Avast Community

rrmvvip.ex- detected as Win32:Adware-gen [Adw] here....

Viruses and worms

polonus May 21, 2017, 10:40am 1

See: http://urlquery.net/report.php?id=1495360237840 (known infection source).

See: https://adwaretips.net/36171-report-36171-rrmvvip-exe-removal-information/
See: https://www.virustotal.com/pl/url/89325838a56bf1351fd904094dbedc1ffd94684cd2b8b922380a147febc0cf8c/analysis/1495362692/
Almost all flag: https://www.virustotal.com/pl/file/619609a5c22817018d181c5f1c63ddc7de9e5df16f03c9b1dbda52a619755afa/analysis/1495134503/

Threat Name: Trojan.ADH.2
Location: -https://g.pc6.com/pc/VRoot_1.7.8.7753_cid2033_61717ddd.exe

Exploitable server: http://kanae.l2ch.net/test/read.cgi/gameurawaza/1438305447/nc
PKU exploit - http://www.codegist.net/search/serve-amex/364 on paopaoche/1.5.1 server.

Malware on IP: https://www.threatminer.org/host.php?q=218.92.227.203

polonus (volunteer website security analyst and website error-hunter)

jeffersonsant May 22, 2017, 1:15am 2

Avast detect this as Android:Agent-CRI [PUP]

https://www.virustotal.com/en/file/cd587a562326f22b15c094c97cf96998865b5d2d188bdda0c494b2a2ce7c20cc/analysis/1495414460/

File is interrupted during download finished

Attached

polonus May 22, 2017, 8:03pm 3

Hi jefferson sant,

Thanks for that verification. You measured, we know now.

polonus

polonus July 4, 2017, 9:57pm 4

Still being spread, for instance through this: http://urlquery.net/report.php?id=1499203095416

polonus

Announcements