BehavesLike.Win64.Virut.dh
Should this be reported?
BehavesLike.Win64.Virut.dh
Should this be reported?
Hi TueIndian,
Win32/Autoit.NTA is a trojan detection, so not given as a file-infector which Virut is.
Well whenever this is the so-called Facebook Virus it has been identified by Sophos now as W32/Palevo-BB.
Read: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Palevo-BB/detailed-analysis.aspx
Check on the Palevo Tracker whether the download IP was identified as a known Palevo bot address.
Facebook removed the malicious application from its service.
But there are probably many more applications like this one making the rounds.
polonus
Thanks Pol.All samples have been reported to avast.