Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Another spam with a nice attachment from the XimianEvolution spammer.

VT hadn't seen this one before:

https://www.virustotal.com/en/file/583f1fa9645a1e285f5659bab988404da907171a80331cfedc19da29c321b078/analysis/1413934061/

Get your copy here:

http://www.filedropper.com/daticket

ID'd variously as:  Aspxor / Zortob / Kuluoz / PWSZbot / Weelsof-IV

Pathetic detection rate, given I've been sitting on it for 24 hours.  
Here is your list of Anti-virus FAILURES:

AVware        Agnitum               AhnLab-V3     Antiy-AVL
Avira         Baidu-International   Bkav          CAT-QuickHeal
CMC           ClamAV                Comodo        Ikarus
Jiangmin      K7AntiVirus           K7GW          Kingsoft
Malwarebytes  NANO-Antivirus        Norman        Qihoo-360
Symantec      TheHacker             TotalDefense  TrendMicro
VIPRE         Zillya                Zoner         nProtect


=========================================
Received:     from circlair.com ([156.1.40.30])
X-Mailer:     XimianEvolution1.4.6

Dear Customer,

ELECTRONIC TICKET / ET-29778907  
SEAT / 53E/ZONE 2  
DATE / TIME 19 NOVEMBER, 2014, 11:25 AM  
ARRIVING / Toledo  
FORM OF PAYMENT / CC  
TOTAL PRICE / 231.43 USD  
REF / KE.4221 ST / OK  
BAG / 4PC  

Your ticket is attached.  
You can print your ticket.  

Thank you  
Delta Air Lines.  
=========================================

Who the hell wants to fly these days anyways?  And risk catching ebola?

Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

On 22/10/2014 00:45, Virus Guy wrote:
Quoted text here. Click to load it

It is interesting to note that Malwarebytes is now being purported to be  
an *anti-virus* programme!

Indeed, it has been certified as such by West Coast Labs!

http://www.westcoastlabs.com/checkmark/productList/checkmarkTestResult/?productID=516&techGroupID=27&from=v

I've always understood that one should only ever have one AV product  
active at any one time, yet MBAM claims that it "Compatible with most  
major antiviruses"  http://www.malwarebytes.org/products/

Have you any idea how Malwarebytes can do that when none of the other  
providers can do so?

D.

Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54



Quoted text here. Click to load it

It isn't Malwarebytes making the claim.
It is some idiot who just setup a web site in July.



--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

On Thu, 23 Oct 2014 06:46:33 -0400, "David H. Lipman"

Quoted text here. Click to load it

You're wrong, as usual with your defending these flimflam artists.

It is right on this page.

http://www.malwarebytes.org/products/

Malwarebytes Anti-Malware Free

Detects and removes malware your antivirus will miss.

    Detects new (zero-hour) malware your antivirus will miss
    Removes even the most deeply embedded malware
    Doesn't cost you a dime
    Compatible with most major antiviruses


Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

mendina@invalid.com explained :
Quoted text here. Click to load it

That doesn't say what you think it does.



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


Quoted text here. Click to load it

It never states itself to be an anti virus.
It states compatibility with "most" anti virus applications and detects  
"malware" an anti virus application may miss.

There is no explicit nor implicit statement promoting the product as an  
"anti virus".

I am not wrong in this case and while occasionally I may be wrong, one can  
not ascribe "as usual" to me being wrong which confers thae idea that David  
H. Lipman is wrong more often than right.

Additionally, the derrogatory term "flimflam artist" can't be ascribed to  
Malwarebytes.  While they screw up and the management sucks, etc, they are  
an ethical and fair company.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54




My mistake.  In did not intend to reply to you, but to reply to;  
mendina@invalid.com


--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

David H. Lipman expressed precisely :
Quoted text here. Click to load it

Agreed. OTOH I sent an e-mail to WCL and haven't as yet received a  
reply. I suspect that their definition of virus differs from ours.



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


Quoted text here. Click to load it

It is a very important distinction.

For it to be classed as an anti virus application it would have to be able  
to remove malicious code that had been prepended, appended or cavity  
injected into a legitimate file and bring the file, as best it can, to its  
pre-infected state.  This may or may not return an infected file back to its  
original checksum value.


