Author Topic: bogent  (Read 4816 times)

0 Members and 1 Guest are viewing this topic.

new_new

  • Guest
bogent
« on: September 06, 2012, 12:25:36 PM »
Hi

My Avast Is Update And my Problem is About Trainer Of Video Game.

When I Download A Trainer And Scan This , Avast say : NOT THREAT FOUND , And I Upload Trainer On my Site , But When I Want Download This File From My Site , Avast Give Me a Alert And Say : WIN32.BOGENT Found And Block Download Address , When I Download This File and Scan Again , Avast say : NOT THREAT FOUND

What's Th Problem ?

One Of the trainer : http://www.restfile.net/sjuz0ojc8b55/I.AM.ALIVE.PLUS7TRN.LINGON.ZIP.html - For Download - From Down Page , Click on GET LINK

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: bogent
« Reply #1 on: September 06, 2012, 12:33:04 PM »
upload file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before click rescan)
post scan link here for us to see


alternative test
jotti.org
metascan-online.com

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: bogent
« Reply #2 on: September 06, 2012, 12:39:44 PM »
ok tested one file .....

22/42
https://www.virustotal.com/file/791126ea4b73d8426d6e827872cdbb43bf54b7b1242a539e5f1e8f8ce71acb47/analysis/1346927871/
http://virusscan.jotti.org/en/scanresult/407c355d4014c54061cbc7045c8cc2efaf34e8c7



avast detect it as PUP - not a virus - Possible Unwanted Program    http://searchsecurity.techtarget.com/definition/PUP
Malwarebytes detect it as - VirTool.Obuscator


dont think i want this in my comp  ;)

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=e0f54caac36f4dda13268501b037f26d


Norman sandbox file info
Quote
[ DetectionInfo ]
     * Filename: C:\analyzer\scan\IAAlive+7Tr-LNG.exe.
     * Sandbox name: NO_MALWARE
     * Signature name: W32/Troj_Generic.DVHLP.
     * Compressed: NO.
     * TLS hooks: YES.
     * Executable type: Application.
     * Executable file structure: OK.
     * Filetype: PE_I386.

  [ General information ]
     * Anti debug/emulation code present.
     * Display message box (sample.exe) : A debugger has been found running in your system.Please, unload it from memory and restart .
     * File length:      2086912 bytes.
     * MD5 hash: e0f54caac36f4dda13268501b037f26d.
     * SHA1 hash: cebf7a715a0eae3fbac642f8adcf5b4189047d72.




« Last Edit: September 06, 2012, 01:11:27 PM by Pondus »


new_new

  • Guest
Re: bogent
« Reply #4 on: September 06, 2012, 12:47:39 PM »
So , You Think it's Not Dangerous Program Or Bad Software  And Not Problem , Right ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: bogent
« Reply #5 on: September 06, 2012, 12:54:36 PM »
So , You Think it's Not Dangerous Program Or Bad Software  And Not Problem , Right ?
no, i would not trust that

new_new

  • Guest
Re: bogent
« Reply #6 on: September 06, 2012, 12:58:30 PM »
So , What Can I Do now ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: bogent
« Reply #7 on: September 06, 2012, 01:01:30 PM »
So , What Can I Do now ?
do ....  ???    dont download it, forget it .....but it is your computer so you do as you want

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: bogent
« Reply #8 on: September 06, 2012, 04:52:12 PM »
The more so as I get this threat description from MS Virus Encyclopedia
Quote
VirTool:Win32/Obfuscator are detections for programs that have had their purpose obfuscated to hinder analysis or  detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.
 
These obfuscation techniques are used on various kinds of malware. The malware that lies "underneath" may have virtually any purpose.
And as we follow the Threat Expert Analysis given in an earlier posting in this thread, we find "Packed.Vmpbad!gen4" ->
Quote

Packed.Vmpbad!gen4 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software. This heuristic detection is used to detect threats associated with multiple threat families.
Quote
Quote taken from Symentic Security response, low risk level
but
Quote
files that are detected as Packed.Vmpbad!gen4 are considered malicious
same quote source Symantic Security Response technical details.
I would therefore classify this rather as riskware than as a possible unwanted program,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!