Is avast detecting?

Hi malware fighters,

htxp://pub.oxado.com/insert_ad?pub=6
Viruses

Threats found: 1

Threat Name: Trojan.Dropper
Location: htxp://www.oxado.com/tb/oxado.exe
Malware info
http://64.41.151.140/sites/oxado.com/downloads/5904221/
http://www.tallemu.com/oasis2/file/unspecified_vendor/unspecified_product/oxado_exe/637558
http://hosts-file.net/?s=oxado.com
The last time suspicious content was found on this site was on 2010-03-09.

This site was hosted on 2 network(s) including AS8928 (INTEROUTE), AS13867 (CNET),
it infected 1 domain, including tgra.is-the-boss.com/, this site contains threats that can harm your computer,

polonus

I just launched the link in Firefox (sandboxed), even allowed js ( ;D ) and all I get is a blank page…

VirusTotal - oxado.exe - 27/41
http://www.virustotal.com/analisis/9d9909e3cca29a3fad553d3fc013585885604f67876fc9908608b80a7872b667-1275251408

Hi Pondus,

Right, my friend, it was a download link, see the attached picture of what I got in the browser…
avast did not detect, what I already feared… because of this:
Report 2010-05-30 17:33:13 (GMT 1)
Website oxado*com
MD5 Hash ac460d6e812919b7a956d9ec8c90038d
IP Address 62.50.134.100
IP Hostname ci-100.custnet-1.n-3.pari1.eu.psigh.com
IP Country GB (United Kingdom)
AS Number 8928
AS Name INTEROUTE Interoute Communications Ltd
Detections 1 / 18 (6 %)
Status SUSPICIOUS

Scanning site with: BrowserDefender CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts DETECTED
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee Trusted Source CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: Project Honey Pot CLEAN
Scanning site with: Spamhaus CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN

NoVirusThanks Scan Website http://scanner.novirusthanks.org/file/8bbd8cdbf00baf9f6e933de304d3732a/b3hhZG8uY29t/
Wepawet: http://wepawet.iseclab.org/view.php?hash=9e3dd47b64f860fb8352c6db52bb23a5&t=1275252374&type=js

polonus

guess something went wrong with the sandbox module then, because I wasn’t prompted to download anything…

Sample sendt to avast … :wink: so we will scan again in a day or two to see if something is happening …

Hi Ponus,

Yes, because avast users feel better without this Windows Sidebar Adware,

polonus

Nope…still no detection… :cry:

VirusTotal - oxado.exe - 27/41
http://www.virustotal.com/analisis/9d9909e3cca29a3fad553d3fc013585885604f67876fc9908608b80a7872b667-1275424484

ehrmmm…no…nothing… ???..or will this be detected as PUP ?

VirusTotal - oxado.exe - 27/41
http://www.virustotal.com/analisis/9d9909e3cca29a3fad553d3fc013585885604f67876fc9908608b80a7872b667-1276009119

Milos will review it…

Hello,
will be detected in next VPS update.

Milos

oki…i`ll try again tomorrow then… :wink:

HOLA YO NO HABLO INGLES SOLO ESPAÑOL

Internacional de la zona http://forum.avast.com/index.php?board=21.0

Yahooooooo…detected… ;D ;D ;D

VirusTotal - oxado.exe - 30/41 (avast 4 / avast 5 / GData )
http://www.virustotal.com/analisis/9d9909e3cca29a3fad553d3fc013585885604f67876fc9908608b80a7872b667-1276112337

Hi Pondus,

Congratulations for your endurance, detected…
“the soft tomato” virus has been found, but it almost went ketchup ;D

polonus