Avast WEBforum
Other => Viruses and worms => Topic started by: Lisandro on June 26, 2007, 07:19:06 PM
-
Complete scanning processed in VirusTotal at 06/26/2007 15:45:18 (CET).
[ file data ]
* size: 277087
* md5.: 9eacc56b2dfa90584a3c06b4dac63fa6
* sha1: 075f3984e9353ae72882aeeece9856da6d2cf778
[ scan result ]
AhnLab-V3 2007.6.21.1/20070626 found nothing
AntiVir 7.4.0.34/20070626 found nothing
Authentium 4.93.8/20070625 found nothing
Avast 4.7.997.0/20070625 found nothing
AVG 7.5.0.476/20070626 found [Downloader.Generic4.YRB]
BitDefender 7.2/20070626 found [Win32.Bagle.SRN@mm]
CAT-QuickHeal 9.00/20070625 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070626 found [Worm.Bagle-77]
DrWeb 4.33/20070626 found [Win32.HLLM.Beagle]
eSafe 7.0.15.0/20070625 found [suspicious Trojan/Worm]
eTrust-Vet 30.8.3743/20070626 found [Win32/Glieder.FP]
Ewido 4.0/20070626 found nothing
F-Prot 4.3.2.48/20070625 found nothing
F-Secure 6.70.13030.0/20070626 found [Trojan-Downloader.Win32.Bagle.ch]
FileAdvisor 1/20070626 found nothing
Fortinet 2.91.0.0/20070626 found [W32/Bancban.CH!tr.dldr]
Ikarus T3.1.1.8/20070626 found [Win32.Bagle.SRN]
Kaspersky 4.0.2.24/20070626 found [Trojan-Downloader.Win32.Bagle.ch]
McAfee 5060/20070625 found nothing
Microsoft 1.2701/20070626 found nothing
NOD32v2 2355/20070626 found [Win32/Bagle.IS]
Norman 5.80.02/20070625 found [W32/Mitglied.AEC]
Panda 9.0.0.4/20070626 found [Trj/Mitglieder.OI]
Sophos 4.19.0/20070624 found [Troj/Bancban-QH]
Sunbelt 2.2.907.0/20070626 found [VIPRE.Suspicious]
Symantec 10/20070626 found nothing
TheHacker 6.1.6.137/20070626 found nothing
VBA32 3.12.0.2/20070625 found nothing
VirusBuster 4.3.23:9/20070625 found nothing
Webwasher-Gateway 6.0.1/20070626 found [Win32.Malware.gen (suspicious)]
Since yesterday it was submitted to avast.
It was submitted one month ago by Chest yet.
Still not detected. It's unbelievable :(
-
Is that the rootkit variant ?
Previously encountered here http://forum.avast.com/index.php?topic=26554.0 (http://forum.avast.com/index.php?topic=26554.0), which is considerably older than one month.
-
Maybe the same kind of infection. Maybe a kind of rootkit. But it's unbelievable that avast still does not detect it...
-
There really needs to be a push on the new submission method, or a higher priority to those submitted via the chest. It may even be useful to have a whitelist to filter that even further, with the email of those making regular submissions.
Perhaps if the virus analysis lab/team should monitor the viruses and worms forum when they have a spare 30 seconds between checking the 4000 + emails received per day as virus at avast dot com.
Though even with the proposed sample submission method unless there is some form of automation, they would still have the 4000+ emails and and using the new method. Either way without automation would still be manpower intensive and have to deal with roughly the same total of daily submissions ???
However here I am speculating about the proposed new submission method, if only Alwil would give us a small hint of how it will be done, but better still some sort of time frame. Unless this submission method is somehow going to be incorporated into avast version 5 ???
-
david i think they should assigne one of the avast! Evangelist a job of prioritising all the malware which people report thru this forum..since people come to this forum and ask u guys help when they have a real problem..
and since it comes from a avast! Evangelist they can pe 100% sure its not junk..
further more the avast! Evangelist can and a comment to it from all the initial analysis u do here
so u Evangelist's can send in a very quickly spreading malware
and u can also make sure
rootkits get first priority ;D
backdoors,downloaders and other important stuff get the next priority
adware,tools,cracks etc get the least
i am sure u people can work it out since this is not the first case where a malware has gone undetected for months ..
and i am sure by including all the malware that comes to this forum in the data base they can atleast eliminate 500 of the 4000+ mails by positive detection.
-
The Evangelists are volunteers, avast users, just like yourself so can't be assigned anything. They don't have access to any samples and with 4000+ samples received a day 1 wouldn't make much of a dent in that.
We have no more input with Alwil than you have and we can't prioritise work as we don't know what else is going on only the limited traffic on the forums.
The Moderators are members of the Alwil team (and have alternative positions in Alwil) and that is how you can differentiate who works for avast and who doesn't.
-
this i dint know :-[
gee i thought u people were actually a part of the awil team..
i thought all u guys were analyists, so u mean u some here in u free time to help out people ?????
davidr judging by ur regular replys i thought u and tech were paid to do the job ..
i must say u guys are doing a very good job ;D ;D ;D
keep it up u guys ;D [clap] [clap] [clap]
no wonder avast forums are one the best
-
gee i thought u people were actually a part of the awil team.
No we're not. 8)
so u mean u some here in u free time to help out people ?????
Yes, we love help 8)
davidr judging by ur regular replys i thought u and tech were paid to do the job
Well it will cost some bucks to Alwil... no we don't receive a penny.
I myself have received a Pro license of avast. It's not that few... but it does not that much...
