CodeExplorer Posted May 27, 2009 Share Posted May 27, 2009 (edited) Links to infected files:xttp://www.freshwap.net/forums/applications/200445-aoa-dvd-ripper-5-1-9-1208-a.htmlxttp://www.freshwap.net/forums/applications/201009-cute-ftp-pro-v8-3-2-build-09-02-2008-1-a.htmlxttp://www.freshwap.net/forums/applications/201788-winrar-3-80-pro.htmlfrom what I saw all his posts contains same malware:xttp://www.freshwap.net/forums/applications/index1083.html?sort=postusername&order=asc&daysprune=-1lemutyt210 had 60 post now has 70! How many peoples will be infected whit files posted by him?This sucker also removed .NFO of cracks so you won't have any contact information!The file is a Rar SFX archive (self extracting archive), also the file has a password:this is why any online antivirus won't detect any virus.When you execute the archive the content of archive will be extracted under temporary directory using the password, the malicious code will be executed and after that the original file.You can see if you:Enter inside the archive using WinRar and click View under any exe file: Winrar will open the enter password dialog!Here is the threatexpert result:http://www.threatexpert.com/report.aspx?md...cc80d4b5dd5c37f------------Is not the only warez website which post infected viruses:xttp://loweimages.com/xttp://xwarezzz.com/xttp://21.hotfunspace.com/ Edited May 31, 2009 by CodeRipper Link to comment Share on other sites More sharing options...
evlncrn8 Posted May 27, 2009 Share Posted May 27, 2009 damn, people like that i really can't understand.. they're only good for one thing, that being that you take them outside and clean your shoes by kicking them repeatedly 1 Link to comment Share on other sites More sharing options...
CodeExplorer Posted May 31, 2009 Author Share Posted May 31, 2009 (edited) rdmk0rn1 also post same malware under this:http://www.freshwap.net/forums/application...-9-1-1-1-a.html Edited May 31, 2009 by CodeRipper Link to comment Share on other sites More sharing options...
Majii Guy Posted May 31, 2009 Share Posted May 31, 2009 Someone else who uses ThreatExpert - finally Anyways, I've dealt with malware in this form many a time; one that uses some form of self-extracting archive (Be it ZIP, 7z, RAR, etc) to extract a program, then execute said program. Regardless, nice job on the report. Link to comment Share on other sites More sharing options...
GEEK Posted June 3, 2009 Share Posted June 3, 2009 thts the reason why you should never run sfxstandard releases are always either zip or rar Link to comment Share on other sites More sharing options...
amakrkr Posted June 22, 2009 Share Posted June 22, 2009 thx for the warrning! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now