--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

"David H. Lipman" wrote:
  
Quoted text here. Click to load it

It's far beyond the time that you (and others) drop the distinction
between virus, worm, dropper and trojan when discussing how those items
are detected by commercial software.  

While those items are different and have different characteristics and
functionality, those differences are not relevent at all when the issue
of their DETECTION and/or REMOVAL is being discussed.  And in case you
haven't noticed, there is a whole industry that exists for that sole
purpose of detecting and removing these "phenomena".

Whether we label this software as "anti-virus" or "anti-malware" or
anti-something-else is also irrelevent.

In the end, whether it's Malwarebytes or something else, we are dealing
with software that claims to be able to detect (and hopefully remove)
malicious files and other remnants of malware presence (registry keys,
etc) on a system.

Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

Virus Guy formulated the question :
Quoted text here. Click to load it

But that is why there *is* a distinction.

Quoted text here. Click to load it

But that is exactly why the distinction is important. The technology is  
different for the different types in both detection and removal.

[...]



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


Quoted text here. Click to load it

Those differences are completely relevant to their detection and  
removal as both methods have to be tweaked for the intended purpose.  
Removing/detecting a virus is usually going to be different than  
removing a malicious trojan.
  
Quoted text here. Click to load it

No, it's not. It describes perfectly what the application is  
specifically designed to help defend you against.
  
Quoted text here. Click to load it

Which it does.
  



--  
If you can read this, Thank a teacher.
If you're reading it in english, Thank a soldier!



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


Quoted text here. Click to load it

Agreed!


--  
If you can read this, Thank a teacher.
If you're reading it in english, Thank a soldier!



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

~BD~ pretended :

Quoted text here. Click to load it

If I'm not mistaken, it is a program.



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


Quoted text here. Click to load it

It might be a UK spelling variant.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

David H. Lipman laid this down on his screen :
Quoted text here. Click to load it

If you google "program vs programme" you'll see that even over there it  
is supposed to be "program" for computer program and "programme" for  
others things.



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54



Quoted text here. Click to load it

Obrigado.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54

David H. Lipman laid this down on his screen :
Quoted text here. Click to load it

YW

BD likes to critique my syntax so I throw him a bone sometimes.



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


  
Quoted text here. Click to load it

Malwarebytes is not an antivirus product. It can detect a small  
amount of viruses in specific cases, but that's not it's primary  
function. It *does* run fine with most AV programs that are resident.  
It's designed to be an additiona layer of defense; to catch things  
your resident AV might miss, etc. And it does do these things.

It does a very good job in cleaning up systems which have already  
been compromised. It is, in most cases, a good time saving  
application for the detection and removal of malicious and otherwise  
potentially harmful software.

I hope the information is helpful to other readers who might have  
questions concerning the program. More specific questions concerning  
it should be directed to Malwarebytes forums; not here. Malwarebytes  
employees (afaik) do not provide support via usenet for the program.

This is the specific sub forum where users who have questions  
concerning the program should post. Someone there should be able to  
help them.

http://preview.tinyurl.com/m2wjrh3

You're also encouraged to browse the forums and read posts before  
determining which version of the program you will run on your own  
machine. For the time being, I personally, still recommend v1.75  
which can be downloaded from:

http://filehippo.com/download_malwarebytes_anti_malware/14815/

If you plan to run v1.75; be sure you click the settings tab, click  
updater and uncheck download program updates and notify you when one  
is available; or when you get an update, you'll get one of the newer  
versions... A definition update isn't a program update.  


--  
If you can read this, Thank a teacher.
If you're reading it in english, Thank a soldier!



Re: Another trojan from the XimianEvolution spammer (Oct 20 / 2014) VT score: 26/54


Quoted text here. Click to load it

Thanks, appreciate your reports, helps in picking a decent A/V...

--  
! _\|/_  Sylvain / B00ze64@hotmail.com
! (o o)   Member-+-David-Suzuki-Foundation/EFF/Planetary-Society-+-
oO-( )-Oo  Cut life support to all quarters with children -Picard


Site Timeline