Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: wetabax on August 15, 2006, 07:04:29 PM
-
sorry to come back to the same point:
- last month I sent almost 10 viruses that avast didn't alert.
- only this week I sent 2 viruses and no virus definition untill now determines that the files are infected. Today I sent a 3rd one.
- all other AV like kaspersky, pc-cillin etc are able to find the virus. Avast not.
- Ok, I know, it's free, but what is so difficult to find the infected files in the internet and include them in a new definition file?
- if I can make a suggestion, open an email in Brazil, and inform the address in lists, forums and other places. A lot of phishing and scam will come in the mailbox. Half of them are viruses to download in a russian site or otherwhere.
-
And what tells you 100% sure they are indeed malware?
Could it be that your settings make avast not detect them?
What EXACT version of avast do you have?
What is your vps version?
What is your OS?
How and with what setting(s) did you scan the file(s)?
etc etc.
And if you have to come back to the same thing you mentioned earlier, there is no need to start a new thread, just continue in the original one to avoid confusion.
last month I sent almost 10 viruses that avast didn't alert.
How, when (etc) did you see them?
What make you believe they are virusses? (more likely they are malware and not virusses btw)
Sofar it seems you only shout (without any knowledge) and do not provide any information that we can go on.
Please provide more (usefull) information so we have something that we can investigate.
Patient: "Doctor, it is hurting me"
Doctor: "What is hurting you, where does it hurts?"
Patient: "I don't know"
-
First: the first time I wrote about this is a long time ago, more as one year.
Second: The virus are found in computers from my clients. They run avast and nothing happens. I save the files in my pen-drive and test it in 2 other computers. Nothing. But, if I go to http://www.virustotal.com/xhtml/index_en.html and wait the 6-10 minutes until the file is scanned, well, most of them detects infection in the files.
It's easy: ask for the log from all emails I sent last month to virus@avast.com and tell me how many of them were false positives.
no flame, thanks.
regards,
walter.
-
I am not a meber of alwil. Just like you I am a user of their products. I am trying to help, but again you have not given any detailed information :-\
What files are other av's detecting as being infected and what other av's do?
What is their location?
What OS are your customers using?
What are the settings of ALL your customers where (as you claim) avast detect the infection?
What other security (related) things have they installed?
What settings do they have?
What other security (or related) software do they have installed?
etc etc etc
As I said before, without giving more details/specific information, there is nothing I (or anyone else) can do to give a apropiate answer.
So I kindly ask you again:
Provide detailed information.
If needed/wanted I can give you a email address in a pm where you can send the files to so I can check them out.
-
It's easy: ask for the log from all emails I sent last month to virus@avast.com and tell me how many of them were false positives.
If an user is trying to help...
If he is not sending false positives or trash...
I think there is NO reason to not give him (and all the others) a better protection... Isn't the virus ITW? Yeah, but it is THE virus is coming to OUR computer right now... :P
-
There is nothing I (or anyone else) can do to give a apropiate answer.
Alwil team received the full info... they, for sure, could give us the appropiate answer, I think... ::)
-
Alwil team received the full info... they, for sure, could give us the appropiate answer, I think...
As he claims....
But no repsonse or action after over a year from alwil as he also claims?
I very much doubt that.
-
What files are other av's detecting as being infected and what other av's do?
What is their location?
What OS are your customers using?
What are the settings of ALL your customers where (as you claim) avast detect the infection?
What other security (related) things have they installed?
What settings do they have?
What other security (or related) software do they have installed?
To help you and make your test yourself, below the links:
=== ASK ME IN PVT === not permited in forum!!!
Unfortunatelly I have deleted all other phishing and scam emails I colected, but after now, I will keep them and report them here in the forum.
regards
walter
-
Alwil team received the full info... they, for sure, could give us the appropiate answer, I think...
As he claims....
But no repsonse or action after over a year from alwil as he also claims?
I very much doubt that.
No, not this, maybe I express my self wrong (you know - english it's not my job). A year ago we talked about the same stuff, and was determined that avast team would be faster with new virus definitions. Just that. Of course I received responses.
regards.
walter.
-
1st link:
Page/site doesn't excist
2nd link:
Time out, not reachable
You claim you have talked about it about one year ago here.
What is the link to that thread?
It may help clear up things if you can give us that link.
-
But no repsonse or action after over a year from alwil as he also claims?
Eddy, I think he is not claiming about the 'original' thread. You've posted this, not him...
And if you have to come back to the same thing you mentioned earlier, there is no need to start a new thread, just continue in the original one to avoid confusion.
Unfortunatelly I have deleted all other phishing and scam emails I colected, but after now, I will keep them and report them here in the forum.
Thanks... it'll be good for sure 8)
-
Wetabax, please NEVER post here live links to infected or false positive files...
