www.driverscape.com

Whois Privacy Protection Service, Inc.  (Proxy Registrant)

Domain Information

The domain www.driverscape.com is registered by proxy through NAME.COM, INC. and was originally registered in May of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Montreal, Quebec within Canada which resides on the OVH Hosting, Inc. network.
Remove Malware from www.driverscape.com - Powered by Reason Core Security
Registrar:
NAME.COM, INC.

Server location:
Quebec, Canada (CA)

Create date:
Saturday, May 25, 2013

Expires date:
Wednesday, May 25, 2016

Updated date:
Thursday, August 14, 2014

ASN:
AS16276 OVH OVH SAS,FR

Root domain:

Scanner detections:
Detections  (76% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Megaify.DriverToolkit.Optional.Installer.Meta (M), Threat.Win.Reputation.IMP, PUP.MegaSoftware.DriverUpdate.Installer.Meta (L)
82.35%

ESET NOD32
Detection.Undefined, Win32/Neshta.A virus, Win32/Sality.NBA virus
41.18%

Dr.Web
Win32.Sector.21, Win32.HLLP.Neshta, riskware program Program.Unwanted.681, Win32.Sector.30
23.53%

Microsoft Security Essentials
Threat.Undefined
17.65%

avast!
Win32:Apanas [Trj], Win32:SaliCode, Win32:Sality, Win32:Evo-gen [Susp]
17.65%

VIPRE Antivirus
Threat.4276445, Threat.4758034, Threat.4721115
14.71%

McAfee
Virus.W32/HLLP.41472.e, Virus.W32/Sality.gen.z
14.71%

Norman
Win32.Neshta.A, Gen:Variant.Symmi.49209, Win32.Sality.3
14.71%

Kaspersky
Virus.Win32.Neshta, Virus.Win32.Sality
14.71%

Emsisoft Anti-Malware
Win32.Neshta, Gen:Variant.Symmi.49209, Win32.Sality
11.76%

F-Prot
W32/Sality.gen2, W32/HLLP.41472
8.82%

F-Secure
Win32.Sality.3, Win32.Neshta.A, Gen:Variant.Symmi.49209
8.82%

Clam AntiVirus
Win.Adware.Agent-7758, W32.Neshuta.A, Win.Trojan.Application-1470
8.82%

AVG
Worm/Delf.FF, Win32/Sality
8.82%

Lavasoft Ad-Aware
Win32.Neshta.A, Gen:Variant.Symmi.49209, Win32.Sality.3
8.82%

The domain www.driverscape.com has been seen to resolve to the following 3 IP addresses.

ns519576.ip-158-69-55.net
November 19, 2015

ns236126.ip-192-99-21.net
August 7, 2014

ks4003276.ip-142-4-209.net
December 22, 2013

File downloads found at URLs served by www.driverscape.com.

2 / 68      (PUP)
http://www.driverscape.com/.../DriverToolkitInstaller.exe  (0e85dbedc2f19543bdbe076cf9ad3a0d)

11 / 68    (Infected)
http://www.driverscape.com/.../DriverToolkitInstaller.exe  (31ce54c5f20c1c1f206707e05dba527e)

3 / 68      (PUP)
http://www.driverscape.com/.../driver_setup.exe  (811bd81f4100ea3578ed827388c80a7f)

0 / 68
http://www.driverscape.com/files/.../lws280.exe  (e152682a6717de32cd1a5f0e673d9baf)

0 / 68

0 / 68

0 / 68

The following file have been seen to comunicate with www.driverscape.com in live environments.

URL:
http://www.driverscape.com/

Title:
“Windows Driver Download Center - Driver Scape”

Description:
“Driver Scape maintains the latest official drivers for fast & free download, to help you update drivers easily”

Web server:
Apache

Facebook:
Likes:  4,392
Shares:  273
Comments:  61

Statistics are for the previous month.

Remove Malware from www.driverscape.com - Powered by Reason Core Security