Avast detected Virus!!!!!

Hi I have not been on any website that I could think of being infected.

In fact I have only visited 2 websites.

  1. Adobe
  2. FreeDvdSoft

I have download from these websites. Avast brought up an alert that it detected a Virus. I have checked the Virus Chest and the following details are

Original File Name: FreeStudio[1].exe
Original Folder: C:Users\ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LECSR3W6
Size of file: 42527176
Category: Infected Files
Virus Description: Win32.PSWtool-L [PUP]

Can anyone confirm if the actual Software is infected or may be infected and if the Software and Website are rogueware?

http://www.mywot.com/en/scorecard/wwx.dvdvideosoft.com
http://www.google.com/safebrowsing/diagnostic?site=http://www.dvdvideosoft.com/

What is the current listing status for www.dvdvideosoft.com? This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 231 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-05-11, and the last time suspicious content was found on this site was on 2010-02-28.
Malicious software includes 4 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

This site was hosted on 1 network(s) including AS36504 (TRIPLE8).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, wwx.dvdvideosoft.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain(s), including open4group.com/.

can you deactivate your link? replace www with xxx

Hi CaSPeRr & Logos,

Found this reported as a clear “NO NO” - Do not install this it has something wrong with it. There is no prompt to ask you to install ask toolbar. This is a trick to catch you offside. Once again av does not even check their feedback on these issues. It has a trojan within it. Remove Norton and scan with Avast it will turn up a Trojan upon download. (source Norton Safe Web user report)

A dive into the Unmasked parasites report reveals:
Of the 402 site(s) we tested on this network over the past 90 days, 94 sites, including, for example, collegebasketballfansite.com/, nhlfansite.com/, nbabasketballfansite.com/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time suspicious content was found was on 2010-05-11.

Has this network hosted sites acting as intermediaries for further malware distribution?

Over the past 90 days, we found 1 sites on this network, including, for example, mcacleanrooms.com/, that appeared to function as intermediaries for the infection of 1 other sites including, for example, marchex.com/.

Has this network hosted sites that have distributed malware?

Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 3 sites, including, for example, avs4you.com/, mcacleanrooms.com/, dvdvideosoft.com/, that infected 3 other sites, including, for example, open4group.com/, qweas.com/, marchex.com/.

What is the malware found there?
Threat Report

Total threats found: 3

Small-whitebg-red Viruses (what’s this?)

Threats found: 2
Here is a complete list:
Threat Name: Spyware.PowerSpy
Location: htxp://d1.qweas.com/c/antivirus/pcspy.exe

Threat Name: Spyware.Perfect
Location: hxtp://d2.qweas.com/c/game/henry_harley.exe

Small-whitebg-red Spyware

Threats found: 1
Here is a complete list:
Threat Name: Spyware.XPKey
Location: hxtp://download.qweas.com/xpadvancedkey.exe

Also consider this warning: http://safeweb.norton.com/reviews/47919

polonus

and this came out from there

VirusTotal - pcspy.exe - 19/41
http://www.virustotal.com/analisis/91657824c35655b03426b1e3f3f96de53890714ba8d63b55012e1bd0b3ad1bf6-1273691907

VirusTotal - henry_harley.exe - 8/41
http://www.virustotal.com/analisis/5b3c3a9700be65b65bed1aed6b08506d132e9ea76e957f03ee5de789857a0822-1273692017

VirusTotal - xpadvancedkey.exe - 23/41
http://www.virustotal.com/analisis/1364a1c94526515b189e16493af075756fee2ea31311a9764918a3c1f43c0284-1273691850

@ Pondus: did you download the files to test them ??? in a vm?

I have used this software for over a year and with multiple anti-virus softwares. Not even one of them reported it. In fact I went to brothersoft website and tried to download it from there just in case the actual software makers website was hacked and Avast brought up the same alert and stopped download. Im never going to trust brothersoft. I have reported the file to them.

No matter what Anti Virus/Spyware software I used Windows Defender was always with me and I relied on it as “back up”. Its pants.

I did not use IE in Sandbox. What difference would that have made?

If a file is clean would it let me intall?(click run instead of save )

clean or not, you can’t install anything directly when clicking “run” in IE if IE is sandboxed. You must download first in a “safe location” (see that in sandbox expert settings), and then run it from there.

Hi Logos,

I for me won’t go there: dvdvideosoft*com and certainly not download from there. Curiosity etc. etc.,

polonus

yeah I clicked on the link “par curiosité malsaine” in Chrome with js disabled, and nothing happened. Re-installed MBAM, rebooted and scanned though, to make sure ;D

Hi Logos,

C’est la vie, and had it spilled over, you would have blamed l’empereur… ;D

polonus