HDTVxvid.net — BAD SITE!!!
Do not download the codec pack provided, it is a new form of Virtumonde that brings in all sorts of baddies (trojans, Smitfraud-C, etc…)
I am doing some research and will let you know what I found. Only solution so far was a total harddrive format/wipe.
Quite big at 6.7MB too…
I have sent it off to a couple of vendors for adding to virus databases.
Could you show me where to do that? I was looking for somewhere to send it and just found forums that probably wouldn’t appreciate virus attachments :) Thanks.
You may find that you need to send them a link to the file in question as it is too big for most email service attachments.
Adaware: Send to mailto:research[AT]lavasoft.com
Avira: Instructions at http://analysis.avira.com/samples/index.php or send to virus[AT]avira.com
CA (ETrust): Instructions at http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=33514 or send to virus[AT]cai.com
ClamAV: Instructions at http://cgi.clamav.net/sendvirus.cgi -
F-Prot (Island): viruslab[AT]complex.is
F-Secure: Instructions at http://www.f-secure.com/security_center/malware_sample_submit.html or send to samples[AT]f-secure.com
Kasperky Labs: newvirus[AT]kaspersky.com and Zip or Rar the sample, lock the
file with the password ‘infected’.
Norman: Instructions at http://www.norman.com/microsites/nsic/Submit/en-us/
Microsoft: sysinternals[AT]submit.microsoft.com and Zip or Rar the sample, lock the file with the password ‘infected’, and limit the file’s size to 10 MB
NOD32: Send to samples[AT]eset.com
Quick Heal: See http://www.quickheal.com/newvir.htm or send to cat[AT]vsnl.com
Sophos: See http://www.sophos.com/support/samples/
Symantec: Instructions at http://www.symantec.com/enterprise/security_response/submitsamples.jsp
VirusBuster: Instructions at http://www.virusbuster.hu/en/support/contact/redirect_virus
Vital Security: research[AT]finjan.com
List kindly put together at sysinternals: http://forum.sysinternals.com/printer_friendly_posts.asp?TID=11134
I added the site to McAfee SiteAdvisor so the site will be added to their database. After awhile, their webcrawler will check out the site. People can also post reviews for the site. the review process is similar to here, where different people have different reputations and rankings. Anyone can join.
You can also upload suspect files to VirusTotal or Jotti to be scanned and submitted.
No offence, but siteadvisor is a lost cause. I was one of their top reviewers for a long time, but after seeing how Mcafee has neglected and condemned siteadvisor to the dumpster I do not see any point in contributing to it.
Their ratings are very inaccurate, with many dangerous sites being rated clean even after 50 reviews from pretty much every single top reviewer.
Their rating system takes forever to update and is no longer effective
They have a minimal amount of staff running that site, hence it has become so neglected
They let spammers run loose and write troll reviews, and do not act on the complaints of genuine users.
MyWOT – http://www.mywot.com/ is a much better model, and they use many sources including blacklists to update their website ratings. They also have an active staff who actually work to improve the site instead of watch it decay.
Oh, and that file is too big for virustotal, 5mb and under for them unfortunately.
Just a quickie update, Kaspersky has added detection for the malware as of yesterday as Trojan-Downloader.Win32.arvj and Trojan-Downloader.BAT.Agent.x
Ugh… I hate virtumonde!Spyware Doctor saved me though, its great because nobody ever looks to bypass it, I just use the freeware version of Spyware Doctor And PC Tools Anti-virus, it really helps, they have another program the just alerts you about suspicious processes, its very helpful
I did some research and it’s also linked to that nasty site information.com. And it’s a fake codec that installs a zlob to your computer too.
This is, apparently, another really malicous site that we need to avoid.