[Resolved] downloadastro.com - Installcore (PUA) installers

yigido

Translator
Hi,

Step by step re-produce of this submission;

1 - Writed on Google "Firefox İndir" (means Download Firefox)
2 - I went to this website : http://mozilla_firefox.tr.downloadastro.com/indir/
3 - Started to download and finished : https://s21.postimg.io/4p4vwqco7/screenshot.png
4 - I checked the file on Virustotal : https://www.virustotal.com/tr/file/c887fc7303182fb462b2a33285675bc062be8224b7a800badf96287f276bfaaf/analysis/1474057026/

This website is spreading adwares and potential unwated applications.
We should block the domain.

downloadastro.com
Dr.Web detected this website too. Please add it to blacklist.
Thanks

Virustotal result: https://www.virustotal.com/tr/url/243a040b78fb5c648f99d959cf752c153138662bf570a1c9978b7cbcf6b11fd2/analysis/1474057242/
 

yigido

Translator
Extra info..

It scares the user if you try to run this installer.. You cannot click on "No" and you cannot close the installer either..
Congrats you are infected now.
We should block this domain.

 

yigido

Translator
Any update on thşs issue? How much time do you need to add this to blacklist?
What was [*] this mean?
 

Woitler

Moderator
Moderator
The symbol [*] means that the subject in the course of treatment and will soon be decided.
I processed it and added to the database. ;)
 
Top