-
coooooooooooooool 8)
u guys are top notch.....
i hope to join u guys after i learn more right now i only know C,C++,some VB,and my skills are very intermediatory .i sure i hope i am of some help in this forum
so can i know wat u guys learned i mean in terms of academics ?
and can i know the meaning of avast! Überevangelist and evangelist ...
and i dont know how but i have noticed some on made me a junior member ;D
-
There should be some method of communication between the evangelists and the malware analysts to let them know a sample of filename x.mal was requested. This way it could be found quickly and given some priority without needing to assign anyone the task of monitoring the forum for submissions.
Ideally the analyst could communicate back some information about the malware to help the cleaning process, but one step at a time ...
In all honesty, the current method of adding files to the chest and sending them to Alwil is an interuption to the cleaning process that I often avoid. I just don't see much use in doing it. If there was a more productive method I would add these steps more often.
EDIT:
so can i know wat u guys learned i mean in terms of academics ?
and can i know the meaning of avast! Überevangelist and evangelist ...
and i dont know how but i have noticed some on made me a junior member ;D
You can learn anything you set your mind to.
There are some malware schools on the internet where you can learn alot. Essexboy as graduated Geeks2Go and Snowhite is currently taking those classes. I'm strongly considering it - just need to find the time.
The various titles (Jr. Member, Sr. member, etc) just reflect your number of posts in the forum - no big deal (well, "Uberevangelist" recognizes and unusually dedication to helping others :) ).
-
coooooooooooooool 8)
u guys are top notch.....
i hope to join u guys after i learn more right now i only know C,C++,some VB,and my skills are very intermediatory .i sure i hope i am of some help in this forum
so can i know wat u guys learned i mean in terms of academics ?
and can i know the meaning of avast! Überevangelist and evangelist ...
and i dont know how but i have noticed some on made me a junior member ;D
Thanks :-[ ;D
There is no need to wait, you have been contributing to the forums already helping others 8)
By regularly being in the forums you will gain more in depth knowledge of how avast works and you will find that many things are the same problem or slight variations on it. For that you don't have to be a programmer, though those that do program generally have good grasp of analysing a problem and finding a logical answer to that question/problem.
We all started somewhere zero posts and a first time avast user and gained information by participating in the forums. Many though had a general computer knowledge prior to avast which is helpful for the non-avast related issues that crop up.
Soon you will be a Senior member at 100 posts and no doubt not long after that Evangelist.
@ mauserme
I wish there was a means of communicating with the Alwil team by the evangelists, even if Alwil were to set a level or select some that may communicate directly on forum related issues in the Viruses and Worms forum. It could certainly put an end to the very lengthy delays of some of the submissions seen in this forum, which after all the public face of avast.
If only there was a way of communicating this ;D outside of the forums, which with the best will in the world the Alwil team can't monitor every post.
-
Not detected yet :'(
-
geeks2go ? is it good i'll look into it....
so online malware schools u say..so any pre qualifications to join it ?
well its above time i did something useful with my net ..sick of downloading crap which u dont need ??
so any of u guys still students i am still a student...
-
so online malware schools u say..so any pre qualifications to join it ?
a desire to learn ... a desire to help ... a willingness to put in some hard work
I think that's about it, but then I haven't done it yet.
so any of u guys still students i am still a student...
yeah - but sort of an old one now. a different school with different lessons these days.
Oh and, BTW, anyone with almost 17,000 posts is no slouch in the dedication department either :)
-
I probably have a little more free time to contribute ;D
-
well i will become a full time active memeber and help others after my exams..
i'll try my best to solve their problems
(GOD are u listening...."AFTER MY EXAMS" in the sense u make them go smoothly)
;D ;D ;D ;D ;D ;D ;D
jus a friendly reminder :)
-
From avast support team: still not detected.
From Avira support team: Thanks for the file! Detection is already added, I have to check if I can find more similar variants of this Bagle to write a generic. Bye, Stefan Kurtzhals
Avira GmbH
Lindauer Strasse 21, 88069 Tettnang, Germany
Tel.: +49 (0) 7542-500500 Fax.: +49 (0) 7542-52510
Internet: <http://www.avira.de> <http://www.avira.com>
Eingetragen beim (Registered at) Amtsgericht Ulm (HRB 630992)
Geschäftsführer (CEO): Tjark Auerbach
USt-ID (VAT-ID): DE145372389
-
Still does not detected :P
-
Still does not detected :P
What's worse, still no acknowledgment from any one at Alwil. :'( :'(
-
Another day is passed by :( :(
-
i have waited for more than 45 days to get that youtube,orkut and mozilla blocking worm detected..
and the root kit i sent around 2 weeks ack is still not dected.'
and the worst part is avast soes not send any kind of acknowlegment that i has included it in the database so we are forced to scan the file on every updated. >:( >:(
-
i have waited for more than 45 days to get that youtube,orkut and mozilla blocking worm detected..
and the root kit i sent around 2 weeks ack is still not dected.'
It's becoming dangerous to be using just avast...
-
This is embarrassing, disappointing and not a good advert for avast in these public forums.
I do think that avast is a very good AV and I have no doubt that they are working hard to improve detections. But, this is very poor when people take the time to submit a virus/rootkit someone should be watching this the viruses and worms forum for this very thing overdue submissions.
-
Since this is a weekend, we're probably at risk for this one till at least Mon.
Not good. Not good at all.... :'(
-
I know this problem has existed for a long time, but I also know there is a tendency on the part of Alwil to prefer large, all encompassing program releases that make a big splash. I hope the delay on the improved submission process, improved root kit detection etc is not simply out of a desire to make a grand statement when Version 5 (?) is finally ready.
It makes me sad to see the people who have given so much to such a great piece of software losing confidence in it. And I'm especially saddened by the fact that I have no arguments against what they say.
