Author Topic: Some banners xD  (Read 4212 times)

0 Members and 1 Guest are viewing this topic.

AbaddonRaptus

  • Guest
Some banners xD
« on: March 14, 2010, 10:01:49 AM »
fix this please http://files.mail.ru/1QAQYX
I hope that AVAST will be best antivirus))

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Some banners xD
« Reply #1 on: March 14, 2010, 12:37:03 PM »
I am not getting any avast alarm on this website .... ???

This page seems to be <clean>
http://www.UnmaskParasites.com/security-report/?page=files.mail.ru/1QAQYX

Only this link
Diagnostic page for blogs.mail.ru   http://www.google.com/safebrowsing/diagnostic?site=blogs.mail.ru
Malicious software is hosted on 1 domain(s), including tracegirlsonline.com/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including siggiez.com/, mayatek.info/.

Altarir.

  • Guest
Re: Some banners xD
« Reply #2 on: March 14, 2010, 01:28:41 PM »
I am not getting any avast alarm on this website .... ???

Site is clean, I believe he meant the file on that page.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Some banners xD
« Reply #3 on: March 14, 2010, 02:51:20 PM »
Banners of Ads are normally rotating and there is a rash of what is determined as ad poisoning, see http://blog.avast.com/2010/02/18/ads-poisoning-%e2%80%93-jsprontexi/ for more information.

So I don't know if this is what the OP is experiencing as there is no real information in the post.
« Last Edit: March 14, 2010, 02:53:34 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Some banners xD
« Reply #4 on: March 14, 2010, 03:04:14 PM »
I am not getting any avast alarm on this website .... ???

Site is clean, I believe he meant the file on that page.

OK I see what you mean.

VirusTotal doesn't find much 4/42 detections and 3 of those are heuristic/generic so there is room for doubt and requires further analysis.

http://www.virustotal.com/analisis/49a86b0aacc5a184ca86d1f889f7b247101ba1d32f76badfcb8a78c4bee1c06e-1268550924

@ AbaddonRaptus
You should send the file to avast for further analysis:
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and possible undetected malware in the subject. Or manually add it to the avast Chest and send it from there.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

13thSlayer

  • Guest
Re: Some banners xD
« Reply #5 on: March 14, 2010, 05:02:46 PM »
A threatexpert report on this: http://www.threatexpert.com/report.aspx?md5=4425f41d287f644b48d3d71624c8812f ... Looks interesting.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Some banners xD
« Reply #6 on: March 14, 2010, 05:16:42 PM »
Hi AbaddonRaptus, 13thSlayer, Altaris, DavidR & Pondus,

Here is the WepaWet analysis for a hidden link to content3 dot files dot mail dot ru from the main page:
hXp://content3.files.mail.ru/1QAQYX/50ad38b11b3b931863da231b6192b08b

http://wepawet.iseclab.org/view.php?hash=62c8ac86253cc0c88b9df03d386146e0&t=1268582555&type=js

This apparently has the Mal/EncPk-NS malicious behaving spyware - a generic find
exploiting an Adobe exploit - look for malicious BHO like found via HJT as example given below here:
Quote
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Interesting what cooperation of posters in this thread delivers. Thanks for the input folks,
lesson learned never trust anything, anything at first "site"...I mean at first sight of course

polonus
« Last Edit: March 14, 2010, 05:20:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!