http://www.13lune.it/171811.php mas mailer from my outlook this morning

[rmerrick]

http://www.13lune.it/171811.php
i got 70+ mail bounces come back to me with this address in them.
avast didnt find the worm.

[rmerrick]

malwarebytes found it. Avast8 let it through


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ray Merrick :: RAYM-PC [limited]

Protection: Enabled

20/03/2013 8:55:43 AM
mbam-log-2013-03-20 (08-55-43).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 249133
Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 4000 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

(end)

[rmerrick]

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ray Merrick :: RAYM-PC [limited]

Protection: Enabled

20/03/2013 9:04:16 AM
mbam-log-2013-03-20 (09-04-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291344
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Ray Merrick\AppData\Local\Temp\CSM49CD.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Ray Merrick\AppData\Local\Temp\Temp1_ISOBuster_Pro_v1[1].6.0.19.zip\IsoBuster.Pro.v1.6.0.19-ROR\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

[davexnet]

It's interesting, even with it's "cloud intelligence" , Avast still seems second best when it comes to
detecting these issues.  There has been a few incidents in the last week where Malwarebytes
detected something Avast happily let into the system.

Avast is working well in my XP system, but I don't think it should be beaten by some of these other
anti-malware packages.

[Pondus]

malwarebytes found it. Avast8 let it through

not a virus but detected as riskware by malwarebytes......so it may be detected by avast PUP scan
PUP = not a virus/Possible Unwanted Program

C:\Users\Ray Merrick\AppData\Local\Temp\Temp1_ISOBuster_Pro_v1[1].6.0.19.zip\IsoBuster.Pro.v1.6.0.19-ROR\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

This file is not a virus. It is used to crack Microsoft office2010.When Microsoft office2010 is cracked, you no longer need to activate Microsoft office2010 and pay for it.

So what to expect when running keygen and crack software.