Avast WEBforum
Other => Viruses and worms => Topic started by: TrueIndian on September 10, 2014, 08:10:40 AM
-
https://www.virustotal.com/en/file/e34d490ad1e724727bae93c467251ca394c227bd3c6812585ac903ef6492b8aa/analysis/1410328461/
https://www.virustotal.com/en/file/7797baf939209f45ba5f3ba8ac7764ba2c493aae0eb4d0af9cbc8c5b29d976a2/analysis/
https://www.virustotal.com/en/file/0fb512aee133030c193b2eab9aad311c09006a45dd61419f2818be76d756cf70/analysis/
https://www.virustotal.com/en/file/86cfad422997c583388558a099bc204f9986afeb62a0a192f3faf83d2afc1902/analysis/
https://www.virustotal.com/en/file/283b712f27430a188570bf5c302819f0e5a7306424485fa64577009d9d496a35/analysis/
https://www.virustotal.com/en/file/5e5212465ab711aac21d0bbfc8ba842a765779ad1235b7b094194de6a30357fb/analysis/
https://www.virustotal.com/en/file/7178fe13e49dc2a1e57f200329512f26ab0ce6e25b578abbe363e0e241f6a74d/analysis/
https://www.virustotal.com/en/file/23917859eb913397c9f89fdeac77700d70295c8f739334719be61da31b505804/analysis/
https://www.virustotal.com/en/file/ea405ae173a4a3e8cec33aae2d3c2def87e354bc15b9b8996cedd02502fecb59/analysis/
and many more:
https://www.virustotal.com/en/user/true_indian/submissions/ Perhaps mention it in the post that one should be logged in to be able to view it.
The more I hunt the more I have started to believe in the improvement..By the time the scores reach 15/54 on VT avast is already on it!!! I have had alot of newly reported threats caught by filerep in just 1 hour of sending it! We seem to have catching up on the dreaded VBS malware from USB and even generic/widespread viruses.
Rejzor,Pol,Pondus,steven,spywar and essex this is for you guys to have a look...evo-gen and filerep are carrying avast! generic database much further!!! Our reaction times are much much faster now. ;D
-
Will take a look when im home but i also noticed this on Malwaretips samples, they got about 50 to 90 percent detection in about 2 hours, only on scan.
-
Will take a look when im home but i also noticed this on Malwaretips samples, they got about 50 to 90 percent detection in about 2 hours, only on scan.
Yep,we are improving all the time :)
-
Small error here: https://www.virustotal.com/uk/file/283b712f27430a188570bf5c302819f0e5a7306424485fa64577009d9d496a35/analysis/
Avast does not detect that file.
-
Small error here: https://www.virustotal.com/uk/file/283b712f27430a188570bf5c302819f0e5a7306424485fa64577009d9d496a35/analysis/
Avast does not detect that file.
It blocked by our cloud,check my comment at VT link ;D
-
Havent seen that :)
-
Havent seen that :)
We had a defination update recently that had only dyna rules,see:
http://www.avast.com/virus-update-history
I Think we are ready or gearing up for beta 2 ;D
-
Maybe today since its still wednesday.
Also they want to get these created automatically at some point.
-
Maybe today since its still wednesday.
Also they want to get these created automatically at some point.
Yep! As I said we keep getting better with time.
-
Hi True Ind and Steven Winderlich,
Here you can clearly establish what the weak spots in what av solution's specfic malware detection are:
http://worldguide.travel/clean-mx/md5.php?GData=Gen:Variant.Kazy.52675
polonus
-
Hi Guys,
I found few some more of such samples that avast was great on detecting these hard nuts so I will post 1 of them here:
https://www.virustotal.com/en/file/d3b147dac2bff5fb7a944b4e4d56a08627c6b6ead083677a6828e7a24324fe33/analysis/1410493670/
Its facebook hack.exe :o
-
The source of this Hack should also be with bad web rep: https://www.mywot.com/en/scorecard/facebook-password-hacker.soft112.com?utm_source=addon&utm_content=popup & http://www.webutations.info/go/review/facebook-password-hacker.soft112.com
Here I get no results: https://www.virustotal.com/nl/url/d222f11803553ec798fc907fb11f81796c8b78e281da439e392a9140b17615d3/analysis/1410511306/ (two trackers there - e.g. facebook tracker
Also consider: http://toolbar.netcraft.com/site_report?url=http://facebook-password-hacker.soft112.com (risk)
About facebook tracking:
http://online.wsj.com/articles/what-you-can-do-about-facebook-tracking-1407263246
Lionk Article By GEOFFREY A. FOWLER.
