Author Topic: Potentially harmful software (Read 2079 times)

REDACTED · « **on:** March 10, 2016, 12:48:43 PM »

Hello!

I have recently downloaded a Documents.zip file from freelancer.com and I unpacked this file and saw a icon New text document file which is not in .txt file and this look is only a mask for some application which install some harmful software in windows powershell.
Until then my laptop is a quite slowly than before.
I scaned my laptop with avast but nothing.
I am wonder what kind of harmful software is this application?
Does anymore know somthing more about it??
Here is a link from dropbox where you can download this harmful software but be careful when after you unzip this file.

https://www.dropbox.com/s/jmoyuvi735vlz7g/Documents.zip?dl=0

Eddy · « **Reply #1 on:** March 10, 2016, 12:50:38 PM »

Never post a life link to (potential) malicious software on this webboard.
Make the link not clickable. (e.g. change http to hxxp)

For a check/help with malware removal :
http://forum.avast.com/index.php?topic=53253.0

REDACTED · « **Reply #2 on:** March 10, 2016, 01:20:04 PM »

You can click at this link but you need download rar file, unpack this file and ONLY when you click masked .txt file or application you start this software.
I just need help of some experts in that field because I would like to know what this software do?

??

Pondus · « **Reply #3 on:** March 10, 2016, 02:17:51 PM »

Quote

I am wonder what kind of harmful software is this application?

Upload end test file (preferably the file inside the zip) at www.virustotal.com if tested before, click rescan for a fresh result
Post link to scan result here

alternative: www.metascan-online.com / www.jotti.org

REDACTED · « **Reply #4 on:** March 10, 2016, 02:32:07 PM »

Thanks Pondus for such information.
This file is some kind of trojan.

Here is a result of scanning at www. virustotal.com:
https://www.virustotal.com/en/file/a8df500f25f038bd0044415c1e67ea34391d6e3ce6560a38fe3fa0b1c0218bdf/analysis/

Pondus · « **Reply #5 on:** March 10, 2016, 02:33:04 PM »

then this is next to get it removed

follow instructions here https://forum.avast.com/index.php?topic=53253.0
we need Malwarebytes and Farbar Recovery Scan Tool logs, attach the logs, 3 logs total

see below the box you write in ... Attachments and other options

A malware expert will then assist you when online

REDACTED · « **Reply #6 on:** March 10, 2016, 02:41:26 PM »

Thanks Pondus
I will do that ASAP.
Bye

Pondus · « **Reply #7 on:** March 10, 2016, 10:43:15 PM »

Confirmed infected by ESET

===============================================================
Thank you for your submission.
The detection for this threat will be included in our next signature update, expected version: 13157.

New Text Document.lnk - LNK/TrojanDownloader.Agent.A trojan
===============================================================

Seems to be made with Trillium Toolkit
https://blogs.mcafee.com/mcafee-labs/trillium-toolkit-leads-widespread-malware/

Author Topic: Potentially harmful software (Read 2079 times)

REDACTED

Potentially harmful software

Eddy

Re: Potentially harmful software

REDACTED

Re: Potentially harmful software

Pondus

Re: Potentially harmful software

REDACTED

Re: Potentially harmful software

Pondus

Re: Potentially harmful software

REDACTED

Re: Potentially harmful software

Pondus

Re: Potentially harmful software