Discussion:
ybinstall.exe ?
(too old to reply)
Steph
2006-02-25 11:23:26 UTC
Permalink
When I go to this website,
http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html,
product descriptions have an associated download link to an executable
"ybinstall.exe".

The author of those pages seems to be overly cautious about the download not
being a crack or spyware, but one can only wonder what is the true intent of
luring users into downloading executable code that does not seem to relate at
all with the actual product description.

Even fishier is that product descriptions of the entire site link to this
one executable. In fact, product descriptions themselves seem to be stolen
and altered from other sites.

Anyone?

Reference :
http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html
David H. Lipman
2006-02-25 19:52:37 UTC
Permalink
From: "Steph" <***@discussions.microsoft.com>

|
| When I go to this website,
| http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html,
| product descriptions have an associated download link to an executable
| "ybinstall.exe".
|
| The author of those pages seems to be overly cautious about the download not
| being a crack or spyware, but one can only wonder what is the true intent of
| luring users into downloading executable code that does not seem to relate at
| all with the actual product description.
|
| Even fishier is that product descriptions of the entire site link to this
| one executable. In fact, product descriptions themselves seem to be stolen
| and altered from other sites.
|
| Anyone?
|
| Reference :
| http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html
|

I tried to download it and instead of "" i got "patch_1002755_3.exe" and Mcafee flagged it
as "Downloader-XZ".

A further test at Virus Total provided...

AntiVir 6.33.1.50 02.25.2006 TR/Dldr.IstBar.32512.1
Avast 4.6.695.0 02.23.2006 Win32:Istbar-AU
AVG 718 02.24.2006 Downloader.Istbar.MA
Avira 6.33.1.50 02.25.2006 TR/Dldr.IstBar.32512.1
ClamAV devel-20060126 02.24.2006 Trojan.Downloader.Istbar-175
DrWeb 4.33 02.25.2006 Trojan.Isbar.402
Ewido 3.5 02.25.2006 Downloader.IstBar
Fortinet 2.71.0.0 02.25.2006 Adware/IstBar
Kaspersky 4.0.2.24 02.25.2006 Trojan-Downloader.Win32.IstBar.gen
McAfee 4705 02.24.2006 Downloader-XZ
NOD32v2 1.1418 02.24.2006 a variant of Win32/TrojanDownloader.IstBar
TheHacker 5.9.4.102 02.24.2006 Trojan/Downloader.IstBar.gen
UNA 1.83 02.24.2006 TrojanDownloader.Win32.IstBar
VBA32 3.10.5 02.24.2006 Trojan-Downloader.Win32.IstBar.gen

I'd say its a malicious site !
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Steph
2006-02-26 13:36:17 UTC
Permalink
Thanks.

Does anyone know what org I can report this malicious abuse to?
Post by David H. Lipman
|
| When I go to this website,
| http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html,
| product descriptions have an associated download link to an executable
| "ybinstall.exe".
|
| The author of those pages seems to be overly cautious about the download not
| being a crack or spyware, but one can only wonder what is the true intent of
| luring users into downloading executable code that does not seem to relate at
| all with the actual product description.
|
| Even fishier is that product descriptions of the entire site link to this
| one executable. In fact, product descriptions themselves seem to be stolen
| and altered from other sites.
|
| Anyone?
|
| http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html
|
I tried to download it and instead of "" i got "patch_1002755_3.exe" and Mcafee flagged it
as "Downloader-XZ".
A further test at Virus Total provided...
AntiVir 6.33.1.50 02.25.2006 TR/Dldr.IstBar.32512.1
Avast 4.6.695.0 02.23.2006 Win32:Istbar-AU
AVG 718 02.24.2006 Downloader.Istbar.MA
Avira 6.33.1.50 02.25.2006 TR/Dldr.IstBar.32512.1
ClamAV devel-20060126 02.24.2006 Trojan.Downloader.Istbar-175
DrWeb 4.33 02.25.2006 Trojan.Isbar.402
Ewido 3.5 02.25.2006 Downloader.IstBar
Fortinet 2.71.0.0 02.25.2006 Adware/IstBar
Kaspersky 4.0.2.24 02.25.2006 Trojan-Downloader.Win32.IstBar.gen
McAfee 4705 02.24.2006 Downloader-XZ
NOD32v2 1.1418 02.24.2006 a variant of Win32/TrojanDownloader.IstBar
TheHacker 5.9.4.102 02.24.2006 Trojan/Downloader.IstBar.gen
UNA 1.83 02.24.2006 TrojanDownloader.Win32.IstBar
VBA32 3.10.5 02.24.2006 Trojan-Downloader.Win32.IstBar.gen
I'd say its a malicious site !
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
AlmostBob
2006-02-26 14:36:17 UTC
Permalink
the site is 72.29.78.153 hosted by
HostDime.com Inc
222 North Orange Ave
Suite 1050
Orlando Florida 32801
***@dimenoc.com
http://www.dimenoc.com/
--
-
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.activescan.com
Panda online AntiSpyware Scan
http://www.pandasoftware.com/virus_info/spyware/test/
Catalog of removal tools (1)
http://www.pandasoftware.com/download/utilities/
Catalog of removal tools (2)
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387
Trouble Shooting guide to Windows http://mvps.org/winhelp2002/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before
use
Grateful thanks to the authors/webmasters
_
Post by Steph
Thanks.
Does anyone know what org I can report this malicious abuse to?
Post by David H. Lipman
|
| When I go to this website,
|
http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html,
Post by Steph
Post by David H. Lipman
| product descriptions have an associated download link to an executable
| "ybinstall.exe".
|
| The author of those pages seems to be overly cautious about the download not
| being a crack or spyware, but one can only wonder what is the true intent of
| luring users into downloading executable code that does not seem to relate at
| all with the actual product description.
|
| Even fishier is that product descriptions of the entire site link to this
| one executable. In fact, product descriptions themselves seem to be stolen
| and altered from other sites.
|
| Anyone?
|
|
http://www.lcsinchome.com/download/33769-abc-amber-outlook-converter-5-06.html
Post by Steph
Post by David H. Lipman
|
I tried to download it and instead of "" i got "patch_1002755_3.exe" and Mcafee flagged it
as "Downloader-XZ".
A further test at Virus Total provided...
AntiVir 6.33.1.50 02.25.2006 TR/Dldr.IstBar.32512.1
Avast 4.6.695.0 02.23.2006 Win32:Istbar-AU
AVG 718 02.24.2006 Downloader.Istbar.MA
Avira 6.33.1.50 02.25.2006 TR/Dldr.IstBar.32512.1
ClamAV devel-20060126 02.24.2006 Trojan.Downloader.Istbar-175
DrWeb 4.33 02.25.2006 Trojan.Isbar.402
Ewido 3.5 02.25.2006 Downloader.IstBar
Fortinet 2.71.0.0 02.25.2006 Adware/IstBar
Kaspersky 4.0.2.24 02.25.2006 Trojan-Downloader.Win32.IstBar.gen
McAfee 4705 02.24.2006 Downloader-XZ
NOD32v2 1.1418 02.24.2006 a variant of Win32/TrojanDownloader.IstBar
TheHacker 5.9.4.102 02.24.2006 Trojan/Downloader.IstBar.gen
UNA 1.83 02.24.2006 TrojanDownloader.Win32.IstBar
VBA32 3.10.5 02.24.2006 Trojan-Downloader.Win32.IstBar.gen
I'd say its a malicious site !
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Loading...