please help check this file

[leeviruslee]

Hi great guys,

I download a file from below link
hxxp://www.mjbox.com/r/bk/bkys0812/VMware%E6%B3%A8%E5%86%8C%E6%9C%BA.rar

it will enable webcam a short while,and stay in the system without anything
but the virus scan can't find anything?

can you help me to check this file is safe or not?


Thanks~

[DavidR]

First - Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites and files, thanks.

Well there are some scanners that at the very least consider it suspect, see http://www.virustotal.com/file-scan/report.html?id=ff23462fcd0966b5fdf2d2bea27f9c956e12aeb2dbf344693fd458359bb681ba-1287368224.

I know under normal circumstances I wouldn't download a file with this kind of file name in the first place.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

[leeviruslee]

Hi! David ,

Thanks for your help.

First - Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites and files, thanks.

Well there are some scanners that at the very least consider it suspect, see http://www.virustotal.com/file-scan/report.html?id=ff23462fcd0966b5fdf2d2bea27f9c956e12aeb2dbf344693fd458359bb681ba-1287368224.

I know under normal circumstances I wouldn't download a file with this kind of file name in the first place.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

[DavidR]

No problem, glad I could help.

Welcome to the forums.

[Marc57]

The site isn't safe.

http://www.urlvoid.com/scan/mjbox.com

[Marc57]

This is definitely a trojan.

Just got this back from Cat-Quickheal.

"Dear Sir,

Thank you for the files.
Found malicious code inside the files.
Solution for the same will be uploaded in next update.

Regards,
- Rahul

Ticket Details
===================
Ticket ID: FMW-467375
Department: VirusLab
Priority: High
Status: Closed"



Sophos:

Hello,

Thank you for contacting Sophos Technical Support.

**Please note that this is an automated response. If you have any questions, require assistance or clarification on this analysis, please feel free to reply to this email quoting this case number in the subject line.**

The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.


short-VMWARE_1.EXE -- identity created/updated (New detection Troj/Agent-OZS)
VMware.zip -- archive file

Please do not hesitate in contacting us by replying to this email if you have any questions or concerns.

Kind regards,

Sophos Technical Support

[Marc57]

This is now being detected by Malwarebytes.

[leeviruslee]

Thanks for your kindly and great support!

[Marc57]

Your Welcome.

[Left123]

http://safeweb.norton.com/report/show?url=mjbox.com