Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Many new instances of Adware.InstallCore.75 not detected...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Many new instances of Adware.InstallCore.75 not detected... (Read 2218 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Many new instances of Adware.InstallCore.75 not detected...
«
on:
December 18, 2012, 11:40:51 PM »
See:
http://zulu.zscaler.com/submission/show/d34c1f0741c71f6cbb13379fa133aae1-1355869181
See:
https://www.virustotal.com/file/69806bbe830f62ad2077cf13588ce074e927860adb235b02e25c7353b03fc029/analysis/
and
https://www.virustotal.com/url/76314dc7b12e32798ff900d89f02cc1449a90ce8b2a12c4cbbf02ba41a572013/analysis/1355869823/
DrWeb detects but gives the url scan as clean...
https://www.virustotal.com/file/99909ff66efa64cf6e6c4a65c67fd19eb15cbd9de07f04fbe9158efb0a6d800a/analysis/1355869839/
Site uses real user monitoring with
Code:
[Select]
var NREUMQ≈ NREUMQ||[];NREUMQ.push
redirects to htxp://d28me8o1j6adyz.cloudfront dot net/1355825149/i and live tracking monitoring script "htxp:")+'//api.mixpanel dot com/site_media/js/api/mixpanel.2.js
Is this site suspicious or bordering on malware, as sucuri finds nothing wrong there:
http://sitecheck.sucuri.net/results/mozilla-firefox.todownload.com/
and VirusWatch flags this with many instances launched from and active on 23.23.130.85
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Many new instances of Adware.InstallCore.75 not detected...[Partly SOLVED]
«
Reply #1 on:
December 19, 2012, 10:03:00 PM »
Here we see that avast is detecting this as a PUP:
https://www.virustotal.com/file/df4f2825bbaf8793d1a12c1f6f0f15317d801a4bc41bd8d240cc55a1ce733e09/analysis/
Here it is not being detected by avast's:
https://www.virustotal.com/file/fb115bc0323beb3f98618c452e0a9712702cc92df9cd102ac72924055f2bf7fe/analysis/
See:
http://zulu.zscaler.com/submission/show/c294b266c752d4eed98d9901d8a4d8eb-1355950799
see:
http://www.threatexpert.com/files/mediaplayer.exe.html
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33897
malware fighter
Re: Many new instances of Adware.InstallCore.75 not detected...
«
Reply #2 on:
December 19, 2012, 10:10:43 PM »
Here we can look at the CRDF Threat Center cache results:
http://webcache.googleusercontent.com/search?client=flock&channel={flock%3Acontext}&q=cache:UgqMFwuVqokJ:https://threatcenter.crdf.fr/%3FMore%26ID%3D109654%26D%3DCRDF.Adware.Win32.PEx.C.4247702585%2BTROJ_GEN.FCBCBKQ&oe=utf-8&hl=en&ct=clnk
(this because the site seems down aty the mo)
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Many new instances of Adware.InstallCore.75 not detected...