Findvirus.ru is a fake site,similar to avastfrance.com,remember?This site contains HoaxSMS Fake installers -for BitDefender/Avast/Avira/Dr.Web/Mcafee/Norton Fake products
Full story here : http://xylibox.blogspot.com/2011/04/findvirusru-hoaxsms-fake-installers.html
Block it please.You rly find a virus at findvirus.ru ;).How lame!
Agree, HoaxSMS is very annoying virus!
analysis
http://www.virustotal.com/url-scan/report.html?id=a8534b56f917799cbcb5976750e4d20d-1302082935 (1/6)
http://www.virustotal.com/file-scan/report.html?id=3f497966330ad949a392169e6571298c1c235a437b0fabec16d5d5d0dafd687e-1302090141
http://safeweb.norton.com/report/show?url=findvirus.ru
Hi, folks, the latest of these malwares resides here: htxp://www.findvirus.ru/downloads/ZoneAlarm_ForceField.exe
Norton Safe Web does not have this one, so very recent find, alive and up malware
avast does not flag it yet: http://www.virustotal.com/file-scan/report.html?id=864cf0b71fc9619e211faf9cda2c252c774c0719718121bd457918747df2e102-1302078027
and for Pondus “nor does norman flag it”
This is a so-called suspicious insight generic find, important to be blocked…
polonus
I think avast doesn’t even detect one of the samples at findvirus.ru/downloads
Then a) send the sample to avast and b) give them the URL of the site when submitting the sample. Talking about in the forums doesn’t help.
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
To all,
Have forwarded the all the valid data to the avast mail address, so the analyst of duty can add detection,
together with this info to check against: http://www.backgroundtask.eu/Systeemtaken/taakinfo/23378/ISWSVC.exe/
polonus
Still undetected :-\
Hi Left123,
Is suspicious see here: http://wepawet.iseclab.org/view.php?hash=5dbf6e7345c0dd9f1a7948fc769911e8&t=1302122360&type=js
and look here:
htxp://jsunpack.jeek.org/dec/go?report=88e1a886dd27a397c00b354b472d65e95969d09c
(go here sandboxed and with script protection enabled if you know what you are doing, see attached image)