Avast WEBforum
Other => Viruses and worms => Topic started by: mrapi on April 20, 2013, 07:15:04 AM
-
Hi!
today avast detected one compiled report file as Win32.evo-Gen
(http://img27.imageshack.us/img27/7532/19569040.jpg)
Very strange, in virustotal list doesn't appear as detected:
https://www.virustotal.com/en/file/30ce9d5c78a9e6fd16d6c2d2ba91ee084432837446aa4d3548707dc248640898/analysis/1366434116/ (https://www.virustotal.com/en/file/30ce9d5c78a9e6fd16d6c2d2ba91ee084432837446aa4d3548707dc248640898/analysis/1366434116/)
also file sent by AV interface.
Thanks
-
It's good that you sent that file via Avast file submission. It will take them a while or so to review the file you submitted and update it's vps.
-
seems solved,thanks!
-
Hi,after update from today,problem is back for another compiled report file:
(http://img707.imageshack.us/img707/8946/20130604081630.png)
https://www.virustotal.com/en/file/b96971db5ae22aa64033fc0a470bacaa714f9c4b23f2caf69af426952f319a20/analysis/1370322858/ (https://www.virustotal.com/en/file/b96971db5ae22aa64033fc0a470bacaa714f9c4b23f2caf69af426952f319a20/analysis/1370322858/)
I also sent file from Avast interface
Thanks!
-
please fix that!
-
The first report looks to be 7-zip. Basically compresses files to a smaller size. The Second not sure. It's probably not so nice. I'd say you possibly have a virus that infecting all .exe files. If that's the case you might want to scan with MBAM (MalwareBytes Anti-Malware).
-
I'd say you possibly have a virus that infecting all .exe files.
malwarebytes does not detect infected files from fileinfectors.....it will only detect the executable
if there is a fileinfector, avast usually goes bananas and should give lots of alarms....
-
Didn't know that. Ignore me.
-
Screenshots are made while I unpack the file because I put it into a zip file not to be detected/deleted
What is strange with this file is that if I scan it there is nothing found,but if I try to copy/move it,then is detected.
Rechecked with virustotal,nothing found : https://www.virustotal.com/en/file/b96971db5ae22aa64033fc0a470bacaa714f9c4b23f2caf69af426952f319a20/analysis/1370584897/
I put also file there : hXXp://www.mediafire.com/download/5j2chzxxb4vten4/EXTRAS.zip
(change link from hXXp... to http... )
The first report looks to be 7-zip. Basically compresses files to a smaller size. The Second not sure. It's probably not so nice. I'd say you possibly have a virus that infecting all .exe files. If that's the case you might want to scan with MBAM (MalwareBytes Anti-Malware).
-
Screenshots are made while I unpack the file because I put it into a zip file not to be detected/deleted
What is strange with this file is that if I scan it there is nothing found,but if I try to copy/move it,then is detected.
Rechecked with virustotal,nothing found : https://www.virustotal.com/en/file/b96971db5ae22aa64033fc0a470bacaa714f9c4b23f2caf69af426952f319a20/analysis/1370584897/
I put also file there : hXXp://www.mediafire.com/download/5j2chzxxb4vten4/EXTRAS.zip
(change link from hXXp... to http... )
The first report looks to be 7-zip. Basically compresses files to a smaller size. The Second not sure. It's probably not so nice. I'd say you possibly have a virus that infecting all .exe files. If that's the case you might want to scan with MBAM (MalwareBytes Anti-Malware).
please
you can use "http://www.avast.com/contact-form.php" for reporting FPs.
-
Evo-gen is only real time detection technology...not on-demand
-
please fix that!
detection is correct
[/quote]Evo-gen is only real time detection technology...not on-demand
confirmed
that's true.
-
please fix that!
detection is correct
So if detection is correct why today that was fixed?
-
From today problem is back,please fix tat is the THIRD TIME !!! :(
this time on another compiled report : please see this file http://www.mediafire.com/download/6uft9x7tm2asu35/CASHFLOW.zip (http://www.mediafire.com/download/6uft9x7tm2asu35/CASHFLOW.zip)
on Virustotal nothing reported :https://www.virustotal.com/en/file/0067313ba027e34ac2cde35a341c12cf2d990b6e44a3cf438c1bfecf793cde79/analysis/1372339451/ (https://www.virustotal.com/en/file/0067313ba027e34ac2cde35a341c12cf2d990b6e44a3cf438c1bfecf793cde79/analysis/1372339451/)
-
again,seems solved
maybe there is something wrong with detection shield :(
-
again,seems solved
maybe there is something wrong with detection shield :(
I don't know.
maybe I got the wrong answer
in my view is a false positive.
