return to avast! pages visit our support read blog join us on facebook
« previous topic next topic »
Pages: [1]   Go Down

Author Topic: Could somebody check if FP or a real trojan (Moghava)  (Read 1209 times)

Offline cooby

  • Sr. Member
  • ****
  • Posts: 231
    • Personal Message (Offline)
Could somebody check if FP or a real trojan (Moghava)
« on: June 20, 2012, 05:58:26 PM »
There's an ongoing discussion about a possible android trojan in one application
http://www.thriveforums.org/forum/toshiba-thrive-general-discussions/12207-alert-avast-antivirus-found-trojan-malware-my-thrive-2.html#post110495

When avast sees malware, does it grab the file or is it up to the user to submit? If so, where.
« Last Edit: June 21, 2012, 02:15:56 AM by cooby »
Logged
1. Toshiba Satellite A75, Windows XP-Pro-SP3, Avast! free 8.0.1483, Sunbelt Firewall 4.7.4.0, Opera 12, mvps hosts, (MalwareBytes updated and run on demand only, rarely used)
2. Toshiba Thrive tablet (rooted), AdAway (hosts), Opera, Avast Mobile Security 2.0.4304 and DrWeb

Offline Filip Havlicek

  • Moderator
  • Super Poster
  • *
  • Posts: 1697
  • Gender: Male
    • Personal Message (Offline)
Re: Could somebody check if FP or a real trojan (Moghava)
« Reply #1 on: June 21, 2012, 08:21:15 AM »
Hi,

click on the detection - report false positive. I'll forward the link to some guys in the virus lab.

Filip
Logged

Offline Flippy

  • avast! team
  • Jr. Member
  • *
  • Posts: 21
    • Personal Message (Offline)
Re: Could somebody check if FP or a real trojan (Moghava)
« Reply #2 on: June 21, 2012, 08:48:19 AM »
Hello Cooby,

can you please send us strictly that .apk file please? Or even better just classes.dex for analyze? Even more people report this detection as false positive. But whats strange this detection is almost three months old and no one have any problems until now. And as you can see its works on malware pretty well.

https://www.virustotal.com/file/94bb6ade1ef31c6c96b98c7d8fad1abbc794292730f4363ea3cd9204fc5c9dfd/analysis/

Thank you & best regards

Filip Ch.
Logged

Offline cooby

  • Sr. Member
  • ****
  • Posts: 231
    • Personal Message (Offline)
Re: Could somebody check if FP or a real trojan (Moghava)
« Reply #3 on: June 21, 2012, 08:46:01 PM »
@Filip Ch, The link you posted is not about what we're dealing with :(

Application is imageresizer-1.apk. I installed it yesterday to join that thread, it got flagged.
We all figured that when CommunityIQ is set, you already pulled the file!
I did not yet resolve in Avast, not sure what will happen.

So I still have the application installed as well as a copy of .apk on external card.
It was flagged by Avast as well as one scan on Virus Total. Subsequent VT scan said it's ok.
I see the .dex files. Which do you want to see - the one for the application or VirusTotal applications?

Can I just zip everything I've collected including few screen shots and mail/submit someplace? If so, where?

@Filip Havlicek, how can I report it as FP when I do not know it is FP. Also once resolved, it'll be gone, so for now keeping it unused till you tell me is ok to delete.
« Last Edit: June 21, 2012, 08:48:46 PM by cooby »
Logged
1. Toshiba Satellite A75, Windows XP-Pro-SP3, Avast! free 8.0.1483, Sunbelt Firewall 4.7.4.0, Opera 12, mvps hosts, (MalwareBytes updated and run on demand only, rarely used)
2. Toshiba Thrive tablet (rooted), AdAway (hosts), Opera, Avast Mobile Security 2.0.4304 and DrWeb

Offline Filip Havlicek

  • Moderator
  • Super Poster
  • *
  • Posts: 1697
  • Gender: Male
    • Personal Message (Offline)
Re: Could somebody check if FP or a real trojan (Moghava)
« Reply #4 on: June 21, 2012, 11:03:07 PM »
Well it doesn't matter if you know it is actually a FP or not. What matters is if you think it might be a FP. If that is the case, just report it. The detection won't get automatically removed, it's more like one of our guys will take a close look at it and make a decision.

You can send the ZIP directly to chytry[at]avast[dot]com or to me (havlicek[at]avast[dot]com).

Filip
Logged

Offline cooby

  • Sr. Member
  • ****
  • Posts: 231
    • Personal Message (Offline)
Re: Could somebody check if FP or a real trojan (Moghava)
« Reply #5 on: June 22, 2012, 02:16:32 AM »
Mailed. Thanks :)
Logged
1. Toshiba Satellite A75, Windows XP-Pro-SP3, Avast! free 8.0.1483, Sunbelt Firewall 4.7.4.0, Opera 12, mvps hosts, (MalwareBytes updated and run on demand only, rarely used)
2. Toshiba Thrive tablet (rooted), AdAway (hosts), Opera, Avast Mobile Security 2.0.4304 and DrWeb

Offline cooby

  • Sr. Member
  • ****
  • Posts: 231
    • Personal Message (Offline)
Re: Could somebody check if FP or a real trojan (Moghava)
« Reply #6 on: June 22, 2012, 06:51:09 PM »
It was a FP, and the scan today using June 22 definitions no longer alerts.
Thank you both for quick help :)
Logged
1. Toshiba Satellite A75, Windows XP-Pro-SP3, Avast! free 8.0.1483, Sunbelt Firewall 4.7.4.0, Opera 12, mvps hosts, (MalwareBytes updated and run on demand only, rarely used)
2. Toshiba Thrive tablet (rooted), AdAway (hosts), Opera, Avast Mobile Security 2.0.4304 and DrWeb
Pages: [1]   Go Up
« previous topic next topic »
 

avast! on Twitter | avast! on Facebook