Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Again the avast! Webshield detects...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Again the avast! Webshield detects... (Read 1718 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Again the avast! Webshield detects...
«
on:
September 29, 2014, 06:20:24 PM »
Also on DrWeb's "known infection source" list.
https://www.virustotal.com/nl/url/8c5590f7fa96774b439395caf2b992c2953c938180c0123884db0ccc0cc83910/analysis/1412006919/
http://sitecheck.sucuri.net/results/buu4k-filues.gotovo-okno.ru
(Outdated server software)
http://zulu.zscaler.com/submission/show/6b55efbeb275e189682736294c32f9c1-1412007009
http://killmalware.com/buu4k-filues.gotovo-okno.ru/
Normal web rep does not detect.
htxp://buu4k-filues.gotovo-okno.ru/get_access/
200 OK
Content-Length: 112809
Content-Type: text/html
malicious
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pondus
Probably Bot
Posts: 37700
Re: Again the avast! Webshield detects...
«
Reply #1 on:
September 29, 2014, 06:30:20 PM »
nothing in html or js file
https://www.virustotal.com/nb/file/e97641cfc6dd9e836ed93a0e4969e7069fe726f3ea0456eb5544222f561f53d6/analysis/1412007875/
https://www.virustotal.com/nb/file/3739b485ac39b157caa066b883e4d9d3f74c50beff0b86cd8a24ce407b179a23/analysis/1412007974/
one detection on buu4k-filues.gotovo-okno.ru/
get_access/
https://www.virustotal.com/nb/file/b038a96a6356ed600813ec15d041091847b8fc9b9ae3113dd5e2137747d0629c/analysis/1412008136/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: Again the avast! Webshield detects...
«
Reply #2 on:
September 29, 2014, 06:52:24 PM »
Hi Pondus,
Malware very much alive:
http://support.clean-mx.com/clean-mx/viruses.php?ns2=ns3-com.nic.ru&sort=id%20DESC&response=alive
So we need detection for this, as it has been active for over 2829 hours, my friend.
From the safe virus viewer:
DEBUG output created by Wget 1.12 on linux-gnu.
--2014-09-29 18:42:05-- htxp://hqq1f-fiilues.c0qs.pp.ru/download/?q=DayZ%20Standalone&id=33953
Resolving hqq1f-fiilues.c0qs.pp dot ru... failed: Connection timed out.
wget: unable to resolve host address `hqq1f-fiilues.c0qs.pp dot ru'
DEBUG output created by Wget 1.12 on linux-gnu.
--2014-09-29 18:42:05-- htxp://hqq1f-fiilues.c0qs.pp.ru/download/?q=DayZ%20Standalone&id=33953
Resolving hqq1f-fiilues.c0qs.pp dot ru... failed: Connection timed out.
wget: unable to resolve host address `hqq1f-fiilues.c0qs.pp dot ru'
From a private person ->
http://whois.domaintools.com/c0qs.pp.ru
http://dnscheck.pingdom.com/?domain=C0QS.PP.RU×tamp=1412009177&view=1
Delegation errors.
Main domain OK:
http://dnscheck.pingdom.com/?domain=PP.RU×tamp=1412009333&view=1
Hoster:
http://www.adelinahost.com/ru/
pol
See:
https://www.virustotal.com/nl/url/7c9a5c558466a59aac86d90df74804be3df395187198ce5a09e022bfab6b3e54/analysis/
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Again the avast! Webshield detects...