-
I know this problem has existed for a long time, but I also know there is a tendency on the part of Alwil to prefer large, all encompassing program releases that make a big splash. I hope the delay on the improved submission process, improved root kit detection etc is not simply out of a desire to make a grand statement when Version 5 (?) is finally ready.
Sorry to think different, I mean, for the last years the only I can say is that program updates follow a different rule and policy than the virus databases. I won't expect avast 5 improve submission process by itself. It could be a better program but the lack of updates is becoming dangerous for uses that have only avast...
It makes me sad to see the people who have given so much to such a great piece of software losing confidence in it. And I'm especially saddened by the fact that I have no arguments against what they say.
What can we do? I get infected twice since I use only avast... :'(
A friend of mine had to format and reinstall... this is sad...
-
Just trying to be an optimist, I suppose. Should I have said "formerly great ..." ?
This is a weakness that must be fixed if avast! is to maintain any effectiveness.
And ya' know, when someone speaks to me I at least acknowledge that words have been uttered, Alwil team ...
-
Hi mauserme,
Here is a free removal tool for it: http://www.kaspersky.com/removaltools?vtopen=146410248#open
But I realize that no av solution can close the vulnerability window completely, so that is why I have a resident scanner and non-resident scanners on my system to keep it as close ajar as I can.
But avast should also flag the malware that is reported most to infect, and their web forum report is one of the best and cheapest indicators, where and why avast users are getting infected. The e-card.exe was an ominous example where Avast was not a front-runner. Sometimes I think don't they read the important things that are posted here?
polonus
-
And ya' know, when someone speaks to me I at least acknowledge that words have been uttered, Alwil team ...
Unfortunately Alwil's lack of participation has only gotten worse over the past year.
They used to be a regular part of this forum that no longer seems the case.
Space alone does not make for a good support forum. It takes active participation. :o
-
Here is a free removal tool for it: http://www.kaspersky.com/removaltools?vtopen=146410248#open
Thanks Polonus. I just wish I could feel confident that a week, or a month, or even two months from now we would have our own detection. Unfortunately my confidence is lacking.
-
we can only hope there is going to be big much needed improvment
And ya' know, when someone speaks to me I at least acknowledge that words have been uttered, Alwil team ...
Unfortunately Alwil's lack of participation has only gotten worse over the past year.
They used to be a regular part of this forum that no longer seems the case.
Space alone does not make for a good support forum. It takes active participation. :o
i have been in this forum for the past few months ..before i used to think avast evanglists wher staff members..but after davidr told me that its not like that i wonder
this has become a totally avast independent forum with the title "avast forums"
and for some one like me who makes it a point extract all files which avg anti-spyware detects [and avast does not detect ]....send it to virustotal for analysis ..mail the sample to avast .with the virustotal analysis.and and added comments..
it almost makes my furious that
1>there is no detection of the sample for months together
2>no way of finding out if the sample rached them or not..
gee i am thinking to switch to bit defender after i get more RAM
-
...before i used to think avast evanglists wher staff members..but after davidr told me that its not like that i wonder
this has become a totally avast independent forum with the title "avast forums"
We're sort of a family here. And like any family, sometimes our dirty laundry gets aired publicly.
-
;D ;D ;D
but with or with out AWIL staff participation.
its one of the quickest and best forums around.... 8)
it'll tend to all our cribs ;)
-
Another day we're not protected...
Unfortunately Alwil's lack of participation has only gotten worse over the past year.
They used to be a regular part of this forum that no longer seems the case.
I agree... what is their policy now? Most of them disappear... :'(
Tested again with new iAVS update (VPS 753-0) for avast! program that has been released recently, no detection :-\
-
And another day has gone without any input from avast!.
What's happening? Where is Alwil?
-
Are any of you who have posted to this thread paying users? I am a paying customer with 30 PCs protected on a corporate network, and a 3-year update license. I'm pretty concerned about the fact that the "postcard" virus (or at least one of its downloader) is still not detected by Avast even though it has been sweeping the Internet for several days now. I will open a support request on this topic, and also mention the apparent lack of response from Avast on stuff like this... unless someone else has already done so, only to find that being a paying customer doesn't make any difference?
-
Are any of you who have posted to this thread paying users?
Yes, but that is not my role on the forum.
-
Are any of you who have posted to this thread paying users? I am a paying customer with 30 PCs protected on a corporate network, and a 3-year update license. I'm pretty concerned about the fact that the "postcard" virus (or at least one of its downloader) is still not detected by Avast even though it has been sweeping the Internet for several days now. I will open a support request on this topic, and also mention the apparent lack of response from Avast on stuff like this... unless someone else has already done so, only to find that being a paying customer doesn't make any difference?
My answer here: http://forum.avast.com/index.php?topic=29124.msg239311#msg239311
Not detected by 000753-1. Sent to VirusTotal again to see the results of other antivirus companies.
-
Complete scanning result of "Infected.exe", processed in VirusTotal at 07/03/2007 03:30:25 (CET).
