Zlob trojans (fake codecs) install a program called pmsngr.exe, which is a fake alert generator.
protectgates(dot)com
protectgates(dot)com/gatevc.php?id=dw04 Opens to virusblast(dot)com/?aid=7
protectgates(dot)com/gatevc.php?id=dw03 Opens to antivirusgolden(dot)com/?aid=1338
protectgates(dot)com/gatevc.php?id=dw02 Opens to malwarewiped(dot)com/?aid=247
protectgates(dot)com/gatevc.php?id=dw01 Opens to pestcapture(dot)com/?advid=177
protectgates(dot)com/gatevc.php Opens to checkssecurity(dot)com/soft/
acegates(dot)com
acegates(dot)com/gatevc.php?pn=srch0p23total7s2 Opens to allsecuritylinks(dot)com/vc/as/sec1-adls/
acegates(dot)com/gatevc.php?pn=srch0p22total7s2 Opens to popup ads errorsafe(dot)com
acegates(dot)com/gatevc.php?pn=srch0p21total7s2 Opens to winantivirus(dot)com
acegates(dot)com/gatevc.php?pn=srch0p20total7s2 Opens to drivecleaner(dot)com
acegates(dot)com/gatevc.php Opens to allsecuritylinks(dot)com/vc/as/sec-14jdklss/
So here’s an updated list of scam sites.
Security scammers:
IP: 85.255.116.214
protectionssoft(dot)com
IP: 85.255.116.214
asafetypage(dot)com
IP: 85.255.116.211
iesecuritytool(dot)com
IP: 85.255.118.212
acegates(dot)com
IP: 85.255.118.212
protectgates(dot)com
Zlob fake codec site:
IP: 85.255.116.251
mediaactivexpage(dot)com
Patrick Jordan and Alex Eckelberry