zip virus

User avatar
Wilmark
Posts: 31
Joined: Mon Feb 07, 2011 12:03 pm

zip virus

Post by Wilmark » Sun Mar 13, 2011 10:11 am

virus>>>> zip Grand Theft Modification.zip hxxp://www.mediafire.com/?fe8lc6kqa1f06n1
Report Scan Result: 18 /40 (45.0%)
http://www.virustotal.com/file-scan/rep ... 1297103234

Edit: Disabled the link. -- Sami

User avatar
i☆
Posts: 1144
Joined: Tue Sep 28, 2010 9:57 pm

RE: zip virus

Post by i☆ » Sun Mar 13, 2011 12:57 pm

Thanks Wilmark. I left my comment, but I doubt it will do much good.

Guest

RE: zip virus

Post by Guest » Sun Mar 13, 2011 3:14 pm

Right
we ascertained that wilmark downloaded an infected crack/keygen from mediafire, the same infected zip compressed file is probably spreading through other P2P sharing hosts.
And now?

I assume wilmark won't reply as usual, however what about removing the live download link?

[edit to add] Thank you Sami

User avatar
Satchman
Posts: 691
Joined: Mon Dec 28, 2009 1:08 pm

RE: zip virus

Post by Satchman » Sun Mar 13, 2011 7:56 pm

The Virus Total report is unfortunately a month old for most of those definitions. If anyone gets this Trojan, please submit the file to Virus Total. You should also send the file to your company's Anti-Virus lab with an explanation. (Details should be in your AV program.) Or visit your AV companies' website on how to submit files to them in an e-mail for testing. Create a Zip Folder for the attachment, Right-Click and choose Compressed Zip Folder. Drag the file to the Zip folder. (Don't Double Click it!!!!) In the body of the e-mail indicate the name of the suspected Trojan and ask the Anti-Virus lab to test. Attach the file to your E-Mail. Put Test Suspected Virus in the subject of your E-Mail Message and submit it.

Satch

Guest

submitting malware samples

Post by Guest » Sun Mar 13, 2011 8:24 pm

@ satchman
thank you, here is a more recent detailed VT report (I unzipped the sample)

http://www.virustotal.com/file-scan/rep ... 1300027328


Some useful links

Submit to Avira
http://analysis.avira.com/samples/
Submit to EMSISOFT
http://www.emsisoft.com/en/support/submit/
Kaspersky
http://support.kaspersky.com/virlab/helpdesk.html
Microsoft
https://www.microsoft.com/security/port ... ubmit.aspx
Sophos
https://secure.sophos.com/support/samples
BitDefender
http://www.malwarecity.com/site/Main/uploadMalware
Dr Web
http://vms.drweb-av.de/sendvirus/
ESET NOD32
http://samples.nod32.com.sg/

as far as I know, Avast users can only send malware already detected through Avast Chest.

Usually Kaspersky and Microsoft are very fast in analyzing and replying according to my experience

User avatar
siblingshot
Posts: 443
Joined: Fri Jan 21, 2011 7:22 pm

RE: zip virus

Post by siblingshot » Sun Mar 13, 2011 10:13 pm

@ ☢ Wilmark☢

Good catch. And good supporting teamwork.

EDIT:

Actually. I am a huge fan of Rockstar games. I see many Mac users are hugely disappointed with the recent port of the GTA Liberty Stories series. A lot of people will be scrabbling for Mods and unofficial patches.

User avatar
Satchman
Posts: 691
Joined: Mon Dec 28, 2009 1:08 pm

RE: zip virus

Post by Satchman » Sun Mar 13, 2011 11:04 pm

Here is the Contact Us Page for Avast:

http://www.avast.com/contacts

Please feel free to use my comments above siblingshot's post for help as well.

Satch

PS. The direct e-mail link for sending files within the support page seems to be down today. But the e-mail for doing this is still the same. virus@avast.com. You can still contract them through your e-mail program at that address with the file that is suspicious. Just follow my above posts' recommendations.

User avatar
Satchman
Posts: 691
Joined: Mon Dec 28, 2009 1:08 pm

RE: submitting malware samples

Post by Satchman » Sun Mar 13, 2011 11:05 pm

For sending suspicious files to Avast, it is virus@avast.com Tips:

1.) Submit files in Zip file format with an explanation of the suspected virus in message body.
2.) Attach suspected file to e-mail.
3.) If Password protected, indicate the password in the body of the e-mail message.
4.) Subject should say, "Please Test Potential Virus Or Malware"
5.) If you want Avast to investigate a website, use "hxxp", replacing the "tt" with "xx" for better security.

I am going to investigate Avast's site to find out more about sending files to them.

Satch

User avatar
c۞g
Posts: 10927
Joined: Mon Jan 05, 2009 4:02 am

RE: I left my comment

Post by c۞g » Mon Mar 14, 2011 3:12 am

mediafire
rapidfire
4shared
etc

free file sharing sites get abused.

How do we know the OP didn't submit the file?
or found it referenced on some "malware research site" and referenced the link here.

rather than downrating the abused host, you should inform them of the ToS violation and report the link to them...

User avatar
Dutch Mountain
Posts: 1432
Joined: Wed May 12, 2010 5:20 pm

Maybe he can help or so

Post by Dutch Mountain » Tue Mar 15, 2011 8:40 pm

I've tipped Mystery FCM - http://www.mywot.com/en/user/24160 about this thread.
Perhaps something he likes to dig out.
You can see my post on his MB

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests