virtualrouterplus.com

Haitao Sun

Domain Information

The domain virtualrouterplus.com registered by Haitao Sun was initially registered in February of 2013 through GODADDY.COM, LLC. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Scottsdale, Arizona within the United States which resides on the GoDaddy.com, LLC network.
Remove Malware from virtualrouterplus.com - Powered by Reason Core Security
Registrar:
GODADDY.COM, LLC

Server location:
Arizona, United States (US)

Create date:
Wednesday, February 13, 2013

Expires date:
Friday, February 13, 2015

Updated date:
Thursday, February 06, 2014

ASN:
AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Clam AntiVirus
Trojan.Agent-267630, Win.Adware.Somoto
100.00%

NANO AntiVirus
Trojan.Nsis.Mazel.cwhyud, Riskware.Nsis.Adware.dbnhrj, Riskware.Win32.Downware.digcac
100.00%

Dr.Web
Trojan.MulDrop4.11744, Trojan.Packed.27732, Trojan.Packed.28357
100.00%

AVG
Downloader, Somoto, Generic
100.00%

Reason Heuristics
PUP.Installer.SomotoIsrael.k, PUP.Installer.SomotoLimited.k, PUP.Installer.SomotoLimited.l, PUP.Installer.Somoto.l, PUP.Somoto.p
100.00%

Sophos
Somoto BetterInstaller
92.86%

Kaspersky
not-a-virus:AdWare.Win32.Agent, not-a-virus:Downloader.NSIS.Agent
85.71%

Avira AntiVirus
APPL/Somoto.fses, APPL/Somoto.hzit, APPL/Somoto.Gen2
78.57%

AhnLab V3 Security
Win-AppCare/Somoto.236928, PUP/Win32.Somoto, Win-AppCare/Downloader.227072, Win-PUP/Somoto
78.57%

SUPERAntiSpyware
PUP.Somoto/Variant
78.57%

avast!
Win32:Somoto-O [PUP], Win32:Somoto-R [PUP], Somoto-Q [PUP]
64.29%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696
64.29%

McAfee Web Gateway
Artemis!4A3D031B0003, Somoto-BetterInstaller , BehavesLike.Win32.SomotoBetterInstaller.dc, Heuristic.BehavesLike.Win32.Suspicious.A
64.29%

Antiy Labs AVL
Riskware[:not-a-virus]/Win32.Mazel.a, Adware[:not-a-virus]/Win32.Agent.allm
64.29%

Panda Antivirus
PUP/MultiToolbar.A, Trj/CI.A, Trj/Chgt.C, Trj/Chgt.E
64.29%

The domain virtualrouterplus.com has been seen to resolve to the following IP address.

p3nw8shg368.shr.prod.phx3.secureserver.net
February 7, 2014

File downloads found at URLs served by virtualrouterplus.com.

19 / 68    (Adware)

14 / 68    (Adware)
http://virtualrouterplus.com/.../VirtualRouterPlusSetup_downloader-QfL8zxRfj.exe  (filedownloadedsuccessfully_downloader-n51exb4il.exe)

17 / 68    (Adware)

14 / 68    (Adware)
http://virtualrouterplus.com/.../VirtualRouterPlusSetup_downloader-Q8JZJ9iso.exe  (filedownloadedsuccessfully_downloader-nfe9xgiaj.exe)

14 / 68    (Adware)
http://virtualrouterplus.com/.../VirtualRouterPlusSetup_downloader-I44guIkaH.exe  (filedownloadedsuccessfully_downloader-nfe9xgiaj.exe)

15 / 68    (Adware)

28 / 68    (Adware)

14 / 68    (Adware)
http://virtualrouterplus.com/.../VirtualRouterPlusSetup_downloader-Ie4d2ReXi.exe  (filedownloadedsuccessfully_downloader-n0iijsvym.exe)

25 / 68    (Adware)

22 / 68    (Adware)

25 / 68    (Adware)

21 / 68    (Adware)

23 / 68    (Adware)

17 / 68    (Adware)

21 / 68    (Adware)

0 / 68

The following file have been seen to comunicate with virtualrouterplus.com in live environments.

URL:
http://virtualrouterplus.com/

Google Analytics:
UA-48940827

Title:
“Virtual Router Plus - Free Portable Virtual Router for Windows”

Description:
“Virtual Router Plus is an open source, free, and portable software based Windows hosted network to create virtual wifi hotspot on Windows computers.”

Web server:
Microsoft-IIS/7.0 (ASP.NET)

Remove Malware from virtualrouterplus.com - Powered by Reason Core Security