[ file data ]
* name: Infected.exe
* size: 276814
* md5.: 9716dea70cda530c18bf943184d8e607
* sha1: 8ee3ec9261c66c15140180a505759f48a516d759
[ scan result ]
AhnLab-V3 2007.7.2.0/20070702 found [Win-Trojan/Bagle.88592]
AntiVir 7.4.0.37/20070702 found [TR/Dldr.Bagle.CH.15]
Authentium 4.93.8/20070703 found [W32/Downloader2.AJQP]
Avast 4.7.997.0/20070702 found nothing
AVG 7.5.0.476/20070702 found [Downloader.Generic4.YRB]
BitDefender 7.2/20070703 found [Win32.Bagle.SRN@mm]
CAT-QuickHeal 9.00/20070702 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070702 found [Worm.Bagle-77]
DrWeb 4.33/20070702 found [Win32.HLLM.Beagle]
eSafe 7.0.15.0/20070703 found [Win32.Bagle.ch]
eTrust-Vet 30.8.3759/20070702 found [Win32/Glieder.FP]
Ewido 4.0/20070702 found nothing
F-Prot 4.3.2.48/20070702 found [W32/Downloader2.AJQ]
F-Secure 6.70.13030.0/20070703 found [Trojan-Downloader.Win32.Bagle.ch]
FileAdvisor 1/20070703 found nothing
Fortinet 2.91.0.0/20070702 found [W32/Bancban.CH!tr.dldr]
Ikarus T3.1.1.8/20070702 found [Win32.Bagle.SRN]
Kaspersky 4.0.2.24/20070703 found [Trojan-Downloader.Win32.Bagle.ch]
McAfee 5065/20070702 found nothing
Microsoft 1.2701/20070702 found nothing
NOD32v2 2371/20070702 found [Win32/Bagle.IS]
Norman 5.80.02/20070702 found [W32/Mitglied.AEC]
Panda 9.0.0.4/20070702 found [Trj/Mitglieder.OI]
Sophos 4.19.0/20070624 found [Troj/Bancban-QH]
Sunbelt 2.2.907.0/20070702 found [VIPRE.Suspicious]
Symantec 10/20070703 found [Trojan.Tooso]
TheHacker 6.1.6.141/20070702 found [Trojan/Downloader.Bagle.ch]
VBA32 3.12.0.2/20070702 found [Worm.Win32.Bagle.IS]
VirusBuster 4.3.23:9/20070702 found nothing
Webwasher-Gateway 6.0.1/20070702 found [Trojan.Dldr.Bagle.CH.15]
Detection improved since my first submission.
-
Detection improved since my first submission.
Except:
Avast 4.7.997.0/20070702 found nothing
So those of us using avast! are still left out in the cold... :'(
Good thing I can use ClamWin as a double check. It detects it.
Alwil, please understand that I'm making these critical remarks in order
for you to improve my Anti virus program of choice.
-
Other info:
AVGas (as Ewido) does not detect either.
a-squared: detected Trojan-Downloader.Win32.Bagle.ch
SuperAntispyware: not detected.
-
Other info:
AVGas (as Ewido) does not detect either.
a-squared: detected Trojan-Downloader.Win32.Bagle.ch
SuperAntispyware: not detected.
Sorry Tech but I'm selfish.
At this point, I'm only concerned with avast!'s ability to detect this trojan
since I depend on avast! to keep me safe. ???
Hopefully this will happen soon because I'd hate to have to find a replacement. :'( :'( :'(
-
Hello! Bob,I've found remplacement: DR web 23,50 EUROS for 2 years.But this forum is wonderfull ;)
-
Hi bob3160,
Keep these euro's in your pocket, because you have the additional ClamWin for free, and ClamWin detects it.
Now you can understand why I always have the latest version of ClamWin on my machine.
polonus
-
Vps 000753-2 does not detect it yet...
-
well it does not detect my root kit yet..nor the rpcc.dll infection..
one of the main reasons i switched to avast is that it is free..there are very limited to nill online payment options the banks in our country..
and the other problem is i did so much publicity for avast..and i talked very one into switching to avast from norton which they got a licensed version from the mother board cd ..
most of the comps i look afrter dont have internet so i used to download the update on a weekly basis and give it to them on a flash drive.. now i feel so embarrsed that most of the malware that is spreadind is thru my pendrive >:( >:( >:(
gee now every one i know is switching to bit defender .and i am considring it as a option also...
here are the stats..
i used to give updated to around 21 comps ...plus there were another 6 who switched to avast and had net...
21+6=27 (this was around two months ago)
after a recent infection of rpcc.dll,rootkits,a whole array of usb worms,all kinds of file infectors
i give the updates to jus 2 people...
the irony is one of my friends[a ex avast user with net] calls me and says that i should switch to bit defender..and he has got a beautifully working cracked version >:( >:( >:(
avast is losing followers very quickly
-
The worst part is that avast! (Alwil) isn't paying any attention to this.
I'm wondering if this forum is even being monitored any more ???
-
The worst part is that avast! (Alwil) isn't paying any attention to this.
I'm wondering if this forum is even being monitored any more ???
I thought they would pay attention to me... maybe I'm dreaming...
-
I have tried to draw attention to this but it has generated zero response. Perhaps we should create a new topic with the subject title - Attention Alwil Staff - Text - We are concerned about the lack of response to samples submitted to avast, but more so about the fact that many samples submitted haven't been included in VPS updates weeks later.
Those active in this and a couple of long outstanding virus submissions topics can add their comments. This should however, not be a rant but simply agreeing that something has to be done about these very long delays and at lease have a way to draw attention to those submissions long overdue action.
-
i have a excellent idea i have noticed the whenever the topis reads
"not a virus"
"false positive"
"false detection" or some thing similar
that the moderator pavel reads them and replies to them..
so why not name the topic like that..
in fract i joined my forum when i had my first malware that avast does not detect ..
VBS:SOLOW
i came this forum and sent a sample to avast.. thru my e mail..
that time a virus analyist from avast replied to resend the sample cos there was some error in the extraction process and it was detected 3 days later..
now even i send all my samples to avast as well that staff member with out any response wat so ever..
-
Perhaps we should create a new topic with the subject title - Attention Alwil Staff - Text - We are concerned about the lack of response to samples submitted to avast, but more so about the fact that many samples submitted haven't been included in VPS updates weeks later.
I'm not a newbie in this forum. It's not a privilege or a privileged treatment, but they could just remember, from time to time, we deserve a little bit more... I don't need to open a new thread. I'm upset. Seems there are other old members that are feeling the same.
