Author Topic: /!\ Warning/!\ a new breed of virous  (Read 4348 times)

0 Members and 1 Guest are viewing this topic.

00MARCUS00

  • Guest
/!\ Warning/!\ a new breed of virous
« on: September 27, 2009, 06:57:06 PM »
Hi im a new member to this site, and to tell you the truth the only reason  i joined is to warn people about this new type of virus.
I have avast pro 4.8x... I was on youtube looking for a way to get free itunes points(don't try that!!) and some one recommended that i download this file to give me free points. he had a 5 star rating from 7 different users , so i trusted him. I download the file . and you guessed it , i got a memory dump (blue screen). IT probably attacker my registry . i  had to format my drive and reinstall vista :'(. now normal whenever i download a virus avast stops the download , or at least deletes it after download. i even scanned it!!!! If your an administrator at this website and you want the file , so you can research it tell me i can problem go back and find its download page.....

                                                                 Dont Download Wired files!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67203
Re: /!\ Warning/!\ a new breed of virous
« Reply #1 on: September 27, 2009, 08:57:23 PM »
Thanks for posting and welcome to avast forums ;)
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: /!\ Warning/!\ a new breed of virous
« Reply #2 on: September 27, 2009, 09:21:47 PM »
Send the file to VirusTotal.

That way you can tell if it's really a virus. And all the AV companies will get it.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

00MARCUS00

  • Guest
Re: /!\ Warning/!\ a new breed of virous
« Reply #3 on: September 28, 2009, 12:12:45 AM »
Hears its info :o

a-squared   4.5.0.24   2009.09.27   -
AhnLab-V3   5.0.0.2   2009.09.26   -
AntiVir   7.9.1.25   2009.09.25   -
Antiy-AVL   2.0.3.7   2009.09.27   -
Authentium   5.1.2.4   2009.09.27   -
Avast   4.8.1351.0   2009.09.27   -
AVG   8.5.0.412   2009.09.27   -
BitDefender   7.2   2009.09.27   -
CAT-QuickHeal   10.00   2009.09.26   (Suspicious) - DNAScan
ClamAV   0.94.1   2009.09.27   -
Comodo   2455   2009.09.27   -
DrWeb   5.0.0.12182   2009.09.27   -
eSafe   7.0.17.0   2009.09.24   Suspicious File
eTrust-Vet   31.6.6763   2009.09.27   -
F-Prot   4.5.1.85   2009.09.27   -
F-Secure   8.0.14470.0   2009.09.27   -
Fortinet   3.120.0.0   2009.09.27   -
GData   19   2009.09.27   -
Ikarus   T3.1.1.72.0   2009.09.27   -
Jiangmin   11.0.800   2009.09.27   -
K7AntiVirus   7.10.855   2009.09.26   -
Kaspersky   7.0.0.125   2009.09.27   Packed.Win32.TDSS.z
McAfee   5754   2009.09.27   -
McAfee+Artemis   5754   2009.09.27   -
McAfee-GW-Edition   6.8.5   2009.09.27   -
Microsoft   1.5005   2009.09.23   VirTool:Win32/Obfuscator.GN
NOD32   4462   2009.09.27   -
Norman   6.01.09   2009.09.26   -
nProtect   2009.1.8.0   2009.09.27   -
Panda   10.0.2.2   2009.09.27   -
PCTools   4.4.2.0   2009.09.27   -
Prevx   3.0   2009.09.28   -
Rising   21.48.62.00   2009.09.27   -
Sophos   4.45.0   2009.09.27   -
Sunbelt   3.2.1858.2   2009.09.27   -
Symantec   1.4.4.12   2009.09.27   -
TheHacker   6.5.0.2.019   2009.09.26   -
TrendMicro   8.950.0.1094   2009.09.25   -
VBA32   3.12.10.11   2009.09.27   -
ViRobot   2009.9.26.1958   2009.09.26   -
VirusBuster   4.6.5.0   2009.09.27   -
Additional information
File size: 79872 bytes
MD5...: 9d46e75e9117cfbb3e6f53aa9198311c
SHA1..: 727127bb7bb1678001b24a19e72267495774ee47
SHA256: b6be9b79482f3dd9e3fcf787458a6dc33770a3aa32e5c886e52a2d42b9690c5a
ssdeep: 1536:BJgKXCiyoXMy0cWDBbPfClrI/3hIXGw6GxnhhM9kaY8MPDY:f/XCNKMeWDB
bPfAs/3LwBi9kaYjs
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1a54
timedatestamp.....: 0x4abd4060 (Fri Sep 25 22:12:48 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x51d4 0x5200 7.85 c05d92e24607faf403676c00688459e6
.rdata 0x7000 0x4dbe 0x4e00 7.82 a5beb4bcc9dbc79838a91f5ce62c16f5
.data 0xc000 0x4478 0x4600 7.93 80f75b8961ccc1bcacaa20925847c92d
.rsrc 0x11000 0x4b69 0x4c00 7.81 0549bd031b9a3fcd30f13597b458133f
.reloc 0x16000 0x3c 0x200 0.95 4681ad91803821febdf67e8138af808f

