polonus
10
Hi afferis2,
Munge the link you gave in your first posting like this: hxtp://www.trickytruck.com/Tricky_Truck_Setup.exe
so no one can click it and get infected…
Wepawet gives it as suspicious: http://wepawet.iseclab.org/view.php?hash=4df8e3bfffaf3a9183ecd14c26ebcd91&t=1298826575&type=js
This one is also flagged by WOT: htxp://www.geardownload.com/games/tricky-truck-download.html
and suspicious: http://wepawet.iseclab.org/view.php?hash=30a2e4b449840eb11502398837a07bde&t=1298826861&type=js
also: http://www.malwaregroup.com/Domains/details/www.geardownload.com
Here it was found up also in an installer: http://www.virustotal.com/file-scan/report.html?id=088088fbcf94f1074ec00e2e868c6bdbb391b1353b2245f1152f96bbd8135776-1286980868
It could well be a false Bifrose detection because of a packer used or protection inside the installer,
but that should be established/determined by the avast analysts, but then on the other hand there is also the wepawet flagging the malware… There are certainly malicious rapidshare versions around…
sucuri says: www dot trickttruck dot comsite free of malware… and webuatation gives the site 80 out of 100 points,
Here it is also found clean by garyshood url av-scanner:
http://www.garyshood.com/virus/results.php?r=4f7f22369f1566e09f1aec608e41150e
polonus