Good find Pol,show how fast these things spread 
Again FUD autorun sample >:(
https://www.virustotal.com/en/file/3ff323e2bd69cab9f2a015f1df6402c96477c6591625bcb73c6defa597f0d6e7/analysis/1371289602/
https://www.virustotal.com/en/file/a293e9a0edb0c34de2b348ffa053a2ee4c965a5b678fd545a81ea16414494dc4/analysis/1371289603/
submitted to avast.
EDIT: WTF one of the sample is 4 days old and still FUD,no AV vendor see’s it yet :o :o :o 
First submission 2013-06-11 08:24:31 UTC ( 4 days, 1 hour ago )
These samples were found here: http://forums.malwarebytes.org/index.php?showtopic=127787
and also sunmitted here: http://support.emsisoft.com/topic/11569-true-indians-submissions/
i04040.js for instance should be detected by avast as HTML:Iframe-MS [Trj]
polonus
Bad Boys gathered from USB
https://www.virustotal.com/en/file/c379ef4ffe8bd8abd5a3cb31a76c55de6946a1756a62d26398d27c3222f54e5b/analysis/1372086166/
https://www.virustotal.com/en/file/96b11e12f04062130ae4155d7dc6395735f61d829fa3b4eaf371af89e4acf944/analysis/1372086268/
https://www.virustotal.com/en/file/42257f704c68bb9bb4b10e3a670d859551d971c9addc1e126a8543daebcb5595/analysis/1372086319/
https://www.virustotal.com/en/file/c7bd252296272693d8ad658295de6ca89c6c0dd42c054ebb58f571aad1d8cc1f/analysis/1372086748/
Sent to avast and reported to MBAM.
There should be no distribution of samples via this forum, it is a support forum and not a quasi malware distribution service.
Oops! many apologizes david…I have removed that from my reply I was only saying that because if anyone else wants to circulate the samples to some other AV vendors but I will take a note of that.
https://www.virustotal.com/de/url/4dd7770bb0d2ba7d1a22ca558dc820389df49a2376a0f866f7322db0e1718390/analysis/
https://www.virustotal.com/de/file/0e0e477684bb8d0a6ada4b646c07d94e42046c0096c7b402c9eb3b1c3085d571/analysis/
https://www.virustotal.com/de/file/677933e1bb7d64297f03ce8b3118a11c261e6550532640b0cd708e3832a7a1e9/analysis/
https://www.virustotal.com/de/file/f3efcd13e0fdf8784296c77ba42889e01489f5329baf40a5a6fd163f2be09609/analysis/
https://www.virustotal.com/de/file/55719cc99fcc00e38a00e67c1b34cc031f37dae73094b188627189559aca056f/analysis/
https://www.virustotal.com/de/file/78c3b546d51b60c014764681feba004bee69c2bec1531667117adf2a823fd4d2/analysis/
https://www.virustotal.com/de/file/bab2f1e61b9dacabd4cb0e51238af7418a23499626a4ed005db7bd818fc00cf1/analysis/
https://www.virustotal.com/de/file/60c722ed7e6f15ad5bf55ca4a8f9c83e127001021fef93651c71e0dda84f270c/analysis/
https://www.virustotal.com/de/file/4a23542d116fc351f8016e5f24146c0256ffea910393f80ffac71e90b9d2152b/analysis/
https://www.virustotal.com/de/file/3c26ac826b462b67f7eb81dde234e74acbd59335512a1de038f49c10c1fa0668/analysis/
https://www.virustotal.com/de/file/83eac1bc7aa643e82215911f7fc5bbae1e9c0bf290d02f1ba2783c264891d60a/analysis/
https://www.virustotal.com/de/file/164864255d356996cd8111dd74b5b2733fa578a60081a433eb6ff8ee70315281/analysis/
https://www.virustotal.com/de/file/afaae780f6d98834728b31b799cf1f094c4429398a54702946d68ea7642aec98/analysis/
https://www.virustotal.com/de/file/22cd8de3dcba2fb38cd8b4a11c39c899f8ce5441f6020d7aff5c4e789b1b593a/analysis/
https://www.virustotal.com/de/file/41b87401075228c0d8129e3a8522f1ab6ca4fb592aacbff53c241a14cfafa7b4/analysis/
https://www.virustotal.com/de/file/a4661ed1dff681b214f04a22c57ef06bbe79ea57c51f10eaca61f9364e267559/analysis/
https://www.virustotal.com/de/file/893fcdfdc1797eaea7d56d92f98068b27d1b68f9eaadd17495118a4d7c6d4885/analysis/
https://www.virustotal.com/de/file/315f9a5fcd45dc3a3cad55d74e59a445b9758319bf286cb9ae9bb3cb1d56e15b/analysis/
https://www.virustotal.com/de/file/237bedfebbcce3d2751c49cf6cc6f879ce4a81ee34eaee74f053e3706a5ded68/analysis/
https://www.virustotal.com/de/file/393215b42032762ec30cfebf731fd7756fcd9c6535032ea5f78f0e9b74831805/analysis/
https://www.virustotal.com/de/file/0a18573765d6e32a12c070ea5fbfd09b848ad24281ff315450121dca274322dd/analysis/
https://www.virustotal.com/de/file/8b66cd525e28891f8d57bb1c7ea502c1f61e9d3dd9deb7045b744d9b41e460e5/analysis/
https://www.virustotal.com/de/file/f0f903dcbd8df45681478cf11b8a5ae405b9705350dc3b94130eccdb12e46216/analysis/
https://www.virustotal.com/de/file/de19110db290c4bcb94d0d9302a6c44c976bde1389c75cecd245363627e16123/analysis/
TheBeateMaker,Are you sending all samples to avast via virus@avast.com through e-mail,if not then posting links here will be of no use.
