Avast Community

Could we conslude this site's download is now clean?

Viruses and worms

polonus October 10, 2013, 3:30pm 1

See: http://urlquery.net/report.php?id=6557047
Here it was still being detected, see IDS alerts: http://urlquery.net/report.php?id=6506160
Blacklist status given here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2F176.36.126.42%2Fuserid2.exe
Malware not found, but flagged here: http://www.siteadvisor.com/sites/176.36.126.42

polonus

Pondus October 10, 2013, 3:39pm 2

the exe. file is still there

https://www.virustotal.com/en/url/cd55b68b1a6bb02abf448282d64962d266220411bcb593af56bfd8e0b162df61/analysis/1381419441/

https://www.virustotal.com/en/file/8487042d05e5d2bd17cebca855f5b9e5d8f9afe0cdf80bdd54ae0d06d7cd8a60/analysis/1381418993/

First submission 2013-10-10 15:29:24 UTC ( 8 minutes ago )

polonus October 10, 2013, 4:40pm 3

Hi Pondus,

See here: http://anubis.iseclab.org/?action=result&task_id=1bcaa743942c262045d13bf31238d5b32
On the user assist program: http://blog.didierstevens.com/programs/userassist/
And this could be fraudulent: HKU+S-1-5-21-842925246-1425521274-308236825-500+SOFTWARE+MICROSOFT+WINDOWS+SHELLNOROAM+BAGS+12+SHELL
There are also aware of this here: https://forums.malwarebytes.org/index.php?showtopic=130792
Also see the analysis here (checked against our MD5 hash): https://malwr.com/analysis/ODBjYzlhMjFjNWE0NGE2NTlmN2EzMzk2ZGRlYjZhMTU/

pol

Announcements