Hi forum friends,

See: http://www.virustotal.com/url-scan/report.html?id=b86f18a47803c565ae142383b622991d-1319885616
File analysis: http://www.virustotal.com/file-scan/report.html?id=cc1329393ea545b5e32daf76ca84a6c02579b0448b3181a720950ca5ef86d220-1319892823
Detected by SAS as Trojan.Agent/Gen-ImageDocFake
See: http://anubis.iseclab.org/?action=result&task_id=17194de0ac60722b4c98900d103d9f953
and: http://urlquery.net/queued.php?id=6538 & http://camas.comodo.com/cgi-bin/submit?file=cc1329393ea545b5e32daf76ca84a6c02579b0448b3181a720950ca5ef86d220

For the same domain see: http://amada.abuse.ch/?search=www.solutionweb.ppg.br
First there with similar results: http://www.virustotal.com/file-scan/report.html?id=d4afdbc3b6169128c7752936d9ee4aefe6a435ab3d0ef0d9eb12d5a1bb1e11ad-1312324585
For an older find, avast flags Win32:Spyware-gen [Spy], see: http://www.virustotal.com/file-scan/report.html?id=9430560007712dd1cde899c9653d91aca6d33e816bbc5dfa6f39e7e5b36589a1-1318554231

polonus

Wepawet
http://wepawet.iseclab.org/view.php?hash=b86f18a47803c565ae142383b622991d&t=1319894765&type=js

solutionweb.ppg.br/solution/lib50.jpg MS-DOS executable fdb3a5842430fb754d28d553686300d4

Hi Pondus,

Thanks for the additional confirmation of wepawet status “suspicious”, but still avast fails to detect or does it detect this malware?

pol

ххх.solutionweb.ppg.br/fast/admin/bart.jpg MD5 hash - 5ecbe562e27a884074afaac1478af63f

now on the way another file bart.jpg MD5 hash - 5f4e714ac9134351cf7382b89e89d9e1

http://virusscan.jotti.org/ru/scanresult/d05f4fb7eaa74249749b9815dbcd6ddfda98f6a2

send to Avast.

Угроза: Trojan.Siggen3.19304

This is software generated mail message on behalf of virus hunters activity.
Category: NEW VIRUS
File: bart.jpg
MD5: 5f4e714ac9134351cf7382b89e89d9e1

solutionweb.ppg.br/solution/lib50.jpg MS-DOS executable fdb3a5842430fb754d28d553686300d4

Norman lab say malware

lib50.jpg : Processed - VBNA.FT