Author Topic: One virus and One question...  (Read 1205 times)

Offline droland1978

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
One virus and One question...
« on: April 19, 2012, 05:48:13 AM »
Dear Avast!

Sorry for the bad eng lang...

This is a virus, but the avast is quiet. Only "fájlrendszer védelem" (maybe: filesystem shield?) is installed. Why not alert to this file the avast if the filesystem shield is installed?
hxxp://data.hu/... (removed)
(Download with "lassú letöltés")

The question: Why not default settings in the the avast alarm: if a file has a two or more extensions, and the last extension name is exe?

Sorry for the bad lang...

droland


« Last Edit: April 20, 2012, 09:32:52 AM by Milos »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21799
  • Gender: Male
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #1 on: April 19, 2012, 06:09:56 AM »
No detection .......if it is malware ?

Virustotal
https://www.virustotal.com/file/4cd6911def733782d2b587cee1d4f56662fa26aff78ad522e2e08a308f5e73ac/analysis/1334815667/


First seen by VirusTotal
 2012-04-19 06:07:47 UTC ( 1 minutt ago )
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #2 on: April 19, 2012, 11:59:58 AM »
@ droland1978
The fact that a file has two or more extensions, doesn't automatically mean it is malware. There are many legitimate instances where a file will have multiple . (periods) in it but they aren't necessarily file extensions.

However, in this case avast 'does alert' on this file (see image, click to expand) with the latest avast virus definitions, 120419-0. This is a web shield alert when trying to download of your file sharing site link.

Please remove the file sharing link as you have no control over who might download it or what they may do with it.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20172
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #3 on: April 19, 2012, 01:48:42 PM »
See file analysis here: htxp://malwr.com/analysis/c786163f2612d6d95625d44513bf803b/
Has it been forwarded to virus AT avast dot com? See: htxp://r.virscan.org/d0c5618dbea6b618a8e325965b1591ad
Here are three examples with a bad status: htxp://isthisfilesafe.com/filename/Fire%2520Safety%2520Guidance.pdf.exe_details.aspx

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #4 on: April 19, 2012, 02:45:46 PM »
Doesn't have to be sent to avast as it already detects it (my last image) unless you are talking about a different file to Fire_Safety_Guidance.pdf.exe.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21799
  • Gender: Male
    • Personal Message (Offline)
« Last Edit: April 19, 2012, 06:08:12 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #6 on: April 19, 2012, 06:45:47 PM »
Well that doesn't match what the file captured via avast's .tmp, shows on a VT scan, now 27/42 https://www.virustotal.com/file/c616776dffcb4a4d76894a3ced05ffe92a131349011c350a8456259363a1f20e/analysis/1334860717/.

See image extract of file content, looks like no html file I have ever seen.

I believe jotti are only seeing results of the file sharing link and not the actual file.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21799
  • Gender: Male
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #7 on: April 19, 2012, 07:06:15 PM »
hmmm...that is the file that orbit download.....   ???
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #8 on: April 19, 2012, 08:18:00 PM »
I don't know about orbit, but that is the file that avast alerted on when trying to download the file sharing link and the one I uploaded to VT, as can be seen in the unp999999.tmp file name.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2180
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #9 on: April 20, 2012, 08:15:00 AM »
File confirmed as malicious.  Avast detects Fire_Safety_Guidance.pdf.exe as a virus.  File placed in chest.  Thanks DavidR.

Would like to point out OP has not made link not clickable yet.  Can a moderator get this done if OP does not?

EDIT:  Attached new screenshot of chest; latest virustotal now at 30/42 reporting.
« Last Edit: April 20, 2012, 08:23:57 AM by mchain »
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: One virus and One question...
« Reply #10 on: April 20, 2012, 09:29:40 AM »
You're welcome, I have reported it to moderator, hopefully the file share link will be removed, not just made inactive.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now