Does avast detect this drive-by-trojan-downloader?

Viruses and worms
1

It could be that avast at this moment does not detect trojan downloader in: htxp://www.ogigliotti.com/visualizar.scr
This conclusion on basis of the following scan links given below.
See: http://wepawet.iseclab.org/view.php?hash=7393453ab5b7e6ea780b1825a557bfa5&t=1297452169&type=js
Verdict from wepawet “suspicious”, hence Anubis report there see:
http://anubis.iseclab.org/?action=result&task_id=1792d3eb83f9547243955afbff2dea883
See: http://www.virustotal.com/file-scan/report.html?id=2c11454397cdf64aacdf600232c1a313665e205051de88cdd0dceef858b5f877-1297451824
Drive-by-downloader found in
c: \documents and settings\user\local settings\temporary internet files\content.ie5\ocieqgj3\visualizar[1].scr

polonus

2

that one did u put on sandbox and its did change to

C:/windows/syswow64/lamoth.exe

3

Welcome back Mr.D long time no see :wink:

4

sorry for 2 posts but the file u did uppload did slow down my internet even when it was in sandbox :open_mouth:

5

I’m here like everyday and looking only :stuck_out_tongue:

look pondus

http://camas.comodo.com/cgi-bin/submit?file=2c11454397cdf64aacdf600232c1a313665e205051de88cdd0dceef858b5f877

6
I'm here like everyday and looking only
The welcome back was for polonus ;)
7

Hi Pondus & chabbo,

I have to add for you and chabbo that this trojan downloader is a heuristic find and there are at least 29 different versions of the malcode at hand as given by GFI Sandbox for instance as this is the behavior summary for Heuristic.LooksLike.Win32.Suspicious.J similar to: http://xml.ssdsandbox.net/index.php/0854ee2bf19aedb85774f06a3433c948

pol

8

http://xml.ssdsandbox.net/index.php/0854ee2bf19aedb85774f06a3433c948

when i’m going to the first page

http://xml.ssdsandbox.net/

and update fast i see

< That middle place somthing pop upp fast and says a link lmao
9

Hi chabbo,

That is a mail link to: dynastic AT ssdsandbox.net at the Behavior Summary, it is also given at the bottom of mentioned summary page,at
http://xml.ssdsandbox.net/index.php/0854ee2bf19aedb85774f06a3433c948

polonus

10

NORMAN analysis - visualizar.scr - confirmed malware.

Detected by Norman sandbox as possible new and undetected virus - W32/Obfuscated.O
after analysis renamed: W32/Downloader.BWTQ

11

Is this real…?? :o :wink:
I’m really happy to see you back here, pol…!!! :smiley:
I hope you stay…!!! :slight_smile:
asyn

12

Welcome Back Sir!

13

Btw, avast detects it now. :slight_smile:
http://www.virustotal.com/file-scan/report.html?id=2c11454397cdf64aacdf600232c1a313665e205051de88cdd0dceef858b5f877-1297514094
asyn

14

Thanks for the reactions in the thread, and yes,
we should always check some time after reporting for detection.
Nice for the avast community it is being detected now.
Also when you use online meta scanners like at URLVoid.com for instance,
you should also click on all the separate links given below,
because sometimes the results have been changed,
initially Google diagnostic may give a green,
we click this link and it suddenly detects or gives a site as suspicious.
So aways check and re-check, folks,

polonus

15

Nice Sharing and welcome back sir…

16

I download the file and nothing happen until it fully downloaded,no blocking by webshield until it come complete then file shield also block it,I use the latest AIS Beta