Avast! not detecting this virus...

[dudikre1]

Hello,
I'm new here and I bought the Avast! Internet Security.
I was just browsing on the web and I got redirected from google to hxxp://merosa.ce.ms/,
Then it said something about an av problem... and I know its an virus and its a fake message but I did downloaded it to see if avast can detect it,
And it DIDNT !, I did tried to manually scan it and still nothing.
Now I said to my self maybe it undetected so I uploaded it to http://virusscan.jotti.org/
And that's the shocking results:
http://virusscan.jotti.org/en/scanresult/926d26652e6d0658b6c38f561c0865e98308ec23/133d73a0310cb4b6a79403e548b74b3ba300b7ec
8 of of 20 DETECTED the virus and avast didn't,
To tell you the truth I'm pretty disappointed,
Please test the file and try to do your best to detect more files in the future.
Dudi k.
The Virus:
Removed

[Pondus]

Detected by Malwarebytes - Rogue.SecurityCenter.Gen

VirusTotal
http://www.virustotal.com/file-scan/report.html?id=9e6fbc8f62dfcbfc5c4775761937c9c79333e32c291af1de9b21f0dc9480d7ba-1306335498

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=e1b3706137e1777d39457e5262763d38


it is on the way to avast lab   

[DavidR]

@ dudikre1
Please remove the file sharing link, you have no control over who might download it or what they might do with it.

Any undetected samples should be sent directly to avast:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

[polonus]

Hi dudikre1,

Also munge the link to merosa dot ce dot ms also. like -hhtp or hxtp
Suspicious rogue av site, see: http://www.urlvoid.com/scan/merosa.ce.ms
It is to a domain with fake-av and google malware e.g. 188. 229. 88. 102
Site returning error (40x): HTTP/1.1 404 Not Found, maybe they are cleansing the site...
or it was closed (taken down), this because IP PTR:    Resolution failed,

polonus

[Pondus]

yes, this you can see in the ThreatExpert report i posted above
the malware will phone home on that url

[polonus]

Hi Pondus,

It is a good thing that all this fake av coming from that 188. 229. 88. 102 domain is rather shortlived, think this one is also already dead, see: http://hosts-file.net/default.asp?s=merosa.ce.ms
But that domain is spawning fake av like a Medusa's head, chop off a few and others are to grow on in a jiffy,

polonus

[polonus]

Well I queried the MD5 hash from Jotti's malware scan given by dudikre1 above here:
at https://www.vicheck.ca/md5query.php
giving the following results:
VT results: http://www.virustotal.com/file-scan/report.html?id=9e6fbc8f62dfcbfc5c4775761937c9c79333e32c291af1de9b21f0dc9480d7ba-1306340641
ThreatExpert.com report: http://www.threatexpert.com/report.aspx?md5=e1b3706137e1777d39457e5262763d38
Getting at the same results Pondus gives, but explaining how to check..

polonus