CaM.Malware.Win32.PEx.C.1239567230 (source: CRDF France) - not detected...

Source of the malware found to reside here:
htxp://ssh.tl/update/tllink.exe
VirusTotal scan for tllink.exe: http://www.virustotal.com/file-scan/report.html?id=a9b41ddb9ee03d04240a03f0345a431ea00f79d4934e16232980153e6b7d3b01-1299705299 (0,0%)
Joebox view: http://support.clean-mx.de/clean-mx/viruses.php?response=&md5=68500fb5b0a371116a58717a72aa9b71
See: http://www.threatexpert.com/report.aspx?md5=68500fb5b0a371116a58717a72aa9b71
Found as suspicious here: http://wepawet.iseclab.org/view.php?hash=8991b8f76f3c23d0e11a6df0edbf5b2d&t=1299705664&type=js
See Anubis report here: http://anubis.iseclab.org/?action=result&task_id=1568a145dafbd5bc4ad8d5c689d72a435

polonus

Sophos analysis

tllink.exe -- clean

Norman analysis

tllink.exe : Clean!

Hi Pondus,

Is there any reason to think that we have a FP here?

polonus

Scanned with Jotti, nothing there: http://virusscan.jotti.org/nl/scanresult/2fcf9d6957bc5bf599ff82743d864c2508939aff

polonus

Hello,

POLONUS, could I contact you privately please?

I will not stay long on this forum. I join so simple: in order to contact you. I had a deal for you, if you’re interested contact me on labs@crdf.fr.

I’ve seen the same person bunch of times posting : The file is a malware known as “CaM.Malware.Win32.PEx.C.1239567230”. - 38568 -,he’s totally wrong,he call all kind of malware like this(The file is a malware known as “CaM.Malware.Win32.PEx.C.1239567230”. - 38568 - )even ransomware etc,+1 for FP pol :wink:
Regards

It’s a naming convention that we put in place to identify our our malware. We try to give correct names to our files, but you must know that we are only 2 to add files, these names are assigned automatically.

Regards,

No offense but IMO you are somehow wrong :wink:

Hi crd.france,

Sorry, but malware evaluation here I do as a long time avast evangelist. We do this as volunteers for the avast forums and users and for me this is a personal hobby, and outside that I am not really interested to make that anything else.

polonus