Author Topic: Does avast! detect this executable? Scareware? (Read 4023 times)

polonus · « **on:** October 27, 2013, 10:37:19 PM »

See: https://www.virustotal.com/nl/url/b60de77c1616b207a931a5e79b7354ce8afa73815e8aa0ec32ec26f5ef575833/analysis/1382908880/
and https://www.virustotal.com/nl/file/3487045fe79491b901f09646835f30aaea6419cd268bdb1e2524bf10e501fe4f/analysis/1382874085/
IDS alerts here: http://urlquery.net/report.php?id=7219507
Server redirect Code: 404, Content cannot be read!
See: http://support.clean-mx.de/clean-mx/viruses.php?ip=66.7.217.40&sort=id%20DESC
htxp://www.securitystronghold.com/files/go-remove-malware/InterpolRansomwareVirusRemovalTool.exe is in Dr.Web malicious sites list!
The WOT web rep status: http://www.mywot.com/en/scorecard/securitystronghold.com?utm_source=addon&utm_content=popup-donuts
-> http://www.mywot.com/en/scorecard/go-remove-malware.com?utm_source=addon&utm_content=popup-donuts
Quttera's scanner detects:
/rss
Severity:    Potentially Suspicious
Reason:    Detected procedure that is commonly used in suspicious activity.
Details:   Detected abnormal use of [iframe] elements. Treat it as suspicious.
File size[byte]:    27986
File type:    ASCII
MD5:    18C8729CEEB41F234B06E42F401A317A
Scan duration[sec]:    0.021000
Anubis analysis: http://anubis.iseclab.org/?action=result&task_id=1a696b88c61f499a40984dc32c9beddd4&format=html
Verdict unknown,

pol

Secondmineboy · « **Reply #1 on:** October 27, 2013, 10:40:45 PM »

Avast is not detecting it on download and Scan.

I will test it in a VM now.

Secondmineboy · « **Reply #2 on:** October 27, 2013, 10:52:50 PM »

The file is also installing RegCleanPro, which is Junkware.

The Program actually looks good.

And its signed by Security Stronghold.

But i would consider this as junk.

Pondus · « **Reply #3 on:** October 27, 2013, 10:58:31 PM »

old file....
First submission 2013-07-16 00:39:25 UTC ( 3 months, 1 week ago )

polonus · « **Reply #4 on:** October 27, 2013, 10:58:47 PM »

Hi Steven Winderlich,

Can you confirm this is coming with Flipora Search ad-junk, detected as PUP?
See: http://www.removepcthreat.com/remove-flipora-search-flipora-search-removal-flipora-search-how-to-remove-flipora-search-delete-flipora-search-uninstall-flipora-search-how-to-delete-flipora-search-how-to-uninstall-flipora-sea/

Damian

Secondmineboy · « **Reply #5 on:** October 27, 2013, 11:01:48 PM »

I will restart the VM and will see what is going on.

Secondmineboy · « **Reply #6 on:** October 27, 2013, 11:08:31 PM »

Nothing in IE, Firefox or Chrome either.

Also no startup key set, just RegCleanPro starting up(and crashing).

Thera was something in Firefox and Chrome, about that just RegClean Stuff, ADW Log attached.

Secondmineboy · « **Reply #7 on:** October 27, 2013, 11:18:36 PM »

OTL Logs

Secondmineboy · « **Reply #8 on:** October 27, 2013, 11:53:56 PM »

Malwarebytes Log

polonus · « **Reply #9 on:** October 28, 2013, 12:03:26 AM »

There the PUP detection for Flipora is being confirmed,

pol

Secondmineboy · « **Reply #10 on:** October 28, 2013, 12:53:51 AM »

OK.

Im not that good on ADWCleaner Logs with this preferences things.

Author Topic: Does avast! detect this executable? Scareware? (Read 4023 times)

polonus

Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?

Pondus

Re: Does avast! detect this executable? Scareware?

polonus

Re: Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?

polonus

Re: Does avast! detect this executable? Scareware?

Secondmineboy

Re: Does avast! detect this executable? Scareware?