Site “xxtp://zakatchayka1.info/search?r=1753&q=mega download good file” (instead of “mega download good file” may be any text) has mailware.
Reference on this site show up on russian search internet services then input word “загрузить”.
If press “скачать” (it is correspond “download”), then downloading file with name in view: “mega_download_good_file-12345678.exe”.
“mega_download_good” - is text from url site, where space symbol replaced on “_” and “12345678” is random 8-digit number.
This file, ostensibly, is selfextractor archive with needed file.
After run this file, show up window with text required send sms on short number 2858 for get access code.
After send sms and execute remainder requist you understand, what this is not selfextractor archive with needed file, but embeded window ie with site hxxp://za-premium.com/?id=12345678:)
This site, how write on caption this window, is protected, but it may open from ie without send sms, simply insert number from download file name in url after id.
Avast do not catch this trojan.
Please, add this trojan “rarc” in your base.
Only detected so-far by TrendMicro: za-premium.com… malicious
If you have it on your machine, you’re likely infected with a strain of the beagle.bn worm.
Thanks for reporting,