Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: olmor on November 08, 2007, 09:04:21 AM
-
Hi!
I found a virus on my machine with installed Avast Home. It does not detect it (with all last updates).
File UFO.EXE with virus is sent to Avast (from Virus Chest).
To developers: Did you receive my message (06.11.07)?
Is there any time frame to include this virus into VPS?
Below is the report from Virustotal.com
===========
Complete scanning result of "UFO.EXE", processed in VirusTotal at 11/08/2007 07:38:14 (CET).
[ file data ]
* name: UFO.EXE
* size: 18432
* md5.: 768eed49992d3cb66c8cbd5b6df06718
* sha1: 093bc70e1080048a858505e90a0d27c314c7bf2a
[ scan result ]
AhnLab-V3 2007.11.2.1/20071102 found nothing
AntiVir 7.6.0.34/20071108 found [tr/Dldr.VB.bqh]
Authentium 4.93.8/20071101 found nothing
Avast 4.7.1074.0/20071106 found nothing
AVG 7.5.0.503/20071106 found [Downloader.Banload.GZA]
BitDefender 7.2/20071108 found [Dropped:Generic.Malware.Bdld.12921183]
CAT-QuickHeal 9.00/20071106 found [trojanDownloader.VB.bqh]
ClamAV 0.91.2/20071107 found nothing
DrWeb 4.44.0.09170/20071107 found [trojan.DownLoader.36149]
eSafe 7.0.15.0/20071028 found [suspicious Trojan/Worm]
eTrust-Vet 31.2.5276/20071107 found nothing
Ewido 4.0/20071106 found nothing
F-Prot 4.4.2.54/20071107 found nothing
F-Secure 6.70.13030.0/20071102 found [trojan-Downloader.Win32.VB.bqh]
FileAdvisor 1/20071108 found [High threat detected]
Fortinet 3.11.0.0/20071019 found nothing
Ikarus T3.1.1.12/20071107 found [trojan-Downloader.Win32.VB.bqh]
Kaspersky 7.0.0.125/20071108 found [trojan-Downloader.Win32.VB.bqh]
McAfee 5157/20071106 found nothing
Microsoft 1.3007/20071108 found nothing
NOD32v2 2642/20071106 found [probably unknown NewHeur_PE virus]
Norman 5.80.02/20071106 found [W32/DLoader.DXFQ]
Panda 9.0.0.4/20071106 found [trj/Downloader.QZB]
Prevx1 V2/20071108 found nothing
Rising 20.16.42.00/20071102 found [trojan.DL.Win32.VB.yjo]
Sophos 4.23.0/20071107 found [Mal/Behav-160]
Sunbelt 2.2.907.0/20071031 found nothing
Symantec 10/20071108 found [W32.SillyFDC]
TheHacker 6.2.9.118/20071106 found nothing
VBA32 3.12.2.4/20071106 found [trojan-Downloader.Win32.VB.bqh]
VirusBuster 4.3.26:9/20071106 found nothing
Webwasher-Gateway 6.0.1/20071107 found [trojan.Dldr.VB.bqh]
[ notes ]
packers: UPX
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=768eed49992d3cb66c8cbd5b6df06718
packers: PE_Patch.UPX, UPX
==============
Regards, Oleg
-
Thanks for helping improving avast detection.
After you've sent from Chest you should have been warned that the process finished successfully.
-
Seven days have gone. The virus is still not detected (:
-
Shame :P
-
One more week has gone and nothing is changed. Is there any change to get this virus detected in Avast?
-
Yeah... these days are bad days for them...
http://forum.avast.com/index.php?topic=31038.msg263001#msg263001
-
I have problem with a program with a similar name. It is allways on my USB Mass Storage (Kingston DataTraveler 1 Gb) when I plug in and plug out under Windows (Xp). You can't see it when you are in Windows. I saw first this file under LINUX. I deleted it but it returned after using in Windows. On DataTraveler there were 2 files: UFO.exe and autorun.inf . Could you tell me if it could by a virus? Is it the same Trojan.Downloader. I heard about that it moves by the USB mass storages. Can it be true?
I'm sorry that I have a lot questions :/ If you need more information I will cooperate :P
-
Avast chest is not best solution to send files, there are not detected by Avast. Main problem is not in chest, but in processing. We extract only files that has somewhere in description word "false" or files detected by Trojan-gen. Other files are silently discarded.
So please send us suspicious files to virus@avast.com in password protected archive. This email is batch processed to extract attachments. Files are unpacked whit following passwords: infected, virus, avast, a, 123, 1234, 12345, password. If is used other password then we try search password manually in original email.