See for various posted there is avast detection now, e.g.
https://www.virustotal.com/de/file/164864255d356996cd8111dd74b5b2733fa578a60081a433eb6ff8ee70315281/analysis/
https://www.virustotal.com/de/file/83eac1bc7aa643e82215911f7fc5bbae1e9c0bf290d02f1ba2783c264891d60a/analysis/
polonus
PUP-File. deemed Safe by Essex
IDS flagged it here: http://urlquery.net/report.php?id=3533128
loaded will be kernel32.dll (where IsDebuggerPresent is located)
The circumvention is for a particular code example !
mov eax,dword ptr fs:[18]
mov eax,dword ptr ds:[EAX+30]
mov byte ptr ds:[eax+2],0
This will patch the IsPresent flag, ensuring IsDebuggerPresent always returns 0
(credits go to kuba on reverse engineering)
Adware - two detect in latest scan: https://www.virustotal.com/en/file/411240f7d25a1a63a68b0874eb8d122c3b2c2e0bddb94eee55818b6a535b6915/analysis/ (installer detection → Global\Phoenix_Installer (failed) & RasPbFile (failed), this issue is a class of bug called a “Token Leak”…
polonus
Adware. It was “Supposed” to be a movie. I noticed the .exe part at the end. I figured it’d be malicous, thought I’d see what I could do to help. This seems like a good place.
send the file to virus@avast.com via mail,dont report it here it is not going to help avast in anyway
True Indian, I tried to do that. But gmail is being a * today and is saying it won’t allow me. Virus obviously. Any other way? I’ve tried compressing it, renaming the Extension from .exe to .part.
Any help is awesome.
Thanks
Michael
Hi Buddy,
You can simply archive your sample using 7-zip and password protect it.Password should be : infected
Be sure to mention the password in mail body and provide some additional info of the source of the sample eg: site address,IP,virustotal scan link etc
Will do. Thanks
Hello true indian and alan1998,
Good you two reported here.
It is the installer that is involved and that installer (wrapper) should be detected as junkware laden.
See the Sophos analysis here: http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/InstallRex/detailed-analysis.aspx
This is something we see happening more and more and it is really frustrating for those users,
that download a legit program and are troubled by nasty and very hard to uninstall crap- and junkware.
CNet downloads also come with this uninvited junk installer for their downloads.
Just google this combination: installmate adware and you get many interesting info, my good friends,
dware InstallMate
SHA256: ecf7e1de8ef7a049a1abb3fb36e8b47786b7d96aa5123a4e86e2a3a44bbe11b0
SHA1: b87fe0346097f3b49b7fb01b85ef0004162bfc5a
MD5: 5192e5dcdbfc466042f55386a03f89a3
File size: 305456 bytes
Created files:
%WinDir%\TEMP\Tsu6193197D.dll – Adware InstallMate
%WinDir%\TEMP{5CF5495C-FB77-790F-9BE4-B35587166BAA}\Setup.exe – Adware InstallMate
%WinDir%\TEMP{5CF5495C-FB77-790F-9BE4-B35587166BAA}_Setup.dll – Adware InstallMate
%WinDir%\TEMP{5CF5495C-FB77-790F-9BE4-B35587166BAA}_Setupx.dll – Adware InstallMate
polonus
Already submitted this file 2 times but it’s not detected yet: