/!\ Warning/!\ a new breed of virous

Hi im a new member to this site, and to tell you the truth the only reason i joined is to warn people about this new type of virus.
I have avast pro 4.8x… I was on youtube looking for a way to get free itunes points(don’t try that!!) and some one recommended that i download this file to give me free points. he had a 5 star rating from 7 different users , so i trusted him. I download the file . and you guessed it , i got a memory dump (blue screen). IT probably attacker my registry . i had to format my drive and reinstall vista :'(. now normal whenever i download a virus avast stops the download , or at least deletes it after download. i even scanned it!!! If your an administrator at this website and you want the file , so you can research it tell me i can problem go back and find its download page…

                                                             Dont Download Wired files!!!

Thanks for posting and welcome to avast forums :wink:

Send the file to VirusTotal.

That way you can tell if it’s really a virus. And all the AV companies will get it.

Hears its info :o

a-squared 4.5.0.24 2009.09.27 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.27 -
Avast 4.8.1351.0 2009.09.27 -
AVG 8.5.0.412 2009.09.27 -
BitDefender 7.2 2009.09.27 -
CAT-QuickHeal 10.00 2009.09.26 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.27 -
Comodo 2455 2009.09.27 -
DrWeb 5.0.0.12182 2009.09.27 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6763 2009.09.27 -
F-Prot 4.5.1.85 2009.09.27 -
F-Secure 8.0.14470.0 2009.09.27 -
Fortinet 3.120.0.0 2009.09.27 -
GData 19 2009.09.27 -
Ikarus T3.1.1.72.0 2009.09.27 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.27 Packed.Win32.TDSS.z
McAfee 5754 2009.09.27 -
McAfee+Artemis 5754 2009.09.27 -
McAfee-GW-Edition 6.8.5 2009.09.27 -
Microsoft 1.5005 2009.09.23 VirTool:Win32/Obfuscator.GN
NOD32 4462 2009.09.27 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.27 -
PCTools 4.4.2.0 2009.09.27 -
Prevx 3.0 2009.09.28 -
Rising 21.48.62.00 2009.09.27 -
Sophos 4.45.0 2009.09.27 -
Sunbelt 3.2.1858.2 2009.09.27 -
Symantec 1.4.4.12 2009.09.27 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.27 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.27 -
Additional information
File size: 79872 bytes
MD5…: 9d46e75e9117cfbb3e6f53aa9198311c
SHA1…: 727127bb7bb1678001b24a19e72267495774ee47
SHA256: b6be9b79482f3dd9e3fcf787458a6dc33770a3aa32e5c886e52a2d42b9690c5a
ssdeep: 1536:BJgKXCiyoXMy0cWDBbPfClrI/3hIXGw6GxnhhM9kaY8MPDY:f/XCNKMeWDB
bPfAs/3LwBi9kaYjs
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1a54
timedatestamp…: 0x4abd4060 (Fri Sep 25 22:12:48 2009)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x51d4 0x5200 7.85 c05d92e24607faf403676c00688459e6
.rdata 0x7000 0x4dbe 0x4e00 7.82 a5beb4bcc9dbc79838a91f5ce62c16f5
.data 0xc000 0x4478 0x4600 7.93 80f75b8961ccc1bcacaa20925847c92d
.rsrc 0x11000 0x4b69 0x4c00 7.81 0549bd031b9a3fcd30f13597b458133f
.reloc 0x16000 0x3c 0x200 0.95 4681ad91803821febdf67e8138af808f

( 5 imports )

kernel32.dll: EndUpdateResourceA, ExitProcess, GetVolumeInformationW, GetVersion, GetNumberFormatW, LoadLibraryA, TlsFree, RaiseException, VirtualFree, GetModuleHandleA, InitializeCriticalSection, ReadFile, GetDiskFreeSpaceExW, VirtualProtect, SwitchToThread, LeaveCriticalSection, VirtualAlloc, LoadResource, SetEvent, GetCurrentDirectoryA, IsBadHugeReadPtr
msvcrt.dll: _acmdln, __crtGetLocaleInfoW, getc, __p__dstbias, gmtime, _wremove, islower, _wasctime, sinh, __p__fmode, _wfullpath, _getmbcp, _locking, isupper, _unexpected@@YAXXZ, _ismbcalnum, fseek, _HUGE, _execve, isspace, _wspawnve, _wsplitpath, memcpy, vfprintf, getenv
comdlg32.dll: ReplaceTextW, FindTextW, GetFileTitleW, dwOKSubclass, PrintDlgW, FindTextA, GetFileTitleA, PageSetupDlgW, LoadAlterBitmap, ChooseColorA, ReplaceTextA, WantArrows, ReplaceTextA, GetSaveFileNameA
winmm.dll: mciSendCommandW, mmioSeek, mixerGetDevCapsW, waveOutWrite, CloseDriver, aux32Message, midiStreamStop, mciGetErrorStringA, mciLoadCommandResource, mmioSetInfo, mmioRead, midiInGetNumDevs, waveOutClose, waveOutOpen
opengl32.dll: glFeedbackBuffer, glEvalCoord1f, glEvalPoint1, glClearStencil, glColor4uiv, wglCreateLayerContext, glDebugEntry, glEnd, glGetMapiv, wglRealizeLayerPalette, glEvalCoord2f, glColor3usv, glVertex3dv, glEvalCoord1dv

( 0 exports )
RDS…: NSRL Reference Data Set

pdfid.: -
trid…: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned

If this one is correct then it could come to the party with friends.

Kaspersky 7.0.0.125 2009.09.27 Packed.Win32.TDSS.z

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

[quote author=DavidR link=topic=48996.msg413899#msg413899 date=1254094974]
If this one is correct then it could come to the party with friends.

Kaspersky 7.0.0.125 2009.09.27 Packed.Win32.TDSS.z

Send the sample to virus@avast.com zipped and password protected with the password in email body

As in winRAR or 7zip ,or what?

You can zip it with any program