Avast WEBforum

Other => Viruses and worms => Topic started by: pdafreak on April 19, 2009, 02:42:36 PM

Title: Trojan.Agent.Delf.GY
Post by: pdafreak on April 19, 2009, 02:42:36 PM

Why avast not detected this as trojan?

its called seabra stealer. basically it steal all ur browser saved password & FireZilla & AIM
it created a history.txt file inside of C:\windows\system32\ that contain all ur password in plain text
and the exe will ftp the information to specified server. and it has anti virtual pc or anti vmware

more information
http://www.opensc.ws/off-topic/5831-seabra-stealer-0-5-a.html

file analysys
http://www.virustotal.com/analisis/09184de305adc11fe86bdedcee7f2ecb

as u see only 4 antivirus can detected it as trojan.

so please make it so avast can detect it. thanks :)

ps: im using avast 4.8 vps 090418-0 compilation date 4.8.1335 and its still not yet detected the file as virus or trojan

Title: Re: Trojan.Agent.Delf.GY
Post by: polonus on April 19, 2009, 04:08:51 PM

Hi pdafreak,

It can be a malicious password stealer posing as a keygen installer. It has also been found as: C:\WINDOWS\system32\3x-un-14x.exe
Infected: Trojan.Agent.Delf.GY
In the hackworld an app has been released called Seabra Stealer, it makes password stealers that are currently completely undetectable by the majority of  antiviruses. Samples have been sent to KIS and Norton.

They are commonly attached to RS and other file host downloads/bypasses.

Luckily some forums haven't been targeted yet, but on other forums its spreading like wildfire. So watchout!

polonus

Title: Re: Trojan.Agent.Delf.GY
Post by: DavidR on April 19, 2009, 04:37:51 PM

What is strange is that so few, read almost none of the major players detect this, bitdefender is one and GData another, but that uses bitdefender as one of its two scanning engines (avast being the other), so that reduces those two to one, so there is still margin for doubt with only three detections.

You could try - Anubis: Analyzing Unknown Binaries, is another scanning tool that is useful, Anubis: Analyzing Unknown Binaries (http://anubis.iseclab.org/?action=home) and report the findings (results page URL).

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.