metrosidebar.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain metrosidebar.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in August of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Gravelines, Nord-Pas-De-Calais within France which resides on the RIPE Network Coordination Centre network.
Remove Malware from metrosidebar.com - Powered by Reason Core Security
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Nord-Pas-De-Calais, France (FR)

Create date:
Tuesday, August 27, 2013

Expires date:
Thursday, August 27, 2015

Updated date:
Friday, September 05, 2014

ASN:
AS16276 OVH OVH SAS,FR

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Groovecom.S, PUP.SITEONSPOT.I, PUP.Installer.SITEONSPOT.h, PUP.Installer.Somoto.h, PUP.Somoto.i, PUP.Somoto.DD, PUP.Somoto.q
91.67%

McAfee Web Gateway
Somoto-BetterInstaller, BehavesLike.Win32.SomotoBetterInstaller.dc, Artemis
66.67%

Baidu Antivirus
Adware.Win32.Agent, Adware.Win32.Somoto
66.67%

AVG
Generic, Downloader
66.67%

avast!
Win32:Somoto-P [PUP], Somoto-R [PUP], Win32:Somoto-R [PUP]
58.33%

Sophos
Somoto BetterInstaller
58.33%

Dr.Web
Trojan.Packed.26824, Trojan.Packed.28357
58.33%

AhnLab V3 Security
Win-AppCare/Downloader.227072, Win-PUP/Somoto
58.33%

K7 Gateway Antivirus
Trojan , Unwanted-Program , Dialer
50.00%

Clam AntiVirus
Win.Adware.Somoto
50.00%

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj, Riskware.Win32.Downware.digcac
50.00%

SUPERAntiSpyware
PUP.Somoto/Variant
50.00%

Avira AntiVirus
APPL/Somoto.hzis, APPL/Somoto.Gen2
50.00%

Qihoo 360 Security
Win32/Application.6bb, HEUR/QVM42.0.Malware.Gen, Win32/Virus.Downloader.192
50.00%

Kaspersky
not-a-virus:AdWare.Win32.Agent, not-a-virus:Downloader.Win32.Agent
41.67%

The domain metrosidebar.com has been seen to resolve to the following 2 IP addresses.

srv5.open-kernel.net
November 10, 2014

167-228-197-91.ldn.kgix.net
December 26, 2013

File downloads found at URLs served by metrosidebar.com.

12 / 68    (Adware)

14 / 68    (Adware)
http://metrosidebar.com/.../MetroSidebar_setup.msi  (filedownloadedsuccessfully_downloader-n51exb4il.exe)

13 / 68    (Adware)
http://metrosidebar.com/.../MetroSidebar_setup_downloader-Q9KfkDTdM.exe  (thebigstorefrenchdvdrip2014_downloader-nduxaqqiu.exe)

18 / 68    (Adware)

18 / 68    (Adware)
http://metrosidebar.com/.../MetroSidebar_setup_downloader-Iaj3FmEFG.exe  (download-freakshare_downloader-icb6rpo1f.exe)

27 / 68    (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68
http://metrosidebar.com/download/.../  (8a4cf3c0c7931662f0761fdbe1eb4a3f)

1 / 68
http://metrosidebar.com/.../MetroSidebar_setup.msi  (8a4cf3c0c7931662f0761fdbe1eb4a3f)

URL:
http://metrosidebar.com/

Google Analytics:
UA-44437540

Title:
“MetroSidebar - The new generation of Windows Sidebar”

Description:
“The new generation of Windows Sidebar”

Web server:
Apache

Remove Malware from metrosidebar.com - Powered by Reason Core Security