Suspicious site or FP?

Viruses and worms
1

See: http://online.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fhh86.virii.lu%2FValhalla_4.rar
Site is in the DrWeb malicious sites list!
and http://urlquery.net/report.php?id=1403704747487
see: https://www.virustotal.com/nl/url/c6edc0f675904e4731e5eecf11d59ff2b27eb9fa37828b69aa86bb6dc7c9de26/analysis/1404664228/
Site hacked - potentially harmful - http://app.webinspector.com/public/reports/22962382
Domain blacklisted by Norton Safe Web: spth.virii dot lu -
Domain blacklisted By Yandex (via Sophos): spth.virii dot lu -

On the other side of the spectrum this meta-scanner gives site as safe: http://onlinelinkscan.com/?p=173696
and http://onlinelinkscan.com/?p=387110 (recent scan)

pol

2

Both URLs blocked by Trend Micro as well.

3

But a scanner that flags a lot, does not: http://trafficlight.bitdefender.com/info?url=http://www.spth.virii.lu/
I get similar results, see attached,

pol

4

VirusTotal
https://www.virustotal.com/en/file/92d09b61566e775d2c94fb8e6f37f2329daf41e66c0424e790be62e2d6fa7171/analysis/1404665575/

5

Nothing blocked by Kaspersky Lab.

The rar file from the first link contains some text files, images and html documents.

6

Hi Steven Winderlich,

Well both DrWeb and Norton’s safeweb detect a malicious site: Malicious Site: Malicious Domain Request 2
Kraken’s Virus Tracker classifies as "spth.virii. dot lu,80.90.43.162,Criminals,
By the way this does not indicate anything other than active malware is up and running there, so a known infection source.
The IP badness history is supporting this view: https://www.virustotal.com/nl/ip-address/80.90.43.162/information/
and this from that IP seems dead: http://support.clean-mx.de/clean-mx/viruses?virusname=TR/Virtool.Magaz.B

D

7

Why is it not blocked by Kaspersky then? :-\

8

I haven’t the greenest why they do not flag it.
BitDefender and TrendMicro detect an awful lot of suspicious/malicious sites.
DrWeb’s and avast!'s keep each other in balance, avast! detects what DrWeb won’t find and v.v.

polonus

9

@Pondus,

Bat.ow/btg
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

polonus