new virus found in the wild

alread sent an email to virus@avast.com with it attatched its a private trojan 3 results in virustotal

vt results

http://www.virustotal.com/analisis/1cc40c83c896c14bdaf430ca50560944

where i found it

http://www.youtube.com/watch?v=Rf_gCul1iQM

took a look @ it with olly debugger its encryted anyways hopefully the avast team will put it in there virus results and update our definations…cheers

-joshua, long time avast user

Hi pimpinjg,

This malware (muldrop trojan h-vundo) is being found and removed by MBAM anti-spyware,

polonus

hopefully avast team will put it in the next update :stuck_out_tongue:

This virus family is morphing so fast that it is difficult to keep up
the new versions are tough to remove
so get safe- stay safe
have a couple of antispyware products downloaded , updated and ready to run on demand as your internet connection could be disrupted making a download impossible when it is needed most

hopefully 4.9 will have heuristics :frowning:

Had a look at this. Downloaded the linked .exe from the file sharing site. Scanned clean (Avast, MBAM, SAS, and AVG AS.)
No user comments on that youtube video seem to have noticed anything untoward…not that that means much, I realise.
The file has been analysed already at Virus total, here’s the link: http://www.virustotal.com/analisis/c3aa8ebe35b3b46a86ed69919cea6e6b (6 detections, mainly heuristic by the looks.)

So having looked at it, and downloaded the “HaloTAB Aimbot.exe” what’s the risk, here?
Or was this malware not actually the download suggested in the vid, but an actual exploit on the youtube page?

Just run a HD scan with MBAM, nothing detected.

lulz its obviously crypted i took a look in olly debug it makes some reg keys then closes all tasks and shuts down if your so sure its clean run it :wink:

new scan avast now detects it:

http://www.virustotal.com/analisis/545c73c8d1406aba0f186f80fa136b0f

also everyone posted comments on the vid saying its a virus hes removeing them lawl

I’m certainly not that sure that I want to run it.

but you seemed so sure in your post that it was clean :stuck_out_tongue:

Yeah, seems and infected file… the ‘big’ ones do not detect the (yet).
It’s good for the ones who blame against avast detection rate :stuck_out_tongue:

AH, I see.
No, I actually wasn’t sure at all. You see, I don’t know how to identify malware just by the file structure/analysis and I don’t have a virtual machine to run it in.
What I was looking for was clues that it was malware, and I was curious to know how you knew it was.
Had I run it, just for fun, my only line of defence at that point was Threatfire, which might well have been up to the task of stopping it, but I’d rather not find out the hard way.

sandbox :stuck_out_tongue: <3 sanboxes