-
Avast chest is not best solution to send files, there are not detected by Avast. Main problem is not in chest, but in processing. We extract only files that has somewhere in description word "false" or files detected by Trojan-gen. Other files are silently discarded.
I have to say I'm both surprised and disappointed that I have wasted my time submitting sample to avast from the avast chest. More so for those who I suggested use the User Files section to add undetected samples and to submit from the chest as I have wasted their time also.
I have to say that this policy is absolutely crazy, these are samples undetected by avast on avast users who are using avast to protect their systems and in that regard have failed. These are also avast users who have taken the time to submit samples only for them to be discarded, no wonder there are so many topics about samples not being included or huge delays.
Submitting samples where the user is required to create a password protected zip file (to avoid interception en route) is such a pain in the rear when the submission from the chest is much easier for most and it takes care of the interception issue because the samples are encrypted by the process.
You can't believe how disappointed I am about this total waste enough not to bother suggesting people send samples at all.
Why should I bother if you don't.
Why should others bother if you don't.
In almost three and three quarter years of using avast this is without doubt the lowest I have felt. I have absolutely no idea what the new submission system is to be but this one for me is pathetic when samples are discarded, silently or otherwise.
I will end now as I'm getting mad, not just disappointed.
-
I would feel easier if someone from Alwil team could just say we are setting up a brand new protocol for handling submitted files
-
Other files are silently discarded.
I can't believe!!! :o :o
Am I reading right that you just discard the submitted files? ::) ??? :o
-
I have to say I'm both surprised and disappointed that I have wasted my time submitting sample to avast from the avast chest. More so for those who I suggested use the User Files section to add undetected samples and to submit from the chest as I have wasted their time also.
Me too.
You can't believe how disappointed I am about this total waste enough not to bother suggesting people send samples at all.
Why should I bother if you don't.
Why should others bother if you don't.
Are there any avast team member reading our posts?
We're posting here from 3 years that sending file from Chest is the most safe method...
I just can't believe...
In almost three and three quarter years of using avast this is without doubt the lowest I have felt. I have absolutely no idea what the new submission system is to be but this one for me is pathetic when samples are discarded, silently or otherwise.
I will end now as I'm getting mad, not just disappointed.
I'm bored, disappointed, upset too...
-
OMG I am reason of it? I'm sorry!!!!
I sent files packed in rar sfx file named ufo-files.exe with password: 123
Is it correct?
-
This time, I'll throw in my whole 2 cents. >:(
Like DavidR and Tech, I'm very disappointed and upset. I spent hours with a very nervous person, not only in finding and removing infected files, but also in extracting them to the chest after they had been safely quarantined. This computer was in a real mess when we started and one wrong click could have started everything all over. >:(
Now you're telling me that that whole stressful time was just a waste of time??? ???
One thing we found, don't know where the thread is, that some mail providers have the ability to "see" into a zipped archive and if the file is executable, refuses to send it.
Well so much for me trying to convince people to submit the samples to avast to make it a better product. These are people who just what the crude off there computers asap.
@DavidR, Tech .....kinda gives you a kick right in the old credibility, don't it? :'(
-
OMG I am reason of it? I'm sorry!!!!
I sent files packed in rar sfx file named ufo-files.exe with password: 123
Is it correct?
No, it wasn't anyhting you did, some us just got blind sided with this little bit of news.
You sample should be all right.
-
OMG I am reason of it? I'm sorry!!!!
You're sorry? I thank you to help us know what is happening...
Unfortunately I'll say.
I hope official words here... This is becoming a nightmare...
-
Like DavidR and Tech, I'm very disappointed and upset. I
Count me in, I am also disappointed!
-
OMG I am reason of it? I'm sorry!!!!
Absolutely not a problem with anything you have don't, just us showing our disappointment at samples being discarded when avast users go to the trouble of submitting them.
-
So all this time we've been waisting our time submitting files to feed the "Alwil Recycle Bin"
That wasn't very nice.... :'( :'(
-
I also sent a sample from the chest >user file window too only last week.I thought that was the whole point of the right click>email to alwil software feature in the chest.It is very stupid and misleading to folks if it isnt.
m
-
guys, let me correct the description of chest files processing... the files sent from chest aren't dropped, of course... they are extracted and sorted by the script periodically (they couldn't be lost)... but the problem was, that our virus analysts didn't know where the sorted files were stored.. they was unreachable for some time, because the man who knows the sorting scheme used his holidays... the bigegst priority between chested files is for Trojen-gen family possible false positives, but this doesn't mean, that we ignore the other files... the only problem is, that the files were not distributed to right people... i can confirm, that a new submission system (still under development) should solve this problem with script/manual work.. anyway - better to send the files via mail.. we have some highlights and priorities for "trusted" submitters there (this should be also more configurable with new submission system)...
