimes we have to deal with dumb webmasters that simply cause us some troubles. That is why we have to change our domains and kill old ones with traffic on them, and believe me, this is not something we like to do. Same thing about modifying files. We have to do this for multiple reasons too.
I will ask our team webmaster to create a website with information about our product and we will use that name.

Hope this helps.
I will update you in 1-2 days about changes made.

Thanks for your attention.
Author: tacktickLocation: USA PostPosted: Wed Jul 11, 2007 12:35 am    Post subject:
Hi Anthony,
I am encouraged to see you post here.
You say that you are not hiding, so I have a few questions for you.

Is there a business entity and name that you and your team work under?
Are you located in the US?
How do your affiliates connect with and correspond with you?

As you say you are not responsible for all the domains listed here, I am curious as to which ones you do own or are connected with.
(Current Live domains)

Are these yours?
Code:

http://www.axvideosetup.com/download.php?id=1862
http://iaxobjectdownload.com/download.php?id=4058
http://installvaxobject.com/download.php?id=4040
http://www.videoaxdownload.com/download.php?id=1303
http://getimageactivex.com/download.php?id=1103


How about these?
Code:

http://micro-codec.com/
http://virtual-ticket.net/
http://basic-codec.com/

http://www.freerealitympegs.com
http://freepornmoviesworld.net
http://nmextensions.com


These are a few sites that link to your program. Are these owned/operated by you?

Code:

http://www.onlyfreepornvideos.com/
http://todaysfreevideo.com
http://free3xmovies.com
http://www.adultvideosportal.com
http://www.fulltimempegs.com
http://www.freeimageheaven.com/
http://www.dailyxvids.com/
CastleCops -> Web Malware Links

All times are GMT

Goto page 1, 2, 3, 4, 5, 6  Next
Page 1 of 6


Powered by phpBB © 2001 phpBB Group