I’ve been doing some virus testing in my virtual machine. I loaded up the good-ol malware domain list, and the first one listed as labeled was “Flash_Player_10_1_update_for_Win.exe”
Firstly be aware that I don’t run an anti-virus on my virtual machine because I want to watch what malware does before disinfecting it. Avast catches a lot of items via my host PC’s network shield, but not all the time. And this file was detected when I did attempt to download it to my host PC.
It loaded into the VM without Avast’s Network shield catching it (which sometimes happens). I let it run for a few minutes on the VM, watching it make all kinds of registry entries. Soon after I found my Google search results getting re-directed and my Malwarebytes exe wouldent run. I tried to run ComboFix as an exe as well, would not run, even in safemode. I had to rename Combofix to a .scr for it to run and kill the thing. ComboFix also detected as a rootkit.
See the VirusTotal report here: http://www.virustotal.com/file-scan/report.html?id=970f722901ea4ae37c32629723c2a12045d16e2d77b7fb07f4ae031af1327ce2-1283651805
Symantec, AntiVir, Kaspersky, NOD32, seems like a lot of the big vendors didn’t catch the original executable.
GOOD JOB AVAST!
EDIT: Whoops, guess this belongs in the “viruses and worms” section of the forums. A mod can move this if desired.