Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does avast detect a variant of Win32/FlyStudio in PUP-mode?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Does avast detect a variant of Win32/FlyStudio in PUP-mode? (Read 2271 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33943
malware fighter
Does avast detect a variant of Win32/FlyStudio in PUP-mode?
«
on:
November 15, 2014, 02:55:31 PM »
Is this an undetected Virut alias aka variant of Win32/FlyStudio?
A variant of Win32.FlyStudio application is a broad category of malicious software that can include adware, spyware, viruses, trojans, backdoors, and worms. All of these programs are designed to thwart computer security and force unwanted system behavior, activities, or damage.
See:
https://www.virustotal.com/nl/url/b01d2e9a6b728b51704526e073b41ec75a57cb1bbdd909ba25c5d61b82bc651b/analysis/1416059152/
and
https://www.virustotal.com/nl/file/ce9a85b1c691e9517181b67c84b5114a9457d57577626c79b5b37aa25c67c5bb/analysis/1416046670/
Listed and flagged here:
http://urlquery.net/report.php?id=1416003033789
Also consider here the IDS alerts here: Recent reports on same IP/ASN/Domain
polonus
Last 6 reports on IP: 123.57.37.211 IDS for "ET POLICY Unsupported/Fake Windows NT Version 5.0", just faking UA's without much
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33943
malware fighter
Re: Does avast detect a variant of Win32/FlyStudio in PUP-mode?
«
Reply #1 on:
November 15, 2014, 03:16:52 PM »
Consider the IP badness history:
http://totalhash.com/network/dnsrr:aladdin.a.shifen.com
and
https://www.virustotal.com/nl/ip-address/123.57.37.211/information/
http://www.scumware.org/report/123.57.37.211.html
with Win32/FlyStudio potentially unwanted application as threat.
avast detects as Avast Win32:Malware-gen here:
https://www.virustotal.com/nl/file/723358d599107ca283ebc8eb70ce2cedf530a85007d3609ca44de085a5d157d9/analysis/
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33943
malware fighter
Re: Does avast detect a variant of Win32/FlyStudio in PUP-mode?
«
Reply #2 on:
November 15, 2014, 03:40:08 PM »
Dame goes for this riskware, rojan.Win32.ShouQu.BA. here. Avast should detect most of these as Win32:Malware-gen.
https://www.virustotal.com/nl/url/a1afe1bdf4ff44c477bd3c5ce7f1ac54cea4dc87dfb19a54c9915d2196f5646a/analysis/1416061814/
Site blacklisted:
http://quttera.com/detailed_report/hao.xtdqz.com
Scan for: htxp://hao.xtdqz.com
Hostname: hao.xtdqz dot com
IP address: 222.186.60.79
System Details:
Running on: nginx
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 403 Forbidden
See:
https://malwr.com/analysis/OTA4NWJlNDkzZGMzNDY4MGEwMmE4MTFjNDRhYTA0MjA/
See:
http://support.clean-mx.de/clean-mx/viruses.php?virusname=Trojan.Win32.ShouQu.bA&sort=id%20DESC
See:
https://urlquery.net/report.php?id=1415981679422
->
http://support.clean-mx.de/clean-mx/viruses.php
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Does avast detect a variant of Win32/FlyStudio in PUP-mode?