a variant of Win32/Injector.NVT

Hi I would like to report a virus / Trojan or keylogger called " a variant of Win32/Injector.NVT " This thing went through the security of avast home.

How do you know the name if it went through ?..what detected it?
do you have a sample you can upload to avast lab ?

Jotti - Updater.exe
http://virusscan.jotti.org/en/scanresult/a5381389940ad4050ce6aad9293e4ab0e4b9dda7

jotti - YouToob FE.exe
http://virusscan.jotti.org/en/scanresult/782659efaab33f4abdf032a45aebd1aa5ba19727

Thanks…uploaded to avast / SAS / MBAM :wink:

Hi Pondus,

Is that the same malware as being scanned here by VT?: https://www.virustotal.com/file/3e5e101919c50d22c1cb3fc30ba594ece90327fe4637d27677f39b1847e45e24/analysis/
This malware status is because of user rating(s)? So the Symantic classification = WS.Reputation.1.

I see this scan report from here: http://teachgalaxy.com/archive/index.php/thread-1151.html
that is Youtube FE.exe scan: http://www.virustotal.com/file-scan/report.html?id=3e5e101919c50d22c1cb3fc30ba594ece90327fe4637d27677f39b1847e45e24-1323266005#
and Update.exe scan: http://www.virustotal.com/file-scan/report.html?id=0017b19a18c455ea3fb05e81fad667f3095974e203cd8994ace5b959a67cf86f-1322781923

The download scan from DrWeb’s URL checker:
Checking: =-https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
File size: 89.20 KB
File MD5: 459076b536e7df0411c5a265fcce3600

-https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - archive JS-HTML

-https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js/JSTag_1[11530][4f9d] - Ok
-https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - Ok

Checking:-http://api.recaptcha.net/js/recaptcha_ajax.js
File size: 72.15 KB
File MD5: 4a9bfe6040206d764939815410f76196

-http://api.recaptcha.net/js/recaptcha_ajax.js - archive JS-HTML

-http://api.recaptcha.net/js/recaptcha_ajax.js/JSFile_1[0][12097] - Ok
-http://api.recaptcha.net/js/recaptcha_ajax.js - Ok

Checking: -http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js
File size: 27.65 KB
File MD5: 88f230e8a6d63cac64718708837e36bc

-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js - archive JS-HTML

-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js/JSTAG_1[266][fe3] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js/JSTAG_2[1500][99c] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js/JSTAG_3[4323][bf] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js/JSTAG_4[5884][7a9] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js/JSTAG_5[6a94][19a] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js/JSTAG_6[6c92][eb] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4///mc.yandex.ru/metrika/watch.js - Ok

Checking: -http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar
Engine version: 7.0.0.11250
Total virus-finding records: 2626926
File size: 27.43 KB
File MD5: 3a4fc81b0b15690e82996899edf0fa52

-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar - archive JS-HTML

-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar/JSTAG_1[266][fe3] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar/JSTAG_2[1500][99c] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar/JSTAG_3[4323][bf] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar/JSTAG_4[57a8][7a9] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar/JSTAG_5[69b8][19a] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar/JSTAG_6[6bb6][eb] - Ok
-http://www.crocko.com/22A48B67E0FE428DA98382E0C7C656D4/Youtube_Bot.rar - Ok

See: http://urlquery.net/report.php?id=20160 suspicious

Is that the same malware as being scanned here by VT?
yepp....i did a VT and Metascan also ;)

ThreatExpert report`s

http://www.threatexpert.com/report.aspx?md5=460913839dc3055b61c6ef5519547b94
http://www.threatexpert.com/report.aspx?md5=882e69bb825cb859401706247ff98b79

So avast now will find this virus ?

soon…maybe next update