Avast WEBforum

Other => Viruses and worms => Topic started by: MacRaider on April 07, 2011, 08:28:03 PM

Title: Avast alarm BufferZone Pro Malware 3.41?
Post by: MacRaider on April 07, 2011, 08:28:03 PM

Installing Program BufferZone Pro 3.41 Avast alarm and abort the installation, the software downloaded www.trustware.com. Does Avast close, and then install?

Title: Re: Avast alarm BufferZone Pro Malware 3.41?
Post by: Pondus on April 07, 2011, 08:36:57 PM

VirusTotal - BufferZoneProFree.msi - 2/42
http://www.virustotal.com/file-scan/report.html?id=8278d91df9d7874e6a1c3263811f8dd4e7fb1cf1ae275bb3dc8fad74a58a1c02-1302174705

Title: Re: Avast alarm BufferZone Pro Malware 3.41?
Post by: polonus on April 10, 2011, 01:00:06 AM

Avast detects this as Win32:WinVNCbased-F because it is looks upon it as a RAT (Remote Administration Trojan),
because VNC is a Remote Administration program often used to remote into other systems, and
may have come in on the back of other malware...this type can be a slight modification of an older type,
as the program could be considered a "risktool" for those that have not installed it intentionally,
the downloadsite is clean: sucuri scan for /http//wXw.trustware.com/ gives an all green...status:
Site verified to be secure and free of malware.
web trust: Site not blacklisted; also found clean here: http://www.urlvoid.com/scan/trustware.com
and safe here: http://safeweb.norton.com/report/show?url=trustware.com
and here: http://www.webutation.net/go/review/trustware.com

polonus

P.S. Pondus - reanalyze the virustotal.scan - it now only has the avast detection of this "risktool" find...
so -Result: 1 /41 (2.4%)

D