https://www.google.com/#q=http:%2F%2Fd.lqw.me
I believe this threat is called "AdPeak" or "ScorpianSaver"
more:
http://www.mcafee.com/threat-intelligen ... ?id=773786
http://www.threatexpert.com/report.aspx ... 903c5e5fa7
http://stackoverflow.com/questions/2053 ... -web-pages
Is it related to this panel?
htXp://watch3dfilms.com/stats.php?hash=31dd7d01b0f5a9aeecaf921e05e367ce
Code: Select allPayload AV check
Date: 13.02.14 23:22:03
fsecure - Gen:Variant.Zusy.74138
drwebfile - Win32.HLLW.Autoruner1.61530
immunet - Gen:Variant.Zusy.74138
bitdef - Gen:Variant.Zusy.74138
avg - trj.Downloader.Generic13.BPEJ
panda - Generic Malware
gdata - Virus: Gen:Variant.Zusy.74138 (Engine A)
kis2013 - Network: Trojan.Win32.Fsysna.cwi
norman - winpe/MadnessPro.A
nod - @Trojan.Win32/TrojanDownloader.Agent.AAM
avast - Win32:Malware-gen
avira - TR/Downloader.Gen Trojan!
se - Trojan:Win32/Qidmorks.A
Variant.Zusy.74138
https://www.virustotal.com/en/file/cd59 ... /analysis/
Win32.HLLW.Autoruner1.61530
https://www.virustotal.com/en/file/7787 ... /analysis/
The 'gate' urls have similar structure.
Code: Select allhxxp://fewr.biz/?uid=81984710&ver=1.14&mk=bb3b62&os=WinXP&rs=adm&c=1&rq=0
hxxp://d2ogssay9or4s.com/M83/?uid=81984710&ver=1.13&mk=0fe9bd&os=WinXP&rs=adm&c=2&rq=0
a plasma panel
hxxp://d2ogssay9or4s.com/login.php
sorry for a bit off topic