Can you edit the links? Thanks.
-
Wetabax, please NEVER post here live links to infected or false positive files...
Can you edit the links? Thanks.
ok - sorry, I will delete the post.
-
Wetabax, please NEVER post here live links to infected or false positive files...
Can you edit the links? Thanks.
ok - sorry, I will delete the post.
You can't... only the Administrators could do that.
Anyway, edit is enough 8)
Thanks.
-
By the way, recently one of the Alwil team said that they receive in excess of 4000 emails a day at virus @ avast.com so I would assume they have to prioritise or find some way to work through this. If they don't clear 4000 a day then a back log will build up. Not to mention they also receive samples from VirusTotal and Jotti, and probably other sources, again recently it was mentioned that 80% of the stuff that comes from VirusTotal and Jotti was junk, but it still has to be checked.
-
I would assume they have to prioritise
A white list of 'good' sample suppliers (specially the ones from Forums) will help...
After all, we help them on Forum that could give us some kind of priority, don't you think David? ;)
-
I would have thought those coming from avast users not just those who help on the forums, so those coming from the chest submission should be given priority, unfortunately they too are routed through the virus @ avast.com address.
That would be very easy to rectify have a new email for the submissions from the chest, e.g. viruschest @ avast.com perhaps that may even reduce the amount of spam that is probably sent to the virus @ avast.com address due to its being plastered all over this forum.
Also the much talked about and much requested on-line submission of suspect or possible false positive samples could possibly help prioritise things.
-
That would be very easy to rectify have a new email for the submissions from the chest, e.g. viruschest @ avast.com perhaps that may even reduce the amount of spam that is probably sent to the virus @ avast.com address due to its being plastered all over this forum.
That's a great Idea! Congratulations!
PS - one of the 4 viruses I sent this week is still recognized by today's update. Three are waiting.
-
1. They are all routed to the same virus @ avast.com address, but files sent directly from chest are identified and separated automatically on our mail server - so it really doesn't make any difference.
2. We now have two full-time engineers working on the "virus" mailbox. Once the whole backlog is processed (yes, there're still some remaints) you should see dramatic improvement in processing time (well, even now it should be much much better than it used to be).
Thanks,
Vlk
-
Well i can certanly confirm this. Samples were added much faster.
Though i'm still missing web form from which i could upload stuff. Chest is the only way for me as GMail is blocking things and you have to pack them all over (annoying).
-
2. We now have two full-time engineers working on the "virus" mailbox. Once the whole backlog is processed (yes, there're still some remaints) you should see dramatic improvement in processing time (well, even now it should be much much better than it used to be).
Let's be fair people...
I can SEE there is a difference in detection... really... my other scanners are not being able to detect anything nowadays...
They're feeling rejected as avast is doing a very good first defense line 8)
-
GMail is blocking things and you have to pack them all over (annoying).
Yeah... very annoying to sample submition...
Good if we think that we're not receiving that mails. :)
-
[message deleted after I have received an email from avast team asking for apologises.]
-
Wetabax, thanks for posting...
Alwil, thanks for improving detection 8)
-
GOOD NEWS!!!
message received from one of the avast virus team: :D
[ref delay to add virus signatures in a VPS file]
"I'm so sorry. All this delay is due to our testing system that have to
be reorganized. It is not so easy to make it more flexible, but it is
necesary. I hope that in some time we will be able to add signatures to
VPS in hours not in days. Hope all this will be better everytime you and
other users send us a suspicious files."
let's wait.
-
All this delay is due to our testing system that have to be reorganized.
Does Alwil want to 'share' this info or open for suggestions and discussion? Or not, this is an internal stuff that won't be posted by you here...
Just want to know to avoid loosing of time of making questions and waiting for answers that won't exist... :-\
-
well Vlk already mentioned in past they working on these improvements ...
so take it as public secret :)
-
just to continue on similar subject and avoid create new thread ...
worst time to submit trojans/viruses to Alwil seems to be late friday GMT and weekend ...
example there is / was Steam targeted scam caimpaing with trojan (that mean detection delayed by 3 days is useless as that threat is worst when sources are online)
submitted on friday midnight to Alwil, Kasperky, Microsoft, ESET, Grisoft ...
over Saturday day it was added by Kaspersky bit later followed by ESET ...
after uploading to VirusTotal and Jotti it was added over Sunday morning by Symantec and Antivir
clearly shows these companies got advantage in staff working 24/7 on trojan detections ...
lets hope Alwil cleans up backlog soon :) and speed up
-
Thanks Dwarden.
I've asked in another thread about the Kaspersky engine into Active Virus Shield. I can't install it if it is not the only resident.
Does anybody knows if there is a solution for this?
