Hi
Avast lock this web, its a travel company (Amadeus). Please fix it.
www.portevo.de
Thanks in advance
Report 2011-07-29 16:14:36 (GMT 1)
Website portevo.de
Domain Hash bbbac301ab7a7706faaf570ae6a9a0f9
IP Address 193.24.37.184 [SCAN]
IP Hostname www.portevo.de
IP Country DE (Germany)
AS Number 12888
AS Name Amadeus Data Processing GmbH
Detections 4 / 23 (17 %)
Status DANGEROUS
http://hosts-file.net/?s=portevo.de
http://www.mywot.com/en/scorecard/portevo.de
http://www.malwareblacklist.com/searchClearingHouse.php?search=portevo.de
http://vscan.urlvoid.com/
MalwareBlacklist.com
http://www.malwareblacklist.com/searchClearingHouse.php?search=portevo.de
VirusTotal - Loader.exe - 1/43
http://www.virustotal.com/file-scan/report.html?id=36aa37abda36337e7e5c2ef264e9815e055a341459ad6fe1ed3a3da2f0fb153a-1311952909
First seen: 2011-04-18 21:26:05
Last seen : 2011-07-29 15:21:49
sigcheck:
publisher…: Microsoft Corporation
copyright…: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product…: Betriebssystem Microsoft_ Windows_
description…: Win32 Cabinet Self-Extractor
original name: WEXTRACT.EXE
internal name: Wextract
file version.: 6.00.2800.1106
comments…: n/a
signers…: Amadeus Germany GmbH
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 5:35 PM 7/29/2011
verified…: -
me think FP ???
Hi Pondus,
-wwww.portevo.de/plugins/common/ASPI/Loader.exe
The connection to above malware URL is blocked by the avast Network Shield as URL:Mal,
pol
avira
26109316 Loader.exe 630.15 KB CLEANThe file ‘Loader.exe’ has been determined to be ‘CLEAN’.Our analysts did not discover any malicious content.
Hi Pondus,
So here are the results of the Anubis report:
http://anubis.iseclab.org/?action=result&task_id=1c685649ec7ed7a54013092ff3892929d
Low risk. could be somehow classified as adware or risktool PUP
The value of wType is DNS_TYPE_A for wwXw.portevo.de
Remote Access API gives support for Remote Access Service
\Parameters\NameSpace_Catalog5\Catalog_Entries could be the Adware support whem user
enters a keyword in the browser as is Protocol_Catalog9
Named pipe-access
0x0011C017executing an operation on this Named pipe
AFD_GET_INFO (0x0001207B) found in SPAM code
as is AFD_SET_CONTEXT (0x00012047) endpoint
AFD_GET_TDI_HANDLES (0x00012037) also used in Trojan_spy code
Non-system processes like wshtcpip.dll originate this software you installed;
winmm.dll is a module for the Windows Multimedia API
The created mutex: _SHuassist.mtx found on Phish sites/in risktools,
pol
SOPHOS
The SophosLabs has completed its initial review of your sample submission. They state that they file in question is the Amadeus Virtual Support Center. There are no detections associated with it. You may authorize this file, if you trust it.
I still receive the warning about this site.
It will be fixed?
Thanks
Hello,
I’ve removed the url from our blacklist. It will be fixed in the next virus definition update.