Author Topic: Worm.VBS.Dunihi.W  (Read 25689 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #30 on: January 01, 2014, 03:05:51 PM »
You can report it in their forums: https://forums.malwarebytes.org/index.php?s=66a1706d6127bc63b0a32c2ac10b7c4a&showforum=51

That link is dead.

Malwarebytes still won't detect it. Has someone reported it to them?
It is now .... reported

Found, Mod answered to "Will look at it shortly"
 
Topic Locked.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Worm.VBS.Dunihi.W
« Reply #31 on: January 01, 2014, 03:14:25 PM »
That link works for me here. Weird. ???
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #32 on: January 01, 2014, 03:26:57 PM »
That link works for me here. Weird. ???

I'm having issues talking to any MBAM site.... Must just be me
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Worm.VBS.Dunihi.W
« Reply #33 on: January 01, 2014, 03:29:21 PM »
Thats weird.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89640
  • No support PMs thanks
Re: Worm.VBS.Dunihi.W
« Reply #34 on: January 01, 2014, 03:35:41 PM »
That link works for me here. Weird. ???

Whilst the link didn't appear dead, it is taking an eternity to load with the waiting for malwarebytes... etc. displayed at the bottom of the screen.

EDIT: Just been back and it has loaded, there must be some issues with the site.
« Last Edit: January 01, 2014, 03:37:29 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #35 on: January 01, 2014, 03:48:42 PM »
That link works for me here. Weird. ???

Whilst the link didn't appear dead, it is taking an eternity to load with the waiting for malwarebytes... etc. displayed at the bottom of the screen.

EDIT: Just been back and it has loaded, there must be some issues with the site.

I had some 403 error saying the site was having Capacity Issues or down for Maintence. Are they under attack or something? I've never had an issue on MBAM's website.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Worm.VBS.Dunihi.W
« Reply #36 on: January 01, 2014, 03:57:08 PM »
They could be attacked or maybe they are doing some maintenance, maybe they need to shutdown the server or parts from them
so they have less capacity then usual.

It takes forever here to load too.
Maybe they are being attacked at the moment, or the hoster is being attacked.

http://www.downforeveryoneorjustme.com/forums.malwarebytes.org

Now i cannot even reach the website, it ends up with an error.
« Last Edit: January 01, 2014, 04:03:15 PM by Steven Winderlich »
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #37 on: January 01, 2014, 04:15:45 PM »
They could be attacked or maybe they are doing some maintenance, maybe they need to shutdown the server or parts from them
so they have less capacity then usual.

It takes forever here to load too.
Maybe they are being attacked at the moment, or the hoster is being attacked.

http://www.downforeveryoneorjustme.com/forums.malwarebytes.org

Now i cannot even reach the website, it ends up with an error.

Given what they do, I'd guess it's an attack. Dang it

Steven, if you're on the MBAM forums, what class (If any at all) are you in?
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Worm.VBS.Dunihi.W
« Reply #38 on: January 01, 2014, 04:20:44 PM »
Im not on the Malwarebytes forums, sorry. :)

I had seen a livestream some months ago from a youtuber called Markiplier.
And 30 minutes after beginning the livestream someone found out his IP and DDossed his home router.

And what has he done?  He got his laptop and his equipment and got over to his brothers house and continued there. :D
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #39 on: January 01, 2014, 04:33:47 PM »
Im not on the Malwarebytes forums, sorry. :)

I had seen a livestream some months ago from a youtuber called Markiplier.
And 30 minutes after beginning the livestream someone found out his IP and DDossed his home router.

And what has he done?  He got his laptop and his equipment and got over to his brothers house and continued there. :D

Lol. Way to get the guy back. Basically saying try me.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Worm.VBS.Dunihi.W
« Reply #40 on: January 01, 2014, 04:36:52 PM »
Good that they havent found out his brothers IP address. :D

But later the Charity Site was attacked. He was making a charity livestream at that time.

You can look his channel here: http://www.youtube.com/user/markiplierGAME?feature=watch

The Drunk Minecraft season is really fun: http://www.youtube.com/playlist?list=PL4E8CE9E89554302E
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #41 on: January 01, 2014, 04:50:48 PM »
Oh, I've seen drunk minecraft players. It's quite funny when you kill them
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Worm.VBS.Dunihi.W
« Reply #42 on: January 01, 2014, 04:53:36 PM »
He has done a whole row of Drunk Minecraft.

Pretty Funny.

Episode 13 Latins Wrath is really funny. You can find it in the playlist.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Re: Worm.VBS.Dunihi.W
« Reply #43 on: January 01, 2014, 05:02:59 PM »
Hi Steven Winderlich and alan1998,

Always like to give you two eager young anti-malware dogs some additional inspiration and some info to bite on,
so go over following information on the latest VBS malcode.
Are these detections somehow related? Is this another flaw of VBS or just the one we are discussing here?
See: http://urlquery.net/report.php?id=8649257
See: https://www.virustotal.com/nl/url/cfb2e14fee52d00931436ec10366da9df39465e5472e4e759d4711e98a866280/analysis/
See: https://www.virustotal.com/nl/file/11216d699c21213064d63796cf74fbd1f07f0d58f024f1a38cab2382be4dfa24/analysis/1388270716/
avast! detects as VBS:Malware-gen as you two mentioned.
And the Bitdefender foum report here: http://forum.bitdefender.com/index.php?showtopic=40871
See how it became viral: http://processchecker.com/file/avcheck.exe.html
And what Alex Nightwatcher reports here: http://regrunreanimator.com/newvirus/malware/avcheck-exe.htm

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Worm.VBS.Dunihi.W
« Reply #44 on: January 01, 2014, 05:20:59 PM »
Process Checker:

Sorry, reading that site (Processcheck) made me crack up laughing. They're using a PUP program without a good reputation to check a computer with a "PDF" (Potential Dangerous File).

I'll continue reading here.

From the same site: Something wrong with avcheck.exe ?

Is avcheck.exe using too much CPU or memory ? It's probably your file has been infected with a virus. Let try the program named to see if it helps.

Snickers. Looks @ Task Manager to see DreamWeaver using 99% of the CPU

Bit Defender Report

Seems like it's fine. Nothing wrong. AVCheck.exe is Bit Defender Product.


VirusTotal:

https://www.virustotal.com/en/file/11216d699c21213064d63796cf74fbd1f07f0d58f024f1a38cab2382be4dfa24/analysis/1388270716/ (Random file name, so what is the program?)


VirusTotal:

https://www.virustotal.com/en/url/cfb2e14fee52d00931436ec10366da9df39465e5472e4e759d4711e98a866280/analysis/

Interesting. If this really is a Bit Defender Product, why is it considered to be a "Bad" website and product?

URL Query to me = total confusion.

« Last Edit: January 01, 2014, 05:28:42 PM by alan1998 »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.