xxx.cross-plus-a.com/voices/lhttsiti.exe

Reported on MDL (Malware domain List) as Trojan. I launched the exe file nothing bad has happened. MBAM is running now.

Scan Results from VT: https://www.virustotal.com/en/file/e00a7d56519d4f1de2930fc3e6585ebe23eb683010bac9307495dccbee470c72/analysis/1380140166/

MBAM Results on a Live PC. Avast didn’t say anything.

The file is actually signed by Microsoft.

I know, that’s what I found weird… Is this just some * being a dick towards Microsoft?

why did you run the file if you found it listed there?

urlvoid. http://www.urlvoid.com/scan/cross-plus-a.com/

also reported at paretolocic
https://www.virustotal.com/en/url/3733445850485f54c617164e44feb54b5d40fbd7e61c2bb258873ecfed0ead14/analysis/1380140786/

First submission 2008-04-05 14:01:13 UTC ( 5 years, 5 months ago )
so seems clean

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

Norton, AVG and McAfeereport it as safe.

Virustotal: 5/39 https://www.virustotal.com/en/url/52433524e792ba527a49ec99ea861125e2e8435ce2e7acb057d4af19ae6c4cee/analysis/1380140828/
Sucuri Clean: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.cross-plus-a.com%2Fvoices%2Flhttsiti.exe
URLQuery: http://urlquery.net/report.php?id=5948133
Comodo: http://app.webinspector.com/public/reports/17367730
Quettra: http://www.quttera.com/detailed_report/www.cross-plus-a.com
Zulu: http://zulu.zscaler.com/submission/show/95ab09021c528e1f1c658204af849774-1380141077 (100% Malicious)

and your malwarebytes signatures are 3 days old.
always update before a scan … they release around 10 updates a day

Because I’m an idiot… Occasionally I download these files and test them in VT. When this one came back with 0/48 I questioned why. So I ran a test on my PC… I’m usually prepared to run these files. I do know how to remove the majority of viruses. Just not Sirefef

I would recommend to run these in a virtual machine.

Probably. I used to be in the habitat of updating… I’ve just forgotten lately

Good idea… I do have a MAK key with a Windows 7 Install disc. Should set that up some day… I’m just being a lazy idiot right now

The file is also trusted by Symantec. (Screenshot)

English Please!!!

Tenthousand users of the Norton Community used the file, it was first seen 4 years and 1 month ago.

The file is marked as trusted by Symantec. And the crash report and Stability are unknown.

I cannot set English the default language during installation.

Hi alan1998,

Why for grandfather’s sake do you download (potential) malicious files, if you can do a third party detection like a URL scan without further ado. I never go to infested sites directly I always peak at them via so-called “cold reconnaissance”. I scan with this multiscanner: http://scanurl.net/?u= then you have loads of information about the suspicious site at hand. Do a VT url scan and wait for the availability of a file scan, then see what the latest detection rate is. See at urlquery or Sucuri’s what the IP is and do a general google scan for the IP and see what turns up (scam, spam, clean mx reports, dazzlepod (for research analysts and website owners only), asafaweb, etc. etc.). Whenever you find a name or a hash of the malcode, do the same for that, google it all .URL well wepaweb it, anubis binairy file scan it.
Never download live malware onto a custom computer, never scan without script blocking and blocking certain requests (NoScript and RequestPolicy extensions on in firefox, SafeScript and Better-Pop-Up-Blocker ion Google Chrome, especially when peaking at live code at jsunpack (for research analysts only). Always leave the avast! Shields on. Be glad as avast blocks some third party scanning, this does not mean infection but enough of the code there to produce an alarm and access blocking. The risk of downloading malware files directly, even through a malware browser like malzilla is that you could encounter a file-infector that for instance will infest one and every executable file on your comp, mostly beyond repair and then you have a computer that will only function as the so-called proverbial “doorstopper”. So stop being irresponsible as in that way you are not only endangering yourself on that comp but also others and if it hangs connected out to the Interwebs, also a lot of innocent users standing by. Learn all this under guidance from those that seem to know what they are doing and learn to scan sensibly step by step. Remember always Krakow was not built in one day, it took me over 8 years of constant practice and gaining experience a.o. here on the forums and with the help of others here!

polonus