Dangerous site with Zeus malware...

polonus · July 19, 2010, 8:00pm

Hi malware fighters,

Do not go there, and see here why: http://amada.abuse.ch/?search=pitchblackaudio.pamhuth.com
analysis for: zeusbin_ad.exe :
http://anubis.iseclab.org/?action=result&task_id=1605e11ca8a1755f459b1d9ca7fc1504a&format=txt

polonus

Pondus · July 19, 2010, 9:37pm

VirusTotal - 33/42
http://www.virustotal.com/analisis/48a0d1b0cda038a15942fd8af59730a242c82cac5111582422daf65e19ade261-1279224787

polonus · July 19, 2010, 10:50pm

Hi malware fighters,

Another one here: zephehooqu.ru
See: http://amada.abuse.ch/?search=zephehooqu.ru
http://www.malwaregroup.com/Domains/details/zephehooqu.ru

polonus

Yanto.Chiang · July 20, 2010, 5:27am

Dear Polonus,

Nice to share,

By the way, have you try to run it with avast antivirus protected?
Whether avast! can protect from this kind of Malware?

Because according to one of article that mentioned Zeus Malware is one of hardest financial malware to get detected.
The reference link is : hxxp://thepcsecurity.com/latest-security-software-cannot-detect-zeus-virus/

polonus · July 20, 2010, 12:04pm

Hi Yanto.Chiang,

This was not detected here: http://www.virustotal.com/analisis/e47a7e823f05eacb49bbc026094f4f0246999f35ee754f4813d1f29df6cf0082-1279623641

Anubis report: http://anubis.iseclab.org/?action=result&task_id=1bf73ff18d51b7eb4252fb6f2e61b9f78

But let us wait for our good friend, Pondus, he will check for the latest detection: MD5 hash =
9a04271668a0ce4beb9514226cd08835

Further checks: http://www.malwaregroup.com/Virustotals

Well the main line of infected computers is Windows XP2 and the bot has to my knowledge not yet arrived at Windows7, so people/firms are strongly advised to upgrade from Windows XP2…Some 3.6 million PCs are said to be infected in the U.S. alone!
but it remains unclear if modern antivirus software is effective at preventing all of its variants from taking root.
So to fully patch and to use in-browser-security like blocking woth RP and NS are the best measures one can take,
avast also has the shields to prevent an infection to take place…

polonus

Pondus · July 20, 2010, 12:15pm

The VT result you posted seems to be the latest, only PCtools and Symantec/Norton detect…

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=9a04271668a0ce4beb9514226cd08835

polonus · July 20, 2010, 1:49pm

Hi Pondus,

What a difference a day makes: http://www.virustotal.com/analisis/c23c7d32c7225f7e3e481ce1169af57316a619c828d92188dfea969b368d930b-1279632348

pol

Yanto.Chiang · July 21, 2010, 3:18am

Dear Pondus and Polonus,

Thanks for your up to date,

by the way, yesterday i was found one of article at website that mentioned avast! is the one of few antivirus can detect this attacks.

You may visit to : http://www.malwarehelp.org/find-and-remove-zeus-zbot-banking-trojan-2009.html

Anyway, i also found at avast! history database that provided to protect from Zeus attacks.

Left123 · July 24, 2010, 11:09am

Hello all guys,i am new here,i went to this site but my avast didnt warn me,i got infected?please tell me i am avast fan

Left123 · July 24, 2010, 11:29am

plzz tell me

polonus · July 24, 2010, 1:56pm

Hi Left123,

Use this removal tool from here:
http://www.brothersoft.com/w32-mytob-worm-and-its-variants-removal-download-46760.html

polonus

Left123 · July 24, 2010, 5:19pm

Hello Polonus
I runned a full scan with avast 5,it didnt detect any zeusbin virus etc.i just want to know if it is hiden somewhere i only went to this site nothing more,my avast detected win32:malware-GEN i chosed “move to chest” and run a full “scan” with CCleaner,2Questions:
i have been detected by zeus?
WIN32:Malware-GEN will back in pc?or it deleted for ever

waiting for your reply,thanks a lot

Asyn · July 24, 2010, 7:36pm

Run a boot time scan with avast…! (32bit only)
Run free Mbam: http://www.malwarebytes.org/mbam.php
asyn

Left123 · July 24, 2010, 9:29pm

2 QUESTIONS,JUST ANSWER PLEASE DONT GIVE ME LINKS FOR MB

i have been detected by zeus?
WIN32:Malware-GEN will back in pc?or it deleted for ever

just answer THANKS A lot

Left123 · July 25, 2010, 8:50am

give me an answer please

system · July 25, 2010, 8:54am

Is it currently sitting in the Avast Virus Chest after you did your scans?

Left123 · July 25, 2010, 8:58am

you mean win32:malware-gen eh?
yes it is in the chest atm,i made the scan yestarday and it is still in the chest

system · July 25, 2010, 9:07am

Keep it in there…don’t delete it for now.

I would like you to check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and OTL logs and you can post the MBAM log here (copy and past) and the OTL log as an attachment (Additional Options in the bottom left corner under the message screen when posting). We can then analyze this in the meantime for any malware, and if any malware is found we will refer you to one of our malware experts.

The logs that you get from doing these scans are needed for further malware removal…if it is needed. It is possible you have other malware as well or something that Avast did not pick up, so this is why these logs are needed to be completely sure. Do you have any questions?

Left123 · July 25, 2010, 9:11am

thanks

questions:
what is MBAM how can i post my log?what log?

Left123 · July 25, 2010, 9:22am

i installed malware-bytes but it doesnt open it shows an error,i unistalled it

Dangerous site with Zeus malware...

Announcements