HDTVxvid.net -- BAD SITE!!! Do not download the codec
by beckerist
over 5 years ago

HDTVxvid.net — BAD SITE!!!

Do not download the codec pack provided, it is a new form of Virtumonde that brings in all sorts of baddies (trojans, Smitfraud-C, etc…)

I am doing some research and will let you know what I found. Only solution so far was a total harddrive format/wipe.

by Baz
over 5 years ago

Quite big at 6.7MB too…

I have sent it off to a couple of vendors for adding to virus databases.

by beckerist
over 5 years ago

Could you show me where to do that? I was looking for somewhere to send it and just found forums that probably wouldn’t appreciate virus attachments :) Thanks.

by Baz
over 5 years ago

You may find that you need to send them a link to the file in question as it is too big for most email service attachments.

Adaware: Send to mailto:research[AT]lavasoft.com

Avast: virus{AT}asw.cz

Avira: Instructions at http://analysis.avira.com/samples/index.php or send to virus[AT]avira.com

AVG: virus[AT]grisoft.com

BitDefender: Svirus_submission[AT]bitdefender.com

CA (ETrust): Instructions at http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=33514 or send to virus[AT]cai.com

ClamAV: Instructions at http://cgi.clamav.net/sendvirus.cgi -

Comodo: support[AT]nsclean.com

eSafe: esafe.virus[AT]eAladdin.com

F-Prot (Island): viruslab[AT]complex.is

F-Secure: Instructions at http://www.f-secure.com/security_center/malware_sample_submit.html or send to samples[AT]f-secure.com

Kasperky Labs: newvirus[AT]kaspersky.com and Zip or Rar the sample, lock the
file with the password ‘infected’.

Norman: Instructions at http://www.norman.com/microsites/nsic/Submit/en-us/

Macafee: virus_research[AT]nai.com

Microsoft: sysinternals[AT]submit.microsoft.com and Zip or Rar the sample, lock the file with the password ‘infected’, and limit the file’s size to 10 MB

NOD32: Send to samples[AT]eset.com

Quick Heal: See http://www.quickheal.com/newvir.htm or send to cat[AT]vsnl.com

Sophos: See http://www.sophos.com/support/samples/

Symantec: Instructions at http://www.symantec.com/enterprise/security_response/submitsamples.jsp


VirusBuster: Instructions at http://www.virusbuster.hu/en/support/contact/redirect_virus

Vital Security: research[AT]finjan.com

List kindly put together at sysinternals: http://forum.sysinternals.com/printer_friendly_posts.asp?TID=11134

by beckerist
over 5 years ago

Wow, thank you very much!

by Nick_YF19
over 5 years ago

I added the site to McAfee SiteAdvisor so the site will be added to their database. After awhile, their webcrawler will check out the site. People can also post reviews for the site. the review process is similar to here, where different people have different reputations and rankings. Anyone can join.


You can also upload suspect files to VirusTotal or Jotti to be scanned and submitted.


by Baz
over 5 years ago

No offence, but siteadvisor is a lost cause. I was one of their top reviewers for a long time, but after seeing how Mcafee has neglected and condemned siteadvisor to the dumpster I do not see any point in contributing to it.

Their ratings are very inaccurate, with many dangerous sites being rated clean even after 50 reviews from pretty much every single top reviewer.

Their rating system takes forever to update and is no longer effective

They have a minimal amount of staff running that site, hence it has become so neglected

They let spammers run loose and write troll reviews, and do not act on the complaints of genuine users.

MyWOT – http://www.mywot.com/ is a much better model, and they use many sources including blacklists to update their website ratings. They also have an active staff who actually work to improve the site instead of watch it decay.

by Baz
over 5 years ago

Oh, and that file is too big for virustotal, 5mb and under for them unfortunately.

by Baz
over 5 years ago

Just a quickie update, Kaspersky has added detection for the malware as of yesterday as Trojan-Downloader.Win32.arvj and Trojan-Downloader.BAT.Agent.x

by linuxman13
over 5 years ago

ahhhh vundo and zlob!!!! reporing site to google!

by will14
about 5 years ago

Ugh… I hate virtumonde!Spyware Doctor saved me though, its great because nobody ever looks to bypass it, I just use the freeware version of Spyware Doctor And PC Tools Anti-virus, it really helps, they have another program the just alerts you about suspicious processes, its very helpful

by Its_Izzy_Lovesz
over 3 years ago

I did some research and it’s also linked to that nasty site information.com. And it’s a fake codec that installs a zlob to your computer too.

This is, apparently, another really malicous site that we need to avoid.


About Contact Us Terms & Conditions Privacy Policy Copyright