Jump to content

Qsel


Bambo

Recommended Posts

Using Immunet Plus.

 

Qsel is victim of W32.Invictus http://home.mnet-online.de/horst.muc/wpop.htm#qsel

 

Virustotal is almost clean http://www.virustotal.com/file-scan/report.html?id=8c5cb4dad0ee34b09e23be0a1af8d447e3f9e0d15c6dcbdef6930ee55a4525be-1291147570 Guess no one has reported false positives to Rising and CAT.

 

The zip file there as a whole has some troublesome data in it:

 

http://www.virustotal.com/file-scan/report.html?id=1a8f1a6ace6075583435b7b2d6e4a775e78be82afa8e90b19042a80902afae06-1291150917

 

I would be very cautious with that.

 

al

Link to comment
Share on other sites

Well that was popsel but I am 99.9999% sure that dude will never do something wrong. Not even ads on site. I think it has to do with his programming language, some PureBasic stuff.

 

There is a rundemo.exe in the popsel one, that is what trigger alarms http://www.virustotal.com/file-scan/report.html?id=5b5bcfa87294d256da37ff8f954ba63474aa68f8059a80fed45fe1f78c8f9c68-1291152077 Popsel.exe itself is clean - except for Rising and Cat http://www.virustotal.com/file-scan/report.html?id=c6240abe05abae9ec3c1d96f5c4ba1a8516db0854f09ade7ab340729c5e3e685-1291152165. I assume macro something features look suspicious.

 

Also a very old site and all that. Good old tools. But we will see. I consider it total theory there is anything wrong for real.

Link to comment
Share on other sites

Well that was popsel but I am 99.9999% sure that dude will never do something wrong. Not even ads on site. I think it has to do with his programming language, some PureBasic stuff.

 

There is a rundemo.exe in the popsel one, that is what trigger alarms http://www.virustotal.com/file-scan/report.html?id=5b5bcfa87294d256da37ff8f954ba63474aa68f8059a80fed45fe1f78c8f9c68-1291152077 Popsel.exe itself is clean - except for Rising and Cat http://www.virustotal.com/file-scan/report.html?id=c6240abe05abae9ec3c1d96f5c4ba1a8516db0854f09ade7ab340729c5e3e685-1291152165. I assume macro something features look suspicious.

 

Also a very old site and all that. Good old tools. But we will see. I consider it total theory there is anything wrong for real.

 

 

I have removed the detections for now.

 

al

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...