Avast WEBforum

Other => Viruses and worms => Topic started by: Lisandro on September 20, 2010, 01:45:21 PM

Title: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on September 20, 2010, 01:45:21 PM
As my first thread get hijacked and closed without even warning me :P, I'm starting a new one trying to help avast improving detection if possible.
Please, post only VirusTotal links and do not post links to malware!
You can always submit a sample through Chest or zip it and send to virus(at)avast(dot)com.

Watching this thread means an out of bound work for our analysts, therefore the links should provide an additional information.. you should always know why exactly the link posted by you has a bigger priority than samples sorted out by our internal systems, otherwise it's a waste of time on both sides... you can write a script for browsing virustotal results and posting them here, but what will be their benefit for us? we'll receive the files and metadata anyway from virustotal (on a regular basis of sample submission) so it means an extra manual work that duplicates what a machine does for us.

Guideline for posting links which make some sense:

1. you know the origin/behavior/way of spreading of the sample (it comes from a machine that you recently disinfected e.g.)
2. the sample is not an adware, toolbar or such low-risk malware/PUP
3. you're able to write related metadata either to VT comments or here
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on September 20, 2010, 01:54:04 PM
Cassino game virus? http://www.virustotal.com/file-scan/report.html?id=16677001425a2306a4fadd980e84b048e8638972ca5b760c27de5afba43a7dd6-1284977670

Trojan downloader? http://www.virustotal.com/file-scan/report.html?id=b155f733a4a76a5f2f1cf2bedfa0cbf998d5ea483e7061f54d9d54a325ad1358-1284903634
http://www.virustotal.com/file-scan/report.html?id=3d1a0e751c8807d1add568576bae8709a8a4661bcd5add8924cc8509f2987d4b-1284975567

Zbot sample? http://www.virustotal.com/file-scan/report.html?id=87d184e9a44e628e217d89b91edff75474e0f682a68a26ac9d6ab650b7249d12-1284979078
http://www.virustotal.com/file-scan/report.html?id=8767ed77b8dc95cdae010d2241385c0e4ae376796024822eae41653a0f76ceab-1284967493

Kazi sample? http://www.virustotal.com/file-scan/report.html?id=2920cba61b1b33d94efdf09458562dc03595aa1d1cddc0135f7e060f9174c011-1284819562

Renos sample? http://www.virustotal.com/file-scan/report.html?id=52c65496937759dee1e63dd533fa3f0d6ff87beae1734f81c56896d71e7b9e6e-1284743283

Suspicious? http://www.virustotal.com/file-scan/report.html?id=43dfad5c0c2e4a3c6cc8e7955b0f0380f9fedf70765770e6c1f3dec05c79c653-1284978756
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Onix on September 20, 2010, 02:45:19 PM
http://www.virustotal.com/file-scan/report.html?id=8b66cd525e28891f8d57bb1c7ea502c1f61e9d3dd9deb7045b744d9b41e460e5-1284986446
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on September 20, 2010, 10:28:20 PM
http://www.virustotal.com/file-scan/report.html?id=6b60b0e9007c7e6d5f7b8d560ec2b2c575f5df5f2169a5e2f096e9376785033e-1284998326
Trojan dropper: http://www.virustotal.com/file-scan/report.html?id=c6373b689fb84cadfcf62efeda2693be7edc829c74caa37f248c270e9959b136-1284999866
Trojan? http://www.virustotal.com/file-scan/report.html?id=9c6049c7cef384e2e57ebefc24186c8fedc10420d39f7b35e03500b214dd80dd-1284994178
Renos sample? http://www.virustotal.com/file-scan/report.html?id=0153b95db49bb9150c9dbd35bb5eb520c852888ce7921cf30bc32de829a99b56-1284982191
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on September 21, 2010, 02:37:56 AM
Trojans?

http://www.virustotal.com/file-scan/report.html?id=f28dafcaf4c723342f53a43ad4cd7980bde5d7d48e6b677cbf0018974ec376f9-1280972203
http://www.virustotal.com/file-scan/report.html?id=543b88457cd1d956fdf0712a07777d10dbb1189b61b58d7ae0e0e8de96664bef-1283388730
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on September 21, 2010, 02:41:44 AM
Renos or FakeAV
http://www.virustotal.com/file-scan/report.html?id=20d7c5fa8ebdc2bbbbafc93d2ee04b90604d12d4696fae69dcf49514b37697a5-1285017531
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on September 21, 2010, 12:03:54 PM
Trojan-Downloader

http://www.virustotal.com/file-scan/report.html?id=dfb116c2c4687fb27ec2c9252e9c5296708c0f201255b7abadaa68e488a60b2a-1285060322
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on September 21, 2010, 01:40:30 PM
Virut? http://www.virustotal.com/file-scan/report.html?id=087cb18f688665a7a05fbea067df6b5d44d35a6b95808e7601698d69e8330181-1285062806
Suspicious: http://www.virustotal.com/file-scan/report.html?id=42bc40621711772252eeec7b0a9e4a55e97f9f21c8e87426d1a4948f951a0ccb-1285062639
Buski? http://www.virustotal.com/file-scan/report.html?id=bcb9dcea286bbb8612f57172013197a0c397e15091d89f9716dfba3b7d182dcb-1285067075

Sent by IM to Maxx the links to download (some of) the samples.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on September 21, 2010, 07:18:12 PM
Undetected malware http://www.virustotal.com/file-scan/report.html?id=0204be4d8b3a25c58975a0db406fe1cc6e61d3af19d61cc2ea9b2a5db68896ae-1285088907
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 22, 2010, 05:56:37 PM
New nagware / rogue, NavaShield ( navashield.com )  see video http://www.youtube.com/watch?v=0hxFyDpfcg0
Malwarebytes / Ad-Aware / F-Secure have added detection, 53mb installer
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on September 23, 2010, 12:59:55 AM
http://www.virustotal.com/file-scan/report.html?id=994a5bc0e21a3b89441e5b70720ef6ba62aa9a0d4a71b33e995766d1d12007f4-1285185342
 ::)


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 23, 2010, 06:13:24 AM
A new rogue A/V program.

http://www.virustotal.com/file-scan/report.html?id=f901ce8b019eca2ddb850fb0783196f28bd3ad33bb321d995371a00b00c70fda-1285225279

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 24, 2010, 05:14:48 AM
Another rogue A/V program.

http://www.virustotal.com/file-scan/report.html?id=32582fc3673aba5e57b14b40a2f60ce975afec06a88b9d717661b5f497724ab3-1285296706


And a Trojan.

http://www.virustotal.com/file-scan/report.html?id=52efcdbdf08321cf1fb645c92c97378bde509dda3c15622d96276332284f80f6-1285307240


I've spent the evening passing these around.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on September 24, 2010, 07:43:07 PM
http://www.virustotal.com/file-scan/report.html?id=e7e2d69c740ca5009ed76f191e2b6706b283f58f8a0fdc1054841929dddee7a1-1285349976

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 25, 2010, 02:03:10 AM
Possible Trojan.

http://www.virustotal.com/file-scan/report.html?id=d7dbb27f2eb5772d33362645bac7392c2699b08a69e8d8b0d39f98f7dcaaac08-1285371168


And another.

http://www.virustotal.com/file-scan/report.html?id=b9cbec787f7d72c3072bb70d611a47bdeee319a9bc28b65d473f3235b0a5eb8e-1285396797
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Altarir. on September 25, 2010, 12:29:27 PM
I am very angry !


<<rapidshare links>>

damnit, read the topic name - virustotal links only
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on September 25, 2010, 12:39:11 PM
damnit, read the topic name - virustotal links only

Know.Purposely !
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 25, 2010, 12:42:24 PM
@Burkoff

as you see in the topic name VIRUS TOTAL LINK ONLY

this is what happend the last time  http://forum.avast.com/index.php?topic=63749.0  see the two the last post`s

so edit the post and remove the download link`s
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Hermite15 on September 25, 2010, 12:58:03 PM
yeah and Burkoff was already responsible last time, since he's doing that again I suggest a ban.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: 13thSlayer on September 25, 2010, 12:59:40 PM
damnit, read the topic name - virustotal links only

Know.Purposely !
Send the samples to Avast! via the interface (trough the chest) or otherwise (don't remember how) NOT POST THEM HERE!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on September 25, 2010, 01:03:58 PM
a ransom ;D
http://www.virustotal.com/file-scan/report.html?id=27cc321356d59261ccc711e71651ad68219b041dd3ef999344085ab668bd0c02-1285361736
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 25, 2010, 01:04:27 PM
yeah and Burkoff was already responsible last time, since he's doing that again I suggest a ban.
yea....but he is already very angry  ;D


Quote
I am very angry !

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Hermite15 on September 25, 2010, 01:15:36 PM
just a question: I'm not testing samples and I won't, but for those who do post about stuff missed by Avast, does it make a difference (or not) if heuristic sensitivity is set to high in the web and file system shields?

edit: would be nice if people didn't just post the VT results, but also their own and specify their settings (yeah, I know, this supposes a VM or sandbox...that's just a suggestion).
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on September 26, 2010, 02:13:23 PM
The list came from VirusTotal's Top10 file submissions (Yesterday)
http://www.virustotal.com/file-scan/report.html?id=9ef6116b0e3e1f663e48b76dc2957d97187f7414be0024b721569d67d378ff56-1285448595

http://www.virustotal.com/file-scan/report.html?id=820c0fd3d36354fe2d0f0db9051b1c5164d6b85fd80d922732a105a886f01844-1285445333

http://www.virustotal.com/file-scan/report.html?id=1f5b7c646092641618b79557a47dcc8eba3f96d8f82673568d9d124f5c3fd90a-1285451627

This could be a false positive:
http://www.virustotal.com/file-scan/report.html?id=017c62ee87dfc53f32b774d867f11be1c94911735d051312979861174a7020b0-1285270314

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on September 26, 2010, 02:16:05 PM
Fake ZillaTube:
http://www.virustotal.com/file-scan/report.html?id=c2b7e07688acdcd107fd236532d7156fe0b324b597c0623653e8a1a14958caed-1285510931

Another VirusTotal's Top10 file submissions(Yesterday)
http://www.virustotal.com/file-scan/report.html?id=9ef6116b0e3e1f663e48b76dc2957d97187f7414be0024b721569d67d378ff56-1285475821

http://www.virustotal.com/file-scan/report.html?id=afbcfe0f0301c5cdb1202ea75f406a04cc9023d34e347e89311f9835bd5c3af9-1285483928

http://www.virustotal.com/file-scan/report.html?id=820c0fd3d36354fe2d0f0db9051b1c5164d6b85fd80d922732a105a886f01844-1285445333

------------------------------------
Could be false positive:
http://www.virustotal.com/file-scan/report.html?id=f609efee5fa8df832ce7708ed58f32021d928089404689eb90ddc1f73d8cd32f-1285105620
------------------------------------

http://www.virustotal.com/file-scan/report.html?id=1f5b7c646092641618b79557a47dcc8eba3f96d8f82673568d9d124f5c3fd90a-1285464329

http://www.virustotal.com/file-scan/report.html?id=be798c739c255751a6520fd837e4deda4746a7edda8c41ba21b3a9d3b7480fbc-1285136103

http://www.virustotal.com/file-scan/report.html?id=ddf72f981e472913e2bf0dd49b2d3c02e37afb7d9146baf0af91553f146a6a67-1285471642

http://www.virustotal.com/file-scan/report.html?id=9bb1fb490e81a087534d6b2d2ff6cf57c8fb8f09040165ffb07bb19873e2ebc8-1285471555

http://www.virustotal.com/file-scan/report.html?id=2e49fa656ab38cc7fa296a319d62005457b0fb49993e85dcf410c9bfe055c68b-1285224826

http://www.virustotal.com/file-scan/report.html?id=c56c57f44860fc1caa68d4361a0855780945925c65b39b00826b48ef9a31d155-1285481706

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on September 26, 2010, 05:59:06 PM
i Have one link from Virustotal, Avast found it, i Have on link from Jotti's malware scan Avast dont Find it on Same virus sample why?
http://www.virustotal.com/file-scan/report.html?id=9266c4084e41982ddf7e365be679e53842da37c1bccc5269d2723fdfabeee420-1285516483

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 26, 2010, 06:05:51 PM
Quote
Have one link from Virustotal, Avast found it, i Have on link from Jotti's malware scan Avast dont Find it on Same virus sample why?
VT and Jotti may not be on the same update yet ?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on September 26, 2010, 06:22:14 PM
ahh now i see last update on malware jotti was 2010-09-14 for Every AV there :O


now They updated :) avast Detect it !
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on September 26, 2010, 06:26:50 PM
http://www.virustotal.com/file-scan/report.html?id=3c36409d24180488f584155defff7498374f47051c0bcccbbd9a8445a6130d05-1285488260
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on September 26, 2010, 06:30:51 PM
ahh now i see last update on malware jotti was 2010-09-14 for Every AV there :O

now They updated :) avast Detect it !

Jotti also uses Linux versions of AVs I believe, not to mention has nowhere near the number of scanners of virustotal (currently 43), so personally that is the only multi-scanner site I would use.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 26, 2010, 08:13:24 PM
Hi DavidR,

But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 27, 2010, 05:16:34 AM
Trojan.

http://www.virustotal.com/file-scan/report.html?id=7fae8f44ca6ac0119692ca1080f07173bd5d4f170cd412bc261e4328ac283dde-1285557252


Fake Codec Pack.

http://www.virustotal.com/file-scan/report.html?id=637a685f6cdaf0b50ab2f910dba177fb4ab64a7def1d2102de9684d55417b6b8-1285555478


Fake Antivirus Program.

http://www.virustotal.com/file-scan/report.html?id=e38d310882d6057da15048b429858748452df166c5a70521043fe2fdca3e00c6-1285559703
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 27, 2010, 05:46:58 AM
damnit, read the topic name - virustotal links only

Know.Purposely !
Send the samples to Avast! via the interface (trough the chest) or otherwise (don't remember how) NOT POST THEM HERE!


