[rkhunter]

epic...

MD5: 25e9e3652e567e70fba00c53738bdf74

Emsisoft: Backdoor.Win32.ZAccess!IK
Ikarus: Backdoor.Win32.ZAccess
TheHacker: Backdoor/ZAccess.cdk
VBA32: Backdoor.ZAccess.bze

https://www.virustotal.com/file/d96b3f5 ... 329915457/

[nullptr]

Strictly for lols.
Started with detection 4 / 41 now https://www.virustotal.com/file/a02b996 ... 344687790/
The wonders of junk code ...

If you have any doubt that this is clean, then treat it as malware.

[Xylitol]

Buggy McAfee antivirus update causes problems for home and business users
http://www.infoworld.com/d/security/bug ... s_security

[Xylitol]

Avira guys blure a malicious blackhole landing url but forget one: http://techblog.avira.com/wp-content/up ... cated1.png

[thisisu]

I thought this was pretty bad. (Detection rate)

https://www.virustotal.com/file/a4bc852 ... /analysis/

[EP_X0FF]

I thought this was pretty bad. (Detection rate)

https://www.virustotal.com/file/a4bc852 ... /analysis/

This file is OK. It is genuine svchost from w7.

[Xylitol]

MSE Fail with Win32/Dokstormac.A (Arcom RAT) detected on ArcSoft legit bin

also fail to detect Blackshades on a legit firefox (and i've leaved this infected firefox since 2 months but i've no timestamp to proove that :()

[Xylitol]

https://www.virustotal.com/file/b1ee43f ... 354044819/
TR/Crypt.XPACK.Gen,Trojan.Crypt,Win32.Malware.Heur_Generic.B.(kcloud),WS.Reputation.1,TROJ_GEN.R47H1KO
For just another ExitProcess:

Code: Select all

00401000 >/$  6A 00         PUSH 0                                   ; /ExitCode = 0
00401002  \.  FF15 40204000 CALL DWORD PTR DS:[402040]               ; \ExitProcess

[Xylitol]

Ok, i can't even code masm32 sdk11 installer is detected as Ngrbot https://www.virustotal.com/file/658a362 ... 357506553/


i'm getting tired of all this shit with false positives.

[secObs]

From http://www.nytimes.com/2013/01/31/techn ... =all&_r=2&

Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.

A Symantec spokesman said that, as a matter of policy, the company does not comment on its customers.

I thought that a "big" network like NY Times had a better client security than a simple AV.