-
take a look at the pics...i wonder
well ............................................... :-X :-X :-X
draw ur own conclusions..
-
We can comment and whine as much as we like in a topic where the title isn't likely to draw any attention, this topic has been going 8 days and no response.
The submission aren't drawing any attention I have two that I have sent from the chest a number of times one dates from 27/01/2007 and it still isn't detected. This originated from a forum topic.
I have even submitted them a number of times to VirusTotal in the misguided hope that undetected malware will be forwarded to avast. If the purpose of having avast on VT was to gain samples of undetected malware then this has clearly failed. So it would possibly be better to withdraw from VT if they aren't getting the benefit of this information or they choose to ignore it.
So I was just thinking of trying something else like a new topic.
-
We can comment and whine as much as we like in a topic where the title isn't likely to draw any attention, this topic has been going 8 days and no response.
I've changed the title... If this helps detection, I'll do it...
-
To reduce the burden on the AWIL team, just sent viruses to them & send trojans to anti-trojan programs like Spyware Terminator, AVG AS, SUPERAntiSpyware, A-Squared, etc.
Maybe this will speed up virus detections. ;D
Spyware Terminator does an excellent job of keeping me free of trojans, spyware & other malware. avast! does an excellent job of keeping viruses, trojans & other malware off my system. ;D
A secure browser like Opera & an excellent fw like PCTFW help, too.
-
i also noticed huge increase in delays while adding new malware (trojans/trojan proxies, backdoors and worms)
waiting for detection to be added for these:
Backdoor.Win32.IRCBot.acd
Trojan-Proxy.Win32.Agent.ji
Trojan-Proxy.Win32.Jaber.c
Trojan-Clicker.Win32.VB.fh
and several less important ones
Constructor.Perl.Msdds.b
Exploit.Java.ClassLoader.Dummy.D
Trojan-Clicker.HTML.Agent.a
Trojan-Downloader.Java.OpenStream.C
Trojan-Downloader.JS.Agent.bk
Trojan-Downloader.JS.Inor.a
Trojan-Downloader.JS.Psyme.eb.zip
Trojan.Java.ClassLoader.ao
Trojan.Java.ClassLoader.f
feebs\Worm.Win32.Feebs.cb
feebs\Worm.Win32.Feebs.gen.12
feebs\Worm.Win32.Feebs.gen.13
feebs\Worm.Win32.Feebs.gen.14
feebs\Worm.Win32.Feebs.gen.15
feebs\Worm.Win32.Feebs.gen.19
feebs\Worm.Win32.Feebs.iq.1-7
-
To reduce the burden on the AWIL team, just sent viruses to them & send trojans to anti-trojan programs like Spyware Terminator, AVG AS, SUPERAntiSpyware, A-Squared, etc.
Maybe this will speed up virus detections.
i think that word ANTI VIRUS includes protection from torjans and other kinda infectors as well MAYBE they they can be excused if avast does not detect spywares...and nowadays torjans are becoming into a bigger and greater threat than good 'ol viruses....
and avast did not detect "e-card.exe" a malware which i guess was a self mailing VIRUS..
does it detect it now?
anyone?
-
Vps 000754-0 detects it.
Well, 8 days... Should I say thanks? Better late than never?
-
Now we just have to deal with all the other long overdue submissions.I sincerely how we don't have to go through this kind of action to achieve a result.
-
I sincerely how we don't have to go through this kind of action to achieve a result.
I think exactly the same.
-
I sincerely how we don't have to go through this kind of action to achieve a result.
I think exactly the same.
These aren't results to be proud of. We've hassled Microsoft for less severe infractions.
The success and quality of an Anti virus program is measured by how quickly it reacts
to a new infection.
I'd call this reaction totally unacceptable and it has to be greatly improved if avast!
expects to remain a leader in this industry.
Sorry folks but that's my opinion. :-[
-
I sincerely how we don't have to go through this kind of action to achieve a result.
I think exactly the same.
<snip>
I'd call this reaction totally unacceptable and it has to be greatly improved if avast!
expects to remain a leader in this industry.
Sorry folks but that's my opinion. :-[
And I believe that of virtually all of those who have contributed to this topic, it is totally unacceptable and not being able to contact anyone only makes it even worse.
-
well something is better than nothing I GUESS...
avast 754-0 still does not detect the root kit,rpcc.dll infecton,torjan obsfuscate,and poison ivy infection
should we satisfied with avast's under achivement?
i guess we are setting the bar very very low guys response time 8 days to u couple of months ??
YEAAAAAAH >:(
-
anyway , this week is bit problem as there are national holidays (Thu and Fri) so i guess whoever could took 'off' in Alwil ...
so any non critical malware gets 'delayed' ...
i agree that completely new system for malware submission is needed
i know it's in work ... but that i was told 1.5 year ago too...
more and more my customers abadon avast! either for free Avira AV PE or AOL AVS etc.
or paid versions of KAV
lot of firms refuses to use Avast! Pro/Server because of 'slow' response to discovered stuff (answer which i got when asked why)
i'm sad cause of this ... but this is something i can't change
-
FWIW, I opened a support ticket with Avast and linked to this thread and a few others in my ticket. The ticket was specifically about the problem detecting the "postcard" virus, but I mentioned the frustration that was being expressed on the forum in this and other threads. According to the ticketing system, I posted the ticket at around 1AM Czech time, and got a response at 17:43 the same day. Here is the text of the response:
Hello,
Yes we know about this problem with ecard.exe - the main problem is that there is every hour new mutation of this virus and adding of the string is not much effective. We are now working on some polymorfic detection of these ecards. I hope you will be seeing the result in very near future.
