CodeExplorer Posted May 27, 2009 Posted May 27, 2009 (edited) Links to infected files:xttp://www.freshwap.net/forums/applications/200445-aoa-dvd-ripper-5-1-9-1208-a.htmlxttp://www.freshwap.net/forums/applications/201009-cute-ftp-pro-v8-3-2-build-09-02-2008-1-a.htmlxttp://www.freshwap.net/forums/applications/201788-winrar-3-80-pro.htmlfrom what I saw all his posts contains same malware:xttp://www.freshwap.net/forums/applications/index1083.html?sort=postusername&order=asc&daysprune=-1lemutyt210 had 60 post now has 70! How many peoples will be infected whit files posted by him?This sucker also removed .NFO of cracks so you won't have any contact information!The file is a Rar SFX archive (self extracting archive), also the file has a password:this is why any online antivirus won't detect any virus.When you execute the archive the content of archive will be extracted under temporary directory using the password, the malicious code will be executed and after that the original file.You can see if you:Enter inside the archive using WinRar and click View under any exe file: Winrar will open the enter password dialog!Here is the threatexpert result:http://www.threatexpert.com/report.aspx?md...cc80d4b5dd5c37f------------Is not the only warez website which post infected viruses:xttp://loweimages.com/xttp://xwarezzz.com/xttp://21.hotfunspace.com/ Edited May 31, 2009 by CodeRipper
evlncrn8 Posted May 27, 2009 Posted May 27, 2009 damn, people like that i really can't understand.. they're only good for one thing, that being that you take them outside and clean your shoes by kicking them repeatedly 1
CodeExplorer Posted May 31, 2009 Author Posted May 31, 2009 (edited) rdmk0rn1 also post same malware under this:http://www.freshwap.net/forums/application...-9-1-1-1-a.html Edited May 31, 2009 by CodeRipper
Majii Guy Posted May 31, 2009 Posted May 31, 2009 Someone else who uses ThreatExpert - finally Anyways, I've dealt with malware in this form many a time; one that uses some form of self-extracting archive (Be it ZIP, 7z, RAR, etc) to extract a program, then execute said program. Regardless, nice job on the report.
GEEK Posted June 3, 2009 Posted June 3, 2009 thts the reason why you should never run sfxstandard releases are always either zip or rar
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now