The website in object is: windows7info.net

Domain Name: WINDOWS7INFO.NET
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.TECHSUPPORTONLINE.ORG
Name Server: NS2.TECHSUPPORTONLINE.ORG
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 15-oct-2011
Creation Date: 14-oct-2008
Expiration Date: 14-oct-2012

Registrant:
Paul Haygarth
20 Potter Close
Willaston, Cheshire CW5 7HQ
United Kingdom

At the first sight, the website use a layout very similar to Microsoft.

Clicking on the upper links:

The I got prompted to download three files:

ReimageRepair.exe - 271 Kbyte
sdsetup_revwire.exe - 501 Kbyte
DriverDetective.exe - 1,1 Mbyte

On the website, you can see a "McAfee Secure Badge" and some sort of Facebook "Like" section. Both are fake-images.

Inside the website, there are various repetitive links and text, completely odd for a clean and valid website. They refer to .dll and other "what-seems-to-be" problematic applications and libraries. For all the cases, always the same 3 tools are suggested.

For the file sdsetup_revwire.exe, these are the results from a VT analysis:

MD5 : 38f7a4f8ed39a289ac27a9d7ed0a50f9
SHA1 : 420c1bce5204aefeae0a880403d7e479bb7e1cf5
SHA256: bd6146c624ed83e9e144d4027779fe36d4743af21437b6b9b0876770c5a786a9

URL of VT Analysis: http://www.virustotal.com/file-scan/report.html?id...

For the file ReimageRepair.exe, these are the results from a VT analysis:

MD5 : 93a96c96a7442b127124549050e9c460
SHA1 : 9f40f9bc001294da726faa19eb3bac11a899f8e4
SHA256: 92d507476d61b3277a3c951a2e27945992ca1c0da77a958dc53dc927acb1ee5b

URL of the VT Analysis: http://www.virustotal.com/file-scan/report.html?id...

For the file DriverDetective.exe, these are the results from a VT analysis:

Only just 1 entry found, that could be highly considered as a False Positive (?), even if the entire situation is pretty suspicious and odd.

MD5 : 80c1aaff9976e4d34453a5cc2d10f4be
SHA1 : 84d1d3fbc80e08ae2ff2573d1430089711fe518c
SHA256: 926e1117ebd99275cdd018f0ec2c6eb9206805612c6ef9e438b5eb65497150fb

URL of the VT Analysis: http://www.virustotal.com/file-scan/report.html?id...

Rethinking about the overall situation, I have decided to check various elements of the website.

1) The website have a layout very similar to the Microsoft security and knowledgebase official pages. For me, these elements are used in order to induce the victim in error, trying to acquire some sort of sense of reliability, as the user have already seen the same graphic on a trusted website, or just because, on the top of it, there's "Microsoft", "Windows" etc. This is a social engineering trick strongly used by scammers.

2) In the top toolbar, the word "Windows Update" can be read (che my 2nd screenshot). Even in this case, the same reasoning of point 1 can be done.

Then I decided to have a look at the "what-seems-to-be" repeated contents placed on the website:

Looking at the picture, the first thing that you can see, is the word: zzgshp.vbs

Looking at the bleepingcomputer database, I have found this:

The website present the threat as a browser-hijacker. So, I don't understand why on the suspicious website, they suggest the user on installing a what seems to be "driver updater" (found at the first step of the tools list suggested in order to get rid of the problem).

If you try to click on such link, you got prompted to download DriverDetective.exe

The other links are used to induce the user on installing the ReimageRepair.exe and sdsetup_revwire.exe (respectively).

sdsetup_revwire207.exe seems to be related to the Spyware Doctor product of PC Tools, and even the other tools are legit.

The problem still remain for the website, as it is very misleading and odd.

Considering as it is not an official distributor of the software linked, I personally would find the website as a big attempt to scare users into download and installing such tools.

For me is untrustworthy.

At the moment I'm reporting you this, the scorecard is green, reliability quite low and no comments can be found.

windows7info.net