Try to scan sample submitted by you with avast with updated VPS database and if avast cant detect your sample, please attach it in password protected archive with password "virus" without qoutes.
By the time I received the response Avast was detecting the latest copy of ecard.exe that I was able to obtain.
I will use the ticket to follow up on the frustration topic.
-
Thanks for the feedback and for your effort in helping to draw attention to this problem.
-
i agree that completely new system for malware submission is needed
i know it's in work ... but that i was told 1.5 year ago too...
We can live of promises...
We are now working on some polymorfic detection of these ecards
Well... isn't it time to think on a generic detection method called 'heuristics'?
-
hi guys "windows blinder".
when i clicked on a .exe it warned me that the file wa going to be deleted after excution ? so i cancled it bu the file was deleted anyway??
-
Well... isn't it time to think on a generic detection method called 'heuristics'?
http://forum.avast.com/index.php?topic=108.msg426#msg426
In my opinion, in present time heuristics is just a marginal technique whose importance rapidly decreased when most of the AV's made their databases so good that they actually contain virtually all the virus samples. And with avarage response times in the magnitude of hours rather than days/weeks, the need for generic detection without a record in the virus database went down, too...
Vlk
I was not an avast! user when Vlk posted that. Was the avast! average response time really hours, or did this mean the average for all AV's? If it meant avast!, what went wrong?
-
...what went wrong?
http://www.f-secure.com/weblog/archives/archive-052007.html#00001198 (http://www.f-secure.com/weblog/archives/archive-052007.html#00001198)
-
The graph?
Sure, but others face the same increase while maintaining a quick response time.
-
...what went wrong?
http://www.f-secure.com/weblog/archives/archive-052007.html#00001198 (http://www.f-secure.com/weblog/archives/archive-052007.html#00001198)
How many viruses or malware exist in general? Can you give me some number?
The approximate count is now over 300,000.
So, what will we expect for the future, the curve is just saying signatures won't be able to follow the rush of virus makers... :'(
In my opinion, in present time heuristics is just a marginal technique whose importance rapidly decreased when most of the AV's made their databases so good that they actually contain virtually all the virus samples. And with avarage response times in the magnitude of hours rather than days/weeks, the need for generic detection without a record in the virus database went down, too... Vlk
Well... I can't believe he thinks as the same as when he posted that...
-
In my opinion, in present time heuristics is just a marginal technique whose importance rapidly decreased when most of the AV's made their databases so good that they actually contain virtually all the virus samples. And with avarage response times in the magnitude of hours rather than days/weeks, the need for generic detection without a record in the virus database went down, too... Vlk
Well... I can't believe he thinks as the same as when he posted that...
I doubt that too, 4 years is a lifetime in IT and virus development.
Though it isn't that long ago that Heuristics was discussed and the flavour was Generic signatures rather than heuristics.
-
Sure, but others face the same increase while maintaining a quick response time.
I read recently that Kaspersky virus analysts burn out after a year because of the constant pressure of the job. Perhaps Alwil doesn't want to lose its analysts in this way.
I've also read reports from other AV companies of the problems of the constant flow of new variants which have to be added to detections.
This situation must be more difficult for the smaller players, and my impression is that avast! is a bit overwhelmed at the moment. Certainly the virus submission system could and needs to be more efficient. I suspect more virus analysts are needed.
My own advice (if anybody wants to take it) would be to make the pricing of the home addition more affordable: at the moment it is not attracting home users to buy the product. The other two companies which offer free AV's have a much more attractive pricing policy, which no doubt leads to home users buying the pay product, hence allowing investment in virus analysts.
avast! Approx £30 inc. tax (1 year)
AVG Approx £30 inc tax (2 years) (Further reductions available on Amazon.)
Avira Approx £14 inc tax (1 year)
-
Though it isn't that long ago that Heuristics was discussed and the flavour was Generic signatures rather than heuristics.
But slow generic signatures won't help... we need immediate heuristic analysis with the risk of false positives, imho.
-
@ Frank
Add to that if there were a small/reasonable fee for the Home version and continue the policy that the home version registration/license could be used on more than one home & non-commercial system.
Would it drive current users to those offering a free option, possibly not but would depend on any pricing. Or as has been said previously having a Donation method, perhaps a button somewhere in the home version, about avast or Simple User Interface.
@Tech
This isn't my suggestion but what has been said in the forums 'recently' by an Alwil team member and even if they agreed I don't see anything being able to be done immediately, to incorporate heuristics into the existing AV won't be an overnight task, even if you bought in someone else's heuristics engine.
-
This isn't my suggestion but what has been said in the forums 'recently' by an Alwil team member
I know that. I'm just commenting the text, not putting words in your mouth. I'm making a comment that slow generic signatures won't help...
to incorporate heuristics into the existing AV won't be an overnight task.
I can't imagine that Alwil team has never studied and worked with this... Is Alwil on stage 0 about this? I can't believe... Haven't they never thought about this... if so, it won't be overnight, it's a matter of planning, good or bad planning...
-
and did u guys know that avast pro had a keygen...
its in this site where i get my movies ..i noticed they had put up avast for download around a week ago..i downloaded it then.
and i was cleaning up my HD and unzipped the contents and it had a keygen..did not test it though ..
i was of the opinion that avast it self put it on their servers ..since i noticed that avast uses
www.download.com servers on its home page..
-
infact i am considring of sending it to awil for analysis ..it it detects it as a threat may be it'll discourage its use..i dont see the need when the home edition is so good by it self..
some people have a habit of geting thing they dont even need..
eg..i have nero 6 and it works jus fine..
while i see my usual warez sites offering nero 7,nero ultra they dish out nero more versions every day than the pixles on my screen ;D
-
Yes, they do there are a number of key generators for many applications including avast and avast is regularly blocking keys generated in this way. However, there is no way that avast would put a key generator on the download.com site.
