Author Topic: One virus and One question...  (Read 2941 times)

0 Members and 1 Guest are viewing this topic.

droland1978

  • Guest
One virus and One question...
« on: April 19, 2012, 07:48:13 AM »
Dear Avast!

Sorry for the bad eng lang...

This is a virus, but the avast is quiet. Only "fájlrendszer védelem" (maybe: filesystem shield?) is installed. Why not alert to this file the avast if the filesystem shield is installed?
hxxp://data.hu/... (removed)
(Download with "lassú letöltés")

The question: Why not default settings in the the avast alarm: if a file has a two or more extensions, and the last extension name is exe?

Sorry for the bad lang...

droland


« Last Edit: April 20, 2012, 11:32:52 AM by Milos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: One virus and One question...
« Reply #1 on: April 19, 2012, 08:09:56 AM »
No detection .......if it is malware ?

Virustotal
https://www.virustotal.com/file/4cd6911def733782d2b587cee1d4f56662fa26aff78ad522e2e08a308f5e73ac/analysis/1334815667/


First seen by VirusTotal
 2012-04-19 06:07:47 UTC ( 1 minutt ago )

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: One virus and One question...
« Reply #2 on: April 19, 2012, 01:59:58 PM »
@ droland1978
The fact that a file has two or more extensions, doesn't automatically mean it is malware. There are many legitimate instances where a file will have multiple . (periods) in it but they aren't necessarily file extensions.

However, in this case avast 'does alert' on this file (see image, click to expand) with the latest avast virus definitions, 120419-0. This is a web shield alert when trying to download of your file sharing site link.

Please remove the file sharing link as you have no control over who might download it or what they may do with it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: One virus and One question...
« Reply #3 on: April 19, 2012, 03:48:42 PM »
See file analysis here: htxp://malwr.com/analysis/c786163f2612d6d95625d44513bf803b/
Has it been forwarded to virus AT avast dot com? See: htxp://r.virscan.org/d0c5618dbea6b618a8e325965b1591ad
Here are three examples with a bad status: htxp://isthisfilesafe.com/filename/Fire%2520Safety%2520Guidance.pdf.exe_details.aspx

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: One virus and One question...
« Reply #4 on: April 19, 2012, 04:45:46 PM »
Doesn't have to be sent to avast as it already detects it (my last image) unless you are talking about a different file to Fire_Safety_Guidance.pdf.exe.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
« Last Edit: April 19, 2012, 08:08:12 PM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: One virus and One question...
« Reply #6 on: April 19, 2012, 08:45:47 PM »
Well that doesn't match what the file captured via avast's .tmp, shows on a VT scan, now 27/42 https://www.virustotal.com/file/c616776dffcb4a4d76894a3ced05ffe92a131349011c350a8456259363a1f20e/analysis/1334860717/.

See image extract of file content, looks like no html file I have ever seen.

I believe jotti are only seeing results of the file sharing link and not the actual file.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: One virus and One question...
« Reply #7 on: April 19, 2012, 09:06:15 PM »
hmmm...that is the file that orbit download.....   ???

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: One virus and One question...
« Reply #8 on: April 19, 2012, 10:18:00 PM »
I don't know about orbit, but that is the file that avast alerted on when trying to download the file sharing link and the one I uploaded to VT, as can be seen in the unp999999.tmp file name.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: One virus and One question...
« Reply #9 on: April 20, 2012, 10:15:00 AM »
File confirmed as malicious.  Avast detects Fire_Safety_Guidance.pdf.exe as a virus.  File placed in chest.  Thanks DavidR.

Would like to point out OP has not made link not clickable yet.  Can a moderator get this done if OP does not?

EDIT:  Attached new screenshot of chest; latest virustotal now at 30/42 reporting.
« Last Edit: April 20, 2012, 10:23:57 AM by mchain »
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: One virus and One question...
« Reply #10 on: April 20, 2012, 11:29:40 AM »
You're welcome, I have reported it to moderator, hopefully the file share link will be removed, not just made inactive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security