Send a password protected zip file ( Password: virus) to virus@avast.com with the subject "Undetected Malware",  Put the password in the body of the e-mail.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on September 27, 2010, 01:08:12 PM
http://www.virustotal.com/file-scan/report.html?id=24fde02323b42f8cb48acff5414118690e41ff79f37c4ce43573f13387e954c3-1285585170
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 28, 2010, 05:17:07 AM
Possible Trojan.

http://www.virustotal.com/file-scan/report.html?id=682623d7aa70209c4e39eb5deb0851a8da53fd2d1f048fa31619c4233b438fb3-1285641801


Another Trojan.

http://www.virustotal.com/file-scan/report.html?id=b46244c2191de3f5e8eecf16511facbf4c3a98b91ca2604b1d7a6490a36e626a-1285644196
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on September 29, 2010, 07:48:10 AM
Another fake AV.

http://www.virustotal.com/file-scan/report.html?id=8beb25df7bcf9b2c80f6f1f8fc7bdf26e55ae97df4df477094f3ebb2dd1a1189-1285739163
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chudycebu on September 30, 2010, 11:10:47 AM
http://www.virustotal.com/file-scan/report.html?id=9fcfe985ff93d493ae8c091566b6524deb114748a5a5018f80d797c658311e14-1285836908
http://www.virustotal.com/file-scan/report.html?id=6a17b1626a22aaaf87bb8b1ad173f91b85f2ab4a863a4b4ec5227e8ba4f02879-1285831256

backdoor: winlogon.exe connected to 74.55.58.173 under weird url like 2-3-v-5-6-l-w-1-q-9-j-n-6-2-n-8-...

avast disabled by: programs will be disabled or shall we say redirect to this winlogon.exe at this registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

programs running: winlogon.exe under windows current user name with svhost.exe child process

version: 206

how to keep your programs running?
put all access to this registry in read only...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

this is the 3rd time same virus variant undetected but every time I've uploaded to avast virus-lab It took a week before avast detects(update config every 5mins).

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on September 30, 2010, 04:48:48 PM
http://www.virustotal.com/file-scan/report.html?id=de2a6bc545a34cc4f3644936c544960dde26377317f543f30c50670a22192e0e-1285782978

http://www.virustotal.com/file-scan/report.html?id=7d6df2766434882417f243e236c192fbee5c8c1479858c6dde5c001d31ee13d8-1285790457

http://www.virustotal.com/file-scan/report.html?id=dec90d6cacde9d8c96addfaee8b6b88a3f0072ba7860a81a0bd1ca95cdc9079e-1285801510

http://www.virustotal.com/file-scan/report.html?id=2bbba7c64d0fc0ad05f6079838a7663f71f0bd5028f67da3af42757417c83486-1285846090


off topic: a link for you marc57 http://www.youtube.com/watch?v=ce87ckRKrzk  kiss madiam won greece got talent,well done ;D ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on October 01, 2010, 05:36:41 AM
Thanks for the link Left123.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 01, 2010, 03:29:12 PM
http://www.virustotal.com/file-scan/report.html?id=842080c6fcf6418ca93f86fd036beede353b2585f28a523f18381526424376e3-1285835020

http://www.virustotal.com/file-scan/report.html?id=61aac71f0b59c6f008307ab38b4cc8beba7c88189e9cebc63607b3fd39ebb89b-1285942131
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on October 01, 2010, 10:13:32 PM
http://www.virustotal.com/file-scan/report.html?id=7d6ee800c86e3a5fdda89412cf77c7d804847d3fe329ea719bf3734c8c9d5ebf-1285954899

http://www.virustotal.com/file-scan/report.html?id=6f83d51a7eaf9b80ca435fc569e88a99b2ddfede9f6538c2615abb1e9f1b5283-1285939272

http://www.virustotal.com/file-scan/report.html?id=51811522f2f121e40eae7c7a039cf07a002b1abba486639121a60150e2fef691-1285860246
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 02, 2010, 03:41:17 PM
http://www.virustotal.com/file-scan/report.html?id=2182a74eb586381e6f119d9ada42743e306ee5b185ae04ae6b216ae95d676147-1286026600
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on October 02, 2010, 03:46:29 PM
I like this thread..!
Thanks, Tech..!! :)
asyn
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 02, 2010, 03:49:32 PM
I like this thread..!
Thanks, Tech..!! :)
asyn
You're welcome.
Although I was alerted that just posting virustotal links without further information about the origin of the file, behavior, etc. is just adding manual work for the virus analysts that are receiving 50.000 samples per day.
They have quite some honeypots and they're not really worried about the links posted here.

You could not agree with that.
They do not post in forum about it (clearly).
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on October 02, 2010, 03:54:21 PM
I like this thread..!
Thanks, Tech..!! :)
asyn
They have quite some honeypots and they're not really worried about the links posted here.

I don't doubt that..! ;)
Nevertheless it's interesting information for us...!!!
asyn
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 02, 2010, 04:01:08 PM
If you want to get frightened, here we goes...

http://www.virustotal.com/file-scan/report.html?id=377f8601a5f3868a5290193844abafa24d54aca366a3f6b51ce33c9627ec1545-1285835021
http://www.virustotal.com/file-scan/report.html?id=3ec7149c46e54e81eea95cb0ca8cb20eaff21d785967c4de1305204f76fe6290-1285847507
http://www.virustotal.com/file-scan/report.html?id=962c7856d2d6b4c5ce2921dc5cc5bad516623361541a677f1f5349be474eecc3-1285835130
http://www.virustotal.com/file-scan/report.html?id=35c51fbfd9a713ceaf1a792f8aeba95cd47fe88bc3dc781a99f1d208c63928cc-1286026435
http://www.virustotal.com/file-scan/report.html?id=8ad3165eba03c2bd92dedbc89a5c13700cc289e2d636e7a4f2adb4cb90cce948-1286022745
http://www.virustotal.com/file-scan/report.html?id=b61fd3beea501c83ae6f0b1a2a5fd00366dbb2744ab480c814dbe4e3578cdfd0-1286017983
http://www.virustotal.com/file-scan/report.html?id=12e5efddd690c52fcc751a93aa16c2216d2107cc2b164eaa9984b312a3ab0f43-1286017451
http://www.virustotal.com/file-scan/report.html?id=18b1ac1ce2bbc3214004a9edcd64a1383ffdc5ea364b6e64d82802ff54e84566-1286017643
http://www.virustotal.com/file-scan/report.html?id=31095bd923240423b3234e8d874ef95b518f53da5792bbd081b4d001fbcd6094-1286005492
http://www.virustotal.com/file-scan/report.html?id=31137bcdf67b3b70c864058af25aba5c97ea54ce55825bb258d56d5a1cdc99a5-1286005652
http://www.virustotal.com/file-scan/report.html?id=63a9b83764282c748a2621c10948c766f5617146dd988c97691541db6c4730f3-1286005660
http://www.virustotal.com/file-scan/report.html?id=174f53b2f6615b0f2cfd1b1fd27456009c3f5015f6789e67b53e89cff677d506-1286005676

... and so on...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 02, 2010, 04:29:22 PM
I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).

I also don't see how the average user would be coming into regular normal browsing contact with these, which you are obviously seeking out. Most regular users aren't seeking out malware in this way.

Yes, they could get tricked into downloading something from a search result, but how would this topic help them in any case, it doesn't.

As you have already said the VT links are of little use to the virus labs team, they need the samples to analyse.

<snip>
Although I was alerted that just posting virustotal links without further information about the origin of the file, behavior, etc. is just adding manual work for the virus analysts that are receiving 50.000 samples per day.
They have quite some honeypots and they're not really worried about the links posted here.
<snip>

So it is clear that the sample and information needs to be sent to avast, rather than posting VT links and you can't go posting links to file sharing sites or the origin of the sample, for the very reason the other topic was closed.

That is why I feel this is pointless in this context, not to forget as polonus mentioned, it shouldn't be post and forget, but go back and confirm if the original post is now detected or a false positive.
<snip>
But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.
<snip>

Over time (now on 4 pages) all you see are missed samples and zero input on samples now added to the database or considered to have been false positives, or all you see is an unbalanced/one sided view.

As you say "If you want to get frightened, here we goes..." the object surely is not to frighten users ???

If it is to improve detections, then you need to send the samples and information to avast as the VT results in isolation are pretty worthless. Especially if those who post them don't follow up to see if they are added or are FPs.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 02, 2010, 04:36:51 PM
Quote
I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).
Have been thinking the same.....how will this improve detection if you don`t send the samples ?
or does Tech know something we don`t
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 02, 2010, 04:53:02 PM
I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).
The other one was closed because people post open links to malware I think.

I also don't see how the average user would be coming into regular normal browsing contact with these, which you are obviously seeking out. Most regular users aren't seeking out malware in this way.
Sure. But not all the avast users are "regular normal browsing"...

As you have already said the VT links are of little use to the virus labs team, they need the samples to analyse.
They could get them from virustotal as they have the MD5 of the file.

I'm not posting links quite some weeks ago as the avast team just said they won't stop their analysis to manual check the links here. It was becoming useless without the avast team being able to add the definitions.

At least, posting here can show:
1. avast protection needs to be increased. And there are users that can't even talk about that.
2. avast team could post or react to threads about security and drop some light and knowledge on how to get protected.

But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.
I always check more recent results.
Did you try my links just after they were posted?

Over time (now on 4 pages) all you see are missed samples and zero input on samples now added to the database or considered to have been false positives, or all you see is an unbalanced/one sided view.
So, which should improve here? Our posting about missdetections or acknowledgment from avast team?
If we're posting false positives, could it take a while to say that for us? Why not?

As you say "If you want to get frightened, here we goes..." the object surely is not to frighten users ???
Ok, I was thinking that people need to discuss these issues, nothing more.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 02, 2010, 05:01:40 PM
Pondus has showed me a link to http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats
Seems a good source for what I'm trying to talk about.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 02, 2010, 05:16:24 PM
some weeks ago i made a topic about some trojan.ransoms and i only posted VT links,and after about 1 day an avast techinical said:samples should be detected now,i only posted vt links and the samples were in the next virus database update
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 02, 2010, 05:32:50 PM
some weeks ago i made a topic about some trojan.ransoms and i only posted VT links,and after about 1 day an avast techinical said:samples should be detected now,i only posted vt links and the samples were in the next virus database update
Lucky you... Our samples did not have that luck :'(
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 03, 2010, 08:47:22 AM
Loss of time and labor ...

The avast team will not improve the service of automatic analysis.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 04, 2010, 09:54:55 PM
guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? :P // don't try to tell me, there are no such links :-X

as Tech already mentioned: watching this thread means an out of bound work for our analysts, therefore the links should provide an additional information.. you should always know why exactly the link posted by you has a bigger priority than samples sorted out by our internal systems, otherwise it's a waste of time on both sides... you can write a script for browsing virustotal results and posting them here, but what will be their benefit for us? we'll receive the files and metadata anyway from virustotal (on a regular basis of sample submission) so it means an extra manual work that duplicates what a machine does for us.. here's a guideline for posting links which make some sense:

1. you know the origin/behavior/way of spreading of the sample (it comes from a machine that you recently disinfected e.g.)
2. the sample is not an adware, toolbar or such low-risk malware/PUP
3. you're able to write related metadata either to VT comments or here

Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Hermite15 on October 04, 2010, 10:09:43 PM
guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? :P // don't try to tell me, there are no such links :-X

+1 ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 04, 2010, 10:22:12 PM
Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..

Maxx

What do you attribute the better performance of the Avira in the proactive tests of  AV-Comparatives?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 04, 2010, 10:35:08 PM
bigger viruslab, PCK/*Anything* detections etc.. but i haven't seen the diff between our and their misses, actually noone except the testers did, afaik..
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 04, 2010, 11:04:26 PM
Quote
guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)?  // don't try to tell me, there are no such links
here is 10  ;)
http://www.virustotal.com/file-scan/report.html?id=d86a657eb61fdeb35c860195ba63dd46232879b8149d67ed19d6e968b6f42b2c-1284988129
http://www.virustotal.com/file-scan/report.html?id=edbae8d422bb214fe8ed32508014049c63313d99d0799d715db296ff250dbf50-1286200623
http://www.virustotal.com/file-scan/report.html?id=4126238d30c0ccf5b728f45cec2562211ff32134690d92e284c0a42fc654c49b-1286041890
http://www.virustotal.com/file-scan/report.html?id=ae5a41f85c5596b04a42192cd312f62e8bc28d004bb06a75caddb74a32fc2b66-1286098541
http://www.virustotal.com/file-scan/report.html?id=b6c7eb42f334152f9639afb2e94047a4589f9ddb2e35e107071acceae63549fe-1286208222
http://www.virustotal.com/file-scan/report.html?id=173ebcfb864c0696a27f1af39f507ae3f4b2b2f4ac3cad114399afefc91f13b3-1286224245
http://www.virustotal.com/file-scan/report.html?id=b766c608b633565c5731efe3072f79136c80f9bd80c7c964121aec8d92795d9c-1286059454
http://www.virustotal.com/file-scan/report.html?id=8a02368d89838c95440a6e55ac6df080346fbbe250a0ac0bedd11de377cd7c68-1286128000
http://www.virustotal.com/file-scan/report.html?id=8b28241a9a20b7b4239c99da510f8e8c57eabe394c3842e019c294d22b52f933-1282671548
http://www.virustotal.com/file-scan/report.html?id=c0aff3d4af9fbafd51faeb4ce61d4a3991823d598831a0f211a2cf3fc252bceb-1285234188
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 05, 2010, 12:23:11 AM
Maxx, I've changed the original post accordingly.
New posters, please, read the first post.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 05, 2010, 10:46:19 AM
Sorry.

Code: [Select]
http://migre.me/1txW0
Attention ! Only experienced users to try!

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 05, 2010, 11:00:33 AM
Sorry.

Code: [Select]
http://migre.me/1txW0
Attention ! Only experienced users to try!