Those that use key generators often find they get an unwelcome gift.
Perhaps you should send it and the URL to avast, but a simple google search will reveal many.
-
i mean that in avast i want to download avast 4.7 from www.avast.com...it re directs me to www.download.com i guess that avast is using download.com servers to give better speeds..downloads at 850Kb/s now
http://www.avast.com/eng/download-avast-home.html
avast is hosting its downloads at download.com
-
and did u guys know that avast pro had a keygen...
The keys generated are blacklisted (at least, from time to time). People can't update and so won't use an antivirus that couldn't be updated.
i dont see the need when the home edition is so good by it self.
The major competitor of avast Pro is avast Home 8)
avast is hosting its downloads at download.com
Only the English version.
-
ho so if i have a keygen how do i give ita ato avast so avast can bar those keys?
and i think avast should use avg's method of updating..every time the avg version is updated it overwrites the previously cracked exe...so it becomes useless ...if this is done frequently enough we can really elimnate keygens..
i guess the concept of "product activation" can be really taken advantage of in anti-virus softs since updating it cant be prevented ??
unlike like some futile attempts by MS ....which cant be helped cos we dont need to update a OS on a dai;ly basis..and we can get all the latest patches in other ways ;D ;D
and come to win vista i happen to have the latest crack by CloNy and it works like butter should i mail it to avast so they can perfix [tool] and add it to their detection in a year....??
-
ho so if i have a keygen how do i give ita ato avast so avast can bar those keys?
As I said send the url and the keygen to avast, either sales or support @avast.com should do.
-
and can i know the meaning of avast! Überevangelist and evangelist ...
It refers to the number of the posts only. With some hundreds of posts you become an evangelist... Übere comes from latim (?) and means 'a lot', too much, very fertile...
and i dont know how but i have noticed some on made me a junior member ;D
Again... number of your posts...
-
This thread is slowly going off-topic.. But anyway, since it's a sensitive topic, let me react to a couple of points made here:
1. ALWIL is not short of cash. In fact, we're growing quite successfully, and we're constantly hiring (this includes the virus lab). However, I can tell you it's not easy to find quality people for the lab -- the problem is that this job requires a very specific skillset and we cannot really expect the new people to know all the tricks - so training them is quite consuming... but I'd say it is improving. Plus we have some other plans on how to improve the process.
2. You might've noticed that some other AV companies do react to virus submissions in a timely fashion, BUT STILL rank in the various AV tests lower than avast. The problem is that we currently handle non-critical stuff in batches - so the reaction time is quite poor (but the definitions do get added after all). This should change with the new internal system (which I already discussed a couple of times, and which should go online by the end of this year). BTW the topic of judging the criticality of a given sample is another story...
3. The quote of mine (about heuristics) that someone found and posted here is quite amusing - and it is true that I now have to admit that I wasn't quite correct. :)
4. I keep seeing an increased number of complaints on the forum (even from the "evangelists") about unacceptable state of the avast virus database - but really, are we dealing with many people who actually got INFECTED running avast? I mean, think about it, avast is today installed on 32+ MILLIONS of machines worldwide, and still you see, from time to time, SINGLE occurences of people getting infected (of course, not all people who get infected go to the forum - but even the number of people contacting directly our tech support department is not too high). I'd say that from this perspective, avast is hugely effective (and I'm not saying this because of some kind of self-esteem but simply as a defense against the complaints). OTOH I'm not trying to say that everything's OK but the situation is not that bad, really.
5. Most of the virus lab guys aren't even aware of the forum. I'll make sure to get them acquinted and to have them monitor the Viruses and Worms category for any future complaints. This forum is a great community and has been very important to our success - and I think you deserve better handling from our side! ;)
Cheers
Vlk
-
This thread is slowly going off-topic.. But anyway, since it's a sensitive topic, let me react to a couple of points made here:
Thanks for posting.
1. ALWIL is not short of cash. In fact, we're growing quite successfully, and we're constantly hiring (this includes the virus lab). However, I can tell you it's not easy to find quality people for the lab -- the problem is that this job requires a very specific skillset and we cannot really expect the new people to know all the tricks - so training them is quite consuming... but I'd say it is improving. Plus we have some other plans on how to improve the process.
The problem, for us users, it that we're leaving with promises... you may agree that we will be happy to see facts. Sorry to argue, but seems that we're talking about a small company that cannot deal with it... I know it's not truth... but it's being hard to wait. Sorry, these are we: all unsatisfied users 8)
2. You might've noticed that some other AV companies do react to virus submissions in a timely fashion, BUT STILL rank in the various AV tests lower than avast. The problem is that we currently handle non-critical stuff in batches - so the reaction time is quite poor (but the definitions do get added after all).
Can we do anything more than send samples? Can we help in another way? I don't think so... the problem is that I receive IM from a lot of users. I'll send to you by email later. People complain about his own computer, the very few that get infected... but it his computer after all...
3. The quote of mine (about heuristics) that someone found and posted here is quite amusing - and it is true that I now have to admit that I wasn't quite correct. :)
Good to see you're changing your mind, at least, a little. Hey, we're proud avast users... don't disappoint us, that is what we're complaining... I hate to hear bad words or to read bad press about avast... it somehow hurts me... although it's difficult to express this feeling.
