Avast WEBforum
Other => Viruses and worms => Topic started by: Mr.Agent on February 05, 2009, 09:56:24 PM
-
Hi Avast you missed a nice keylog/trojan if u want the .exe tell me because you are the only 1 that dont detect it !!!!! well i dont know if i post on the right section but i just wanted to let you know for you add it to in the list of the virus data base because its really dangerous to let a virus like that on internet.
One chance i dont execute this file !!!! my god
Virus scan proof : http://www.virustotal.com/analisis/6284bd01c3556399650ea45195d18b6f
Mr.Agent
-
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
-
but i wanna be sure if i didnt execute the exe does i will be infected or no
and how do i protect the zip by a password ?
-
It won't execute adding it to the avast chest or zipping and password protecting it.
This really isn't as serious as you believe, I also believe that avast previously removed ard
http://www.viruslist.com/en/analysis?pubid=187865525 (http://www.viruslist.com/en/analysis?pubid=187865525)
Ardamax is not considered a Trojan because it was developed by a legitimate software company and is sold as a legal program. However, authors of many malicious programs are happy to regard it as a ready-made spyware module they can use instead of bothering to write their own. Commercial keyloggers are one of the biggest gray areas in the relations between antivirus companies and software developers. Even though they can be used as Trojans, these programs do have legal and genuinely legitimate applications.
http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropajm.html (http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropajm.html)
-
ok then how i protect the file with password
i will just send the file to virus avast i wont do the chest thing u say i didnt executed it so im safe for now until you update the virus data base for its became as a threat
-
That entirely depends on what zip program you use, but the second option to add it to the avast chest is by far the simplest option and send it directly from there.
-
i think i found it its say make a password so thank you i hope its that i will send it to virus avast thank you again david until i didnt opened the file its ok
!!!! another problem is i cant send any virus because my comp wont let me to do it omg lol
Edit : i have moved it to chest like you said and there no problem i sended it to alwil thx !
-
do you mean this Ardamax, which seems to be a legit keylogger? we've removed the detection few weeks ago..
-
***
ScanDoo says the site is not a good one to visit. Click the image below to enlarge.
***
-
***
ScanDoo says the site is not a good one to visit. Click the image below to enlarge.
***
McAfee SiteAdvisor rates it RED and it is blocked in my HOSTS file.
-
ook, we'll reconsider the classification..
-
If you look at my Reply #3, the quote is clear that it is a legit program, the problem it that it can be used by malware for malicious purposes and this it the problem with tools like this, the AV can't determine intent.
That is down to the user, did they download/install this and if not then the intent is likely to be malicious. So perhaps the classification should be risk tool, or something like that.
-
well i reported a virus for ppl be more safe of the user that created that ardamax
-
well i think avast didnt putted it in the virus data base and i find another virus which its a backdoor trojan which i was about to execute and i didnt have do it i scanned it on virustotal and see what its find http://www.virustotal.com/en/analisis/06f13e1e1d27675185032441553c6cbd
-
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
-
David can i just send the upload link to them ?
-
Well if you have this sample on your system it is easy to add it to the user files section of the chest and upload it from there.
They can analyse a file, they can't analyse the virustotal results page.
-
ok i will send the 2 files
-
But after i sended it can i remove the files of my pc because im really scare about these files !
-
They can do no harm in the User Files section of the chest (delete the original copy in the original location). With them there it also allows you to periodically scan them within the chest, when avast adds them to the VPS you will see them detected.
-
k well i delete the original copy of the upload and i put them on the chest and i have email them to alwil i hope this time he will put it because its really a virus these 2 files and i alway do virustotal before running a program
But a question does its the true if i didnt execute the exe i wont be infected ? and if i have open the zip and not the exe does i will be infected or no ?
Sry for these question im just scaring for downloaded them on my pc im just wondering if i have open the zip and see what its contain on it !
-
does its the true if i didnt execute the exe i wont be infected ?
Yes.
and if i have open the zip and not the exe does i will be infected or no ?
Not infected, yet.
-
one chance so im not infected i hope :D but some time i execute the zip and see what its got but some time its the exe is infected or something but i wont take any chance in any way thx Tech you save me i was attempt to cry but its didnt happaned xD
-
one chance so im not infected i hope :D but some time i execute the zip and see what its got but some time its the exe is infected or something but i wont take any chance in any way thx Tech you save me i was attempt to cry but its didnt happaned xD
Run a full avast scanning, archive included, just to be sure ;)
-
ok mate i setting my performance to standard and archive and its scan now thx
-
avast find some files that cant be scanned because its was protected with password on my folder but i scanned them on virustotal and its seem to be fight trought the other av so thank tech i will scan my pc with my anti spyware i have clear my temp folder of windows i think my pc is fine of the virus thx very mush tech
-
i scanned them on virustotal
Same answer as here: http://forum.avast.com/index.php?topic=42725.msg358531#msg358531
-
i have see thx tech
-
Send a mail with the file to the ALWIL Lab for the analysis. Compress the file and put an password, remember says the password in the mail and next atach this
-
i think zilontrainer.exe its easy to see its a keylogger just to see it in virustotal all anti virus detect it but no avast,pctools etc
-
Avast have put nefertyhook v5.03 as a trojan-gen so i can delete it from the chest ? and zilontrainer is still no there its a ardamax keylogger which is vunerable to user i recommand to avast to scan it on virustotal if they didnt believe me
-
Mr.Agent, files into Chest are safe to be kept there. Can't harm your computer.
Also, to legit files, you can use the avast exclusion lists (there are two).
-
you say i can add my own file to the my virus database ? if its really that u say tell me how please
-
you say i can add my own file to the my virus database ? if its really that u say tell me how please
Not the database, but exclusion lists IF THE FILE IS CLEAN.
You need to use the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...
You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.
-
k i understand but well i still wait for zilontrainer to be in the virus data base because its like a keylogger that can harm the other ppl which avast didnt see