I've posted in Wilders forum as well... but, as usual for me, everybody drops a comment in Wilders but nobody answers my questions there... :'(
-
no idea, as far i heard it's dumbed down old version of KAV so i not messed with it yet ... plus AOL tag .... eww
in meantime VBA32 added detetion of that trojan too ...
-
AVG, Fortinet, Norman added now detection too ...
still waiting for Avast! and MS ... and they were first informed
-
as from today's VPS update, detection was added ...
AntiVir 6.35.1.11 08.30.2006 Worm/Rbot.1247232
Authentium 4.93.8 08.30.2006 W32/Sdbot.UIV
Avast 4.7.844.0 08.30.2006 Win32:Rbot-CCK
AVG 386 08.30.2006 IRC/BackDoor.SdBot2.GJR
BitDefender 7.2 08.30.2006 no virus found
CAT-QuickHeal 8.00 08.30.2006 Backdoor.Rbot.bho
ClamAV devel-20060426 08.30.2006 no virus found
DrWeb 4.33 08.30.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.72.110 08.30.2006 Win32/SpyBot.7bi!Worm
eTrust-Vet 30.3.3051 08.30.2006 Win32/Rbot.FOA
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.30.2006 W32/RBot.BHO!tr.bdr
F-Prot 3.16f 08.29.2006 security risk named W32/Sdbot.UIV
F-Prot4 4.2.1.29 08.30.2006 W32/Sdbot.UIV
Ikarus 0.2.65.0 08.30.2006 no virus found
Kaspersky 4.0.2.24 08.30.2006 Backdoor.Win32.Rbot.bho
McAfee 4841 08.30.2006 W32/Sdbot.worm.gen.ca
Microsoft 1.1560 08.30.2006 no virus found
NOD32v2 1.1732 08.30.2006 Win32/Rbot
Norman 5.90.23 08.30.2006 W32/Spybot.AXEH
Panda 9.0.0.4 08.30.2006 W32/Gaobot.NZG.worm
Sophos 4.09.0 08.30.2006 no virus found
Symantec 8.0 08.30.2006 W32.Spybot.Worm
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.30.2006 no virus found
VBA32 3.11.1 08.30.2006 Backdoor.Win32.Rbot.bho
VirusBuster 4.3.7:9 08.30.2006 no virus found
As You can see Microsoft and BitDefende are still slower than Alwil :)))
-
as from today's VPS update, detection was added ...
...
Avast 4.7.844.0 08.30.2006 Win32:Rbot-CCK
...
As You can see Microsoft and BitDefende are still slower than Alwil :)))
:o
Unfortunately avast! did not detect W32.Spybot.Worm even on the 1st September 06 on my system, after the supposed VPS update. Norman cleanup tool removed it.
-
1. Did you confirm the detection was correct, by using either VirusTotal or Jotti, multi-engine AV scanners ?
2. If it is a correct detection by Norman cleanup, did you send a sample to avast so they can update the VPS ?
3. W32.Spybot.worm is different to what you quoted, there are many different aliases as there is no standard naming convention. So you would also need to confirm that although the names are different it is the same virus/malware.
Not only that but the worm detected by Norman cleanup is also different to that listed by Dwarden, so that would also indicate it is a different malware sample.
Norman 5.90.23 08.30.2006 W32/Spybot.AXEH
-
This W32/Spybot.worm virus had affected my netconf32.exe and my installed Norton AV detected and was giving alerts for about a month. But it was not able to clean it, only denied access.
So I junked Norton AV and installed Avast!, which did not even detect it. Then I downloaded Norman tool and it detected and cleaned the virus from netconf32.exe.
But the silver-lining is that Avast! detected and cleared another W32(?) virus in some screensaversinst.dll, that Norton didn't even detect.
I like the features, the 7 providers and the look & spin of Avast!; hoping the detection is perfect!
No, I didn't send the sample to to avast!; will do henceforth.
-
Hoping the detection is perfect!
It will be never perfect... but it could be better...
Summer time in Europe means worse detection, in my experience. It's sad, but true :P
-
lets hope for more generic sigs ... something for zlob family will be nice (like Antivir can do with heuristic)
-
There is a Win32:Zlob [Trj] without any -xx suffix, e.g. Win32:Zlob-AA [Trj], perhaps that is come form of generic signature to go with the other 319 Zlob variants listed in the virus database.
-
well i was refering to discussion(s) like this http://www.wilderssecurity.com/showthread.php?t=145483
-
Info on Zlob here:
http://www.lavasoft.com/lavasoftnews/2006/09/hijacks.html
Technically, how are the virus writers able to alter the virus every few hours so that it evades detection, yet with the virus still retaining its unique 'Zlobiness'? Why have so few AV's got a generic detection for Zlob, and how has Avira managed to do it, I wonder?