Author Topic: possible new virus/infection  (Read 3976 times)

0 Members and 1 Guest are viewing this topic.

kaniki

  • Guest
possible new virus/infection
« on: March 10, 2011, 05:03:49 AM »
I dont know what this was but i did a search on google for a way to access a restore partition on a emachine desktop (been reinstalled so no software there, but still has partition). I came across this site that asked to scan my system. I clicked the X in the up right corner and then it did this thing and said tht I had infection and then tried to get me to install some stuff. I immediately tried to shut down firefox but I could not. I could not even right click on the icon on the taskbar so I logged out to forcefully shut it down so i did not get infected. Here is the link to where it led me too.
 
hxxp://xlbetfxd.co.cc/scan3/167

here is a link to the file it tried to get me to download

hxxp://xlbetfxd.co.cc/scan3/167/freesystemscan.exe

IT also made a remark that says "Windows security center recommends you to install system security antivirus"

here is I believe the original link that led me to it

hxxp://www.google.com/url?sa=t&source=web&cd=20&ved=0CFQQFjAJOAo&url=http%3A%2F%2Fdhbdesignstudio.com%2Fbw-replacing-emachines-t2682-battery%2F&rct=j&q=w3619%20restore%20partition%20program&ei=AEh4Tc6cMYOz0QHV7ZjYAw&usg=AFQjCNGqhsTShvCV3PehrlwBrwUeyhRAwg&cad=rja

Shaun

« Last Edit: March 28, 2011, 12:25:55 AM by igor »

Offline Coolmario88

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
  • Bronies make the web go round
Re: possible new virus/infection
« Reply #1 on: March 10, 2011, 05:50:11 AM »
Hello please change the "http" in those infected links to "hxxp"  This will prevent anybody from getting infected from the links.
OS: Windows 11 64-bit
Webbrowser: Mozilla Firefox
PC Specs: Intel i5-12400f, Nvidia RTX 3050, 16gb ram, 1.5TB SSD(s).

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: possible new virus/infection
« Reply #2 on: March 10, 2011, 06:27:40 AM »
Here is the site the bottom link directs to: hxxp://mvauxfdr.co.cc/scan3/167 and here is the virustotal scan report: (This one is safe to click) http://www.virustotal.com/file-scan/report.html?id=97ca6d75ee844415b9a64e670eda46ccbe0bd39c50e243b7093d3862329cc5d5-1299734703

It is undoubtedly a malicious site, with some very recent malware embedded.
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: possible new virus/infection
« Reply #3 on: March 11, 2011, 04:04:30 PM »
Again, kaniki, mungle the links to malware in your posting to hxtp or wxw so the unaware might not be tempted to click and get infected, here the scan is green: http://www.virustotal.com/url-scan/report.html?id=c6f815d687a2448e4317dacc66d95f53-1299851956
but the file is ominous, an a Rogue AV executable: http://www.virustotal.com/file-scan/report.html?id=993026853e2bbc8846dbda5a90c4f06a9a18b83c9f97fe7b1557b03975ebeaff-1297772489
and see: http://forums.malwarebytes.org/index.php?showtopic=75399
and re: http://www.prevx.com/filenames/X1775168780474286539-X1/FREESYSTEMSCAN%5B1%5D.EXE.html

verdict Fake AV download site, detected by MBAM and SAS,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

2011

  • Guest
Re: possible new virus/infection
« Reply #4 on: March 12, 2011, 03:21:15 PM »
Hi I found a video where they show a trojan virus (Xtotal) for
access to the remote Computers also there is the address of their creators hackers
PS through the Google translator with Russian language
video address:http://www.youtube.com/watch?v=jw2WYUDm0wE&feature=fvwrel
аvast did not recognize the trojan :'(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: possible new virus/infection
« Reply #5 on: March 12, 2011, 03:40:04 PM »
Have you uploaded it to Avast and told them ?

jzedalis

  • Guest
Re: possible new virus/infection
« Reply #6 on: March 27, 2011, 07:17:50 AM »
I was scrolling through google images and must have scrolled over a link for this same site. hxxp://defender-tpda.in/scan3/167/freesystemscan.exe

For sure it is a scam to get you to download from their website.  They are impersonating windows defender and trying to make you believe your own computer is contacting you.  One way to always be sure.  Anything from windows will NOT open in a tab of the browser your using.  And all windows messages if connected to the internet, always opens in IE.

 Be sure to erase your cookies after going there.  And if you have firewall software just stop inet traffic when something happens like this or just pull out your internet cable.   Or lock your router if you have one.  It, for sure, will stop anything from being dumped on your computer if blocked. 

ted_s

  • Guest
Re: possible new virus/infection
« Reply #7 on: March 27, 2011, 11:42:27 PM »
I had to take care of this one on my ex's pc last month.
then a few days ago It struck me and I quickly "X"d IE shut down
and that stopped it from completeing its download and getting a
grip on the system.
 My Question is,,, why didnt Avast catch this ???

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: possible new virus/infection
« Reply #8 on: March 27, 2011, 11:51:47 PM »
Quote
My Question is,,, why didnt Avast catch this
bc no AV have 100% detection and never will.....

ted_s

  • Guest
Re: possible new virus/infection
« Reply #9 on: March 28, 2011, 12:10:44 AM »
LOL  good answer - thanks  LOL

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: possible new virus/infection
« Reply #10 on: March 28, 2011, 12:20:24 AM »
Hi Pondus,

I know you are right, but if it is in avast's range of issues to add, they are soon to add it when we post it.
Do you know that avast is only a few %% points behind Norton 360  
Quote
Avast! detected 98,51% malware, while Norton 360 detected 98,84%.
Both better as average, that totals  97,7%

source: http://www.av-test.org/index.php

Not bad, not bad at all, and with a little added non-resident SAS, MBAM scanning, and some in-browser security,
I feel awfully lucky to be on avast6,

pol
« Last Edit: March 28, 2011, 12:25:32 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: possible new virus/infection
« Reply #11 on: March 28, 2011, 12:45:38 AM »
I think the best is ShadowServer as it is live http://www.shadowserver.org

Virus Monthly Stats http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusMonthlyStats

you can change from daily to one year statistic down in left corner