4. I keep seeing an increased number of complaints on the forum (even from the "evangelists") about unacceptable state of the avast virus database - but really, are we dealing with many people who actually got INFECTED running avast? I mean, think about it, avast is today installed on 32+ MILLIONS of machines worldwide, and still you see, from time to time, SINGLE occurences of people getting infected (of course, not all people who get infected go to the forum - but even the number of people contacting directly our tech support department is not too high). I'd say that from this perspective, avast is hugely effective (and I'm not saying this because of some kind of self-esteem but simply as a defense against the complaints). OTOH I'm not trying to say that everything's OK but the situation is not that bad, really.
My computer get infected twice last two months.
Two friends of mine get their computer infected.
Worms and trojans in the four cases. It took me some time to get clean. One needed reformat. Well I'm just 1/32,000,000 ... :'(
5. Most of the virus lab guys aren't even aware of the forum.
Couldn't this change a little? Couldn't the forum has a special submission webpage, for only forum members to send samples?
I'll make sure to get them acquinted and to have them monitor the Viruses and Worms category for any future complaints. This forum is a great community and has been very important to our success - and I think you deserve better handling from our side! ;)
Thanks... it will be good to share some comments and to receive some comments from these guys... after all, we depend on their work 8)
Thanks for posting Vlk. Just trying to share my last two months feelings about avast detection. Sorry to be so hard on last comments, again, we just want the best for you and us.
-
Some sort of proactivety is highly desired and result can be beneficial to both, developers and users.
First have some less work on new samples and with proper system can quickly gain access to all the new variants detected by it (lets take ESET's ThreatSense.NET as an example since we all know it) and users can benefit from early detection of new malware. Nothing is perfect, but i'd say, any proactive detection is better than none.
Also on a side note i'm lately quiet impressed by the number of new signatures added, so virus lab guys are certanly very active.
-
Hi Vlk,
Thanks for turning the noses all towards one direction, and that direction is and should be crescendo. Just looking at my little blue turning ball icon with the a on it, and it seems to wink at me now, saying: "things are not that bad really". The update frequency of avast is good. We are going on to evangelize, thanks for the heads up,
polonus
-
Hi Vlk,
I keep seeing an increased number of complaints on the forum (even from the "evangelists")
I highly doubt that a bouquet of roses would have gotten any ones attention.
There's nothing wrong with criticism when it's meant to improve the product.
I also believe that the "evangelists" have earned the right to voice their opinions even when it's
not in praise of avast!
No one can be satisfied at all times and only through constructive and objective suggestions will
avast! improve even if these suggestions come from outside of the company.
It was nice to finally receive a reply from Alwil. Thanks :)
-
After reading your post, Vlk, I have to say the thing most lacking was communication.
I know its time consuming to monitor the forum but the presence of some Alwil staff will be good. This thread probably could have died after two or three posts if someone would have just acknowledged it and explained whatever difficulty existed adding the detection.
Tech asked if there's something we can do to help the process and I'll second that question. We're obviously here to help.
-
Tech asked if there's something we can do to help the process and I'll second that question. We're obviously here to help.
If I can't help, I will complain... that's the only way we found to make ourselves happy and safe. I was not doing a rhetoric question. I really feel this way.
I agree with Bob in all terms. Silence from Alwil is hard for us, forum members.
-
<snip>
5. Most of the virus lab guys aren't even aware of the forum. I'll make sure to get them acquinted and to have them monitor the Viruses and Worms category for any future complaints. This forum is a great community and has been very important to our success - and I think you deserve better handling from our side! ;)
Cheers
Vlk
I believe this would go a long way to resolving the complaints relating to undetected malware, leading to a submission that could otherwise take some time to appear in the VPS updates. Since most of those undetected samples we suggest that people use VirusTotal, so the labs could gain an incite into the malware type and its possible priority.
I look forward to the new submission method and the new virus lab members getting up to speed, thanks.
-
well i dont know about u guys but vlk's post i jus read gave me new hope..and damn all the other anti vir softs...if avast detected every thing before hand this wonderful forum would have not existed..
trust me guys this is the cleanest a forum can be..no swearing,and a bunch of people who act like they are above 16 yrs old..
;)
-
Yes it does give us hope but as has been mentioned, earlier communication/intervention would have avoided lots of the concern.
Hopefully when the labs team are able to pay some attention to the viruses and worms forum then the other long running 'samples remaining undetected' will also be resolved.
-
... and a bunch of people who act like they are above 16 yrs old..
;)
Some of us have had a lot of practice acting older than 16 ;D
-
Hi...
Have read almost any reply in this forum and I am quite surprised to se the passion from users and volenteers for the avast product.
I use it myself on my 7 home computers and have been very pleased with the product for a long time. I have told all my friend about this fantastic product but I have to say....
I have been infected severel times with viruses, trojans, rootkits etc. that avast did not find and I think that many users are living happely without knowing that there systemt are infected. My consern about using avast is that some of the viruses that have infected my computer are old viruses that should have been implemented. Small virus scanners as eScan and PROVX CSI can find the Win32.Bagle, Win32.Pakes and rootkit virus that avast can not.
On the other hand .... Norton, Symantec and McAfee are not doing the job better than avast so avast is still a good alternative and often better than the three.
I think that today it is quite volneroble to only use one base virus scanner. I myself use a packet of scanners to be confident that all viruses, adware, malware, rootkit, trojan are found.
I would be happy if avast would focus on some on the bad viruses that are still harming our systems. Some of which are very difficult to locate and remove from the system (like win32.bagle). As a system engineer I can do this myself but normal users are lost and have to start all over again.
Best regards and keep up the good work.
-
Small virus scanners as eScan and PROVX CSI can find the Win32.Bagle, Win32.Pakes and rootkit virus that avast can not.
You're right. avast should improve a lot on this point...
I think that today it is quite volneroble to only use one base virus scanner. I myself use a packet of scanners to be confident that all viruses, adware, malware, rootkit, trojan are found.
You're right. We still trust on layered defense.