Site with nocive flash installation

[Henrique - RJ]

How to report site with malware ?

For virus[at]avast.com ?

Exist other way ?

[Pondus]

you can post the url here, but post it non clicable
http as hxxp and www as wxw

[Henrique - RJ]

wxw.gamestorrents.com

[Pondus]

sucuri report.    http://sitecheck.sucuri.net/results/gamestorrents.com

[Henrique - RJ]

But why avast don't block it if possue hidden iframe ?

poor avast!

[Pondus]

But why avast don't block it if possue hidden iframe ?

poor avast!

no security program have 100% detection, and never will...... if they did there would not be a virus problem

[Henrique - RJ]

And the false flash object update in the site ?

[Pondus]

the code displayed by sucuri is not detected by any one yet.... so can be very new, or not malicious

virustotal
https://www.virustotal.com/en-gb/file/8d3d5bcdf1b0bf4521d19b7aae8a8917b68329006432bf63d1da514c677ccb46/analysis/1367947228/

[Henrique - RJ]

And this ?

wxw.telona.org/tarde-demais-dvdrip-xvid-dual-audio-rmvb-dublado/

[Pondus]

and the flash update is not a flash update.... it goes to this program

VirusTotal
https://www.virustotal.com/en-gb/file/9eb7823c11cabbe85676abf5be0320b3c8ca26452d210590c439609df1a2f086/analysis/1367947824/

[Pondus]

And this ?

wxw.telona.org/tarde-demais-dvdrip-xvid-dual-audio-rmvb-dublado/

sucuri   http://sitecheck.sucuri.net/results/telona.org/tarde-demais-dvdrip-xvid-dual-audio-rmvb-dublado/

suspicious site...check it here  http://sucuri.net/

[Henrique - RJ]

and the flash update is not a flash update.... it goes to this program

VirusTotal
https://www.virustotal.com/en-gb/file/9eb7823c11cabbe85676abf5be0320b3c8ca26452d210590c439609df1a2f086/analysis/1367947824/

Yes, this a virus but any one detect it yet.

[Pondus]

and the flash update is not a flash update.... it goes to this program

VirusTotal
https://www.virustotal.com/en-gb/file/9eb7823c11cabbe85676abf5be0320b3c8ca26452d210590c439609df1a2f086/analysis/1367947824/

Yes, this a virus but any one detect it yet.

Sigcheck

publisher................: Systweak Inc
product..................: RegClean Pro
copyright................: (c) Systweak Inc
file version.............: RegClean Pro
signing date.............: 12:43 PM 3/19/2013
comments.................: This installation was built with Inno Setup.
signers..................: Systweak Software; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
description..............: RegClean Pro

[Henrique - RJ]

and the flash update is not a flash update.... it goes to this program

VirusTotal
https://www.virustotal.com/en-gb/file/9eb7823c11cabbe85676abf5be0320b3c8ca26452d210590c439609df1a2f086/analysis/1367947824/

Yes, this a virus but any one detect it yet.

Sigcheck

publisher................: Systweak Inc
product..................: RegClean Pro
copyright................: (c) Systweak Inc
file version.............: RegClean Pro
signing date.............: 12:43 PM 3/19/2013
comments.................: This installation was built with Inno Setup.
signers..................: Systweak Software; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
description..............: RegClean Pro

??

[!Donovan]

Hi all,

Sucuri detected the iframe because it was a hidden iframe leading to an external source, not because of its content.

Although there is indeed a hidden iframe present, there is still the possibility of this iframe not containing malicious content.

~!Donovan