please help check this file

system · October 18, 2010, 1:51am

Hi great guys,

I download a file from below link
hxxp://www.mjbox.com/r/bk/bkys0812/VMware%E6%B3%A8%E5%86%8C%E6%9C%BA.rar

it will enable webcam a short while,and stay in the system without anything
but the virus scan can’t find anything?

can you help me to check this file is safe or not?

Thanks~

DavidR · October 18, 2010, 2:19am

First - Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites and files, thanks.

Well there are some scanners that at the very least consider it suspect, see http://www.virustotal.com/file-scan/report.html?id=ff23462fcd0966b5fdf2d2bea27f9c956e12aeb2dbf344693fd458359bb681ba-1287368224.

I know under normal circumstances I wouldn’t download a file with this kind of file name in the first place.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

system · October 18, 2010, 2:47am

Hi! David ,

Thanks for your help.

DavidR post:2:

First - Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites and files, thanks.

Well there are some scanners that at the very least consider it suspect, see http://www.virustotal.com/file-scan/report.html?id=ff23462fcd0966b5fdf2d2bea27f9c956e12aeb2dbf344693fd458359bb681ba-1287368224.

I know under normal circumstances I wouldn’t download a file with this kind of file name in the first place.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

DavidR · October 18, 2010, 3:17am

No problem, glad I could help.

Welcome to the forums.

Marc57 · October 18, 2010, 4:00am

The site isn’t safe.

http://www.urlvoid.com/scan/mjbox.com

Marc57 · October 18, 2010, 5:03am

This is definitely a trojan.

Just got this back from Cat-Quickheal.

"Dear Sir,

Thank you for the files.
Found malicious code inside the files.
Solution for the same will be uploaded in next update.

Regards,

Rahul

Ticket Details

Ticket ID: FMW-467375
Department: VirusLab
Priority: High
Status: Closed"

Sophos:

Hello,

Thank you for contacting Sophos Technical Support.

Please note that this is an automated response. If you have any questions, require assistance or clarification on this analysis, please feel free to reply to this email quoting this case number in the subject line.

The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.

short-VMWARE_1.EXE – identity created/updated (New detection Troj/Agent-OZS)
VMware.zip – archive file

Please do not hesitate in contacting us by replying to this email if you have any questions or concerns.

Kind regards,

Sophos Technical Support

Marc57 · October 18, 2010, 6:19pm

This is now being detected by Malwarebytes.

system · October 19, 2010, 2:19am

Thanks for your kindly and great support!

Marc57 · October 19, 2010, 2:45am

Your Welcome.

Left123 · October 19, 2010, 8:35am

http://safeweb.norton.com/report/show?url=mjbox.com

please help check this file

Ticket Details

Announcements