Author Topic: Does avast detect a variant of Win32/FlyStudio in PUP-mode?  (Read 2294 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
Does avast detect a variant of Win32/FlyStudio in PUP-mode?
« on: November 15, 2014, 02:55:31 PM »
Is this an undetected Virut alias aka variant of Win32/FlyStudio?

A variant of Win32.FlyStudio application is a broad category of malicious software that can include adware, spyware, viruses, trojans, backdoors, and worms. All of these programs are designed to thwart computer security and force unwanted system behavior, activities, or damage.

See: https://www.virustotal.com/nl/url/b01d2e9a6b728b51704526e073b41ec75a57cb1bbdd909ba25c5d61b82bc651b/analysis/1416059152/
and
https://www.virustotal.com/nl/file/ce9a85b1c691e9517181b67c84b5114a9457d57577626c79b5b37aa25c67c5bb/analysis/1416046670/
Listed and flagged here: http://urlquery.net/report.php?id=1416003033789
Also consider here the IDS alerts here: Recent reports on same IP/ASN/Domain

polonus
Last 6 reports on IP: 123.57.37.211  IDS for "ET POLICY Unsupported/Fake Windows NT Version 5.0", just faking UA's without much  8)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33990
  • malware fighter
Re: Does avast detect a variant of Win32/FlyStudio in PUP-mode?
« Reply #2 on: November 15, 2014, 03:40:08 PM »
Dame goes for this riskware, rojan.Win32.ShouQu.BA. here. Avast should detect most of these as Win32:Malware-gen.
https://www.virustotal.com/nl/url/a1afe1bdf4ff44c477bd3c5ce7f1ac54cea4dc87dfb19a54c9915d2196f5646a/analysis/1416061814/
Site blacklisted: http://quttera.com/detailed_report/hao.xtdqz.com
Scan for: htxp://hao.xtdqz.com
Hostname: hao.xtdqz dot com
IP address: 222.186.60.79

System Details:
Running on: nginx
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 403 Forbidden
See: https://malwr.com/analysis/OTA4NWJlNDkzZGMzNDY4MGEwMmE4MTFjNDRhYTA0MjA/
See: http://support.clean-mx.de/clean-mx/viruses.php?virusname=Trojan.Win32.ShouQu.bA&sort=id%20DESC
See: https://urlquery.net/report.php?id=1415981679422  -> http://support.clean-mx.de/clean-mx/viruses.php

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!