If the samples was sent through the contact form it will be fixed.
-
Yes It was sent couple days ago
thanks!
-
same problem is back,
so,this is the file : http://www.mediafire.com/download/u8zx21y12wcr508/report1.zip (http://www.mediafire.com/download/u8zx21y12wcr508/report1.zip)
scan it,nothing is found
(http://imageshack.us/a/img163/8568/f4gi.png)
try to copy/paste it to another location : NOW IS DETECTED :
(http://imageshack.us/a/img689/4012/4dyf.png)
ALSO SUBMITTED FROM AV INTERFACE
there is a virus total link :
https://www.virustotal.com/en/file/691bd502c27c5411d0d1e9c647341f437c8409e17628b56203f9a2de44ead752/analysis/1374583090/
-
With the amount of (POSSIBLE) FP's you have. I'd say you are probably infected with something Avast cannot detect as of yet. That's too many.
-
Read one of my possible false positive:
http://forum.avast.com/index.php?topic=128209.msg957260#msg957260 (http://forum.avast.com/index.php?topic=128209.msg957260#msg957260)
There is the aswer :
Hello,
thanks for notice, it will be fixed in next stream update.
Milos
also Virus Total link: Detection ratio: 0 / 47
With the amount of (POSSIBLE) FP's you have. I'd say you are probably infected with something Avast cannot detect as of yet. That's too many.
-
From today problem is back with another compiled report file,check this file :
http://www.mediafire.com/download/t1vvv59w9vdb40k/lcf.zip (http://www.mediafire.com/download/t1vvv59w9vdb40k/lcf.zip)
VT report:
https://www.virustotal.com/en/file/fe03261953102c1ccfb714b3af13cf642f70701f33bf13e80dba2412421d696f/analysis/1387787185/ (https://www.virustotal.com/en/file/fe03261953102c1ccfb714b3af13cf642f70701f33bf13e80dba2412421d696f/analysis/1387787185/)
on scan :not detected
on access:detected
also file sent to support via AV interface ans via http://www.avast.com/contact-form.php (http://www.avast.com/contact-form.php)
I use AV 2014.9.0.2011
Thanks!
-
I'll upload it to malwr.com.
I am having issues with my PC lagging out since my HDD is being copied into a VHD format for my Virtual Machine, so I can't test it manually.
-
From today problem is back with another compiled report file,check this file :
http://www.mediafire.com/download/t1vvv59w9vdb40k/lcf.zip (http://www.mediafire.com/download/t1vvv59w9vdb40k/lcf.zip)
VT report:
https://www.virustotal.com/en/file/fe03261953102c1ccfb714b3af13cf642f70701f33bf13e80dba2412421d696f/analysis/1387787185/ (https://www.virustotal.com/en/file/fe03261953102c1ccfb714b3af13cf642f70701f33bf13e80dba2412421d696f/analysis/1387787185/)
on scan :not detected
on access:detected
also file sent to support via AV interface ans via http://www.avast.com/contact-form.php (http://www.avast.com/contact-form.php)
I use AV 2014.9.0.2011
Thanks!
there was no response through the contact form
Reporting virus analyst
-
I don't understand,you didn't received the file send by me?
-
I don't understand,you didn't received the file send by me?
Yes, it should be fixed.
Milos
-
Now it is fixed,thanks!
-
The same problem is back again with update from this morning :(
I sent file by there http://www.avast.com/contact-form.php (http://www.avast.com/contact-form.php)
also direct link : http://www.mediafire.com/download/8waer4m4a3fygz8/cartem.zip (http://www.mediafire.com/download/8waer4m4a3fygz8/cartem.zip)
thanks
-
It should be fixed now.
-
seems fixed,thanks!
-
From today problem is back again,I reported the file using this link : http://www.avast.com/contact-form.php
also direct link : http://www.mediafire.com/download/51eym2cxds4g205/jfur.zip
thanks.
-
From today problem is back again,I reported the file using this link : http://www.avast.com/contact-form.php
also direct link : http://www.mediafire.com/download/51eym2cxds4g205/jfur.zip
thanks.
