What heuristic viruses?

Viruses and worms
1

See: http://app.webinspector.com/public/reports/23180710
See: http://killmalware.com/woerkejj.com/
See: http://sitecheck.sucuri.net/results/www.woerkejj.com/
Site Potentially Harmful.
Object: htxp://www.woerkejj.com/
SHA1: a4692cf7b5865a4b4a0226ae48a8454011d13295
Name: Virus.VBS.Ramnit.c
Emisift detects EmsisoftGen:Variant.Graftor.127341 (B) here.
Flagged by Sophos and Yandex (blacklisted): https://www.virustotal.com/nl/url/cc7c937a1fd2ad38c2be424d53e68aff80a40731121785347b39582e9a825558/analysis/1405701163/
Quttera detects 47 malicious files like this one:
a/gongsijieshao/20140613/37.html
Severity: Malicious
Reason: Detected malicious drive-by-download attack
Details: Malicious
Offset: 16735
Threat dump:

 [[DropFileName="svchost.exe"WriteData="]]

HTML-files can be cleansed as proposed here: http://polygoncell.blogspot.nl/2010/08/i-got-infection-of-virus-on-my-pc-last_7746.html
link article author = Jing ge software architect

Threat dump MD5: 123E1EAC81076943D1C3DF33AA476FC0
File size[byte]: 198220
File type: ASCII
MD5: 6F06974889382786E949CA008432D961
Scan duration[sec]:

polonus

2

hello

http://i.imgur.com/wgzrY1F.png

Avast detects as VBS: Agent-KZ [trj]
I see malicious html attached

http://zulu.zscaler.com/submission/show/66c01832cc325b84f7a38781fc5d89df-1405725418

Thanks for procedures cleaning this vbscript injection, some two months ago, I was with user with this problem, will surely help. :slight_smile:

3

Pondus informed me and told that it is detected differently by avast! here, see: https://www.virustotal.com/nl/file/4024a6d19ba2e8a028002b7b7c2bd032d69b695ceae6fb2ce033de557e72fea1/analysis/1405727236/
Thank you Pondus for re-checking.

“You’d never skate over one night’s ice”, as a Dutch proverb says!

Damian

4

detection is based on cloud

put the url hxxp because someone may click accidentally

http://i.imgur.com/bw3a5HT.png

then previously there were no problems
identified an infection this site

https://www.virustotal.com/en/file/6621f1e2cff8e1ef59e86ebaa1aea08adf33fa7be49d6f64f3febc9d2306693d/analysis/1406413462/

5
then previously there were no problems identified an infection this site
of cours .... it is a blog where malware is discussed and they post code samples in the blog ...... avast see the sample and alert
6

I will check with analysts
I confirm that detection was added this week.