Report suspicius link

Hello, first post here and sorry about my poor english.

Where can I report a link that i believe that is a virus (but it’s not identified as one by avast)?

I received a spam-like virus, with a link to a site, then in this site a new link to a .zip file. I downloaded it, the file is not identified as a virus by avast (a .exe).

The link is this: http://www.cobrancasnovas.kit.net/pagfatura.zip

I not sure if this is really a virus or not, but i will not execute it on my machine too soon :wink:

Thx

's

Yeah it looks like malware. NOD32 also detects it as “probably unknown new_heurPE”.
Though you may want to send this sample to virus[at]avast.com if no one from Alwil responds to this thread.

The Dr Web interface isn’t flagging it, so it probalyy needs checking at Jotti.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
Or VirusTotal - Multi engine on-line virus scanner

Zip files are inert until you extract or execute the contents.

Jotti found hits from a number of AVs (but not avast and a number of others) when I uploaded the zip file so it would appear to be malware.

AntiVir - Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found PossibleThreat Kaspersky Anti-Virus Found Trojan-Spy.Win32.Bancos.ow NOD32 Found probably unknown NewHeur_PE (probable variant) Norman Virus Control Found W32/Bancos.HMP UNA Found nothing VBA32 Found Trojan-Spy.Win32.Bancos.ow

Copy sent to virus @ avast.com

Hello Paulo Henrique,

This is a trojan downloader to mimic a Brazilian bank portal,
the information is here:
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.j.html
With the information here you can check this.

polonus

Welcome back Polonus

I submitted this file to Ewido and today it’s detected. German efficiency?

Still not included in avast VPS though, despite being submited to Jotti and sent to avast from the chest.

Detected as Win32:Bancos-RK [Trj] since VPS 0602-2 …

so where is problem ?

I scanned it after 0602-2 and it wasn’t detected, it is today after 0602-3 though.