Another executable avast! does not flag as yet?

See: https://www.virustotal.com/nl/url/754fe12209672fb0b9f342fc9b5153e0afb6cb5a3ce02a88a2f7763d322542f6/analysis/1388170168/
see: https://www.virustotal.com/nl/file/265d9b7dade4333b41ec32aed4e2ed474004c0822ad26748db022610a41c0ebd/analysis/1388170178/
see: http://urlquery.net/report.php?id=8573126
analysis → http://anubis.iseclab.org/?action=result&task_id=17b6f04425e1eb6e4815f84fb852ee98e

Interesting on same IP: http://support.clean-mx.de/clean-mx/viruses.php?id=16883044

See: https://www.virustotal.com/nl/url/080c4495a2c55d834f9abe61141a38f6480b4b139cb9cc90d356650a9265e0a5/analysis/1388170511/
and Probably harmless! There are strong indicators suggesting that this file is safe to use.

domain listed on domain graveyard → http://domaingraveyard.com/list/2013-12-14.txt
dowload site → http://www.scumware.org/report/222.186.61.183

Is it adware/spyware coming down this download site? → https://urlquery.net/report.php?id=8571167

polonus

Can you zip the file and send it too me?

Or

Send it too malwr.com and upload the results here;

Can you zip the file and send it too me?
why ...the link is already given ;)

First submission 2013-12-27 18:49:38 UTC ( 35 minutes ago )

it also seems evry download have a new MD5

https://www.virustotal.com/en/file/265d9b7dade4333b41ec32aed4e2ed474004c0822ad26748db022610a41c0ebd/analysis/1388170178/
https://www.virustotal.com/en/file/57e0a105a9e5892a1c56f8c2c1c7a38eeb548cd77296575237d1bb5af6168850/analysis/1388172439/

Norman shark analyser autoadded signature as Suspicious_Gen2.VTJAM

Hi Pondus,

The Norman analysis detection means it is a heuristic generic trojan detection and that could mean that as whenever this is genuine, it could well be a new virus and then resembling/belonging to a group of trojans already known to Norman’s detection patterns. It does not mean anything definitive, just potentially suspicious or even potentially malicious. So, no solid rock verdict!

polonus

Well malwarebytes detect and i trust them highly…very few and rare FP

Anyway this comes from same URL as you posted yesterday, just new .exe http://forum.avast.com/index.php?topic=143506.0

Well as we discussed, Pondus.
This is malcode being continuously randomized.
Malcode that interferes fraudulently with user’s browser search settings
and hopes to earn on the forthcoming fraudulent clicks.
In this way it hopes to go under the detection radar.
Whenever detected it will pose as “innocent” sort of adware.
At least we now know what it is and it has been forwarded for detection.
Hopefully now avast! will block all of the launch site as URL;Mal.
But that will be an avast! team member decision.
We two are just messengers, the so-called “water bearers from the forum”.
Good you reported, Pondus.

polonus

Brand new to Virustotal: https://www.virustotal.com/de/file/b5035eaed5e62345ea2d4262e0dda4e197237dee0cfaa4ec8f008d821bcd9b55/analysis/1388183591/ (14/48)

Hi Steven Winderlich,

May be so, still miss avast! detection. That is the main issue for us here, isn’t it?
That is the bottom line why we are here, and why we are into this - to add this “malcrap” to avast detection, period.
Great we have guys like you and Pondus and others, that will check and double check on my “musings” :wink: here,
so the rest of the forum community may thank us all for adding to their overall security on the Interwebs ;D

polonus