Privacy-wise Facebooktracking works like the Flagellants in history two steps forward to take another step back.
Damian
-
evo-gen and filerep are carrying avast! generic database much further!!! Our reaction times are much much faster now. ;D
Thanks for sharing your personal experience and let keeping both eyes and mouth opened about it :)
-
Then what about this detection?
Is it beyond avast!'s scope?
This is a suspicious page
Result for 2014-09-12 12:01:09 UTC
Website: htxp://down.go.co.kr
Checked URL: htxp://down.go.co.kr/dbgoresetfiles/dbgotoolbarreset_home.exe
Blacklist URL Details:
Blacklisted checked url. Suspected of malicious activity or distributing of malware.
See: https://www.virustotal.com/nl/url/bd090d49869dac95b913a8068c811aebc95c702e41c773fb1b740a83a8193f6e/analysis/
File detection: https://www.virustotal.com/nl/file/e3cc9f0e27f8da93eed7ede5f5ee48b0f1d162043c6b42c7cc782fba41c76acf/analysis/1409119840/
Missing avast!'s detection.
pol
-
File is detected by Avast :)
-
Hi Lisandro and Pol,
As Steven pointed out,avast! in specific has just more to offer than just being a standalone AV engine on Virustotal.The whole product can detect alot more than what the engine on VT detects. :)
-
I would like to have these cloud features like FileRep and Evo-Gen also on Virustotal.
Just tested some malware in a VM all were analysed by DeepScreen but only 2 were blocked, hopefully this will be better in Avast 2015.
-
I would like to have these cloud features like FileRep and Evo-Gen also on Virustotal.
I think avast! definately would not want that to happen.Malware boys keep testing their baddies with AV engine's so avast would want to keep the logic of these things in their lab away from wrong hands.
-
+1 ;)
-
Just tested some malware in a VM all were analysed by DeepScreen but only 2 were blocked, hopefully this will be better in Avast 2015.
Yeah mate I know! Evo-gen and filerep detections are better at quick reaction times than proactive check the samples after a 1-2 hours and you will see avast! will alot flag them down.Of course with dyna-gen we will be locked and ready to go. ;D
-
Dont forget DeepScreen :)
-
Dont forget DeepScreen :)
I guess we need to wait for 2015 beta 2 and find out! So far I think you should give a shot to what I told you earlier,execute the samples later on in an hour or two and see the difference.Tell me how it goes :)
-
I do not have the samples anymore but i can redownload the pack.
Its this one: http://malwaretips.com/threads/2014-09-12-117.33290/#post-260588
And yay SSL-Connection errors in the forum. :)
-
I do not have the samples anymore but i can redownload the pack.
Its this one: http://malwaretips.com/threads/2014-09-12-117.33290/#post-260588
And yay SSL-Connection errors in the forum. :)
Yeah I saw that,as I said signatures and other stuff are better at detecting dropped files and then cloud helps in picking new samples in short time.Signature database is great but backend is the key.
-
I might record a test video when Avast 2015 Beta 2 is out.
I actually have a G930 Headset now: http://gaming.logitech.com/en-us/product/g930-7-1-wireless-gaming-headset
-
4 more files blocked by Evo-Gen, FileRep and DeepScreen now.
The last file is really messing with the VM. Opening and closing applications, Deleting the browser history, minimizing windows etc.
-
4 more files blocked by Evo-Gen, FileRep and DeepScreen now.
The last file is really messing with the VM. Opening and closing applications, Deleting the browser history, minimizing windows etc.
See that was exactly what i am talking about.That is the quick pickup from backend and then we are always there here to send whats nasty to them ;D
i am sure avast will pick the nasty guy up eventually in some time.I am sure 2015 version will make a big difference.Keep sending samples despite reaction times.
-
I just posted some screenshots and logfiles there :) http://malwaretips.com/threads/2014-09-12-117.33290/#post-260588
Last post right now.
-
I think its best you send the missed samples not that backend cant get it but it helps ;D
-
Sending them right now. Got to love our new internet connection :)
DSL 6000 now, the max you can get here.
-
Well I found your active malware screenshot interesting....it had a malware name in hindi which i can read ;D
-
I had some malware already that i would have needed to censor :)
-
I had some malware already that i would have needed to censor :)
Be sure to keep sending missed samples regardless of the reaction times thats what we are here for :)
-
ts weird that i need to go back to the Index page just to be able to view new posts in this thread. :)
I really need to get an SSD Drive, an 500 GB HDD Drive with 5200 Rounds is not that good.
