http://www.virustotal.com/file-scan/report.html?id=e3fea39bdff70da234130a390c8356fe8f19d09a1498afa12a04ebf42d6ea78a-1284149939
http://www.virustotal.com/file-scan/report.html?id=f1478eb67ce7740ccaeb7f7117d6a1a5596c7b24001d0592d52e2980e309b3f7-1284149939
http://www.virustotal.com/file-scan/report.html?id=6a6173d557fc027f4c5c00a862c8b3f236b422fd0265220878d37c973c1ecb3a-1284149824
Hi Tech,
Virus profile for one: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=275677#none
polonus
FakeAV missed by Avast (and lots of others) that I got off the Malware Domain List today:
http://www.virustotal.com/file-scan/report.html?id=f8d7aaf4b2cf3730ecfac9f8ec0fd6aa9e3d1bccd67fe87429a8a6997e67c004-1284154379
If they don’t already, Avast should really check out the samples from http://www.malwaredomainlist.com/mdl.php
Great source for known and 0-day infections.
http://www.virustotal.com/file-scan/report.html?id=f3c43e4b3a88fff78616adf22c33e16cf5cf4699bb7f7d0d6dcab5819c2bdb62-1284196857
http://www.virustotal.com/file-scan/report.html?id=2708f2c2fc01b8e5a3d0b239a13b732ef14c024611df8826eb3d95f9bbf4a3d6-1284196854
http://www.virustotal.com/file-scan/report.html?id=47f5dea81c52083da7b178d2f911337ab51b6f6428a71d0e5cb894dbefddc61e-1284196859
http://www.virustotal.com/file-scan/report.html?id=562f7b044a48e7ca0cf659be0cc7ca317944393c33a413be53082bdb9e3a71e8-1284197918
If you haven’t already sent the sample to avast:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
The best results:
Submitted to avast!
Note: ThreatExpert report now available!
http://www.threatexpert.com/report.aspx?md5=390f232ccba503b33b89ae0044c07030
With only those two (only counts as bitdefender id one of the two GData scanners, avast being the other), it is possible this is a bitdefender false positive. It is also a generic signature, which are more prone to FP.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
I downloaded the sample in “Malware Domains List”, so is 100% guarantee that the sample is a REAL Threat. Previously I’ve uploaded samples that none of the engines detect the threat.
Well with a 100% guarantee (ridiculous really) I would have expected more than 1 detection on VT and that was generic. So I can’t see how they can give that sort of 100% guarantee, as far as security goes nothing is 100% and I guess that goes for this too.
I asked about the file name for a reason, there are other analysis sites for binaries. If this is an .exe file then it can be given a detailed analysis. - Anubis: Analyzing Unknown Binaries, is another scanning tool that is useful, Anubis: Analyzing Unknown Binaries. Post a link to the results page.
http://www.virustotal.com/file-scan/report.html?id=aad9db0dc7b1c446b4a7cbed1dfbc8aaeb0cff793c5690efc5f966e4b7d49c26-1283958520
http://www.virustotal.com/file-scan/report.html?id=1c32982c2e626f4cb61f74c4b2d09157b93495c54f5ba3a1d4fe2ce9668e4ea1-1284219356
will be detected on monday generically…
Which of them? All? The last ones?
Ok Dave! I’m NOT talking about BitDefender. I refer that the samples downloaded from MDL, they are REAL malware. See for yourself with this new check:
Is FP?
edit: Do you saw the ThreatExpert report?
explorer.exe, iexplorer and cmd.exe was modified by the application!!!
Well I’m talking about the VT results link that you posted in reply #7 as that is effectively showing only bitdefender detecting anything. If that came from MDL then I would say that their 100% claim is dubious.
Your first VT results is entirely different to the second they aren’t the same file which I was responding to.
Two more:
http://www.virustotal.com/file-scan/report.html?id=f1e384d3bc63a07b1bdfb4effd170e9745af1ae19dfb568d6984225dd436262f-1284349326
Submitted via Virus Chest.
Llanziel, I see you are a fan of the MalwareDomainList too.
Well, its certainly a good source of FakeAV’s. And some exploits, bots and other junk.
If you want, you can add MalwareDomainlist auto-update to yr Hosts file through HostMan Editor
edit - no idea why i have so many hphosts as update Sources, just happened that way.