card.exe -- no virus detected

[bslorence]

My network has been getting a lot of emails entitled "You've received a postcard from a family member", or something along those lines. They generally include a link to a web site, and so I tried the most recent email's link in a text-only browser running under UNIX (safer that way). It took me to a web page that included a single link, to a file called card.exe.

I tried scanning this "card.exe" with Avast and it did not report any problems. Then I uploaded it to VirusTotal and Jotti, both of which found problems -- but in both cases only a minority of the scanners found problems.

This is clearly malicious software, but I don't want to run on it on my PC to see what it does -- I don't have an appropriate environment for testing that sort of thing. I'm a little worried that Avast isn't detecting it, because we've been getting a lot of these, and eventually one of my users is going to get one and may actually download and run the exe.

Is there any way I can submit this file to Avast for analysis?

Thanks,

Ben

[Lisandro]

Is there any way I can submit this file to Avast for analysis?

Sure. Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

[Lisandro]

Check also http://forum.avast.com/index.php?topic=29123.msg238644#msg238644

[bslorence]

Wow, looks like that other thread went up while I was typing my post! I knew I searched the forums first before posting... 

[bslorence]

Oops, stupid me -- I deleted the file, and now I can't download it again. I guess we'll have to rely on the user who posted on the other thread. -Ben

[Lisandro]

I deleted the file, and now I can't download it again.

When you can, you help improving detection if you send files to analysis

[bslorence]

I got another one today and sent it to virus@avast.com. I'll check tomorrow to see if it's detected yet, and if not, I'll open a support request (I'm a corporate customer).

[Lisandro]

I'll check tomorrow to see if it's detected yet, and if not, I'll open a support request (I'm a corporate customer).

It's your right and you'll help to make avast better. Thanks.

[phil31]

I got the same problem two days ago
I'm on Windows XP
Avast was on "Normal" and not on "Avancée" (I'm a Frenchman)
Avast was recognizing a probably virus but didn't try to delete it.
I tried by free versions of Macaffee and Bit Defender : they didn't find
I've loaded free Norton by Google Tools : it found "Trojan.Peacomm.B" and deleted it. Victory !
It's the first time Avast doesn't satisfy me. I've been using it for 3 years without any problem ...

[Lisandro]

Avast was recognizing a probably virus but didn't try to delete it.

I doubt about this... if avast recognizes it tries to delete/move/move to Chest...

I tried by free versions of Macaffee and Bit Defender

McAfee detection is not that good nowadays...

[FreewheelinFrank]

New e-card variants seem to be emerging every few hours, with quite limited detection by most AV's.

Complete scanning result of "ecard_2_.exe", received in VirusTotal at 07.04.2007, 18:41:44 (CET).

Antivirus     Version     Update     Result
AhnLab-V3     2007.7.5.0     07.04.2007     no virus found
AntiVir     7.4.0.37     07.04.2007     TR/Small.DBY.DB
Authentium     4.93.8     07.03.2007     no virus found
Avast     4.7.997.0     07.04.2007     no virus found
AVG     7.5.0.476     07.04.2007     no virus found
BitDefender     7.2     07.04.2007     no virus found
CAT-QuickHeal     9.00     07.04.2007     (Suspicious) - DNAScan
ClamAV     devel-20070416     07.04.2007     no virus found
DrWeb     4.33     07.04.2007     no virus found
eSafe     7.0.15.0     07.04.2007     Suspicious Trojan/Worm
eTrust-Vet     30.8.3762     07.04.2007     no virus found
Ewido     4.0     07.04.2007     no virus found
FileAdvisor     1     07.04.2007     no virus found
Fortinet     2.91.0.0     07.03.2007     no virus found
F-Prot     4.3.2.48     07.03.2007     no virus found
F-Secure     6.70.13030.0     07.04.2007     no virus found
Ikarus     T3.1.1.8     07.04.2007     no virus found
Kaspersky     4.0.2.24     07.04.2007     no virus found
McAfee     5066     07.03.2007     W32/Nuwar@MM
Microsoft     1.2701     07.04.2007     no virus found
NOD32v2     2378     07.04.2007     a variant of Win32/Fuclip
Norman     5.80.02     07.04.2007     no virus found
Panda     9.0.0.4     07.04.2007     no virus found
Sophos     4.19.0     06.24.2007     no virus found
Sunbelt     2.2.907.0     07.04.2007     no virus found
Symantec     10     07.04.2007     Trojan.Packed.13
TheHacker     6.1.6.142     07.04.2007     no virus found
VBA32     3.12.0.2     07.03.2007     no virus found
VirusBuster     4.3.23:9     07.04.2007     no virus found
Webwasher-Gateway     6.0.1     07.04.2007     Trojan.Small.DBY.DB

[Lisandro]

I've received an IM from another user of avast from my country.
He says he sent 147 variants of trojans and worms (including e-cards) to Alwil for analysis.
World is becoming dangerous to live... and avast isn't in the front end of security right now... it's a pity.