Avast antivirus services stopped by a malware:

Recently, i come across a malware which stops avast antivirus services, after the execution of the malware.

Its an upx packed file: unpacked it and found the strings which are targeted to stop mainly avast services- 

steps:

Already, Installed avast edition in windows xp environment or higher version.

Run that malware. After the restart of our system, we will find the following- avast services are stopped.

There is message we can see in the avast that system unsecured that avast antivirus program has been stopped and please restart the program.

There is option as start program in avast.

Then a process called visthaux.exe starts running in the process explorer. But that process unable to restart the avast service. 

Even restarting the system and tried to start the avast process- it didn't start.

Ok, then i try to scan my system, but when i press the start scanning: it through the message as unable to start scan-

Only thing Avast need to do- is to detect that malware. Today it detects the malware (prevention is better than cure).

Regards,

NewWorld

Spam mail leads to phishing:

Last week, I received a spam mail in my Gmail account. It gives me the message as: to view the doc, please click here and login!

I viewed this link in the dedicated environment (for analysis). The link is hxxp://spirtbaza.com/bggle.doc/index.htm

In order view this doc, need to login using any of the following account.

I just use some random user id and some random password. It accepts those non existing id and redirected to Google doc page - https://productforums.google.com/forum/#!category-topic/docs/documents

I also captured the packets:

WHOIS information for spirtbaza.com:***

Domain Name: SPIRTBAZA.COM

   Registrar: LLC "REGISTRAR OF DOMAIN NAMES REG.RU"

   Whois Server: whois.reg.ru

   Referral URL: http://www.reg.ru

   Name Server: NS23.RUWEB.NET

   Name Server: NS45.RUWEB.NET

   Status: clientTransferProhibited

Regards,

NewWorld