Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on October 27, 2013, 10:37:19 PM

Title: Does avast! detect this executable? Scareware?
Post by: polonus on October 27, 2013, 10:37:19 PM

See: https://www.virustotal.com/nl/url/b60de77c1616b207a931a5e79b7354ce8afa73815e8aa0ec32ec26f5ef575833/analysis/1382908880/
and https://www.virustotal.com/nl/file/3487045fe79491b901f09646835f30aaea6419cd268bdb1e2524bf10e501fe4f/analysis/1382874085/
IDS alerts here: http://urlquery.net/report.php?id=7219507
Server redirect Code: 404,  Content cannot be read!
See: http://support.clean-mx.de/clean-mx/viruses.php?ip=66.7.217.40&sort=id%20DESC
htxp://www.securitystronghold.com/files/go-remove-malware/InterpolRansomwareVirusRemovalTool.exe is in Dr.Web malicious sites list!
The WOT web rep status: http://www.mywot.com/en/scorecard/securitystronghold.com?utm_source=addon&utm_content=popup-donuts
-> http://www.mywot.com/en/scorecard/go-remove-malware.com?utm_source=addon&utm_content=popup-donuts
Quttera's scanner detects:
/rss
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Detected abnormal use of [iframe] elements. Treat it as suspicious.
File size[byte]:    27986
File type:    ASCII
MD5:    18C8729CEEB41F234B06E42F401A317A
Scan duration[sec]:    0.021000
Anubis analysis: http://anubis.iseclab.org/?action=result&task_id=1a696b88c61f499a40984dc32c9beddd4&format=html
Verdict unknown,

pol

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 27, 2013, 10:40:45 PM

Avast is not detecting it on download and Scan.

I will test it in a VM now.

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 27, 2013, 10:52:50 PM

The file is also installing RegCleanPro, which is Junkware.

The Program actually looks good.

And its signed by Security Stronghold.

But i would consider this as junk.

Title: Re: Does avast! detect this executable? Scareware?
Post by: Pondus on October 27, 2013, 10:58:31 PM

old file....
First submission 2013-07-16 00:39:25 UTC ( 3 months, 1 week ago )

Title: Re: Does avast! detect this executable? Scareware?
Post by: polonus on October 27, 2013, 10:58:47 PM

Hi Steven Winderlich,

Can you confirm this is coming with Flipora Search ad-junk, detected as PUP?
See: http://www.removepcthreat.com/remove-flipora-search-flipora-search-removal-flipora-search-how-to-remove-flipora-search-delete-flipora-search-uninstall-flipora-search-how-to-delete-flipora-search-how-to-uninstall-flipora-sea/

Damian

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 27, 2013, 11:01:48 PM

I will restart the VM and will see what is going on.

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 27, 2013, 11:08:31 PM

Nothing in IE, Firefox or Chrome either.

Also no startup key set, just RegCleanPro starting up(and crashing).

Thera was something in Firefox and Chrome, about that just RegClean Stuff, ADW Log attached.

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 27, 2013, 11:18:36 PM

OTL Logs

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 27, 2013, 11:53:56 PM

Malwarebytes Log

Title: Re: Does avast! detect this executable? Scareware?
Post by: polonus on October 28, 2013, 12:03:26 AM

There the PUP detection for Flipora is being confirmed,

pol

Title: Re: Does avast! detect this executable? Scareware?
Post by: Secondmineboy on October 28, 2013, 12:53:51 AM

OK.

Im not that good on ADWCleaner Logs with this preferences things.