Avast WEBforum
Other => Viruses and worms => Topic started by: Asyn on March 16, 2011, 01:59:03 PM
-
Reported by an user in the German section. (hxxp://wxw.avastfrance.com/)
The site distributes a fake AV (Rogue), using avast's name...!!!
Report 2011-03-16 13:15:53 (GMT 1)
Website avastfrance.com
Domain Hash 4d6e81c523fad80972e4e15ff80ec385
IP Address 174.123.72.226 [SCAN]
IP Hostname e2.48.7bae.static.theplanet.com
IP Country US (United States)
AS Number 21844
AS Name THEPLANET-AS - ThePlanet.com Internet Service...
Detections 7 / 18 (39 %)
Status DANGEROUS
-
Avast already detect the executuble but not the site,i reported this site in one of my posts but no1 seemed to see it,anyway.
-
Already in hpHosts detection:
http://hosts-file.net/?s=avastfrance.com&x=35&y=9
-
http://forum.avast.com/index.php?topic=73785.0
-
Avast already detect the executuble but not the site,i reported this site in one of my posts but no1 seemed to see it,anyway.
Well, the site should be blocked, asap...!!!
asyn
-
Avast already detect the executuble but not the site,i reported this site in one of my posts but no1 seemed to see it,anyway.
Well, the site should be blocked, asap...!!!
asyn
Of course!!
-
Well, the site should be blocked, asap...!!!
It is by MBAM as well:
IP-BLOCK 174.123.72.226 (Type: outgoing, Port: 52612, Process: avastsvc.exe)
-
Well, the site should be blocked, asap...!!!
It is by MBAM as well:
IP-BLOCK 174.123.72.226 (Type: outgoing, Port: 52612, Process: avastsvc.exe)
Thanks for the info about hpHosts and Mbam, Kenny..!
Still, we want avast to block it, too. ;)
asyn
-
Hi Asyn,
Send a mail to avast that the following links should be detected:
So called Bad Anchor link here: hxtp://www.avastfrance.com/
See: http://www.virustotal.com/file-scan/report.html?id=9b8fbd43137dd84905e1b8b37e05de58b00484470c429127ba86fbd2c4d9221f-1300284565
0/ 43 (0.0%)
and PremiumSMSScan, here: htxp://www.avastfrance.com/dl/Avast-antivirus-francais.exe ,detected as NSIS:FakeInst-L by avast
See: http://xylibox.blogspot.com/2011/03/hoaxsms-fake-installer-avast-avast.html
Site should be flagged: http://deletemalware.blogspot.com/2011/03/fake-avast-antivirus-avast-antivirus.html
It is also in here: http://malc0de.com/database/
Reported on March 13th:
011/03/13_19:26 www. avastfrance.com/dl/Avast-antivirus-francais.exe 174. 123. 72. 226 e2. 48. 7bae.static.theplanet.com. fake av Whois Privacy Protection Service, Inc. / xfwryksrx AT whoisprivacyprotect.com 21844
I do not know whether it is still alive? These issues are sometimes rather short-lived as soon as they are being found up,
polonus
-
Thanks, pol..!! :)
asyn
-
Still undetected? ???huh
-
Still undetected? ???huh
Contact avast! (http://www.avast.com/contact-form.php?loadStyles) however there's no option to report false negatives :(
-
Yes and that is something which needs to be included in the list.
Though you could try and misuse the report false alert on a website, by reporting in the text input 'Your Message' window that it is a malicious site which isn't detected by either the network or web shields.
I tend to send an email to the usual virus (at) avast (dot) com address, with 'Undetected Malware - Network Shield' in the subject and details in the email body, no need for a sample.
-
Site gets blocked now, so I put this to solved.
asyn