User PC0316 Spreading Virus Software?

[FruitsBasket]

Story: I asked to join a captcha typing thing, and I said yes. This user: https://bitcointalk.org/index.php?action=profile;u=794409 sends me a PM with malicious software...

I received this pm:

!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!
Hello there,

What country are you located in?

Here is a google document about the work.

https://drive.google.com/open?id=0B9aH_qGeXCLtYkEwT2FjLWpOaTg

The download link for the app is here:

https://drive.google.com/open?id=0B9aH_qGeXCLtZ3BzaUc1Q0tHbVk

Our email is peerchecker@gmail.com

We have created login details for you (which you use after you download and start the app).

Login: **********

Password: *********

We need a Bitcoin address from you too please so you can get paid.

Thanks,

PC.

Then I download the software:

[whywefight]

according to virustotal, yes: https://www.virustotal.com/de/file/7c14952c3eab3f46262da33b53633b0fa3cd248e14eb01cdb4005995fec8562d/analysis/

My local Kaspersky didnt find anything, hm...

[FruitsBasket]

according to virustotal, yes: https://www.virustotal.com/de/file/7c14952c3eab3f46262da33b53633b0fa3cd248e14eb01cdb4005995fec8562d/analysis/

Okay, how am I going to see if I have that virus on my pc?
I ran this software a week ago, but removed it. Now I wanted to re install it and it gives many virus alerts.

Can u tell me how I can see if I am infected?

[whywefight]

I guess this is no help as its in german. Run Malwarebytes and see what it says

[--Encrypted--]

google drive scans files for virus when they're uploaded...

EDIT:
scanned with avast premier and the result is clean.

Looks like it's got HEUR/QVM03.0.Malware.Gen, whatever that means.

yup.
https://www.virustotal.com/en/file/7c14952c3eab3f46262da33b53633b0fa3cd248e14eb01cdb4005995fec8562d/analysis/1458410565/

oh wait. whywefight posted this. silly me.

[suchmoon]

Looks like it's got HEUR/QVM03.0.Malware.Gen, whatever that means.

At some point PC0316 seems to have posted the link in the thread (quoted by another user below) but now the post is gone.

I have uploaded it to Google Drive.

https://drive.google.com/open?id=0B9aH_qGeXCLtZ3BzaUc1Q0tHbVk

Email me or private message me if you are interested.

My email is in the Instruction manual which is also on Google Drive, here:

https://drive.google.com/open?id=0B9aH_qGeXCLtYkEwT2FjLWpOaTg

ok, i interested and I have already sent a private message to you, if the work is good and has a decent income, I will forward it, and how you think about a daily income of solving captchas it?

[FruitsBasket]

google drive scans files for virus when they're uploaded...

But when I try to download it blocks the software automatically by my browser.
So I don't know if it's a browser is giving false information.

[Fortify]

You really should strip out the link if you think it is hosting a virus or malware, a few innocent people might click through without thinking. Nobody should download from links they don't know, even to do a virus scan on it.

[suchmoon]

A virgin VM with up-to-date Windows Defender also found something:


Edited 2020-11-28 to fix a broken image

Nasty enough for me, I'm not gonna dig deeper.

[FruitsBasket]

You really should strip out the link if you think it is hosting a virus or malware, a few innocent people might click through without thinking. Nobody should download from links they don't know, even to do a virus scan on it.

I did a virus scan at first and then it was fine, but a week later I get many virus alerts. I looked in my regedit and looked up the possible infected things, which i found online but it did not find anything, so I hope I am safe.

[Xandrah]

Started this up on a brand new vm, same result. Stay away from it.

[FruitsBasket]

Started this up on a brand new vm, same result. Stay away from it.

My Windows Defender also found that file and placed and quarantine.
Then I did a scan and it isn't finished yet, hope that it is clean.

[knowhow]

Started this up on a brand new vm, same result. Stay away from it.

My Windows Defender also found that file and placed and quarantine.
Then I did a scan and it isn't finished yet, hope that it is clean.

The last times i tryed to dowload the avira runned on it and the program werent working,saying missing some files,i didnt hade any kind of virus message but in the end i dont like to use sofwtare that is unknow for the most,i will scan it again and if the program stills i will use it.

[Freddynic159]

the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus?

[FriendlyChemist]

the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus?

Which program you are talking about?
I also opened a program today from  services section and my browser automatically stops and all data cache are cleared up??
Which program you are talking about?

[Freddynic159]

the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus?

Which program you are talking about?
I also opened a program today from  services section and my browser automatically stops and all data cache are cleared up??
Which program you are talking about?

PeerChecker.exe

I think that it is only a false positive by what I mentioned them before.

[knowhow]

The first three times i tryed it were giving me error,saying there were files missing,then later i had installed it without any virus hidden now i think and almost sure i got the virus ,i dont use explorer at all soo what kind of hiden virus it is anyone knows?

[ashkanb]

the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus?

i've had the same question; never brought it up to PC thought!
i'm using a spare laptop, running security essentials and spybot, and no personal info so i dont care much!
(no other windows machines on my network either to worry about.)
after every session i'd leave the laptop on and scan with both softwares so far nothing other than regular payments

[Sigals]

the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus?

If that is true and it uses hooks in windows then that would most likely flag it as a virus even though potentially it could be non-malicious.

[Text]

I think it's just a false alarm, after several days of working still my laptop works fine. I think the browser is wrong because last night I downloaded other application and it showed failed and virus detected later on when I tried to download it again then it was successful.