Avast WEBforum
Other => Viruses and worms => Topic started by: droland1978 on April 19, 2012, 07:48:13 AM
-
Dear Avast!
Sorry for the bad eng lang...
This is a virus, but the avast is quiet. Only "fájlrendszer védelem" (maybe: filesystem shield?) is installed. Why not alert to this file the avast if the filesystem shield is installed?
hxxp://data.hu/... (removed)
(Download with "lassú letöltés")
The question: Why not default settings in the the avast alarm: if a file has a two or more extensions, and the last extension name is exe?
Sorry for the bad lang...
droland
-
No detection .......if it is malware ?
Virustotal
https://www.virustotal.com/file/4cd6911def733782d2b587cee1d4f56662fa26aff78ad522e2e08a308f5e73ac/analysis/1334815667/
First seen by VirusTotal
2012-04-19 06:07:47 UTC ( 1 minutt ago )
-
@ droland1978
The fact that a file has two or more extensions, doesn't automatically mean it is malware. There are many legitimate instances where a file will have multiple . (periods) in it but they aren't necessarily file extensions.
However, in this case avast 'does alert' on this file (see image, click to expand) with the latest avast virus definitions, 120419-0. This is a web shield alert when trying to download of your file sharing site link.
Please remove the file sharing link as you have no control over who might download it or what they may do with it.
-
See file analysis here: htxp://malwr.com/analysis/c786163f2612d6d95625d44513bf803b/
Has it been forwarded to virus AT avast dot com? See: htxp://r.virscan.org/d0c5618dbea6b618a8e325965b1591ad
Here are three examples with a bad status: htxp://isthisfilesafe.com/filename/Fire%2520Safety%2520Guidance.pdf.exe_details.aspx
polonus
-
Doesn't have to be sent to avast as it already detects it (my last image) unless you are talking about a different file to Fire_Safety_Guidance.pdf.exe.
-
according to jotti the file is not a exe...but a HTML document text
http://virusscan.jotti.org/en/scanresult/3cd1f9e1505605c7922e4ecdfc04e7832ff4da06
Norman lab say clean
Fire_Safety_Guidance.pdf.exe : Clean!
URLVoid
http://vscan.novirusthanks.org/analysis/0a3d697900642e4c58aaae6aa0632077/ZmlyZS1zYWZldHktZ3VpZGFuY2UtcGRmLWV4ZQ==/
Anubis
http://anubis.iseclab.org/?action=result&task_id=1d4804c295862817489acd89c62920466&format=html
-
Well that doesn't match what the file captured via avast's .tmp, shows on a VT scan, now 27/42 https://www.virustotal.com/file/c616776dffcb4a4d76894a3ced05ffe92a131349011c350a8456259363a1f20e/analysis/1334860717/ (https://www.virustotal.com/file/c616776dffcb4a4d76894a3ced05ffe92a131349011c350a8456259363a1f20e/analysis/1334860717/).
See image extract of file content, looks like no html file I have ever seen.
I believe jotti are only seeing results of the file sharing link and not the actual file.
-
hmmm...that is the file that orbit download..... ???
-
I don't know about orbit, but that is the file that avast alerted on when trying to download the file sharing link and the one I uploaded to VT, as can be seen in the unp999999.tmp file name.
-
File confirmed as malicious. Avast detects Fire_Safety_Guidance.pdf.exe as a virus. File placed in chest. Thanks DavidR.
Would like to point out OP has not made link not clickable yet. Can a moderator get this done if OP does not?
EDIT: Attached new screenshot of chest; latest virustotal now at 30/42 reporting.
-
You're welcome, I have reported it to moderator, hopefully the file share link will be removed, not just made inactive.