Author Topic: avast 1 of 7 av's to find up this PUP...  (Read 3056 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
avast 1 of 7 av's to find up this PUP...
« on: October 21, 2012, 10:24:58 PM »
See: http://zulu.zscaler.com/submission/show/ea69409c2f70546beaa4dbe95f28dca9-1350850564
See: https://www.virustotal.com/url/316cc8552014da34d359c8f965740bd25983861c357c4dbc8223edd187bbb11a/analysis/1350850707/
See: https://www.virustotal.com/file/af555d9175418042a445b67b6df17291ef6d8fc49117352f23a2f880f526d69b/analysis/1350850714/
avast detects as Win32:Toggle-A [PUP]
For domain detection see: http://www.urlvoid.com/scan/pf.phpnuke.org
Various IP involved:
646302   2012-10-21   pf.phpnuke dot .org      188.165.2.127      178.32.28.133      94.23.168.5   ASN for all three IPs 16276
   hxtp://pf.phpnuke.org/s/2/6/26887-660901-mirc.exe?iv=2012090216
See: http://urlquery.net/report.php?id=243207

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37613
  • Not a avast user
Re: avast 1 of 7 av's to find up this PUP...
« Reply #1 on: October 22, 2012, 12:22:02 AM »
it should have been 8...as Norman also detect it as winpe/Zulu.CX
and Malwarebytes as PUP:Bundleinstaller.PHP.....and not default marked for removal
« Last Edit: October 22, 2012, 12:23:37 AM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
Re: avast 1 of 7 av's to find up this PUP...
« Reply #2 on: October 22, 2012, 12:47:01 AM »
Hi Pondus,

As always thanks for your additional scan info. Good thing to hear that detection for this PUP is growing,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!