Jump to content

Dropper.Gen (trojan) downloaded from this Forum


Recommended Posts

Not sure if this is normal , so understand this post as an alert to the Mod .

I use to track this Suggestion Forum , and got an email about a new topic :

the email body (and the topic , of course) contains a link that downloads LnKnZOte.rar.part ,

blocked by Avira (9.0.0.407/eng.8.2.1.3/vir3=7.1.5.149) as a TR/Dropper.Gen(Trojan) .

This is the copy of the email , DO NOT ACTIVATE THE LINK (HTTP://....=6166) BELOW :

----- Original Message -----

From: "Malwarebytes Forum" <no-reply@malwarebytes.org>

Date: Mon, 24 Aug 2009 12:21:47 +0000

Subject: Forum Subscription New Topic Notification ( Malwarebytes Forum )

JRF, sony_georgiev has just posted a new topic entitled "Suggestion" in forum "Comments and Suggestions".

----------------------------------------------------------------------

Now with manual scan of archived RAR file I see that, MB scan 1 file only.

In archive are 9 files... + settings of deep level scan up to 10 levels.

And please add

forums/index.php?act=attach&type=post&id=6166

to signature update.

----------------------------------------------------------------------

The topic can be found here:

http://www.malwarebytes.org/forums/index.php?showtopic=22469

Edited by AdvancedSetup
Removed hyperlink to infected file - please do not post hyperlinks to infected files in this forum
Link to post
Share on other sites

Hello, the link is an attachment for database update and detections.

The user should have used to compress with a password, so it wouldn't be detected. Ignore or deny access. A moderator will take care of this.

Link to post
Share on other sites

To JRF -

Did your normal anti virus inform you as you opened the link or was it too late ?? -

Avira tends to notify me as I open anything like this and quarantines it prior to letting it in -

I have been hit by a few on Yahoo (it can be bad) but I seem to get by - Even though I run a MBAM scan all I find is the quarantined item in Avira -

Link to post
Share on other sites

To noknojon -

Thanks for your interest .

As I said Avira blocked the file , asked me for an action , and I chose to delete it .

Details :

I get all my emails via POP Peeper 3.5 , which I use to run with Message Viewing = Rich Text (i.e. links are showed , but no HTML is executed without consent , so my computer is hardly going to be infected by any email content) .

Clicking the link (which I carelessly understood from the text as an article) , the download was in fact done by my default browser (Firefox 3.5.2) to a temp area , then Firefox presented the usual popup asking if the file should be opened|saved|canceled .

That was when Avira blocked all the operation , including the Firefox popup buttons .

.....................

Yes , I use to update/quick-run MBAM daily , but normally keep Avira's Quarantine empty .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.