VirusTotal - 1txW0 - 4/43
http://www.virustotal.com/file-scan/report.html?id=82cd86f7e8f8aa6a566678194c59a15383a7446e3e09233d08bdd3f5c5568f1d-1286268778

NoVirusThanks - 1/16 - INFECTED
http://scanner2.novirusthanks.org/analysis/c9e49130a8c2332a0b709da55d9f92a9/cGljNjc1Nzk5MDc0NTMzLWpwZy13d3ctZmFjZWJv/

Malwarebytes detect as Trojan.Downloader

sample sendt avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 05, 2010, 12:59:09 PM
http://www.virustotal.com/file-scan/report.html?id=18f4cfd6275127e80a0a0e9574747e0c10aee5fbfe0722a338ff55e68a71d0fa-1286264334 (http://www.virustotal.com/file-scan/report.html?id=18f4cfd6275127e80a0a0e9574747e0c10aee5fbfe0722a338ff55e68a71d0fa-1286264334)VT
Rogue av installer
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 06, 2010, 02:01:47 AM
VirusTotal: 15/38

http://www.virustotal.com/file-scan/report.html?id=a5952f757310dcdddca5e3263c0198918409792fd93ab6d818eec765dba80779-1286322708
Trojan Downloader

MD5   : 3dc9a53e3f167812c0a54c3d2e2179c0
SHA1  : 4e0fe867b630e8067e6b394078e06c728fd52080
SHA256: a5952f757310dcdddca5e3263c0198918409792fd93ab6d818eec765dba80779

-----------------------------------------------

EDIT.:

VirusTotal: 10/40

http://www.virustotal.com/file-scan/report.html?id=7f062b4b5967ee675136c66dbb689a992b3e5c76d207c5ef332c3602556d2b95-1286324059
Trojan Downloader

MD5   : 03377e95f6f65bcad53b5f5de7e7d3e1
SHA1  : 86542c0cc681b26131c7b55ff3c9031f10049fa1
SHA256: 7f062b4b5967ee675136c66dbb689a992b3e5c76d207c5ef332c3602556d2b95

-----------------------------------------------

EDIT.2:

VirusTotal: 28/43

http://www.virustotal.com/file-scan/report.html?id=1d84be7aced4e4dae1cfd202efcb837edab28f131e6ed5b8ebd3473ae5092f97-1286324820
Trojan.Crypt

MD5   : c970b258d7f5e27ee204200c55008d42
SHA1  : 97c65f6aa34a4c467e162729a7c4440786d6695d
SHA256: 1d84be7aced4e4dae1cfd202efcb837edab28f131e6ed5b8ebd3473ae5092f97
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on October 06, 2010, 05:27:14 AM
Rogue AV program.

http://www.virustotal.com/file-scan/report.html?id=5d00afa237c062d7a0a0d0bb8702f6ab570251bd7f2e1692aa256910fa7a5375-1286335475


Koobface trojan.

http://www.virustotal.com/file-scan/report.html?id=26c57e851ce7c0eab4b4c97cc8c6a5c7d6cfec340d1969f32602ebd6a5d6ece4-1286337613


Trojan.

http://www.virustotal.com/file-scan/report.html?id=78032e3651690ebc1d0ff150881a57d3492c72ab4e1418ee25d96404a04e3b0c-1286382005
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on October 06, 2010, 05:56:12 AM
Trojans?

http://www.virustotal.com/file-scan/report.html?id=f28dafcaf4c723342f53a43ad4cd7980bde5d7d48e6b677cbf0018974ec376f9-1280972203
http://www.virustotal.com/file-scan/report.html?id=543b88457cd1d956fdf0712a07777d10dbb1189b61b58d7ae0e0e8de96664bef-1283388730

the 1st and 2nd one is a virus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on October 06, 2010, 05:57:45 AM
Sorry.

Code: [Select]
http://migre.me/1txW0
Attention ! Only experienced users to try!


VirusTotal - 1txW0 - 4/43
http://www.virustotal.com/file-scan/report.html?id=82cd86f7e8f8aa6a566678194c59a15383a7446e3e09233d08bdd3f5c5568f1d-1286268778

NoVirusThanks - 1/16 - INFECTED
http://scanner2.novirusthanks.org/analysis/c9e49130a8c2332a0b709da55d9f92a9/cGljNjc1Nzk5MDc0NTMzLWpwZy13d3ctZmFjZWJv/

Malwarebytes detect as Trojan.Downloader

sample sendt avast!

the 1st one is a worm
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on October 06, 2010, 06:07:52 AM
1.http://www.virustotal.com/file-scan/report.html?id=9273fcb7726e27d6ce7d4d6561d92e6beaee8f525208480a91188b03be5bdab4-1285225953#

2.http://www.virustotal.com/file-scan/report.html?id=2d50e814f7fba19ee6612aaa3ea3998736cb9ee7f47879ee08e4a7f5756920ea-1285536786          Trj/CI.A(Panda)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 06, 2010, 06:11:35 AM
VirusTotal: 2/40

http://www.virustotal.com/file-scan/report.html?id=b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec-1286338107

Trojan-Banker.Win32.Banker.bbcy(Kaspersky)



MD5   : 6605aa15e2de9ffa6129b4fe5de0582f
SHA1  : 6ba31ccd445fee3ab5b74bd6097ef78b7f48b01c
SHA256: b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 07, 2010, 06:17:54 PM
http://www.virustotal.com/file-scan/report.html?id=f4c23e3c8c51affb73e1d3a73871ea71234ee340c61630eccaa2ad97913c26d4-1286437643

http://www.virustotal.com/file-scan/report.html?id=e2e15ea76804a2de2899be9e11e1cb150d5e88c2e0f32a9b7713b40e56b988cc-1286437648
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 07, 2010, 07:36:25 PM
http://www.virustotal.com/file-scan/report.html?id=178e78e5c7b9a8a1cde83eacfb5a10271e417ab45be46f792321fd408daeda6d-1284101083
FAKE AV!
http://www.virustotal.com/file-scan/report.html?id=8593e8ee7bd5c6891e360586ba9fe7a1cc5a4c7d784d440ebe01dc9ab9747b39-1283842972
Koobface

p.s:let's say a thanks to team for their hard work to add samples on next virus database update.
thank you team.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 07, 2010, 09:59:41 PM
Why my sample was not analyzed yet ?

It's happening again ...


VirusTotal: 2/40

http://www.virustotal.com/file-scan/report.html?id=b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec-1286338107

Trojan-Banker.Win32.Banker.bbcy(Kaspersky)



MD5   : 6605aa15e2de9ffa6129b4fe5de0582f
SHA1  : 6ba31ccd445fee3ab5b74bd6097ef78b7f48b01c
SHA256: b5d319e4d5695397fbf4023f640e57bc1de313dd8bca514097bea395defe96ec

----------------------------------------------------------------

EDIT.:

Today was finally detected by avast.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 08, 2010, 10:48:49 PM
http://www.virustotal.com/file-scan/report.html?id=83d8c2539c118d0bd55700c85d605d5db5442094894b541a1e1755732bffab11-1286559056
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 08, 2010, 10:51:23 PM
VirusTotal: 19/43

http://www.virustotal.com/file-scan/report.html?id=87beb04a79148247493b3a37825876c29b129bf1edbe1ed828c6ffc8ab4dcd40-1286570395
TR/VB.Downloader.Gen(Avira)

MD5   : c3eeba8fd7acf081ee82bebf6df7978b
SHA1  : 99297bec5a97d608cd8d5778731a1ae4f4ec8043
SHA256: 87beb04a79148247493b3a37825876c29b129bf1edbe1ed828c6ffc8ab4dcd40

----------------------------------------------------------------------------------------

VirusTotal: 9/43

http://www.virustotal.com/file-scan/report.html?id=c183e478ef4b70b248b3fd005c43691805953e74d9e6432c9c968fdfdb451818-1286570694
Trojan-Banker.Win32.Banker2.zz(Kaspersky)

MD5   : e3a58b376b1d22878a32231a17475e25
SHA1  : 6c466543846c5429cf57439df8119db9dd8522a0
SHA256: c183e478ef4b70b248b3fd005c43691805953e74d9e6432c9c968fdfdb451818
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on October 09, 2010, 08:32:20 PM
http://www.virustotal.com/file-scan/report.html?id=151a6e1fb7f2bfbe109e57af0759b52e02c4c50f95fd9eba5b39a9ca6df27edd-1286648404

http://www.virustotal.com/file-scan/report.html?id=2ec649009442d1d94ee8d5b7a3ab957d1c9eeb0495b04df9c851ad240273e1c4-1286623698

http://www.virustotal.com/file-scan/report.html?id=449be1b8efd82f2dc2c5b9a85e1083da85d04ab3d9ce20543e0fbccdd6ba25c7-1286632785

Source:
Top10 file submissions (Yesterday) -- October 9th 2010
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 09, 2010, 09:53:37 PM
hello all
http://www.virustotal.com/file-scan/report.html?id=e8653f7692b503be7b1031c2c0635dcd8b67a55ff92a6d72748353e9478a360f-1286643149

TROJAN.FAKEAV
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 10, 2010, 05:57:53 AM
VirusTotal: 3/43

http://www.virustotal.com/file-scan/report.html?id=f95fb716da9ea901d7a52b0c955bddd9aed3cfe1769e5f4c15063e1fdb0944fe-1286648795
TR/VB.Downloader.Gen (Avira)

MD5   : e3213d77cc1602bc958980ba707b40a0
SHA1  : 8ec8f807db0efb855cb4317c488141038cf36fc4
SHA256: f95fb716da9ea901d7a52b0c955bddd9aed3cfe1769e5f4c15063e1fdb0944fe
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 10, 2010, 05:45:40 PM
Keep posting Henrique. We need a better avast against these banking nasties.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 10, 2010, 06:07:33 PM
Keep posting Henrique. We need a better avast against these banking nasties.

OK !

I'll try to keep.

I hope the avast team has interest.

Represents half of the infections here in Brazil.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 10, 2010, 07:41:31 PM
Represents half of the infections here in Brazil.
Do you have a link to these statistics?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 10, 2010, 07:46:00 PM
http://www.virustotal.com/file-scan/report.html?id=50f1e0f1d67c512ccf52968649c779aabadc0024ca8a4ca6057418661928faf8-1286702655
FAKE.AV

http://www.virustotal.com/file-scan/report.html?id=5d08da063231545fea060e71e15507bea60c6ad97fd1700f53545fab5cf5898e-1285189006
RANSOM

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on October 10, 2010, 07:47:40 PM
Top 10 File Submissions (Yesterday - October 10, 2010
http://www.virustotal.com/file-scan/report.html?id=4a8cfca9e280f5586c69bd9948099936a3824b0221bb571680f121d1342b4fc3-1286720346

http://www.virustotal.com/file-scan/report.html?id=c81f47b0501627fd4616088908f24a9a5d87c9093fcf5516e072eb11ef635089-1286725443

http://www.virustotal.com/file-scan/report.html?id=eb080beb52532084e750ea9bb8f07dac0546325a06cc5757300d1e86cda311c9-1286704474

http://www.virustotal.com/file-scan/report.html?id=bcf4ae360fd9911e086b1c2b6d7fa310878119110cabc57fff9ae54ca325c3ae-1286712048

http://www.virustotal.com/file-scan/report.html?id=151a6e1fb7f2bfbe109e57af0759b52e02c4c50f95fd9eba5b39a9ca6df27edd-1286731205
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 10, 2010, 07:53:28 PM
http://www.virustotal.com/file-scan/report.html?id=dd48243c92f56cdf0bd82277188bca55bdc1ee8fd780cc0a191da1cc3022bbcb-1286722277
ROGUE
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 10, 2010, 08:15:38 PM
Represents half of the infections here in Brazil.
Do you have a link to these statistics?

No but will read something about.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 10, 2010, 11:04:06 PM
ROGUE

http://www.virustotal.com/file-scan/report.html?id=e88fc12405ae7f28b368d28d921f7c5e554f00d2a233c54c1e827a5c83a83124-1286744412

MD5   : f30bbe6c1be7dcfba53c0ff91fe9611f
SHA1  : 3ec4e234202f91be68689acbabf0b9afcc296c1f
SHA256: e88fc12405ae7f28b368d28d921f7c5e554f00d2a233c54c1e827a5c83a83124

TROJAN

http://www.virustotal.com/file-scan/report.html?id=9e85108aad359dcf78b710219ac793ce8ec6f11c2b45d8752be0311918f5478e-1286745103

MD5   : f62f0ea09dbce2004479913b32627c09
SHA1  : 9c1550914ccf925f462393f76aff750e3d922001
SHA256: 9e85108aad359dcf78b710219ac793ce8ec6f11c2b45d8752be0311918f5478e

TROJAN

http://www.virustotal.com/file-scan/report.html?id=2616945a7ad2fddc354f05d5f7ce8163e32d1413155450922c0f87ac401b8f27-1286745416

MD5   : d17eb44d70475567b9f2179a83d13742
SHA1  : cd3f20e2e397cca28692daa3ae3d8128c3c48319
SHA256: 2616945a7ad2fddc354f05d5f7ce8163e32d1413155450922c0f87ac401b8f27

ROGUE

http://www.virustotal.com/file-scan/report.html?id=bf624604a1ff74205337b7decf9f87a459c1e4a78c96f5ab3f2427dbaa30e82a-1286746026

MD5   : 9156935075b0d1a7ed5cdde328adb770
SHA1  : 5130017edf8bb60c36e450cf226d5f663ad2ae74
SHA256: bf624604a1ff74205337b7decf9f87a459c1e4a78c96f5ab3f2427dbaa30e82a
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 10, 2010, 11:41:36 PM
ROGUE

http://www.virustotal.com/file-scan/report.html?id=84e684de433dd3f05428caf888de4d350908c39fcf6cddfc69079424d4957c10-1286746576

MD5   : 9902efa3f2347c2ca700ea7e530cc5da
SHA1  : 644cca819711b244f869fa0dae71aa40a23198b9
SHA256: 84e684de433dd3f05428caf888de4d350908c39fcf6cddfc69079424d4957c10

http://www.virustotal.com/file-scan/report.html?id=46a15ed01953fd6562fbe757b72002197831ece572c77fec677ba9d92072c191-1286746792

MD5   : 46c9efcb59e07ac75d88d333112e78f7
SHA1  : 29660f2cfa94c78fe637c00757bd7098b381ded7
SHA256: 46a15ed01953fd6562fbe757b72002197831ece572c77fec677ba9d92072c191

http://www.virustotal.com/file-scan/report.html?id=82ed55d14ad5466ffd041edb6df1161647c5d88ef356ce86604a85fd937ea56e-1286747427

MD5   : 022f6b5772d69881a19f041c119447e1
SHA1  : 65ee60e70b1664aba79752678977166ee608e505
SHA256: 82ed55d14ad5466ffd041edb6df1161647c5d88ef356ce86604a85fd937ea56e

TROJAN

http://www.virustotal.com/file-scan/report.html?id=5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742-1286749271

MD5   : 2d2f0c7af61867cd84f2e419a62cef16
SHA1  : e734bb114c2f47dc900d3a5a526db94f0b752ba0
SHA256: 5b3d4395b0f5acd40bc20f4bf3930cbd14da3d240ad67f7ab9a65de0681e8742
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 11, 2010, 02:02:23 AM
TROJAN (Zeus related)

http://www.virustotal.com/file-scan/report.html?id=e626cd0afc2a086eefd7d65275391e784416ce1364b13fe79eb28a9329e770c1-1286754374

MD5   : c4d4ab9ca427c0cbae557a7c2f374410
SHA1  : 089d2718b4d12fde47d605862e309c97794f6cf8
SHA256: e626cd0afc2a086eefd7d65275391e784416ce1364b13fe79eb28a9329e770c1

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 11, 2010, 02:22:47 AM
How can you say this is a missed sample as nothing on Virustotal detects anything on that sample.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 11, 2010, 02:30:36 AM
How can you say this is a missed sample as nothing on Virustotal detects anything on that sample.

