Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

info about virustotal report


  • Please log in to reply
7 replies to this topic

#1 anniyan

anniyan

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:18 PM

Posted 01 March 2014 - 11:44 AM

my friend is not a member of BC but wanted some info on this file:
https://www.virustotal.com/en/file/86a023ca48c36989199508f8e11475fde0ea6933f3fbbce8dd368294ad89f71b/analysis/1393682670/

though it is a "Signed file, verified signature" as in the report, 5 engines report it as malware. where can i know what type of malware it represents as detected by the individual engines? ie., where can i get the characteristics of a particular type of malware as it is categrised by a virus engine? in simple words, is there an online database of malware and their functionalities, as understandable by the layman?

also, is that file safe (false positive) or malware?

EXPERT suggestions are welcome. thanks in advance :)

Edited by anniyan, 01 March 2014 - 11:46 AM.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 01 March 2014 - 12:38 PM


Trojan-Downloader.Win32.Adload.fxg <- not very helpful

Win32/DownWare appears to be classified as a Potentially Unwanted Program (PUP) by ESET.

TROJ_GEN is Trend Micro's generic detection for files exhibiting suspicious behavior (which includes many PUP's). The F47V0223 at the end indicates it is a variant of the generic detection. Threat names with Generic are a very broad category and can overlap with those classified as PUPs because of their sometimes harmful or suspicious behavior.

Kaspersky's classification of not-a-virus seems to confirm the PUP classification. Not-a-virus detections can include any number of different programs to include those which are benign as well as risky to use.

Since the file is related to an acceleration-tool for bittorrent I would agree it more accurately is a PUP.

Anti-virus programs general scan for malware which includes viruses, Trojans, worms, rootkits, bots, etc. PUPS do not fall into any of those categories and that is the primary reason some AV's do not detect or remove them. That would also explain the virustotal results where only 5 scanning engines detected the file.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:18 PM

Posted 02 March 2014 - 11:44 AM

nicely put... thank you, for all your time, patience and expertise :)

Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 02 March 2014 - 04:21 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:18 PM

Posted 21 March 2014 - 04:21 PM

is this malware? if yes, what type?

 

https://www.virustotal.com/en/file/eec5d2f069cac9efb4d0f8b66fa778e405dd3fe61d0116036f1ad93457fbaa75/analysis/1395435899/

 

this is available at the website

 

http://www.yac.mx

which APPEARS legitimate with having guides and precautions about malware. i do not understand why.



Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 21 March 2014 - 10:04 PM


See this discussion topic: What is the application Yet Another Cleaner?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:18 PM

Posted 26 March 2014 - 06:38 AM

thank you very much :)



Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:48 AM

Posted 26 March 2014 - 07:26 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users