home

www.vir.us.com

CentralNic Ltd

Domain Information

The domain www.vir.us.com registered by CentralNic Ltd was initially registered in January of 1993 through Moniker Online Services. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Maidenhead, England within United Kingdom which resides on the RIPE Network Coordination Centre network.
Registrar:
DEMYS LIMITED

Server location:
England, United Kingdom (GB)

Create date:
Tuesday, January 5, 1993

Expires date:
Saturday, January 4, 2025

Updated date:
Wednesday, January 6, 2016

ASN:
AS29550 SIMPLYTRANSIT Simply Transit Ltd

Root domain:
us.com

Whois:
4 us.com records

Scanner detections:
Detections  (71% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.ReimageLimited.N, PUP.Optional.ReimageLimited.R, PUP.Reimage (L)
90.91%

Dr.Web
Adware.Plugin.171, riskware program Program.Unwanted.493, Trojan.KillProc.36496
81.82%

McAfee
Artemis!D566201EF927, Artemis!0C70FAEC04E3, Artemis!72CB31555DA5, W32/HLLP.41472.e
54.55%

Bkav FE
W32.Clod547.Trojan, W32.HfsAdware, W32.NeshtaB.PE
45.45%

Trend Micro House Call
TROJ_GEN.F47V0122, TROJ_GEN.F47V0214, Suspicious_GEN.F47V0520
45.45%

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
36.36%

ESET NOD32
Win32/Toolbar.Babylon
36.36%

NANO AntiVirus
Riskware.Nsis.Babylon.cvvuwk, Virus.Win32.Neshta.cdby
36.36%

nProtect
Joke/W32.ArchSMS.286720, Virus/W32.Neshta
36.36%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
27.27%

G Data
Win32.Application.VMDetect
27.27%

herdProtect (fuzzy)
a variant of 9bfd12ed19eb26ea461f9221316feff8a0a795a8
9.09%

Malwarebytes
PUP.Optional.ReImageRepair.A
9.09%

ESET NOD32
Detection.Undefined
9.09%

Fortinet FortiGate
Riskware/ReImageRepair
9.09%

The domain www.vir.us.com has been seen to resolve to the following 3 IP addresses.

104.27.130.120
April 13, 2016

104.27.131.120
April 13, 2016

213.175.196.64
leeds.eukhosting.net
February 2, 2014

File downloads found at URLs served by www.vir.us.com.

0 / 68
http://www.vir.us.com/scannow  (spyhunter-installer.exe)

10 / 68    (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepair.exe)

11 / 68    (false positives)
http://www.vir.us.com/scannow  (spyhunter-installer.exe)

0 / 68
http://www.vir.us.com/scannow  (spyhunter-installer.exe)

0 / 68
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

3 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

3 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

1 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepairtemp.exe)

3 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

2 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepairtemp.exe)

10 / 68    (PUP)
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

5 / 68      (PUP)
http://www.vir.us.com/downloadsoftware  (reimagerepairtemp.exe)

10 / 68    (PUP)
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

11 / 68    (PUP)
http://www.vir.us.com/downloadsoftware  (ReimageRepair.exe)

URL:
http://www.vir.us.com/

Title:
“Virus Removal - Remove Virus Immediately”

Description:
“Virus Removal Software Immediately Remove Virus Backdoor Rootkit Trojan Worm and other security threats from windows PC”

SSL certificate subject:
CN=sni170283.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx (PHP/5.2.17)

Facebook:
Likes:  1
Shares:  2

Statistics are for the previous month.

adwareremovalprograms.net

clean-spyware.net

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.