Author Topic: What's wrong with these Sites? (Read 2896 times)

Michael (alan1998) · « **on:** February 21, 2014, 08:15:25 PM »

wXw.technofreeks.com/uploads/1/2/8/6/12861493/7z915.exe
wXw.technofreeks.com/uploads/1/2/8/6/12861493/teracopy.exe

(Don't go to these links above this warning!)

https://www.virustotal.com/en/url/26182c1185c3db531f50fb66fdfe6cefe04a3db1dec466ca55d3f6a8b28cb665/analysis/1393009889/
https://www.virustotal.com/en/url/0f441881450d849f5ddc76999d8995fab4782d3ba92ea7d96bc1238b2dd2f302/analysis/1393010063/

Can anyone point out the infection and what it is?

Michael (alan1998) · « **Reply #1 on:** February 21, 2014, 08:25:06 PM »

https://www.virustotal.com/en/file/0bd035cb8a9c65078b8445f5785bc98c8203acdd3bfa7264ae3451d13258546e/analysis/1392993162/

MBAM Doesn't detect the file? That's messed up!

Pondus · « **Reply #2 on:** February 21, 2014, 08:41:15 PM »

Quote from: Michael (alan1998) on February 21, 2014, 08:25:06 PM

https://www.virustotal.com/en/file/0bd035cb8a9c65078b8445f5785bc98c8203acdd3bfa7264ae3451d13258546e/analysis/1392993162/

MBAM Doesn't detect the file? That's messed up!

nope.... Malwarebytes does not detect file infectors and never will
it will detect the main install file, but not any files injected with virus code..... Malwarebytes does not clean files, it only detect and remove files where the hole file is the malware

read and laern Michael..... lots of info in MBAM forum

MIEKIEMOES - Director of Research @ Malwarebytes
http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html

David H. Lipman
https://forums.malwarebytes.org/index.php?showtopic=102698#entry507785

Secondmineboy · « **Reply #3 on:** February 21, 2014, 09:01:55 PM »

Also to get this Sality crap you need to get an executable to be infected, and thats most likely detected.

Or you just head over to linux to get around malware.

gen-hackman · « **Reply #4 on:** February 21, 2014, 11:36:37 PM »

hello only drweb,AVPTools or SalityKiller can disinfect the files injected

Michael (alan1998) · « **Reply #5 on:** February 23, 2014, 12:07:35 PM »

I know. But the sites are not actively blocked by neither MBAM Pro nor Avast! The fact the code is still live and so are the files is dangerous. The links lead directly to the "Infected File"

The post VT results I gacve to FatDCUK are that of the actual themselves. But won't detect it.

Michael (alan1998) · « **Reply #6 on:** February 23, 2014, 12:24:32 PM »

Oh. Nevermind. Avast! was just lagging behind on the blocking of the website.

Object: http://.../teracopy.exe
Infection: Win32 Salicode
Process: IEXPLORE

polonus · « **Reply #7 on:** February 23, 2014, 02:51:35 PM »

Also coming up in here: http://www.herdprotect.com/teracopy.exe-257b6305cc636ee09df92caffda3048a0c727f37.aspx

pol

Michael (alan1998) · « **Reply #8 on:** February 23, 2014, 04:24:07 PM »

So not only are the links still active. They release new ones to bypass AV detections? Serious business!

gen-hackman · « **Reply #9 on:** February 23, 2014, 04:43:09 PM »

logically , Pre_Scan detects ramnit in htm, html files and exe files but it doesn't desinfect , I didn't make it for.

Author Topic: What's wrong with these Sites? (Read 2896 times)

Michael (alan1998)

What's wrong with these Sites?

Michael (alan1998)

Re: What's wrong with these Sites?

Pondus

Re: What's wrong with these Sites?

Secondmineboy

Re: What's wrong with these Sites?

gen-hackman

Re: What's wrong with these Sites?

Michael (alan1998)

Re: What's wrong with these Sites?

Michael (alan1998)

Re: What's wrong with these Sites?

polonus

Re: What's wrong with these Sites?

Michael (alan1998)

Re: What's wrong with these Sites?

gen-hackman

Re: What's wrong with these Sites?