Author Topic: MSIL/TrojanDropper.Agent.EZ - not found by avast  (Read 3823 times)

0 Members and 1 Guest are viewing this topic.

_seven_

  • Guest
MSIL/TrojanDropper.Agent.EZ - not found by avast
« on: April 10, 2011, 06:22:43 PM »
hi,
i found that avast isn't sensitive to a file that's made by a keylogger.
but it's found as a trojan by avg and nod32.
dl link of file : hxxp://up.iranblog.com/images/17sgautb8j7xqlwwkrv.rar

was a report.
« Last Edit: April 10, 2011, 06:47:22 PM by _seven_ »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: MSIL/TrojanDropper.Agent.EZ - not found by avast
« Reply #1 on: April 10, 2011, 06:43:22 PM »
Hi munge the link so the unaware may not click on it and get themselves infected, put link address like hxtp://etc.

Mail this file link to virus AT avast.com so detection can be added.
See:
http://www.virustotal.com/url-scan/report.html?id=06f068efe429ab1f8b6ff8898dd69043-1302445468
malware site, other malware also detected here: http://safeweb.norton.com/report/show?url=htxp://up.iranblog.com/images/criqw8irqh2azku1lze7.jpg
Web Attack: Suspicious Executable Image Download
Site has PUA-PackedASPack here: hxtp://up.iranblog.com/images/3bqsuiykurdhhq0s2ahx.rar
http://www.virustotal.com/file-scan/report.html?id=d32abe62c76f3a9ef2946cc9b5cbb1dcb554031947c2efee470a6873cfd28150-1302357812
BackdoorWin32Armageddon here: hxtp://up.iranblog.com/images/pp23ljo3m69q0r3jvm5.zip
http://www.virustotal.com/file-scan/report.html?id=24e120374f56cccea10e477d8a34d675ff53cdcdbc7bd41948a91d8ba77f26ca-1301716884 (2 detections, not detected by avast)
and TR/Spy.131072.128 here: htxp://www.up.iranblog.com/images/d0xuepaexh8vimf8eyx.rar
this one is detected by avast as Win32:Trojan-gen, see:
http://www.virustotal.com/file-scan/report.html?id=e1be077fd8b727956e0b5326751c2d5bc57c70a9f39bfbfbf89655d1dad8f877-1301653330

Anyway thanks for reporting,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MSIL/TrojanDropper.Agent.EZ - not found by avast
« Reply #2 on: April 10, 2011, 06:44:53 PM »
Looks suspicious as it would not run in a VM - so break the link please

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37524
  • Not a avast user

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: MSIL/TrojanDropper.Agent.EZ - not found by avast
« Reply #4 on: April 10, 2011, 06:58:56 PM »
Hi essexboy,

Why these x-rar files do not open up in a virtual machine? application/x-rar
Reported some here and see a lot of these malcreations on the Internet lately going under the av-radar!
For this one, see: htxp://jsunpack.jeek.org/dec/go?report=d48f8e16e8939bfd9a72f8a997691013910d2b0a
(only go there when you are security aware, sandboxed and have ample script blocking)
list of javascripts included:
source/includes/genjscript.js  (a so-called multi-hoster script)
htxp://up.iranblog.com/style.js
htxp://www.google-analytics.com/urchin.js

pondus; QuicTime malware?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

_seven_

  • Guest
Re: MSIL/TrojanDropper.Agent.EZ - not found by avast
« Reply #5 on: April 10, 2011, 07:01:31 PM »
i sent the file to Avast AT,
anyhow when the chosen keylogger configurations are set and ur file is made, it can be harmful.

urs sincerely

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37524
  • Not a avast user
Re: MSIL/TrojanDropper.Agent.EZ - not found by avast
« Reply #6 on: April 10, 2011, 07:06:32 PM »
also undetected by Malwarebytes, will upload   ;)