Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Avast flags the dropper here as VBS:Agent-KZ [Trj]!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Avast flags the dropper here as VBS:Agent-KZ [Trj]! (Read 1314 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Avast flags the dropper here as VBS:Agent-KZ [Trj]!
«
on:
December 04, 2014, 06:27:55 PM »
Malicious:
https://www.virustotal.com/nl/url/abddaf8d854647ded5f1ee9535a5a3eeb27166662c809e3f0df923aca83535b3/analysis/1417712923/
and
http://killmalware.com/madagascarbiodiversity.net/
Flagged by avast:
https://www.virustotal.com/nl/file/e558fdf8e59856746d477eaa5af026c4bd419319ab6007a3a3bd5ed3be8617a6/analysis/
/index.html
Severity: Malicious
Reason: Detected malicious drive-by-download attack
Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<meta name="description" content="hacked by Killer~X :~ twitter: ClaxHacK">
Details: Malicious obfuscated JavaScript threatWeb site defaced.
Offset: 4058
Threat dump: See
http://www.uploady.com/#!/download/j~e~oBz9sW5/oFGvqQsSUECrlS8A
Threat dump MD5: 4667FB094040103F5F964564346C0007
File size[byte]: 234296
File type: ASCII
Page/File MD5: D2C670980F2E0CF4D6BC40DAF27C8793
Scan duration[sec]: 0.017000
Virus will attach code to every .html file! like ->
http://www.commentcamarche.net/faq/30960-comment-se-debarrasser-de-ramnit
IDS alert given at urlquery dot net scan: ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution
This service has been discontinued: GET /app/easyInline.swf HTTP/1.1
Host: hdapp1003-a.akamaihd dot net ->
https://www.virustotal.com/nl/file/2db66da9a8f62e3a926e3f9269bb2d103f5b2f06018634e193dce934c3a15ce0/analysis/
Related to this attack? ->
http://www.coresecurity.com/content/e107-cms-script-command-injection
IP badness history:
https://www.virustotal.com/nl/ip-address/208.113.175.192/information/
polonus
«
Last Edit: December 04, 2014, 06:37:03 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Avast flags the dropper here as VBS:Agent-KZ [Trj]!