What's wrong with these Sites?

wXw.technofreeks.com/uploads/1/2/8/6/12861493/7z915.exe
wXw.technofreeks.com/uploads/1/2/8/6/12861493/teracopy.exe

(Don’t go to these links above this warning!)

https://www.virustotal.com/en/url/26182c1185c3db531f50fb66fdfe6cefe04a3db1dec466ca55d3f6a8b28cb665/analysis/1393009889/
https://www.virustotal.com/en/url/0f441881450d849f5ddc76999d8995fab4782d3ba92ea7d96bc1238b2dd2f302/analysis/1393010063/

Can anyone point out the infection and what it is?

https://www.virustotal.com/en/file/0bd035cb8a9c65078b8445f5785bc98c8203acdd3bfa7264ae3451d13258546e/analysis/1392993162/

MBAM Doesn’t detect the file? That’s messed up!

nope… Malwarebytes does not detect file infectors and never will
it will detect the main install file, but not any files injected with virus code… Malwarebytes does not clean files, it only detect and remove files where the hole file is the malware

read and laern Michael… lots of info in MBAM forum :wink:

MIEKIEMOES - Director of Research @ Malwarebytes
http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html

David H. Lipman
https://forums.malwarebytes.org/index.php?showtopic=102698#entry507785

Also to get this Sality crap you need to get an executable to be infected, and thats most likely detected. :slight_smile:

Or you just head over to linux to get around malware.

hello only drweb,AVPTools or SalityKiller can disinfect the files injected

I know. But the sites are not actively blocked by neither MBAM Pro nor Avast! The fact the code is still live and so are the files is dangerous. The links lead directly to the “Infected File”

The post VT results I gacve to FatDCUK are that of the actual themselves. But won’t detect it.

Oh. Nevermind. Avast! was just lagging behind on the blocking of the website.

Object: http://…/teracopy.exe
Infection: Win32 Salicode
Process: IEXPLORE

Also coming up in here: http://www.herdprotect.com/teracopy.exe-257b6305cc636ee09df92caffda3048a0c727f37.aspx

pol

So not only are the links still active. They release new ones to bypass AV detections? Serious business!

logically , Pre_Scan detects ramnit in htm, html files and exe files but it doesn’t desinfect , I didn’t make it for.