LS.Andy

Members
  • Content Count

    1,331
  • Joined

  • Last visited

  • Days Won

    43

Posts posted by LS.Andy


  1. I can see the problem now - we're looking at different files.

     

    The sha256 for the file submitted to Virus Total is not the same for the file I downloaded from https://correlog.com/Download/co-5-6-3.exe.

     

    VT file hash: 34eed7d4b0f4ac49affa3a56d789d326daa6f9ea8acaef4c77933476d00dcfa4

    From URL: 9cc3ba54b08be7b21b9e52c8b48d281e8e7797b90f0d5de6d6bf13698a7e3d3d

     

    I'll download the file from Virus Total and check it out.


  2. Hi Michael,

     

    I'm still unable to recreate the detection using Ad-Aware. I ran several scans against the file:

    • scanning the file itself
    • extracting the contents and scanning them
    • installing the application and running a full system scan

    ... and nothing was flagged. Can you provide the Virus Total link that shows the detection? That will give me the hash of the file being flagged - I can check if that file exists on my machine after installing CorreLog.

     

    I'm not quite sure what to make of Virus Total's response. They use the command line version of Ad-Aware that has the same definition files as the regular GUI version. They will most certainly keep it updated with the latest definition files, so if they are still seeing the Trojan.Zmutzy.802 flag, I should see it too.

     

    If you can post the Virus Total link, that will give me something to go on.

     

    Thanks,

     

    Andy


  3. Hi again,

     

    The three files were not detected in my test. Either they've been removed from detection already or I'm not testing the correct files.

     

    I downloaded UMove1718.exe (md5: 13a6b127f1a9b85f56d2afee83ab9782) from hxxp://download.algintech.com/UMove1718.exe and extracted the contents.

     

    Here are the md5s of the corresponding files you mentioned:

     

    56ce0748feed9b6caaa2e39f04350cf1 AECOMDLL.dll
    0c336651bea70ecb063b33abbf75a7e4 UMove64.msi
    e275b936a42bca0e52a504c1c3dc184a UMove.msi

     

    Can I ask you to verify that the files are no longer detected, or, upload a zip file containing the detected files to this thread?

     

    Thanks,

     

    Andy

    Lavasoft Malware Lab


  4. Hi,

     

    The application is detected as a Possible Unwanted Application because on a clean, freshly installed OSX, it shows thousands of insubstantial system problems, asking for a payment to resolve them. User feedback is also taken into account when categorising applications. You can about read people's experiences with the application on other forums, here, for example: https://discussions.apple.com/thread/7135825?tstart=0

     

    Andy

    Lavasoft Malware Lab