( 5 imports )
> kernel32.dll: EndUpdateResourceA, ExitProcess, GetVolumeInformationW, GetVersion, GetNumberFormatW, LoadLibraryA, TlsFree, RaiseException, VirtualFree, GetModuleHandleA, InitializeCriticalSection, ReadFile, GetDiskFreeSpaceExW, VirtualProtect, SwitchToThread, LeaveCriticalSection, VirtualAlloc, LoadResource, SetEvent, GetCurrentDirectoryA, IsBadHugeReadPtr
> msvcrt.dll: _acmdln, __crtGetLocaleInfoW, getc, __p__dstbias, gmtime, _wremove, islower, _wasctime, sinh, __p__fmode, _wfullpath, _getmbcp, _locking, isupper, _unexpected@@YAXXZ, _ismbcalnum, fseek, _HUGE, _execve, isspace, _wspawnve, _wsplitpath, memcpy, vfprintf, getenv
> comdlg32.dll: ReplaceTextW, FindTextW, GetFileTitleW, dwOKSubclass, PrintDlgW, FindTextA, GetFileTitleA, PageSetupDlgW, LoadAlterBitmap, ChooseColorA, ReplaceTextA, WantArrows, ReplaceTextA, GetSaveFileNameA
> winmm.dll: mciSendCommandW, mmioSeek, mixerGetDevCapsW, waveOutWrite, CloseDriver, aux32Message, midiStreamStop, mciGetErrorStringA, mciLoadCommandResource, mmioSetInfo, mmioRead, midiInGetNumDevs, waveOutClose, waveOutOpen
> opengl32.dll: glFeedbackBuffer, glEvalCoord1f, glEvalPoint1, glClearStencil, glColor4uiv, wglCreateLayerContext, glDebugEntry, glEnd, glGetMapiv, wglRealizeLayerPalette, glEvalCoord2f, glColor3usv, glVertex3dv, glEvalCoord1dv

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87660
  • No support PMs thanks
Re: /!\ Warning/!\ a new breed of virous
« Reply #4 on: September 28, 2009, 01:42:54 AM »
If this one is correct then it could come to the party with friends.
Quote
Kaspersky   7.0.0.125   2009.09.27   Packed.Win32.TDSS.z

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

00MARCUS00

  • Guest
Re: /!\ Warning/!\ a new breed of virous
« Reply #5 on: September 28, 2009, 05:41:54 AM »
If this one is correct then it could come to the party with friends.
Quote
Kaspersky   7.0.0.125   2009.09.27   Packed.Win32.TDSS.z

Send the sample to virus@avast.com zipped and password protected with the password in email body



As in winRAR or 7zip ,or what?

Offline mathboyx215

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 449
Re: /!\ Warning/!\ a new breed of virous
« Reply #6 on: September 28, 2009, 06:01:06 AM »
You can zip it with any program
It is not possible to divide anything by zero