polonus
1
polonus
2
This could be virtool…while NOD32 detects a variant of Win32/Injector.KWT here, heuristic detection of a file injector - dangerous malware or misdetection of goodware?
Also interesting to read this: http://www.live-forensics.com/?p=143
Then there is this download given by live-forensics software release…-http://www.live-forensics.com/dl/Unique.zip
which download link has been given clean here: http://vscan.urlvoid.com/analysis/45afe86f634a10fdc9f9f64cc6b5655f/dW5pcXVlLXppcA==/
polonus
Pondus
3
Malwarebytes detect it as Trojan.Darkeye
polonus
4
Hi Pondus,
Thanks for confirming this as malware. I would not have expected otherwise, because it is an illegal file download. Good MBAM detects it and hopefully cleans it. Else victims could use TDSS killer as an option tp remove it:
http://support.kaspersky.com/viruses/solutions?qid=208280684
This if TDSS killer can handle this variant, while there are quite a few variants going around. Else there are other specific ways for removal, but that is a speciality of the qualified removers like essexboy and oldman…
polonus