Worm.VBS not is detected (Solved)

Viruses and worms
1

I just found little now in the email one false invoice and contains worm a zipped file named “Boleto.vbe”.Detection Heuristic because is most powerful,avast still needs to evolution, because it has good signatures is not enough (zero days) not detected.

Antivirus 9/56 detected

https://www.virustotal.com/en/file/2dc041cd01c6c8c37ddb093cbc8ddff6c1ba6e1dbcfbafd52bfdb801e9242796/analysis/1439504145/

2

You can report it here: https://www.avast.com/contact-us.php?subject=VIRUS-FILE

3

Hi jefferson sant,

Did you also post this? → http://seumicroseguro.com/about/

polonus

4

Thanks

I sent yet and I am waiting for a few days.

Before coming to the avast forum
here I started this blog,this place was made preventive test, discussed the results obtained by positives and negatives,today I can not say the same ,a dispute between me Bitdefender free (rival) and they Avast vs Comodo.I not always come, sometimes,there are those who speak evil , in my case defend the product Avast.

5

Update: Up(nil): VBS_RAMNIT.SMC APNIC CN abuse at -gzroyal.cn 122.10.118.160 to 122.10.118.160 -aijun360.com -http://www.aijun360.com/mobile/brands.php?b_id=154
Blocked by Google Safebrowsing as infested with malware!

polonus

6

This one is detected right out by Avast as VBS:Agent-KZ [Trj] → http://killmalware.com/madagascarbiodiversity.org/#
Checking: -https://static.publikeco00.publikeco.com/apps/boot/boot-start.js?cb=8
File size: 1534 bytes
File MD5: ded656b0aa86151af417f6ff7c52fe40

-https://static.publikeco00.publikeco.com/apps/boot/boot-start.js?cb=8 - Ok

Checking: -http://madagascarbiodiversity.org
Engine version: 7.0.15.8310
Total virus-finding records: 6480096
File size: 114.40 KB
File MD5: ec56a3f41879dd0acb2b2116785598ab

-http://madagascarbiodiversity.org - archive JS-HTML

-http://madagascarbiodiversity.org/JSTAG_1[fd4][1b9bf] infected with VBS.Rmnet.2
-http://madagascarbiodiversity.org/JSTag_2[fd9][1b9ba] infected with Trojan.Inor

polonus

7

I not remember,this topic is resolved
the definition was created VBE with a temporary detection
was added on 27/08/15 as VBS: Malware-gen
after it was defined to VBS:Banker-W [Trj].

8

hxxp://madagascarbiodiversity.org and hxxp://www.aijun360.com/mobile/brands.php b_id = 154

Both are detected by avast as VBS:Agent-KZ [Trj]

Defacements
https://sitecheck.sucuri.net/results/madagascarbiodiversity.org

https://static.publikeco00.publikeco.com/apps/boot/boot-start.js?cb=8

It looks clean