Does anyone out there know the source domain for this fake AV program? I'd like to find the source IP addresses and block them at my router to help prevent infection, but I haven't been able to find the source domain yet. I'll be duplicating that blacklist with all my family members' routers as well.
I'd also like to see if I can hunt the guys down who makes these programs and beat them to a bloody pulp. Using Whois on that domain might lead me in their direction.
The trick to that program is that it links to a different IP address from where the hacked banner ad resides, so that the signature of the hack is reduced. If they copied the whole program to the hacked banner ad source, it would be easier to detect. (I have been dealing with this for a very long time.) It used to be under xpantivirus.com, but that got changed. I also know that multiple domains reference that same address. I just need one and I can get what I need. I know there are multiple IPs associated with the domain, but I can resolve it and block all those addresses at the router.