Is Virus Total the holy grail? Just because none, at this time, detects a thing, does it mean is nothing? ???

I've been adding reports that some do detect, most do detect, and I got this one that none detect so far. But, it is related to Zeus.

If, among all, avast! also does not detect, then I can assume it misses it? ???

-Edit-

Or is only suppose to place reports that others do detect, but avast! doesn't yet? If so, then I apologize, as I made confusion.
 
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 11, 2010, 02:33:06 AM
m00nbl00d, are you following the suggestions at the first post of the thread?
Otherwise, the reports will have very little value after all.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 11, 2010, 08:51:17 AM
VirusTotal: 2/43

http://www.virustotal.com/file-scan/report.html?id=65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896-1286779262

Heuristic.BehavesLike.Win32.Suspicious.H (McAfee-GW-Edition)

MD5   : 6355177091f224eb970c365e4d06b269
SHA1  : 89361620e489c1876963c32e555afe7d58b9ca04
SHA256: 65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896

.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 11, 2010, 02:51:01 PM
Trojan (Zeus related)

http://www.virustotal.com/file-scan/report.html?id=380087229a5a6182c5b1ccd78e1cd4ac6e0275f2b3623f78272c816fd07b2d71-1286801243

MD5   : bd41f21be524da820c4f555c7d157e60
SHA1  : da36d0c020debd1be81e48993d81628b104a925e
SHA256: 380087229a5a6182c5b1ccd78e1cd4ac6e0275f2b3623f78272c816fd07b2d71

Detected by McAfee-GW-Edition as Heuristic.LooksLike.Win32.Suspicious.F

ROGUE

http://www.virustotal.com/file-scan/report.html?id=5c052870ce034a1600187282e290c56cefef7c592e2dfcc054149a3e00630f76-1286801600

MD5   : fe65a0eb0d8f6b38ada4bf55af56ae6a
SHA1  : b4d3317591131869dc4e90b109a95cb8353e0e2b
SHA256: 5c052870ce034a1600187282e290c56cefef7c592e2dfcc054149a3e00630f76

TROJAN (Zeus related)

http://www.virustotal.com/file-scan/report.html?id=48061ade1f85d7040bca8bf056c95be8dc8568658841314db4874eeb699a0cbf-1286801855

MD5   : 8279e011750c6499e01026f2aa370d56
SHA1  : 69e333fbc316e63c23284f1b1312c6782e908515
SHA256: 48061ade1f85d7040bca8bf056c95be8dc8568658841314db4874eeb699a0cbf

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 12, 2010, 05:46:53 AM
VirusTotal: 22/43

http://www.virustotal.com/file-scan/report.html?id=ecea9a1c297b62c4c1fb9c21a92dc50277eba60c53e0c91a701981f2a05db6fd-1286855009

TR/Spy.Banker.Gen (Avira)

MD5   : 09580a2d997b6b4c9d68e781b32364be
SHA1  : dc8c09b0651ba125dfcffe70e15faa3a9fafb061
SHA256: ecea9a1c297b62c4c1fb9c21a92dc50277eba60c53e0c91a701981f2a05db6fd
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on October 12, 2010, 08:58:02 AM
Trojan.

http://www.virustotal.com/file-scan/report.html?id=380087229a5a6182c5b1ccd78e1cd4ac6e0275f2b3623f78272c816fd07b2d71-1286865579
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 12, 2010, 03:58:52 PM
ROGUE

http://www.virustotal.com/file-scan/report.html?id=45873cade00ef2de771777511673b53ad3ca9f851f0cb57adcf90ff23f3b90c4-1286891196

MD5   : d04954c1a4cf72d14f365a7bb9e6d60d
SHA1  : d1113e86c6f739ee82837e44cec068fb27ffdafa
SHA256: 45873cade00ef2de771777511673b53ad3ca9f851f0cb57adcf90ff23f3b90c4

ROGUE

http://www.virustotal.com/file-scan/report.html?id=4851da897bf2992b5daa3cdc4b3dd4d0103d27b63e9201fc25fb9125fbbeab3f-1286892008

MD5   : 0b157157b293430fb8c9a35ae17fd0d8
SHA1  : 969e2500c38c80c4a5d3911d096c0fed435fcd49
SHA256: 4851da897bf2992b5daa3cdc4b3dd4d0103d27b63e9201fc25fb9125fbbeab3f

ROGUE

http://www.virustotal.com/file-scan/report.html?id=ecb766252fa425d4d7610517f49509fefd4e81e1053aefb6eba7d3d5cf04e05b-1286892878

MD5   : d92514a45a5eac2a1d2dec8dd33c81da
SHA1  : 3f4af4537658bdf507a444e1ec10d6c3a0c4899f
SHA256: ecb766252fa425d4d7610517f49509fefd4e81e1053aefb6eba7d3d5cf04e05b

ROGUE

http://www.virustotal.com/file-scan/report.html?id=8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac-1286893115

MD5   : 6991987f5404662c57f9d4ab8b6a1851
SHA1  : 15e86de816047e3ccef0f86d449b811e1bd266f3
SHA256: 8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac

TROJAN

http://www.virustotal.com/file-scan/report.html?id=8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac-1286893115

MD5   : 6991987f5404662c57f9d4ab8b6a1851
SHA1  : 15e86de816047e3ccef0f86d449b811e1bd266f3
SHA256: 8444e1b069e7060001f040e1d2b4eab5fc08397a0de5571c61d456a194bc6dac
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 12, 2010, 04:48:41 PM
TROJAN

http://www.virustotal.com/file-scan/report.html?id=3cab860e5ab2c7dfac5f1bd656b0b31e58aa3d42cbdd67fdfbd0dc3591e68f4a-1286894775

MD5   : 19283d1343ef0be90a317198585520c1
SHA1  : ad6918b1a630ae229eebe2bb2c240f4439691d31
SHA256: 3cab860e5ab2c7dfac5f1bd656b0b31e58aa3d42cbdd67fdfbd0dc3591e68f4a

TROJAN

http://www.virustotal.com/file-scan/report.html?id=26ca928094211abe9f24a3d0c5fc35484782db8ec2b6c45e92bbf3ebdfe3db9e-1286894999

MD5   : 124960c4b1e002ac7725308e7912a64f
SHA1  : 067f5934d94b670f4b7e04f0e25d21d0f25e8f0d
SHA256: 26ca928094211abe9f24a3d0c5fc35484782db8ec2b6c45e92bbf3ebdfe3db9e
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 12, 2010, 08:48:11 PM
VirusTotal: 20/41

http://www.virustotal.com/file-scan/report.html?id=82a91174739fd00ec38c31c41ecf3268aad3a9cc07ceb6923635d65276cff982-1286909055

TR/Crypt.XPACK.Gen (Avira)

MD5   : 79a137546440b649d05a74b74d26fb39
SHA1  : 87bd2f282ca5501173e2b995fb8711936dbdcec7
SHA256: 82a91174739fd00ec38c31c41ecf3268aad3a9cc07ceb6923635d65276cff982

-----------------------------------------------------------------------

VirusTotal: 19/40

http://www.virustotal.com/file-scan/report.html?id=1160b9f1934a9dd9231f31560b99a0701c44c0c2c605fdbdeadd05285e3452a4-1286909991

TR/Crypt.CFI.Gen (Avira)

MD5   : 98a0cd18c03892c7f83148afa4c13ffb
SHA1  : b0428d8f55273ba3e45f3fb71bb1c1e91a4211f6
SHA256: 1160b9f1934a9dd9231f31560b99a0701c44c0c2c605fdbdeadd05285e3452a4

-------------------------------------------------------------------------

VirusTotal: 19/42

http://www.virustotal.com/file-scan/report.html?id=013903434d8cd9cebe8913def0a0022c1ac03ac30b9ee319c404c770d186b93d-1286910374

TR/VB.Downloader.Gen (Avira)

MD5   : e761ffd4493bc56044fef408b43cd387
SHA1  : 17208a7048df26c696ba395112f041fabd98abd5
SHA256: 013903434d8cd9cebe8913def0a0022c1ac03ac30b9ee319c404c770d186b93d

-------------------------------------------------------------------------

VirusTotal: 19/41

http://www.virustotal.com/file-scan/report.html?id=0dff24330bc30faeec1b36e6f9c535359f7344d839748149f743f3f307be96f1-1286910870

TR/VB.Downloader.Gen (Avira)

MD5   : addf29b4e4c8b875fbcef278bf66a7db
SHA1  : 0d069f5bc1faeeb38be5ee57e370620e88296f73
SHA256: 0dff24330bc30faeec1b36e6f9c535359f7344d839748149f743f3f307be96f1

---------------------------------------------------------------------------

VirusTotal: 21/43

http://www.virustotal.com/file-scan/report.html?id=c80367480094aa649ad0b9914b9c1cb4c6320101ee3bae4bda6775a0ab736db6-1286913569

TR/Crypt.CFI.Gen (Avira)

MD5   : 9c75702f09b15fef35f205b12d4f15e6
SHA1  : 5109a83bf5b5f06fe640c84b2e2665ea1cb38c5d
SHA256: c80367480094aa649ad0b9914b9c1cb4c6320101ee3bae4bda6775a0ab736db6

-----------------------------------------------------------------------

I will not send more until I have to be detected by avast.

-----------------------------------------------------------------------

EDIT.:

This has not been detected yet by avast:

VirusTotal: 2/43

http://www.virustotal.com/file-scan/report.html?id=65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896-1286779262

Heuristic.BehavesLike.Win32.Suspicious.H (McAfee-GW-Edition)

MD5   : 6355177091f224eb970c365e4d06b269
SHA1  : 89361620e489c1876963c32e555afe7d58b9ca04
SHA256: 65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896

.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 13, 2010, 05:46:18 PM
ROGUE

http://www.virustotal.com/file-scan/report.html?id=b542593a97bb9fa1e949e3daf4ec7ea22884295745ff2b93e48218bc3f2729e9-1286984588

MD5   : ae57cb81a246972e63378c956744291d
SHA1  : 0397683698f9bf209a883e7b1e7100ace35c0239
SHA256: b542593a97bb9fa1e949e3daf4ec7ea22884295745ff2b93e48218bc3f2729e9

TROJAN

http://www.virustotal.com/file-scan/report.html?id=9f7f7a40c51de30a9f2160b72865ac7323c0394de3dfce7b0e58e5de63eac756-1286985392

MD5   : e3f83a9d5591d149ea54fef696bcdad8
SHA1  : e02f0b4692fcf2bf595ef391c73b9f482adea09d
SHA256: 9f7f7a40c51de30a9f2160b72865ac7323c0394de3dfce7b0e58e5de63eac756

ROGUE

http://www.virustotal.com/file-scan/report.html?id=79bb43c75546db0bc1ad0cc27529198ab60980a151c82ac4eb5a416905645f9e-1286985963

MD5   : 29ef8c98b57185bcc4ff8c5c9c494da8
SHA1  : 6aecfe6a72be9f409f8b4144a458e3e45be6fee5
SHA256: 79bb43c75546db0bc1ad0cc27529198ab60980a151c82ac4eb5a416905645f9e

TROJAN/ZEUS

http://www.virustotal.com/file-scan/report.html?id=cef9cc3be07749b2472130560b793c4ed7642ec856d1104fa6b71ff8bad62a74-1286986116

MD5   : c59ef71540aa1735c31c3c3d9bb32958
SHA1  : 069f811b4c3d0b35d481fbc697580bfae7339070
SHA256: cef9cc3be07749b2472130560b793c4ed7642ec856d1104fa6b71ff8bad62a74
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 13, 2010, 06:13:16 PM
ROGUE

http://www.virustotal.com/file-scan/report.html?id=50880380b9a2a368c0460a580895041b7f32c468efbd1bd08ce300c926ea6cd0-1286986285

MD5   : bdb6615f4a274bfd159436148fdbe1c7
SHA1  : a70441c652e6e43cac7e2ac513834fb36d0574ba
SHA256: 50880380b9a2a368c0460a580895041b7f32c468efbd1bd08ce300c926ea6cd0

TROJAN/ZEUS

http://www.virustotal.com/file-scan/report.html?id=6319188830903712b4296b6e9c6ece7e53a1232035786d0f218c340c78332b93-1286986548

MD5   : ace6aec48663a0179af2e60cceb2ebb4
SHA1  : 733f7be9011302f17d9cae440056754d5301dd1f
SHA256: 6319188830903712b4296b6e9c6ece7e53a1232035786d0f218c340c78332b93
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 14, 2010, 08:04:01 AM
VirusTotal: 22/42

http://www.virustotal.com/file-scan/report.html?id=aba7f0ddd813cf99259c753f5a149098289760097df9de7ee01cebd74d31009d-1287036007

TR/Crypt.CFI.Gen (Avira)

MD5   : 37e1eaf4cd3f80e9618942e0708a16e1
SHA1  : 32c06264c68a800a3b2e3ad2ffb9935e73f31ece
SHA256: aba7f0ddd813cf99259c753f5a149098289760097df9de7ee01cebd74d31009d
ssdeep: 6144:WdPTN03baw5APiU/twz4+skBXShTdYREeycaekOLtOK7LSEIRkCAsuuzps5u6rnJ:WNTN0
3NU2KOMWVaekXK7L8y9I6db
File size : 347136 bytes
First seen: 2010-10-14 06:00:07
Last seen : 2010-10-14 06:00:07

----------------------------------------------------------------------------

VirusTotal: 6/42

http://www.virustotal.com/file-scan/report.html?id=65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896-1287047835

Delf.TTZ (AVG)

MD5   : 6355177091f224eb970c365e4d06b269
SHA1  : 89361620e489c1876963c32e555afe7d58b9ca04
SHA256: 65a6508e8b43a54a17d5c20c49fbe20f68b12fe5517d1c5dfa41b0540bf64896
ssdeep: 12288:tUmTk8F0KhaR2s68HbHyD1PzLqkRp+fg2b:xQ8fsv2PSwpH2
File size : 527360 bytes
First seen: 2010-10-10 17:59:33
Last seen : 2010-10-14 09:17:15

------------------------------------------------------------

VirusTotal: 20/42

http://www.virustotal.com/file-scan/report.html?id=bed57775dc2f9870c11671906f6cdddbe20983efe269830bbb488dadf4aae5f4-1287049482

TR/VB.Downloader.Gen (Avira)

MD5   : c799242d0c38bd81b965bfd119ca47c3
SHA1  : e71a8e46fa74811288c6237320c9758b851bcb69
SHA256: bed57775dc2f9870c11671906f6cdddbe20983efe269830bbb488dadf4aae5f4
ssdeep: 768:OuSPC8w03SCUSDZArU83z555o3kVZ6+XNZXRuvCfJ4lcdfbIDX4U/rx:+00CzeZfII346+X
LXFr5bIhx
File size : 159744 bytes
First seen: 2010-10-14 09:44:42
Last seen : 2010-10-14 09:44:42
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 14, 2010, 02:22:25 PM
TROJAN/ZEUS

http://www.virustotal.com/file-scan/report.html?id=e521d9d4610d90067b50df211240e0c72bbecf266bfa9dd29f999f28e6030493-1287058668

MD5   : a94d8d952e071d5897fa6ef1539c6e59
SHA1  : b956f5ec6319470210532600e58663b7bd6e883f
SHA256: e521d9d4610d90067b50df211240e0c72bbecf266bfa9dd29f999f28e6030493
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Milos on October 14, 2010, 02:31:20 PM
Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.

