Harmless or virus?

See: https://www.virustotal.com/nl/url/c9c5d50c02d5cd709d42ebb5967733bc4c8b0abb070399983ed63f3fbf1e4134/analysis/1417968167/
and https://www.virustotal.com/nl/file/fd9e4b112b950d8c8221bf344e37a9c4a7a9159f42a19e75b0b440649e99ef79/analysis/1407210547/
Is this ajja worm or not? Re: http://www.auditmypc.com/chile.asp
Common MS file: http://www.solvusoft.com/en/files/error-virus-removal/exe/windows/microsoft/msdn-disc-16/chili-exe/

polonus

looks like a Chinese website. file hxxp://210.151.37.117/A2/1207/chili.exe seems it is not there anymore

Hi Pondus,

And what about this? Re: https://urlquery.net/report.php?id=1417857971136
It was or is launching Win32/Agent.WLY trojan from that IP address: http://www.scumware.org/report/210.151.37.117.html
This is a detection for a keylogging trojan.
IDS alert for ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) points out to it may be a FP detection of sorts!
While this is setting my mind at ease a bit more: http://totalhash.com/search/ip:210.151.37.90 (all generic detections).

polonus

First submission 2014-12-05 07:55:19 UTC ( 2 days, 9 hours ago )
https://www.virustotal.com/en/file/3735f4d29d97b8e0217beeca9007e1d4078a149b14fb5edbe9548225d3607f10/analysis/1417971990/
https://www.metascan-online.com/en/scanresult/file/075f721c3dab4151bf348cb6e4fd8864

Thanks, Pondus,

I consider that to be the last word on this then. Well checked by both of us and also found that we are being protected by avast

polonus