-
btw: misak's words are coresponding to last week only and like i said already - we have the files and the delay in their analysis should be cleared soon... the files will be in the right hands tomorrow and you don't have to think about avast! chest as some kind of black hole... once again, sorry for the rumour, it was a misunderstanding between analysts and chest processor..
-
Hi Maxx_original,
The most important thing here is that you set your protocols strict and abide by them. This is vital for an av depository. Put these protocols to print, and distribute them to everyone concerned so they can stick to them.
polonus
-
btw: misak's words are coresponding to last week only... and you don't have to think about avast! chest as some kind of black hole...
Thanks for explaining... Without this explanation (it was a misunderstanding between analysts and chest processor) we can't trust on the company seriousness.
-
Thankyou for your explanation, thats all I needed to know, keep up the excellent work
-
polonus: agree with your opinion.. more ppl in our team should be introduced to samples processing details... we'll accept some necessary steps to make it better...
Tech: alwil's policy never contained anything about making a chest only for a laugh, you can be sure with this ;)... i already told to misak, that his post could be titled as "PR message of the year" ;D
-
Tech: alwil's policy never contained anything about making a chest only for a laugh, you can be sure with this ;)... i already told to misak, that his post could be titled as "PR message of the year" ;D
That will make me sleep happy (again) ;)
Hey misak, whatch your steps ;D
-
Dear developers!
Three weeks have gone and nothing has changed. I sent you this file twice from Virus Chest and by e-mail to virus@avast.com. UFO.EXE is still undetected. Can you answer if you receive my files?
Does Avast Antivirus have any support?
Regards, Oleg
-
Today's update to 071127 solved the problem.
Thanks to all.
Regards, Oleg
-
So sorry for my previous post. I have hold discussions with colleague that care on it and i understand him badly. I will next time better thing then write.
-
So sorry for my previous post. I have hold discussions with colleague that care on it and i understand him badly. I will next time better thing then write.
Don't worry that much. The worse thing will be if that was true and not only a matter of explanation ;)
-
The file got finally detected by Avast (on the USB pendrive) and removed. Next time I plugged it in, it was still inside, still appearently Avast doesn't detect it on the PC.
What is this virus? A virus? A worm? A trojan? A rootkit? Is it somewhere on my PC as well? Can it be seen and manually removed without a rootkit tool?
This file has probably been on my PC for several weeks already, I'd like to know what it has been doing all this time, and what do I have to do to be completely sure it has been removed from both my USB pendrive AND my two PCs.
-
What is this virus? A virus? A worm? A trojan? A rootkit? Is it somewhere on my PC as well? Can it be seen and manually removed without a rootkit tool?
Maybe, but using a rootkit won't be that bad.
Try other tools... I suggest:
AVG Antispyware (http://www.ewido.net/en/)
SUPERantispyware (http://www.superantispyware.com)
Spyware Terminator (http://www.spywareterminator.com/)
AVG antirootkit (http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0)
Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp)
-
Thanks, I'll try to check tonite (it's on my GF's PC, as usual...).
Oh, due to a lack of internet connection she couldn't update Avast for the last 2 days, maybe the solution is already there but she couldn't check it due to lack of update.
Still it sounds strange that Avast finally detected UFO, but only removed it from the pendrive, not from the PC...
It just bothers me I'll have to waste 1 more day of my time removing this virus, I bet she won't be able to use any online AV systems, nor install Ccleaner, F-Secure Blacklight, HijackThis, Ewido and everything else. -_-'
-
Any news on this file? Has it been added to Avast Database?
Sounds pretty strange that Avast appearently detected it once after the update around november the 27th, and now it doesn't detect it anymore (while the virus/worm is still there, since it continues to infect USB pendrives plugged into the notebook)
-
follow the instructions to disable autoruns on fixed disks and USB devices as described here http://forum.avast.com/index.php?topic=31671.60 this should stop the re-infecting.. another detections for newer variants of autorun viruses are ready to be processed...
-
Google search for avast UFO.exe (http://www.google.com/search?q=avast+UFO.exe), the second result down for me Remove Virus newheur_pe - Topic Buzz by Omgili (http://buzz.omgili.com/topic/Remove+Virus+newheur_pe), second link on that page led here.. UFO.exe that resides on my USB is not being detected by Avast! Sux0rz.
-
Then send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.