Is These files a virus?

I was browsering a file sharing website and i found these.

  1. Its called avast2012.exe ( hxxp://tesla.plunder.com/x/$ZEU654agQeYgRkAxS9tZ8fJ0q3cqaqcC/c4bcfbf407/Avast2012.exe )

  2. Its called avast2011.exe ( hxxp://tesla.plunder.com/x/$ZEU654agQebpImOd8dchOfJ0q3cqaqcC/10075de69f/Avast2011.exe )

They Might be new viruses…

I assume they’re viruses/malware. :o

Considering they are only 16KB, I would say they are highly suspect and may well just the hook to get you infected.

Zero hits on either file on VT, but a more detailed analysis shows it displays a fake trojan alert and no doubt has some sort of click to download/run a scan, etc. and that is when you would get infected.

http://anubis.iseclab.org/?action=result&task_id=13399e0024092ee7459e7be9b8c02d546&format=html
http://anubis.iseclab.org/?action=result&task_id=15447e2c9758bb9d4a91375f34bef6ace&format=html

The tesla.plunder.com site appears to be a file sharing site.

So these are the preamble to a fake AV alert and infection.

looks like the website deleted the files.

Found them again on 2 websites.

Site one

hxxp://www.plunder.com/avast-2011-test-file-download-3d26ff2537.htm

hxxp://www.plunder.com/Avast-2012-test-file-download-6edfbf1794.htm

site two

hxxp://www.4shared.com/file/4sot8yEg/Avast2011.html

hxxp://www.4shared.com/file/pydPr6JB/Avast2012.html

That is always going to happen they are moving them round file sharing sites and there is nothing that you can do about that. You can’t block all file sharing sites just because some pond life uses them to distribute malware.

The fact that the suspect files are there isn’t a huge risk as you aren’t physically executing the file; possibly more so is your flagging these locations in a publicly available web site, with no control over who might visit and what they might do with the sample.

So you found them again, report it directly to avast, not that they can do much about the site location, so send the samples directly to avast.

I Can’t believe somebody found out about the program i made. :slight_smile: Does anybody here know antivirus 2011 owner? If so how can i contact them? :stuck_out_tongue:

The coding is


MsgBox "Warning your computer is infected!", vbcritical, vbdefaultbutton1, ("Warning!")
Dim Virus As New Virus
Virus.Show

Though i made the virus i think they are scary!

Norman analysis - files are malware - detection added

Avast2011.exe : Processed - FakeAlert.CKAL Avast2012.exe : Processed - FakeAlert.CKAM

I scanned these files this morning and avast now detects them as a PUP. :smiley:

Didn’t take them long to add them once sent, which I did just after my Reply #2. So in the first instance send the samples and get the ball rolling.