Milos
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 14, 2010, 09:35:58 PM
i am glad my new project is not detected by avast ;D 8)

anyway -.-
http://www.virustotal.com/file-scan/report.html?id=e7f1a013004463f9f3c2c4c84cb6b9eb51418622c3c760d4557a99396f06a84d-1287084779
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 15, 2010, 04:12:41 AM
VirusTotal: 20/43

http://www.virustotal.com/file-scan/report.html?id=832d7c815110ce43b58cdf66f7d6386bb249af0038152f3fa912ca61bef58cff-1287108590

TR/VB.Downloader.Gen (Avira)

MD5   : 21b4f22fb4f09ad1e70afb41684b5103
SHA1  : fefba4a9fa348f655db4b1f9a902c05484f44ae7
SHA256: 832d7c815110ce43b58cdf66f7d6386bb249af0038152f3fa912ca61bef58cff
ssdeep: 768:AuSZEjw03SCU63BET555IHY1ZZ+XjXQWIxVkguu:wV0Cz63O1oHkZ+XjXfgr
File size : 159744 bytes
First seen: 2010-10-15 02:09:50
Last seen : 2010-10-15 02:09:50

------------------------------------------------------------------------

VirusTotal: 21/43

http://www.virustotal.com/file-scan/report.html?id=cd5470605c564b8f7bca95e59eb9c15198d7935aa6fc5edb5de2bd58f5c61a8c-1287109607

TR/Dropper.Gen (Avira)

MD5   : ffb0f91b6f4baa70011a2b6615dcb0c9
SHA1  : aae7264e23e2bac578c7b4671fc7171a05432c58
SHA256: cd5470605c564b8f7bca95e59eb9c15198d7935aa6fc5edb5de2bd58f5c61a8c
ssdeep: 12288:3w4VrnE/2foyCqHFlznwl1YlZBCj/XRr7Y3hh:A4VrnMCoyRwl18Bm/Xkhh
File size : 414562 bytes
First seen: 2010-10-15 02:26:47
Last seen : 2010-10-15 02:26:47
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: lastsamurai on October 15, 2010, 02:16:06 PM
File name:
Avast AntiVirus 4.7.x keygen by-GCT.r00
Submission date:
2010-10-15 12:10:08 (UTC)
Current status:
finished
Result:
7/ 43 (16.3%)

Gen:Variant.Kazy.1653(BitDefender)

http://www.virustotal.com/file-scan/report.html?id=b97507708b29aaba8d99f70e5c74a1534e2dbc6d5ad661db0fa19effa8d56f87-1287144608
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 15, 2010, 04:44:41 PM
Why are you all not taking any notice of what a member of the avast virus labs is saying, this topic is pointless.

Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.

Milos

So please do as is suggestive, send the samples to avast. So I guess the next step is in your hands send the samples and stop posting or I guess this topic will be closed too.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 15, 2010, 05:20:30 PM
Why are you all not taking any notice of what a member of the avast virus labs is saying, this topic is pointless.

Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.

Milos

So please do as is suggestive, send the samples to avast. So I guess the next step is in your hands send the samples and stop posting or I guess this topic will be closed too.

I sort of disagree. When sending samples to www.virustotal.com, it gives a general idea of the speed the different security vendors apply to bring out new detections to their products, free and paid. I've come across one sample from September, which avast! still did not detect. Most of them did. I didn't post it here, but for sure that avast! got it, because the sample I checked wasn't uploaded first. It was a recheck.

So, threads like this one here serve to show that user base isn't blind, and is actively seeing whether or not the security tools they chose to use is able to detect threats or not, and how fast they do it.

I believe the normal thing to do is send to www.virustotal.com, because that way we'll be helping every other person making use of other security solutions.
If there are samples that are weeks old, and avast! still doesn't detect them, then for sure, I believe it's in everyone's best interest to know that it doesn't, yet.

I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)


Regards
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 15, 2010, 06:10:35 PM
There is nothing wrong in sending samples to virustotal, no one has suggested you shouldn't do that. In fact it is contrary to what Milos suggested to a) send the samples to avast and b) if you did submit to virustotal put the results link in the email body of the submission.

Regardless of what you think of the topic showing the user base isn't blind, it doesn't help the virus labs at all (as Milos said), they need samples.

If you check the first post of this topic, as to the purpose it was intended:
http://forum.avast.com/index.php?topic=64122.msg541929#msg541929 (http://forum.avast.com/index.php?topic=64122.msg541929#msg541929)
Quote from: Tech
I'm starting a new one trying to help avast improving detection if possible.

So as Milos and Maxx mentioned simply posting links to virustotal results in this topic doesn't meet Tech's hope to help detections on its own "This VT links on forum doesn't help us at all, you can include them to email body."
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 15, 2010, 06:45:17 PM
So as Milos and Maxx mentioned simply posting links to virustotal results in this topic doesn't meet Tech's hope to help detections on its own "This VT links on forum doesn't help us at all, you can include them to email body."

avat is it ...

If you are not satisfied that replace antivirus.

End !

 :'(

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 15, 2010, 07:21:54 PM
I sort of disagree. When sending samples to www.virustotal.com, it gives a general idea of the speed the different security vendors apply to bring out new detections to their products, free and paid. I've come across one sample from September, which avast! still did not detect. Most of them did. I didn't post it here, but for sure that avast! got it, because the sample I checked wasn't uploaded first. It was a recheck.
+1
Although we need to consider the sheeper behavior of virus total and the rush not to detect but to not get out bad in the picture...

So, threads like this one here serve to show that user base isn't blind, and is actively seeing whether or not the security tools they chose to use is able to detect threats or not, and how fast they do it.
I think the same.

I believe the normal thing to do is send to www.virustotal.com, because that way we'll be helping every other person making use of other security solutions.
I disagree. The good thing to do is the what can allow we to get a better detection (and protection) asap. So I think we need to follow a way that help, not a way that we think it helps...

If there are samples that are weeks old, and avast! still doesn't detect them, then for sure, I believe it's in everyone's best interest to know that it doesn't, yet.
It's difficult to say, as the samples could be infinite, the garbage could be very huge.
So, trying to verify 50.000+ samples a day will move us toward this "lockout" of technology.
That's the reason of asking other alternatives to "signatures-only" method of detection.

I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
That's one of my intentions opening this thread.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 15, 2010, 07:39:04 PM
<snip>
I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
That's one of my intentions opening this thread.

As far as perspective goes, if no one who posts VT results in this topic goes back and checks if they are now detected by avast (no longer missed) and edits their post to say they are now detected. Then there is no perspective at all only a list of missed detections and nothing to indicate when they are detected, so I don't see how that helps the user base.

Just browse through this topic and see just how many people follow up their post when the sample is detected and you will see how unbalanced it is, so it is very one sided. Given that I don't feel it can provide any useful information for the user base to make an informed decision on missed samples and when they are included in the database if no one if modifying the original posts when it is detected.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 15, 2010, 08:48:53 PM
MD5   : 5e397750d32baa7d37f27d144fe4e2c4
SHA1  : 7281aa700b1703f4d1528aac7cc314e52817e848
SHA256: 9202e99fdc324ea8f53549d0c01a5a1dc225350fa923add6fbcdbe529dda4107
ssdeep: 3072:qqavcStFlrE8j6ptIxYhEK4QRzEYX2CPWkLUh4QPSCHnfkW:aHtFlg1pFx4QEq2CjloSCH

http://www.virustotal.com/file-scan/report.html?id=9202e99fdc324ea8f53549d0c01a5a1dc225350fa923add6fbcdbe529dda4107-1287166710


2.  http://www.virustotal.com/file-scan/report.html?id=05182bc7bde7bfd9dfbb6ece0f5bb368eb999e70637b4e4cdf7e75a6599b59e7-1287168704

(http://prikachi.com/images/305/2585305j.png)


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 15, 2010, 09:49:12 PM
As far as perspective goes, if no one who posts VT results in this topic goes back and checks if they are now detected by avast (no longer missed) and edits their post to say they are now detected. Then there is no perspective at all only a list of missed detections and nothing to indicate when they are detected, so I don't see how that helps the user base.
You're fully right. I've tried to do this at the beginning but, believe me, it's boring boring boring. It takes molasses to avast to add some detections... And will we keep checking checking and checking?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 15, 2010, 10:08:54 PM
I know it is boring and a real chore, which is why it will always be one sided.

Since some of the virus labs team have said that the VT Results on their own are of no help, I really can't see the purpose of this topic at all if people aren't going to update their previous posts when they are detected. That in the last 8 pages of this topic is woefully lacking.

If people submit the samples from the chest (with VT Results link and brief info), they can at least scan it from within the chest to see if it is included, if not it is very simple to submit it again and again and again if necessary.

The files that I submit from the chest, I test weekly and perhaps I've been lucky most are added, but some take a second or third submission. I submitted one yesterday a UPS email scam one and it is detected today, see image.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 15, 2010, 10:17:56 PM
I really can't see the purpose of this topic at all
Read again the other purposes of this thread... Maybe the virus labs aren't the only ones who are looking for benefits... Maybe we don't have to shut up just because of that. Why do they worry about this thread then? Just let it be like it is... Or there is something more than that and they are not comfortable with this thread?

submit it again and again and again if necessary.
We're not stupid... We won't keep submitting files just to bring up attention.
There is a more serious way to work.
There is something more fun to do.

The files that I submit from the chest, I test weekly and perhaps I've been lucky most are added, but some take a second or third submission. I submitted one yesterday a UPS email scam one and it is detected today, see image.
Henrique is submitting a lot of trojans active here in Brazil.
avast never has the fastest detection... ever...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on October 15, 2010, 10:34:08 PM
I simply can't see any other benefits/purposes of this topic which I think you stated quite clearly in the first post, to help improve detections and that clearly isn't happening as they have no samples to work from and you can't attach them or post links to file sharing sites (why the last topic on this was closed).

No one is saying you are stupid - If you aren't prepared to a) modify old posts in this topic when they are detected and/or b) resubmit from the chest if after a reasonable time they aren't detected, then don't bother. No one is standing over anyone with a stick, but me having gone to the trouble to submit a file I generally see it through to the end.

Yes Henrique is and if you remember rightly Maxx was trying to do something different so he could submit directly using ftp or other means.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: m00nbl00d on October 15, 2010, 10:45:39 PM
I thought that security vendors would get the samples from Virus Total? They do, don't they? So, after all, there seems to be a point in sending them to Virus Total, because avast! will get them.

Anyway, I just wanted to help. I personally make no use of avast!, but I do have friends and family members who do, and for sure it would help a lot is avast! team was faster providing new detections for not so new malware. I'm pretty sure some other friends make use of other solutions like AVG, or whatever it may be; hence the reason I upload the samples to Virus Total and not just one vendor. It would seem rather odd.

Also, there's no point in modifying posts after 1 day or even 3 days. If, say two weeks have passed and still no detection for XYZ sample from avast!, then yes, give an update. The same if a detection is already out.

Anyway, if avast! team considers this thread to be trivial, then I'm done.


Cheers
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: kubecj on October 15, 2010, 11:25:32 PM
I said it many times: We get *T*E*N*S* of *T*H*O*U*S*A*N*D*S* files a day. We're adding thousands of detections a day, most of them automatically generated and the rest is semi-manually processed by finite numbers of humans. There are certain prioritizations in the process, which I admit may not be the best, but still position us in front of other products detectionwise.

Yes, I know we don't detect everything - and it's not possible to detect everything in these times.

If you submit something on VT, we'll eventually get it from them and add it to the database as soon as possible.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 16, 2010, 01:44:07 AM
why the team avast does not adopt the other criterion.

If the sample from VirusTotal is not detected or not analyzed in a timely fashion she gets the name given by another antivirus.

This would make avast unbeatable.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: kubecj on October 16, 2010, 01:54:32 AM
Because other AVs are unreliable as the source of the detection. Firstly, because they're FP infested and the second problem is that some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 16, 2010, 04:23:09 AM
some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Kubecj, is it possible to name them? If not, I understand.
But this seems a ridiculous attitude, not respectful. It would be good to know who is playing the "bad" guy role in the game. Of course, you can prove what you say. Of course, I believe you.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 16, 2010, 06:07:00 AM
Yes Henrique is and if you remember rightly Maxx was trying to do something different so he could submit directly using ftp or other means.

