1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Weird Malware Shit - Malware Experts Come

Discussion in 'BlackHat Lounge' started by gbmack, Sep 10, 2009.

  1. gbmack

    gbmack Power Member

    Joined:
    Apr 19, 2009
    Messages:
    705
    Likes Received:
    686
    Okay, so I was looking for a fix to a program on Youtube.

    A video provided a solution and a link.

    It was a .zip file on mediafire.
    For sure it was mediafire, no redirects or anything. Hovered my mouse over the mediafire link, and it showed mediafire in the bar.

    So I was like, okay I'll just download the file from mediafire, and then I'll scan it with virustotal.

    Right when I downloaded the .zip file, it did not appear on my desktop.
    My McAfee siteadvisor popped up and said "This website has been reported for malware attacks. Do you want to block or allow?"

    Out of impulse, I clicked "block."

    Weird thing is, no website showed up, the only thing that showed up was my mcafee siteadvisor warning. I'm guessing it blocked the website before showing up in the first place.


    Anyways, I didn't know what went wrong, so as an idiot, I tried it again.
    Same results.

    I downloaded the .zip file, right when it finished downloading I did NOT open anything, and it didn't even appear on my desktop. I get the same warning popup, click block, and nothing seems to happen.

    Now, I don't think the mcafee siteadvisor popup was fake. I have mcafee siteadvisor installed on my browser. However, I've never gotten that popup before.. I don't think it is connected in any way to the malware because the malware should be targetting 100% of it audience, and it wouldn't use mcafee but instead use a made up antivirus company name.

    So I fired up my Spyware Doctor, it found a spyware named trojan-pws.bancos.pwn and it removed it.

    Anyways what I'm really asking is wtf went wrong?

    When I downloaded the .zip file from mediafire, it never appeared on my desktop, I get a warning from my mcafee siteadvisor, and my spyware doctor finds a spyware on my computer..

    Is this possible? I never opened the .zip file.

    Help please!

    I'll be firing up my malwarebytes and hijackthis in just a moment..
     
    Last edited: Sep 10, 2009
  2. gbmack

    gbmack Power Member

    Joined:
    Apr 19, 2009
    Messages:
    705
    Likes Received:
    686
    Actually this trojan.bancos.pwn thing has been detected by my spyware doctor before.

    I think it has to do with the system restore points, so I decided to remove them.

    Anyways, I still don't understand the whole .zip thing... I thought you have to open a file before anything happens..
     
  3. Sanitarium

    Sanitarium Regular Member

    Joined:
    Sep 27, 2008
    Messages:
    312
    Likes Received:
    648
    Occupation:
    I guess making love to your eyes since you're read
    Location:
    In your mind.
    Hey don't type in your details into anything till you get that thing off.
     
  4. gbmack

    gbmack Power Member

    Joined:
    Apr 19, 2009
    Messages:
    705
    Likes Received:
    686
    I didn't type any login details yet, and I have gotten the spyware off with spyware doctor.

    I am not asking for solutions, I just want an explanation of what happened..

    Weird..

    Tomorrow, I will scan again, and change my passwords to my paypal and email.