Why this malware is not flagged? - Hoax/MSIL.ArchSMS.gen

Viruses and worms
1

Hi forum friends,

See: http://www.virustotal.com/url-scan/report.html?id=a4039c8a4b19253f85c152e185159773-1321557539
File analysis: http://www.virustotal.com/url-scan/report.html?id=a4039c8a4b19253f85c152e185159773-1321557539

With DrWeb’s url checker I get a decompression error scanning: Checking: -http://playertv11.ru/tvplayer11.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2799758
File size: 1.87 MB
File MD5: 47f5fb93a6f8806cf98e0c0cf359fb51

-http://playertv11.ru/tvplayer11.exe - archive BZIP2

-http://playertv11.ru/tvplayer11.exe/data000.tmp - decompression error!

Then going to a Phish tracker -http://www.jino.ru/css/_ and then to
-undefined/an.yandex.ru/resource/r541.js with a called setTimeout with

function () {var K =
etc. script
Site found to be suspicious here: http://siteinspector.comodo.com/public/reports/639082
Also see: http://camas.comodo.com/cgi-bin/submit?file=44f58cfc5b967349b6828e18e5ad6aa56a031d1e807e43ba36680e598afe4c75
Also found suspicious here in 2 instances with Content-Type: application/octet-stream, see: http://urlquery.net/report.php?id=8866

Program:Win32/Pameseg.G is a detection for program installers that require the user to send SMS messages to a premium number to successfully install certain programs. Info according to MS Malware Protection Center malware encyclopedia

polonus

2

You’re VT results link even for the file only shows the URL check not file analysis by 43 scanners.

I tried to get a copy but it gives site unknown, perhaps it has been taken down.

3

It is live :wink:

jotti: http://virusscan.jotti.org/en/scanresult/58fd0167807b4242ce179e8d5455507036cea60c
Virscan: http://r.virscan.org/report/29d8813ee835b80019d7adfb79d41253.html

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=ee79891afca4c6ea9b4e02f343cd8430

Malwarebytes detect it as - PUP.SmsPay

Avira lab

The file 'tvplayer11.exe' has been determined to be 'MALWARE'.Our analysts named the threat Joke/ArchSMS.eca.The term "JOKE/" denotes a Joke program that usually does not contain malicious code.Detection is added to our virus definition file (VDF) starting with version 7.11.17.220.

Norman lab

tvplayer11.exe : Processed - Hoax/ArchSMS.H