Why Maxx not give us other direct way to send samples?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: kubecj on October 16, 2010, 09:49:27 AM
some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Kubecj, is it possible to name them? If not, I understand.
But this seems a ridiculous attitude, not respectful. It would be good to know who is playing the "bad" guy role in the game. Of course, you can prove what you say. Of course, I believe you.

http://www.securelist.com/en/weblog?weblogid=208188011
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
http://blog.eset.com/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 16, 2010, 09:55:47 AM
better false positives or fake detection than infected with bankers,zbots,and other things ;D
but if you say so,i will start send the samples to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 16, 2010, 10:25:38 AM
Why Maxx not give us other direct way to send samples?

which other direct way?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 16, 2010, 10:28:41 AM
Why Maxx not give us other direct way to send samples?

which other direct way?

ftp ?

other e-mail ?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Omid Farhang on October 16, 2010, 10:53:18 AM
If you submit something on VT, we'll eventually get it from them and add it to the database as soon as possible.

Oh, I did not know this!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: vywert on October 16, 2010, 11:37:06 AM
Trojan (Bredolab) File name: updugt32.exe

http://www.virustotal.com/file-scan/report.html?id=9d90abb84ba08b6e9bbe3b404818123a249d12073081e073afef12a061ff8494-1287214603

Detected by Windows Task Manager - svchost.exe 100% load
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 16, 2010, 11:47:07 AM
ftp ?

other e-mail ?

http://forum.avast.com/index.php?topic=64122.msg546624#msg546624 ftp was mentioned already..
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 16, 2010, 12:04:01 PM
http://forum.avast.com/index.php?topic=64122.msg546624#msg546624 ftp was mentioned already..

ftp is this ?

ftp://ftp.avast.com/incoming/


Henrique - Bankers is what bothers you, right? we're receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it's probably not enough to cover this regional issue.. if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe..

What it means ?:"a daily uploaded batch with a predefined name"
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: igor on October 16, 2010, 12:11:37 PM
FTP is not a good idea - unless you are specifically asked for that (for a specific file), and the one who asked you is expecting the file there.
Having a FTP folder full of anonymous files uploaded by nobody knows who, not knowing what are malware samples, what are false positive samples, crash related files, somebody trying to make a public warez folder, or something different... is completely useless. The content just gets deleted, there's nothing to do with that. So, simply deleting the sample, or uploading it to the incoming folder on the FTP without previous arrangement - is mostly equal.

Other e-mail? Well, this other e-mail would, in the end, be processed exactly the same way as the usual virus@ e-mail... so what's the point?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: igor on October 16, 2010, 12:15:54 PM
What it means ?:"a daily uploaded batch with a predefined name"

It means that if you had a significant number of samples, there could be an arrangment that you would upload them somewhere daily, in a very specific format (exact name of the archive, possibly specific file structure inside of that archvie) - and they would get somehow included into the automated processing as an additional feed.
But uploading single, randomly named files on the FTP is pointless.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 16, 2010, 12:17:10 PM
a predefined name means a specific name known to you and viruslab to easily identify the file on our side.. this way is applicable for larger batches of samples, single files should be sent rather via e-mail...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 16, 2010, 12:34:08 PM
a predefined name means a specific name known to you and viruslab to easily identify the file on our side.. this way is applicable for larger batches of samples, single files should be sent rather via e-mail...

It is to rename the sample and send it via ftp?

We could send the samples we had a day one by one via ftp ?

Could give a practical example ?

Please explain with simple words because my English is bad.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: igor on October 16, 2010, 12:42:34 PM
Please use the usual e-mail - it will really be easier, and the samples will be processed in exactly the same way.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 16, 2010, 12:54:17 PM
Please use the usual e-mail - it will really be easier, and the samples will be processed in exactly the same way.

I also think.

But the problem is there are samples that will take days to be detected and others never are.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: 12-es_csaj on October 16, 2010, 01:58:14 PM
But the problem is there are samples that will take days to be detected and others never are.

Yes, I see this problem, too...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 16, 2010, 02:30:11 PM
fresh and new project
http://www.virustotal.com/file-scan/report.html?id=b10b74a90503075d471534179ba9b023ade703624b9f358335c89fcb418e5059-1287231801
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 16, 2010, 05:49:30 PM
http://www.securelist.com/en/weblog?weblogid=208188011
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
http://blog.eset.com/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts
Thanks. Need to read everything, but seems that no names are disclosed, just the fact itself.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 16, 2010, 05:53:26 PM
Edit/removed.....wrong answer .... :-[
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 16, 2010, 05:56:46 PM
Pondus, I was referring to the name of the sheeper companies that follow Kaspersky placebo... ::)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 17, 2010, 02:32:40 PM
http://www.virustotal.com/file-scan/report.html?id=e7f1a013004463f9f3c2c4c84cb6b9eb51418622c3c760d4557a99396f06a84d-1287233084
as you can see it seems that it's not detected by avast at vt BUT at my pc avast detected it as win32:malwaregen.weird
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 17, 2010, 02:58:48 PM
virustotal may be slower with VPS updates... btw: some rogue samples should be detected now (either as Trojan-gen, Malware-gen or SuspBehav - our heuristics have been improved during this weekend and further improvements will follow as usual).. if you don't have the files to make a resubmit/rescan you can at least see the irrelevance of posting "empty" links, which you have no clue what they stand for :P
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 19, 2010, 11:25:22 PM
http://virscan.org/report/95d9541c232ebcb6b1ada20a28a0e3d3.html

http://www.virustotal.com/file-scan/report.html?id=0ed7204efd2782c04668302f973d541c3cee794649661ec3e1a3bd2278b1fa35-1287521982
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 20, 2010, 03:54:12 PM
Zbot

http://www.virustotal.com/file-scan/report.html?id=a549a0386ec2e8c0a8c6416adbce9dc60f9f91b7cf43ed4a1302b1e0dcd8210b-1287582043
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 21, 2010, 09:31:34 PM
http://www.virustotal.com/file-scan/report.html?id=54eb820a86d4afd02cb627726a7ff325d8d02ac64ac9a7861577ab074968f77f-1287682833

http://www.virustotal.com/file-scan/report.html?id=c7a90fc33e6774b0ae6be6d52e08f98ad32f8626689b2272f80592b2e72da4d6-1287682836

http://www.virustotal.com/file-scan/report.html?id=a288da956e6131a994fb9bd95e99736eef124a1c0c400e0d02601c0dffd757d8-1287681669

Sent to Avast Lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 22, 2010, 01:58:22 AM
Sent to Avast Lab.
Thanks for helping improving detection.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on October 22, 2010, 04:37:05 AM
http://www.virustotal.com/file-scan/report.html?id=e7f1a013004463f9f3c2c4c84cb6b9eb51418622c3c760d4557a99396f06a84d-1287233084
as you can see it seems that it's not detected by avast at vt BUT at my pc avast detected it as win32:malwaregen.weird

its now found by avast,BitDefender,and my anti virus g data whist i don't have yet.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: ArminPasalic! on October 23, 2010, 07:17:06 PM
http://www.virustotal.com/file-scan/report.html?id=e7c3807967df6e1bdf0c05b1a0fe28f575e95c6c3407e02cf1363013141a7c69-1287111602

I think this is 1 Year old or 2 year old
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 23, 2010, 08:06:06 PM
Security Tool

http://www.virustotal.com/file-scan/report.html?id=b7b1468525d0deb08a04424ebe6fa4dea8fc794994a6b1fc5ac34c3e1dfe4804-1287853988





http://www.virustotal.com/file-scan/report.html?id=5902d245f1b307dd5d10efe41c93310cf0d629d3d732172d84179c5bf3dc1fa9-1287853571
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on October 23, 2010, 09:28:45 PM
http://www.virustotal.com/file-scan/report.html?id=60ca507ef4ba7dbbb7ef6ea4b975b9b09a24d7d0c91d38d0876331203f962d98-1287861724

only Avast 5 find it not 4.8

its have trojan spambot.c and

other trojan.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 23, 2010, 10:19:35 PM
chabbo, did you send the sample to avast?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 23, 2010, 10:31:10 PM
chabbo, did you send the sample to avast?
If not, i have   ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Maxx_original on October 24, 2010, 07:19:52 PM
v4 does not detect PUPs at all, that's it..
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on October 24, 2010, 09:06:38 PM
ardamax installer
http://www.virustotal.com/file-scan/report.html?id=88370b9ff5652ce367526fe51deb0fcc50e2a92acc33ef5ad61e36063ad90fff-1287947082

actually it's a keylogger creater so it's (not) a malware ?:S

analyze and tell as fast as you can :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: iRonzel on October 24, 2010, 09:36:48 PM
fake av: http://www.virustotal.com/file-scan/report.html?id=00f32c25b3f48af91cf2df34c212c55c1ef83f8fef240829ec753e4cdf57ced0-1287948827

trojan: http://www.virustotal.com/file-scan/report.html?id=8a1ca21f565aec540aa0e3bb4fca52fd32792183aeea3aae08a4f582710111e6-1287936518

both were sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on October 27, 2010, 06:07:12 AM
Slapper Trojan found by Avast 5 but not 4.8  ???

http://www.virustotal.com/file-scan/report.html?id=17ec80f41f6d5017046cc89278147efd6673c45346367c6b3307dede4ea3a80a-1288124367
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: bachnguyen09 on October 27, 2010, 08:18:47 AM
thx 4 remind  :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Onix on October 27, 2010, 08:36:06 AM
new malware http://virusscan.jotti.org/en/scanresult/c36f848df0039d1525bfef47154c03a8874eb3ef

sample :
Please,remove the link to malware. Send the sample as a password-protected zip-archive to virus<at>avast.com.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Henrique - RJ on October 27, 2010, 08:48:57 AM
I have 4 samples that are not detected by avast has seven days

 >:(

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Onix on October 27, 2010, 08:51:27 AM
bachnguyen09, you can leave the link from jotti :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on October 30, 2010, 11:11:17 PM
Worm.Autorun


http://www.virustotal.com/file-scan/report.html?id=e3ae9d1d016589935718092f7df8df3f106dc7aa301340c4b19457c500ba98af-1288472531
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on October 31, 2010, 12:12:18 PM
http://www.virustotal.com/file-scan/report.html?id=a9ab8b6b0b74a9b0075caeeb544136aea9388db2e67f4c64246b590fad7a0a51-1288522576

http://www.virustotal.com/file-scan/report.html?id=8eab24201eeb1396aa717d0bd79d377b8f4c5ef5287b8f62cff2184ae8bd821a-1288522349


http://www.virustotal.com/file-scan/report.html?id=b546ce0a12dfafce59b2b2868248f5b5578235a6e4af52a8dd21fc9757561f33-1288523434

Sent to Avast Lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 04, 2010, 07:09:40 PM
Here an user in the Spanish forum with an undetected sample.
http://forum.avast.com/index.php?topic=65848.msg555827#msg555827
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 09, 2010, 07:53:22 AM
here are some threats that avast did not find

http://www.virustotal.com/file-scan/report.html?id=b1fc3e6a913fa3c30be290f14affb9b2e55195a03a297f9ee519dc46796ccb79-1289284240

http://www.virustotal.com/file-scan/report.html?id=aa3419dadd52d3ee7b46c36dfed7542932ff4a813e16ee60474a17c6b3dc4bc8-1289282129
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on November 09, 2010, 03:31:53 PM
Your 1st is only detected by 2 scanners, one suspicious and the other a variant of, both of which are of a higher potential for FP.

Your 2nd one is missed by every one of 43 scanners and seems like some copycat comments at the bottom of the page.

However, all this is a moot point as links to VT alone are pointless as members of the avast virus labs have said on a number of occasions, they need the samples. So it is more important to submit samples to avast.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 10, 2010, 03:20:08 AM
my bad
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 10, 2010, 06:28:53 AM
http://www.virustotal.com/file-scan/report.html?id=67ad1c93c546880ba311aad2e5c19eb33a2eeaa2f2b2906836f63b7715500bba-1289363902

http://www.virustotal.com/file-scan/report.html?id=3e82282ac240eb6a47dfa84d59ff942ce7c2369b5293d76e9fe86aabd264d80f-1289363896

http://www.virustotal.com/file-scan/report.html?id=9a4e65cd543b29d1f7fbad375686410fdc75212d8f76891c3f631484be0b8266-1289363574

http://www.virustotal.com/file-scan/report.html?id=6fe4f8e00d1d0ca5253fb0ab28a6bc3080b782ecc58b5dea21a1388f08b1723d-1289363907

http://www.virustotal.com/file-scan/report.html?id=67ad1c93c546880ba311aad2e5c19eb33a2eeaa2f2b2906836f63b7715500bba-1289363902




Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 11, 2010, 04:12:12 AM
http://www.virustotal.com/file-scan/report.html?id=ce48d778550aaa27aec92531870abd30995e5475ad23b4c50e9685c2551bbd8b-1279900191

http://www.virustotal.com/file-scan/report.html?id=f41b88506655174076e2bd781f8285b360ed9d3267b2e81446f9daaebdf53c8f-1289442972

http://www.virustotal.com/file-scan/report.html?id=2bc9d22343dc407b627ff29801a604fc02d0b9c55647eed04e30d8d67bcb0948-1289443049

http://www.virustotal.com/file-scan/report.html?id=d8742493cee66ed81255dedc0aa99fa6c1e9125c123066e691ae4daea699cdb8-1289106634
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on November 11, 2010, 07:38:33 AM
http://www.virustotal.com/file-scan/report.html?id=4e9a3ad34db9ca541f08faee4bdd73cd2715ae8c88dcbca8f157e2243b5a1074-1289457086

http://www.virustotal.com/file-scan/report.html?id=68aa60a46a2d546b48cc98cb2c898c8765011c9f8e0e12353f724652869d6c37-1289456975

http://www.virustotal.com/file-scan/report.html?id=9a4e65cd543b29d1f7fbad375686410fdc75212d8f76891c3f631484be0b8266-1289457804

http://www.virustotal.com/file-scan/report.html?id=3f112fdc6ef8190b0bcc6798cc8f1decbfa54d7310ff9308f2cb60db041fb29e-1289458254

http://www.virustotal.com/file-scan/report.html?id=ab8147e4a3605e0051be24bc260425a32c7b6a529024e8f1419ff3b38a8ce4f3-1289458476
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 11, 2010, 11:08:16 AM
Are you submitting the samples to avast?
If not, you're losing your time posting the links...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: smage on November 11, 2010, 05:13:25 PM
@Tech you can continue to submit VT links here.lol

http://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 11, 2010, 06:59:39 PM
Are you submitting the samples to avast?
If not, you're losing your time posting the links...

yes we are want to submit the samples to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on November 11, 2010, 10:13:04 PM
Hi :)

Possible undetected malwares: http://www.virustotal.com/file-scan/report.html?id=34da592c1e1339be43657cb072f767874a8dae598a97a591b88ec3b12ad1c12e-1289509350

http://www.virustotal.com/file-scan/report.html?id=1a096a4bfe803b54268d00f4bbbe88c8d3891a3f17781d164a35b938c1170f50-1289510065 (Avast detected this virus but Avast4 didn,t detect it)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 12, 2010, 12:32:55 AM
@Tech you can continue to submit VT links here.lol
http://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html
And what is the relationship between avast and Comodo in this case?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: smage on November 12, 2010, 08:12:57 AM
@Tech you can continue to submit VT links here.lol
http://forums.comodo.com/av-false-positivenegative-detection-reporting/malware-not-detected-2010-t49281.0.html
And what is the relationship between avast and Comodo in this case?

