Author Topic: Report suspicius link (Read 5510 times)

Paulo Henrique · « **on:** February 06, 2006, 02:07:59 PM »

Hello, first post here and sorry about my poor english.

Where can I report a link that i believe that is a virus (but it's not identified as one by avast)?

I received a spam-like virus, with a link to a site, then in this site a new link to a .zip file. I downloaded it, the file is not identified as a virus by avast (a .exe).

The link is this: http://www.cobrancasnovas.kit.net/pagfatura.zip

I not sure if this is really a virus or not, but i will not execute it on my machine too soon

Thx

[]'s

RejZoR · « **Reply #1 on:** February 06, 2006, 02:20:27 PM »

Yeah it looks like malware. NOD32 also detects it as "probably unknown new_heurPE".
Though you may want to send this sample to virus[at]avast.com if no one from Alwil responds to this thread.

DavidR · « **Reply #2 on:** February 06, 2006, 05:08:23 PM »

The Dr Web interface isn't flagging it, so it probalyy needs checking at Jotti.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
Or VirusTotal - Multi engine on-line virus scanner

Zip files are inert until you extract or execute the contents.

Jotti found hits from a number of AVs (but not avast and a number of others) when I uploaded the zip file so it would appear to be malware.

Quote

AntiVir - Found nothing
ArcaVir    Found nothing
Avast    Found nothing
AVG Antivirus    Found nothing
BitDefender    Found nothing
ClamAV    Found nothing
Dr.Web    Found nothing
F-Prot Antivirus Found nothing
Fortinet    Found PossibleThreat
Kaspersky Anti-Virus    Found Trojan-Spy.Win32.Bancos.ow
NOD32    Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control    Found W32/Bancos.HMP
UNA    Found nothing
VBA32    Found Trojan-Spy.Win32.Bancos.ow

Copy sent to virus @ avast.com

polonus · « **Reply #3 on:** February 06, 2006, 10:02:03 PM »

Hello Paulo Henrique,

This is a trojan downloader to mimic a Brazilian bank portal,
the information is here:
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.j.html
With the information here you can check this.

polonus

essexboy · « **Reply #4 on:** February 06, 2006, 10:26:20 PM »

Welcome back Polonus

FreewheelinFrank · « **Reply #5 on:** February 08, 2006, 11:51:03 PM »

I submitted this file to Ewido and today it's detected. German efficiency?

DavidR · « **Reply #6 on:** February 09, 2006, 12:14:28 AM »

Still not included in avast VPS though, despite being submited to Jotti and sent to avast from the chest.

Dwarden · « **Reply #7 on:** February 09, 2006, 06:30:21 PM »

Detected as Win32:Bancos-RK [Trj] since VPS 0602-2 ...

so where is problem ?

DavidR · « **Reply #8 on:** February 09, 2006, 07:53:15 PM »

I scanned it after 0602-2 and it wasn't detected, it is today after 0602-3 though.

Author Topic: Report suspicius link (Read 5510 times)

Paulo Henrique

Report suspicius link

RejZoR

Re: Report suspicius link

DavidR

Re: Report suspicius link

polonus

Re: Report suspicius link

essexboy

Re: Report suspicius link

FreewheelinFrank

Re: Report suspicius link

DavidR

Re: Report suspicius link

Dwarden

Re: Report suspicius link

DavidR

Re: Report suspicius link