Hello,
it will be fixed in next stream update.
Milos
-
thanks Milos !
-
Problem is back with another file,also sent using submission page
direct link : http://www.mediafire.com/download/w66r8qmqrgt277r/lip.zip (http://www.mediafire.com/download/w66r8qmqrgt277r/lip.zip)
thanks
-
after last update probelm moved from previous file to another one,I submitted now that file
:(
also direct link there: http://www.mediafire.com/download/779p4n0q908pq55/rstoc1.zip (http://www.mediafire.com/download/779p4n0q908pq55/rstoc1.zip)
-
Problem is back with another file,also sent using submission page
direct link : http://www.mediafire.com/download/w66r8qmqrgt277r/lip.zip (http://www.mediafire.com/download/w66r8qmqrgt277r/lip.zip)
thanks
this first this no longer being Blocked
was been fixed.
after last update probelm moved from previous file to another one,I submitted now that file
:(
also direct link there: http://www.mediafire.com/download/779p4n0q908pq55/rstoc1.zip (http://www.mediafire.com/download/779p4n0q908pq55/rstoc1.zip)
will try to ,wait.
-
after last update probelm moved from previous file to another one,I submitted now that file
:(
also direct link there: http://www.mediafire.com/download/779p4n0q908pq55/rstoc1.zip (http://www.mediafire.com/download/779p4n0q908pq55/rstoc1.zip)
Should be fixed now by stream update.
Thanks Milos.
-
now seems solved,thanks!
-
now seems solved,thanks!
Do not thank me
without the work of the avast team
would not the same thing.
-
:( Now false detection moved to main application,file sent using av interface and using web page
also direct link : http://www.mediafire.com/download/04imtb64u89adjg/gs.zip (http://www.mediafire.com/download/04imtb64u89adjg/gs.zip)
VT : Detection ratio: 0 / 47
https://www.virustotal.com/en/file/2d4ac6d10c50dbce6cef20ce3c3327a7c6dec88436721da911c5633b2d906f18/analysis/1399388207/ (https://www.virustotal.com/en/file/2d4ac6d10c50dbce6cef20ce3c3327a7c6dec88436721da911c5633b2d906f18/analysis/1399388207/)
-
:( Now false detection moved to main application,file sent using av interface and using web page
also direct link : http://www.mediafire.com/download/04imtb64u89adjg/gs.zip (http://www.mediafire.com/download/04imtb64u89adjg/gs.zip)
VT : Detection ratio: 0 / 47
https://www.virustotal.com/en/file/2d4ac6d10c50dbce6cef20ce3c3327a7c6dec88436721da911c5633b2d906f18/analysis/1399388207/ (https://www.virustotal.com/en/file/2d4ac6d10c50dbce6cef20ce3c3327a7c6dec88436721da911c5633b2d906f18/analysis/1399388207/)
not is being more detected by Avast.
the file is corrupted
http://camas.comodo.com/cgi-bin/submit?file=2d4ac6d10c50dbce6cef20ce3c3327a7c6dec88436721da911c5633b2d906f18
The same was detected by Norton based on the detection of Sonar Detector application behavior as working suspiciously
http://www.symantec.com/security_response/writeup.jsp?docid=2014-011016-0119-99&vid=4294921081&product=Norton%20AntiVirus&version=21.2.0.38&plang=sym:BR&layouttype=TrialWare&buildname=Retail&heartbeatID=E829A7FF-B0C4-4E90-9F8B-E24BC43BC61B&env=prod&vendorid=1002080&plid=1&plgid=1&skup=21323278&skum=21323278&skuf=21291069&endpointid=%7BE829A7FF-B0C4-4E90-9F8B-E24BC43BC61B%7D&partnerid=1002080&lic_type=512&lic_attr=21123089&psn=C4Y24J3BCP8V&osvers=6.1&oslocale=iso:BRA&oslang=iso:POR&os=windows
the name of this file seems historic malicious
SHA1
http://f.virscan.org/gs.exe.html
-
Hi !
Indeed now is not detected.
file is build with VB.NET 2008 and obfuscated,to be run needs couple dependencies
it is a part of a stock management software,original name is gestiune.exe,I've renamed
I don't think this file is a historic malicious
thanks!
-
new false on report file : https://www.virustotal.com/en/file/bb7512b05dff6cbe0d96aa93af8de8110e6c3b45a533e8e8b401268b1b14be25/analysis/1404371327/ (https://www.virustotal.com/en/file/bb7512b05dff6cbe0d96aa93af8de8110e6c3b45a533e8e8b401268b1b14be25/analysis/1404371327/)
alos sent via http://www.avast.com/contact-form.php (http://www.avast.com/contact-form.php)
-
new false on report file : https://www.virustotal.com/en/file/bb7512b05dff6cbe0d96aa93af8de8110e6c3b45a533e8e8b401268b1b14be25/analysis/1404371327/ (https://www.virustotal.com/en/file/bb7512b05dff6cbe0d96aa93af8de8110e6c3b45a533e8e8b401268b1b14be25/analysis/1404371327/)
alos sent via http://www.avast.com/contact-form.php (http://www.avast.com/contact-form.php)
Detection was fixed in the last update VPS 140703-1.
-
I've got it (again) to
This time in AUTORUNX
Did the same as it did before. If I scan it inside the chest, it then says it's in avast temp to. I assume this is a FP again? Clean all on other scans, and Tdsskiller.
https://www.virustotal.com/en-gb/file/a1eeeb808718f3a68f03ce5dfe8cdafea90e6caa2a50cdcf5e88381a7e4eea86/analysis/
-
This time in AUTORUNX
Did the same as it did before. If I scan it inside the chest, it then says it's in avast temp to. I assume this is a FP again? Clean all on other scans, and Tdsskiller.
https://www.virustotal.com/en-gb/file/a1eeeb808718f3a68f03ce5dfe8cdafea90e6caa2a50cdcf5e88381a7e4eea86/analysis/
hello
send the file to virus@avast.com and put "false positive" in the subject line in zip or rar format
you have the (avast temp) temporary file name varies depending on the system and your version of avast is also possible to fix through them, can forward
use http://www.avast.com/contact-form.php
then submit the support ticket and attach the file
https://support.avast.com/Tickets/Submit
-
problems again with that type of file: https://www.virustotal.com/en/file/46d0a15a4ff90ba82359688018587eee495a0aec8651e8cb448d26915096e0bc/analysis/1409809323/ (https://www.virustotal.com/en/file/46d0a15a4ff90ba82359688018587eee495a0aec8651e8cb448d26915096e0bc/analysis/1409809323/)
also sent with http://www.avast.com/contact-form.php (http://www.avast.com/contact-form.php)
-
file still detected :( please find a general fix for that problem :(
-
file still detected :( please find a general fix for that problem :(
Reported to virus analyst.
-
for that file was fixed now appear on another file :(
https://www.virustotal.com/en/file/e08f986939852bcc2eb414ef57389507d223d5eb6d3170c6fe01d4a5f6307299/analysis/1410156257/ (https://www.virustotal.com/en/file/e08f986939852bcc2eb414ef57389507d223d5eb6d3170c6fe01d4a5f6307299/analysis/1410156257/)
also sent via http://www.avast.com/contact-form.php
I wish to be fixed that forever,we have problems with our software,is more that a year when problem is patched and then back again ...is very very annoying we will seriously advice our clients to change avast with other anti virus
-
new file detected:
https://www.virustotal.com/en/file/24772ca61d481631c3df7bfd3a1c3d6987d7eb1ebf700b96bb9cd32a00c71721/analysis/1416496290/ (https://www.virustotal.com/en/file/24772ca61d481631c3df7bfd3a1c3d6987d7eb1ebf700b96bb9cd32a00c71721/analysis/1416496290/)
also sent by av interface
-
problems again : https://www.virustotal.com/en/file/0d811c0b500290fdb07c31753cec573bed186fbce9036a13d074735c4d9d6a07/analysis/1420554552/ (https://www.virustotal.com/en/file/0d811c0b500290fdb07c31753cec573bed186fbce9036a13d074735c4d9d6a07/analysis/1420554552/)
also sent by av interface
-
Hello,
all detections should be already turned off, sorry for your inconvenience,
Jan
-
temporary solved and back again next month :( ...
we are still waiting for a general solution,my first post is from April 20, 2013 ,almost 2 years ...
thanks
-
temporary solved and back again next month :( ...
we are still waiting for a general solution,my first post is from April 20, 2013 ,almost 2 years ...
thanks
Hello,
we need all detected files to analyze. The files seems to be new, so they are considered as suspicious and they have no digital signature.
Milos
-
Hi,thanks for your answer,I sent you a personal message