Actually when you submit a malicious file to VT, VT will submit the undetected malware to both Avast and Comodo, so I do not understand why such a thread exist on both the Avast and Comodo forum.

Anyway I will not hijack this thread with a Comodo discussion.

Keep up with your submission guys.

Regards
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on November 12, 2010, 08:23:52 AM
Quote
Actually when you submit a malicious file to VT, VT will submit the undetected malware to both Avast and Comodo, so I do not understand why such a thread exist on both the Avast and Comodo forum.
exactly, and some of the avast! Guy`s have explained that a couple of time, but this tread refuses to die
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 12, 2010, 08:40:47 AM
Possible Trojan.

http://www.virustotal.com/file-scan/report.html?id=5fb3a5adaef0738d03433f988bb743f6dbfb97cf46bfad1d34cae4af15895d53-1289547163


Update:  Now detected as Win32:Malware-gen
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 12, 2010, 11:29:51 AM
When you're facing a sample that avast is not detecting... and you check with virustotal and yet avast does not detect... Or when you get infected because avast simple failed... well, you think you could have a place to say: Hey, avast detection rate could be better.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on November 12, 2010, 03:22:30 PM
But it still achieves 'nothing' and as I keep saying if you don't go back and modify your posts when it is added, then it is a totally one sided, unbalanced topic that helps 'no one' other than to allow someone to vent their spleen.

It is a total waste of time, avast will always be trying to improve detections. It is the nature of the beast that AVs will always be playing catchup. This is why the generic, algorithmic, behavioural and heuristic signatures/rules were introduced to help improve over just signature based detection.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Omid Farhang on November 12, 2010, 04:32:14 PM
I agree with David, this topic is useless.

Unless avast open a topic like MBAM has for posting malwares, this kind of topic is useless.

Just something else is about submitted malwares end, we never know what happened to malwares we have submitted, Delivered or not? Some of them are being added to database but what about those that are not detected? Are they clean or they are just being ignored?

avast! need more way for collecting malwares, a web-interface is essential, something that does not cost much for avast because they already have resource for that (A public FTP Folder with enough hosting, bandwidth etc) and just need time and a technical team work on that a few days. I don't want post link to other vendors website because some people don't like, if not, I could post some example ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 12, 2010, 10:06:35 PM
It is a total waste of time
Don't lose yours then :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 12, 2010, 10:08:43 PM
This kind of topic is useless.
Sorry Omid, but does this make your suggestion also useless? I don't think so...

avast! need more way for collecting malwares, a web-interface is essential, something that does not cost much for avast because they already have resource for that (A public FTP Folder with enough hosting, bandwidth etc) and just need time and a technical team work on that a few days. I don't want post link to other vendors website because some people don't like, if not, I could post some example ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on November 12, 2010, 10:17:23 PM
It is a total waste of time
Don't lose yours then :)

No it is a total waste of time posting the VT results as I have stated quite clearly and not as you have taken an extract of my comments and posted it in isolation.

Quote from: DavidR
It is a total waste of time, avast will always be trying to improve detections. It is the nature of the beast that AVs will always be playing catchup. This is why the generic, algorithmic, behavioural and heuristic signatures/rules were introduced to help improve over just signature based detection.

I'm not the one wasting time posting VT results.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 12, 2010, 10:53:57 PM
I'm not the one wasting time posting VT results.
Just let the thread there. Don't post. Don't read. Don't waste your time. But don't say a thread that I have opened with the best intention and with 180+ posts is a waste of time. It's a matter of personal respect to the one who opened the thread.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on November 12, 2010, 11:50:15 PM
The number of posts or who started it or respect for who started it has nothing to do with how useful or useless or a waste of time a topic is. That is down to clear hard facts, simply posting the VT results isn't going to help detections, samples are.

Why if it isn't a waste of time have several of the virus labs team said it doesn't help them. So to that end it has to be a waste of time and as I keep banging one if you don't bother to update your posts when a missed sample is added then it is totally unbalanced. So those visiting the forum get a totally unbalanced view about avast missing samples when there are no subsequent updates when they are added.

So sorry, if I decline your autonomous command not to read, post or waste my time. That is my right to waste my time as it is yours ;D

No one has said anything about your best intentions, that isn't in doubt, just the fact that it isn't meeting your intention.

As my first thread get hijacked and closed without even warning me :P, I'm starting a new one trying to help avast improving detection if possible.
<snip>
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 13, 2010, 04:22:49 AM
Are you submitting the samples to avast?
If not, you're losing your time posting the links...

Sure Tech, Everything I post here is sent to Avast (Along with as many others that aren't detecting them as possible)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 13, 2010, 05:28:58 AM
Rogue A/V Program.

http://www.virustotal.com/file-scan/report.html?id=28ae36996382d05cf5ab0bd5c6763ccef9f4ee50eb62feeb3b4b453eb304218f-1289621871


Now being detected as Win32:Malware-gen
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 13, 2010, 09:56:59 PM
trojans

http://www.virustotal.com/file-scan/report.html?id=df80dcf3f0d3ee24a508423e48e8d0bb96e44bb5945957b39953d9ab33c97477-1289674128

http://www.virustotal.com/file-scan/report.html?id=38f243ad6fe99e3dfc0f0c9a17bb069b16024ce3afa1e1e88d6246f17b83fc34-1289691606

http://www.virustotal.com/file-scan/report.html?id=798daa4884f51105d09442e585dffa82a35d8e772ef54884aa9f1270ca59991b-1289693895

http://www.virustotal.com/file-scan/report.html?id=d71c12a31f4c01f4502e4a552a9ba9150633db00653753a9e073bef1c1d7cc38-1289673984

http://www.virustotal.com/file-scan/report.html?id=798daa4884f51105d09442e585dffa82a35d8e772ef54884aa9f1270ca59991b-1289693895

http://www.virustotal.com/file-scan/report.html?id=38f243ad6fe99e3dfc0f0c9a17bb069b16024ce3afa1e1e88d6246f17b83fc34-1289697638

http://www.virustotal.com/file-scan/report.html?id=55a39c0b8a8ca16da175bcb3643845296596668504d9a93c1ad322cf68bbb1f5-1282137832

http://www.virustotal.com/file-scan/report.html?id=7430213bca3d3e0abd5e41fbb2b4c09981b14dbcb266fdccfb7706f92a0b1003-1289697253

bot

http://www.virustotal.com/file-scan/report.html?id=b7689c6c10d9887a0fdff2379fae8acc73403e3a68a4236bbb5112d41994d3d7-1289650783
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 14, 2010, 04:37:13 AM
Possible Trojan.

http://www.virustotal.com/file-scan/report.html?id=bd3edd73b282c48a040ed0673fdae723b26c518358fa94fc26f7814f79dd5086-1289705161
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: iRonzel on November 14, 2010, 05:57:40 PM
Is possible that a trojan can be disguised as a Screen Saver file extension?

http://www.virustotal.com/file-scan/report.html?id=a0aa12cdd31154dec56880f57577c316d154945f74dc4e0cceeaba36e5b7cb4d-1289748843

The file was submmited to avast! 
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: iRonzel on November 14, 2010, 06:00:01 PM
Zeus v2 sample

http://www.virustotal.com/file-scan/report.html?id=eb6cd7f47545e9c7e1811b49c1e9f07c012a987147cd82210b0192d05d371419-1289748173

Submitted to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on November 16, 2010, 09:16:06 PM
http://www.virustotal.com/file-scan/report.html?id=91016ccb7ebc08d77fecea5b305f84eeb0d67d2dc22a2391c3d4fb0ba4a4731d-1289938070

http://www.virustotal.com/file-scan/report.html?id=c0d931378b3746894dfc3efc3900dccb112f065e077c2a5e18c236d6dda345b8-1289937663

http://www.virustotal.com/file-scan/report.html?id=fa99a37e7e76a0853a1f9c0c9ab91eb638c1aaf0641f450d8e00d0bd5b7911b1-1289938624

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 19, 2010, 06:42:47 AM
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1290143899

http://www.virustotal.com/file-scan/report.html?id=78373ec7d52d511d6ff3334c9d24f50db16a1a5f7038de00add5f436754fdb8f-1290137657

http://www.virustotal.com/file-scan/report.html?id=27b20bf0d034211adfa1ec9b27e2184ff939c89a0047c903315da5e70f9bcd11-1290114380

http://www.virustotal.com/file-scan/report.html?id=1fec86b0ca32c32b47b6a147d4a88ede46aadd4771a17def67178fedc344e1e0-1290122349

http://www.virustotal.com/file-scan/report.html?id=7e48b9e7f34b42a1cfc4ba6c4f0d51fd8ff11eacb4353563995de1f56c091cd7-1290142292

http://www.virustotal.com/file-scan/report.html?id=7666bdb4ffa6344e8167633852966560501b5cdee7cd254f732a5f956cc30868-1290140660

http://www.virustotal.com/file-scan/report.html?id=f7a82722948184ced6a580bf8df3966201832b9b0a07bdf2e05fec314f3a9172-1290142349

http://www.virustotal.com/file-scan/report.html?id=75e3e48ba79564386b215681f279072f817f421655e9bb76b093d876831cf376-1290142320

http://www.virustotal.com/file-scan/report.html?id=0e1882c26fffb718ebe61379e612597a750562248f4371d963e217abfcde91c6-1290123692
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 20, 2010, 07:56:58 AM
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1290235107

http://www.virustotal.com/file-scan/report.html?id=618c8fe42aa8d4ab93e45fbe15556676c8955e532f1327059d3b9b51cb0191b6-1290210980

http://www.virustotal.com/file-scan/report.html?id=48c3e39c6a9f265e50ae4c2f5977e58d0fa71abaaa463b4cb7f31905f3c7d123-1290227360

http://www.virustotal.com/file-scan/report.html?id=9b42b3ff4e302328ff1593c9867941587b110a2e511528adc980807055f6d764-1290237285
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on November 20, 2010, 09:10:02 PM
Fake AV program

http://www.virustotal.com/file-scan/report.html?id=935231acde473f769a003ccafec31823aa333122623ff0965bb473e0d18ed5d4-1290283102
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on November 20, 2010, 10:46:08 PM
http://www.virustotal.com/file-scan/report.html?id=283dd498f973656fd6840a666b0857cf4376ff4e8bdeb0bf69107216555a5a9e-1290274802

http://www.virustotal.com/file-scan/report.html?id=25d13f2dfc380191d488f5218cb16187f9ba0f30136b34c58806223db198d866-1290281390

http://www.virustotal.com/file-scan/report.html?id=9233ec6abbe7c2e885fdd5e6126e8c13d83c3d09710525b225073d8f748d0455-1290281147

http://www.virustotal.com/file-scan/report.html?id=b10d97488bea300be1dfbc5ecd8b349a0daa5a3730daa5a139c2fabfd30cd682-1290287246

http://www.virustotal.com/file-scan/report.html?id=1915f81042991096778b05d89903ac97b8edea768d8bf680db5d93dd3702017b-1290270167

http://www.virustotal.com/file-scan/report.html?id=8e051f3c1a40a2b6bf312a73fee364f8bd13e67b60df518c51eb70ac8e4cfa58-1290286601
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 22, 2010, 07:03:58 AM
Trojan.

http://www.virustotal.com/file-scan/report.html?id=982590d692dad38821beeac8a67bca0d48588411da840f1e7cdc52551131d90e-1290405306
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 23, 2010, 06:20:46 AM
Another Trojan.

http://www.virustotal.com/file-scan/report.html?id=7405481483e0db3a217206d44ab7bed0a67cd612022b48c3e0609e1953f36874-1290486211
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on November 28, 2010, 06:40:41 AM
Trojan Downloader.

http://www.virustotal.com/file-scan/report.html?id=08be62efec518609ffdc23be0a6487a23c7ff2905ce4cce878e039235c1b7fba-1290919831
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 28, 2010, 06:41:50 PM
Malwares and PUPs not detected by avast (but from ESET on line):

Nero Burning Rom installers as Win32/Toolbar.AskSBar application
Format Factory 2.10 as a variant of Win32/Adware.ADON application (file >20Mb).
Keygen (http://www.virustotal.com/file-scan/report.html?id=2988cd576f121a7ec4a6465c0b7c34e54693534fe17fc420c8f82e04d19eba21-1290964254) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=351b67dc73b4b42b90160ed2363d99dc40b39ea07be1788c034767a088ced236-1290964252) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=5dc9c2613e0fcbe975aa8eb644b8c331a29b94221313f175db1e5c29b4065f64-1290964594) submitted from Chest.
Asterisk Password Reveal (PUP?) (http://www.virustotal.com/file-scan/report.html?id=84e280f5ec0c7c5a79b2f885d4a3672dde199a27a22dd6c01e62657fcced2f4c-1290964888) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=20f1df38534b05fb80b6ebbe43ec909aa8b5e4980a0bcdf7a117737d307e4fa5-1290965268) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1290965252) submitted from Chest.
KillProcess 2.44 (PUP? a variant of Win32/KillProcess.A application?) (http://www.virustotal.com/file-scan/report.html?id=014d58b0ba45495ba72c07f68afb8d74cd7d818e5c740f3b3be97d908166988e-1290965661) submitted from Chest.

Is Unlocker 1.9.0 setup a Win32/Adware.ADON application? (http://www.virustotal.com/file-scan/report.html?id=1ad20b852885783d90567d61089f369c9fdcaaa52116a0377663bac4b1c30572-1290965148).

