HTML_DOWN.A detected?

polonus · 2015-09-21T17:49:39.000Z

See: https://www.virustotal.com/nl/url/4d257f4c977c20804eb11ff35e34b6fb01662f1bd7ac13ff0e9cbac608091f71/analysis/1442857206/
5 malicious files with detected reference to blacklisted domain -www.iwroclaw.com & -www.phpsolvent.com
webmalware here: -http://web.nba1001.net:8888/tj/tongji.js
detected: http://killmalware.com/shohelp.com/
issues: https://asafaweb.com/Scan?Url=shohelp.com
https://asafaweb.com/Scan?Url=www.jiwon-ing.com

pol

system · 2015-09-21T19:22:17.000Z

polonus post:1:

See: https://www.virustotal.com/nl/url/4d257f4c977c20804eb11ff35e34b6fb01662f1bd7ac13ff0e9cbac608091f71/analysis/1442857206/
5 malicious files with detected reference to blacklisted domain -www.iwroclaw.com & -www.phpsolvent.com
webmalware here: -http://web.nba1001.net:8888/tj/tongji.js
detected: http://killmalware.com/shohelp.com/
issues: https://asafaweb.com/Scan?Url=shohelp.com
https://asafaweb.com/Scan?Url=www.jiwon-ing.com

pol

Hi Pol,

http://online6.drweb.com/cache/?i=d97ea1c1c7e98f01c93d29da198aaadb

polonus · 2015-09-21T20:03:25.000Z

Hi Dimitrij,

Thanks for that confirmation. With the genuine DrWeb detection (and I am glad to have this as well - as I run DrWeb extension inside Google Chrome and firefox) Avast should detect HTML:Includer-AG [Trj] there.
Google Safebrowsing also detects and blocks the malware.
Could be that it was because it is a longer existing detection (over one year)?

Damian

Pondus · 2015-09-21T21:38:03.000Z

HTML_DOWN.A detected?

https://www.virustotal.com/en/file/a71dc3955fc1233a70e66affdbbeb66b6c481db615b0ba7297aabee4aa67b448/analysis/1442871256/

Announcements