Also a bit more Ram could be useful, i have 6 GB now.
-
All of my VBS malware collection from USB.Yummy Yummy ;D
https://www.virustotal.com/en/file/1abfbfadd889eed04eef80b92babce4c860e0ba1c5bf89ef8ed5636244e4fe03/analysis/
https://www.virustotal.com/en/file/d81f2b6bc13eb0e6894deb5f56b82a560ffb655f78f72f685a50363e2cfc0191/analysis/
https://www.virustotal.com/en/file/801f609ef672501ed4a9d82cca6c90aab2eebbc4d87ef0b3570bcffc22b55c2d/analysis/
https://www.virustotal.com/en/file/1abfbfadd889eed04eef80b92babce4c860e0ba1c5bf89ef8ed5636244e4fe03/analysis/
And this one too detected:
https://www.virustotal.com/en/file/0fff43d3c350b05f7bdca527a6fc4e173037615723074ade36b11416b39cfcf3/analysis/
Here these 3 missed:
https://www.virustotal.com/en/file/4afcc0bc6aa1035e58fdc54853c6a8f4e9d5b4a466849cf13e6226b321d89e16/analysis/|
https://www.virustotal.com/en/file/e09011a71e9f3ab700363da71b9c1ed65a6ee8c42081cc8c057d0447ad7d0d86/analysis/
https://www.virustotal.com/en/file/7f6a18723a23b646b7ee4eb8bfc1b68f91f9aecca5834aae7f8d8383bd009284/analysis/1410594924/
All found here at my VT profile:
https://www.virustotal.com/en/user/true_indian/submissions/
2 facebook trojans:
https://www.virustotal.com/en/file/7bf4d0ab8fae028e469f42b57ad3bac583b4dcc46dcb1962a6133994fc2b8251/analysis/1410595303/
This one facebook trojan was caught:
https://www.virustotal.com/en/file/a6e997c6ba82b23ef43495254c24a301a2612926f237809a83a3eebaed90d910/analysis/1410595565/
Submitted all detected and non-detected samples to virus AT avast DOT com for analysis.
-
Can you give a download for the undetected ones, just got an database update.
PS: 4 files left on the Malwaretips Samples now.
-
Can you give a download for the undetected ones, just got an database update.
PS: 4 files left on the Malwaretips Samples now.
Nice!! So my testing results were right.Sent you a PM.
-
Lets take a look shall we? :)
5 files left without execution
-
Lets take a look shall we? :)
The collection I sent you has all the detected and undetected samples and some porn crap type malware too ;D
-
The porn things are most likely the .exe files.
-
The porn things are most likely the .exe files.
Yeah I know! Its funny how they tempt you to click them with those Icons they Use LOL ;D
-
5 files left after executing, some dropped files blocked and some errors from wscript.
-
That's interesting so probably the malware could not do what it was supposed to do and got killed by avast when it tried to drop some files and so it must have become useless and just 2 got in.Nice to see filerep picked up the dropped binary of that facebook malware.
As I said we are getting better and better not at detecting but at protecting the user from what is lying inside a file and dont forget quick reaction times from backend technologies :)
-
New pack on MT: http://malwaretips.com/threads/2014-09-13-17.33345/
Scanned the files (See screenshot) LOL
Avast detected 3/17
-
OK, here we go again.
If you test 20 samples, and 19 fail... you should be asking "is there anything wrong with my sample selection?". "Did I actually choose 19 samples of the same malware family?" etc.
There are hundreds of thousands of samples out there that the particular product doesn't detect, no matter what product it is... so unless you're pretty damn sure that your selection is random, well representing the overall situation (or not - sure, you can be interested in your local malware, in which case the sample set should represent that, of course) - then no, the result is meaningless, and the correct reaction is "so what".
-
Here we go.
Some files scanned by DeepScreen but undetected, 1 webpage blocked, some dropfiles blocked.
Undetected files submitted.
-
Some dropped files blocked? I can see only 1 in screenshot?? Could you give more detail/screenshots. :)
-
Avast blocked a temp file from another trojan, sorry i cannot give a screenshot anymore.
The other files ran without any notice from Avast.
-
Avast blocked a temp file from another trojan, sorry i cannot give a screenshot anymore.
The other files ran without any notice from Avast.
No problem! Check the files later in a hour or so and lets see what the backend can catch up with. ;D
-
I just submitted the files, lets see what they do about them.
-
I just submitted the files, lets see what they do about them.
Yep! Keep up the good work :)