« previous next »
Pages: [1]   Go Down

Author Topic: Harmless or virus?  (Read 2611 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Harmless or virus?
« on: December 07, 2014, 05:12:27 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37533
  • Not a avast user
Re: Harmless or virus?
« Reply #1 on: December 07, 2014, 05:25:31 PM »
looks like a Chinese website. file hxxp://210.151.37.117/A2/1207/chili.exe  seems it is not there anymore

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Re: Harmless or virus?
« Reply #2 on: December 07, 2014, 05:46:09 PM »
Hi Pondus,

And what about this? Re: https://urlquery.net/report.php?id=1417857971136
It was or is launching Win32/Agent.WLY trojan from that IP address: http://www.scumware.org/report/210.151.37.117.html
This is a detection for a keylogging trojan.
IDS alert for ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) points out to it may be a FP detection of sorts!
While this is setting my mind at ease a bit more: http://totalhash.com/search/ip:210.151.37.90 (all generic detections).

polonus
« Last Edit: December 07, 2014, 06:03:32 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37533
  • Not a avast user
Re: Harmless or virus?
« Reply #3 on: December 07, 2014, 06:07:11 PM »
Quote from: polonus on December 07, 2014, 05:46:09 PM
Hi Pondus,

And what about this? Re: https://urlquery.net/report.php?id=1417857971136
It was or is launching Win32/Agent.WLY trojan from that IP address: http://www.scumware.org/report/210.151.37.117.html
This is a detection for a keylogging trojan.
IDS alert for ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) points out to it may be a FP detection of sorts!
While this is setting my mind at ease a bit more: http://totalhash.com/search/ip:210.151.37.90 (all generic detections).

polonus
First submission 2014-12-05 07:55:19 UTC ( 2 days, 9 hours ago )
https://www.virustotal.com/en/file/3735f4d29d97b8e0217beeca9007e1d4078a149b14fb5edbe9548225d3607f10/analysis/1417971990/
https://www.metascan-online.com/en/scanresult/file/075f721c3dab4151bf348cb6e4fd8864

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Re: Harmless or virus?
« Reply #4 on: December 07, 2014, 07:39:43 PM »
Thanks, Pondus,

I consider that to be the last word on this then. Well checked by both of us and also found that we are being protected by avast

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »