my wife downloaded that, not sure how, came from a mail I think, she probably clicked on an attachment randomly
I found it in a shared folder, knew I never put it there, and it disappeared from view as soon as I clicked on it (I know I shouldn't have clicked, I should have scanned it first
). Okay I then found it in Chest on her laptop, explaining how it disappeared as I said.
One question I have here is why wasn't it scanned and sent to Chest immediately when it was saved to disk in the first place. That's an executable, so why was it ignored until it got manually executed
(not mentioning that the webshield didn't stop it).
just for info: the file was called flvdirect.exe
info from prevx:http://www.prevx.com/filenames/X2669713580830956212-X1/FLVDIRECT.EXE.htmlFile Behavior
FLVDIRECT.EXE has been seen to perform the following behavior:
Writes to another Process's Virtual Memory (Process Hijacking)
This process creates other processes on disk
Executes a Process
Registers a Dynamic Link Library File
Creates new folders on the system
This Process Deletes Other Processes From Disk
Injects code into other processes
Found on infected systems and resists interrogation by security products
FLVDIRECT.EXE has been the subject of the following behavior:
Created as a process on disk
Executed as a Process
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
edit: forgot to mention I submitted it to avast from the Chest interface.
more here:
https://www.virustotal.com/analisis/31d8d11054490283cc52970a02d197e37ac68bd1b910d5fec587c73349be3e3c-1273749497original site where the malware got downloaded (through using their services...):
hxxp://www.123greetingcard.com/