In my tests, only one false positive of NOD32 (ESET): http://www.virustotal.com/file-scan/report.html?id=d5c67fea9f9d0de88f10a4acb728e6d4f1807f43ecc348cb2523e332bfae61b7-1290965863

At least after 1 hour of work, can I have an answer from the virus analysts to this particular post?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Milos on November 29, 2010, 01:37:24 PM
Malwares and PUPs not detected by avast (but from ESET on line):

Nero Burning Rom installers as Win32/Toolbar.AskSBar application
Format Factory 2.10 as a variant of Win32/Adware.ADON application (file >20Mb).
Keygen (http://www.virustotal.com/file-scan/report.html?id=2988cd576f121a7ec4a6465c0b7c34e54693534fe17fc420c8f82e04d19eba21-1290964254) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=351b67dc73b4b42b90160ed2363d99dc40b39ea07be1788c034767a088ced236-1290964252) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=5dc9c2613e0fcbe975aa8eb644b8c331a29b94221313f175db1e5c29b4065f64-1290964594) submitted from Chest.
Asterisk Password Reveal (PUP?) (http://www.virustotal.com/file-scan/report.html?id=84e280f5ec0c7c5a79b2f885d4a3672dde199a27a22dd6c01e62657fcced2f4c-1290964888) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=20f1df38534b05fb80b6ebbe43ec909aa8b5e4980a0bcdf7a117737d307e4fa5-1290965268) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1290965252) submitted from Chest.
KillProcess 2.44 (PUP? a variant of Win32/KillProcess.A application?) (http://www.virustotal.com/file-scan/report.html?id=014d58b0ba45495ba72c07f68afb8d74cd7d818e5c740f3b3be97d908166988e-1290965661) submitted from Chest.

Is Unlocker 1.9.0 setup a Win32/Adware.ADON application? (http://www.virustotal.com/file-scan/report.html?id=1ad20b852885783d90567d61089f369c9fdcaaa52116a0377663bac4b1c30572-1290965148).

In my tests, only one false positive of NOD32 (ESET): http://www.virustotal.com/file-scan/report.html?id=d5c67fea9f9d0de88f10a4acb728e6d4f1807f43ecc348cb2523e332bfae61b7-1290965863

At least after 1 hour of work, can I have an answer from the virus analysts to this particular post?

Hello,
we will not add detection for keygens.

Milos
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on November 29, 2010, 01:40:48 PM
Hello,
we will not add detection for keygens.
Milos

Are these all keygens...:o
Tech, what's up...???
asyn
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 29, 2010, 01:52:27 PM
We will not add detection for keygens.
I suppose that for "keygens" only and not for infected ones (clearly malware). Right?
And second, what about the PUPs? And Unlocker?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: bong2x on November 29, 2010, 01:55:12 PM
Keygen  ??? ??? ???

But Keygen is a Source of Hacking Software  ??? ??? ???

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 29, 2010, 02:01:52 PM
But Keygen is a Source of Hacking Software  ??? ??? ???
But avast should protect only against infections and malware.
It's not intended to protect intellectual property of 3rd party softwares.
So, if it is an inoffensive keygen (i.e., only generates keys), it won't be detected.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: bong2x on November 29, 2010, 02:12:43 PM
But Keygen is a Source of Hacking Software  ??? ??? ???
But avast should protect only against infections and malware.
It's not intended to protect intellectual property of 3rd party softwares.
So, if it is an inoffensive keygen (i.e., only generates keys), it won't be detected.

okay i got your point tech. if the third party software is hack, then avast is not responsible to clean up the mess


Regards!!!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Milos on November 29, 2010, 02:14:51 PM
We will not add detection for keygens.
I suppose that for "keygens" only and not for infected ones (clearly malware). Right?
And second, what about the PUPs? And Unlocker?

Yes,
of course ;-), you are right.

Milos
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Omid Farhang on November 29, 2010, 03:50:16 PM
Hello,
we will not add detection for keygens.

Milos
way to prevent FPs, glad to hear that!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: bong2x on November 30, 2010, 04:41:12 PM
Can i add 1 here? or maybe i am late. is this posted already??

http://www.virustotal.com/file-scan/report.html?id=47b472d6d7183911ccfe1bed790ca6485c051b79d04dc0a7775cee48629af735-1291131404
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on November 30, 2010, 04:50:42 PM
http://www.virustotal.com/file-scan/report.html?id=a41a7d89e54b822697a32dccf144dc19a7d1e9ed38fe33e9b6c1947fddcf4fc1-1291131900

http://www.virustotal.com/file-scan/report.html?id=fd78a957851054d3f71a292e580bfad89242c4952a68becb434b0c7fe789a379-1291131904

http://www.virustotal.com/file-scan/report.html?id=afb07e2bff42438c007aecbb87f54e9ab6c92b36ef46ae0c148fe308aeda9340-1291131931

sent to Avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 01, 2010, 01:50:44 AM
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1291153301

http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1291139455

http://www.virustotal.com/file-scan/report.html?id=a940a97a7d0c1d4e24c1148fdb838764f52f11cbadede7390ae22e59b7642abd-1291163390

http://www.virustotal.com/file-scan/report.html?id=67933b5bbf9b1e6227a412bcbc72c0486ec0a7b821c247061c1f3f90d27e4cd3-1291160460

http://www.virustotal.com/file-scan/report.html?id=0f19cb2288164f8ba18f6d8ce02b4a2fcb2cad926f925df4aec8987d92179331-1291163552

http://www.virustotal.com/file-scan/report.html?id=4dbd709c51a4d8cf2e7c85c0dfba09e3516a3f9eeb1677ec40536be0d98fb7de-1291161048

http://www.virustotal.com/file-scan/report.html?id=a1ed506b1587d39815e0b0e89ffcd6313098ad0d0be2dbf660cc1d3771923819-1291161898

http://www.virustotal.com/file-scan/report.html?id=36720ea39a4620003952ef60ab03b155a3a5e7c5017c38c13db05c9cc01a7a3d-1291162777
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on December 01, 2010, 11:45:21 AM
nsm0220,

1. Why do you think this is infected?
   http://www.virustotal.com/file-scan/report.html?id=a1ed506b1587d39815e0b0e89ffcd6313098ad0d0be2dbf660cc1d3771923819-1291161898
   http://www.virustotal.com/file-scan/report.html?id=67933b5bbf9b1e6227a412bcbc72c0486ec0a7b821c247061c1f3f90d27e4cd3-1291160460
2. avast won't detect inoffensive keygen. I'm not sure this is one... Anyway, CIS is free and don't need a keygen.
   http://www.virustotal.com/file-scan/report.html?id=4dbd709c51a4d8cf2e7c85c0dfba09e3516a3f9eeb1677ec40536be0d98fb7de-1291161048
3. invoice.scr seems really infected. Hope avast improve detection.
   http://www.virustotal.com/file-scan/report.html?id=0f19cb2288164f8ba18f6d8ce02b4a2fcb2cad926f925df4aec8987d92179331-1291182068
4. This also seems infected: http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1291139455
5. This IS infected for sure... Please, improve detection avast...
   http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1291183205
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 02, 2010, 07:37:58 AM
the 4th one i need that for gdata database
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 02, 2010, 09:17:12 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=b12474f41a651c037e04ccf3c2983136079147ea3ffcfefd278846f430249128-1291277536
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 03, 2010, 05:27:34 AM
Another Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=72cfd245f0a985ee259d40bc1636b802f25d9825565da602e4c9b28446bc81d5-1291350316
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 03, 2010, 06:07:49 AM
Trojan.

http://www.virustotal.com/file-scan/report.html?id=03a4369f802f8e348f22d2c691cf1044172637ff979844d1e0a20844578ae07c-1291352451


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 03, 2010, 06:51:36 AM
Trojan.Zbot


http://www.virustotal.com/file-scan/report.html?id=5cc6c20cc70948caf5c35cbf1a0821cbeea95ff0ab1aa757f304e1a5ef31d626-1291355314
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 04, 2010, 05:58:41 AM
Another Trojan.

http://www.virustotal.com/file-scan/report.html?id=fe4c2063a87ad4c832412f5a54cd552ed6abf48ab1f3bd739822ce092621708e-1291438301
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 06, 2010, 08:35:42 AM
Trojan Downloader.

http://www.virustotal.com/file-scan/report.html?id=77dce6096de5e36fefa70e79a4fa34161649981986952ce08e19a6dc656b8fbd-1291617982
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 06, 2010, 05:28:47 PM
nsm0220


  
4. This also seems infected: http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1291139455



why is the 4th one is not in the database,it a threat
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 06, 2010, 05:50:50 PM
http://www.virustotal.com/file-scan/report.html?id=e840d30d844bcc3e4b85fb401c1c861b3802b8c6a4f9a97884a3544e6dd7aa78-1291631580

http://www.virustotal.com/file-scan/report.html?id=5f0d0797d16af6c55dee86089754aef182050773ffb5edf0384ee6f1e855b8e4-1291647651

http://www.virustotal.com/file-scan/report.html?id=9e68e7e65330a40472a538e770f2f04faf060caa247e721d25e2041f908fa6d4-1291648478

http://www.virustotal.com/file-scan/report.html?id=feab158a71c75f8a94c3fd7b3920efcc79fb9fceb36f32f363b217bcbebf46c4-1291635911

http://www.virustotal.com/file-scan/report.html?id=f303380429d998863eae9a7aa5f56281aef1b3a3ffb5b7a921ff69c30b587ca5-1290031274

http://www.virustotal.com/file-scan/report.html?id=3b1228297147a679d98d3cc01e0c5deec73cc91707c712f3606183c92ca2a59f-1291648184

http://www.virustotal.com/file-scan/report.html?id=ef825efc34e69d811ce82d9c0b14b58d778dfcf9c7a71090b3d3eed4e70c8e20-1291660222

http://www.virustotal.com/file-scan/report.html?id=22dac5fcfe76ec96cbae4833bb59240926f7e3d83ad98369b658acab57dc5c3c-1290175769

http://www.virustotal.com/file-scan/report.html?id=17e072cca9723a69a7322ee3468226a31eb7ed5a85a6e26ac4ac1cd9659e05d2-1291671429
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 07, 2010, 06:59:39 AM
Trojan Banker.

http://www.virustotal.com/file-scan/report.html?id=9e68e7e65330a40472a538e770f2f04faf060caa247e721d25e2041f908fa6d4-1291701406
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 07, 2010, 08:06:23 AM
Trojan Downloader.

http://www.virustotal.com/file-scan/report.html?id=75d06934187a954dedda2012e20ec7ea8b8ca8569f3e28b50a9ebd5c2a02f1bd-1291703965


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 08, 2010, 02:44:47 AM
http://www.virustotal.com/file-scan/report.html?id=fbe964be1c247deb1ffaae2fc5ceb8f374cd56c5cfe313dd4fd11ca5cdbe9c10-1291687179

http://www.virustotal.com/file-scan/report.html?id=2e9f4f830f6e191475c8c65ee493fd4445f0778d50f21a639000951b915543b9-1291761341

http://www.virustotal.com/file-scan/report.html?id=a502d9397723208b68ec85a026c908a845de8af8b9a59b2fa06d07ef1e73e8e5-1291764175

http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1291830602

http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1291848520

http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1291848520

http://www.virustotal.com/file-scan/report.html?id=8863916514f8a6ce1fa856c6c7b8dbfb0c4b1b272aa8faaf404f1265d09b71a8-1291860624

http://www.virustotal.com/file-scan/report.html?id=6de4790bccd91e52b9b37a8e06caf319a031e428348605abccf0b1edc163eff2-1291860389

http://www.virustotal.com/file-scan/report.html?id=ce3c29ec200ee7ada1f7d154e081da8e579396706b1f75084a2cf1679400933d-1291861361

http://www.virustotal.com/file-scan/report.html?id=9a87e02ce03c3b3a63e6ff6eb622e2d946e2e83c94d88e1919a03e85dfd269bb-1291733983
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 09, 2010, 06:14:56 AM
Trojan.PWS

http://www.virustotal.com/file-scan/report.html?id=ae5441f9e28cd942edf5676ef8d1785dc608a97db07f36d4510209aacf077554-1291871234
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 09, 2010, 05:49:28 PM
http://www.virustotal.com/file-scan/report.html?id=59d42bc32b357261fc3ea47f29f51d9265727c8fd94aa18ae7551fb5e55c15c3-1291782385

http://www.virustotal.com/file-scan/report.html?id=2cc896bed72cff170721a482bcd25947b42f7ec0e8eb26f9ec65d05570637b13-1291366141

http://www.virustotal.com/file-scan/report.html?id=30cf11bbb0320aadc50970c665a6dc28cc467917754265953ca033940b3338dc-1291889504

http://www.virustotal.com/file-scan/report.html?id=be3232ca3a7da061cba23e01ded366e29d778e4be155ad215179216c1cf1aecb-1291846308

http://www.virustotal.com/file-scan/report.html?id=25deec03dbfde34cb8c81c29edd126d96de82c781192245e9fd8f7aa2b8e6a05-1291915067

http://www.virustotal.com/file-scan/report.html?id=60bb23427e5848e7a361ada4e1ea44e7424a682d3d8c9d9c4f969bedb7cce4ae-1291912948

http://www.virustotal.com/file-scan/report.html?id=011837a42ae3ba6d56a2d8234a6c6d3723edb4e21fc66b1dab6472db8a5bdd8b-1291738956

http://www.virustotal.com/file-scan/report.html?id=c9f2d7076ef1d0bf794ed0d81bf694be7896cd60a44e61956e8d73a7cf11c7ba-1291912073

http://www.virustotal.com/file-scan/report.html?id=fcd07d46066bc332ec20f5514676f12e225f1ad08dee02c337cec960d30c9627-1291892540
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on December 10, 2010, 02:01:50 AM
nsm0220, are you submitting the samples to avast? (as it is mentioned in the first post of this thread)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 10, 2010, 06:05:20 AM
yes
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 10, 2010, 06:06:13 AM
http://www.virustotal.com/file-scan/report.html?id=bec5e19f8784b9dd3f3c967b719950e9844c8dca9abf63c1dfabcec9f7f1bb21-1291929166

http://www.virustotal.com/file-scan/report.html?id=0b730cf2d3ff796a6bee6b31c291d9be582c28c9019de644a7d93f93f9e1d10f-1291934170

http://www.virustotal.com/file-scan/report.html?id=a8471195ded6bd0b325b0a8bdb99c82eed4bcafd9f4f6a006ae6ddb8eb6cee61-1291933796

http://www.virustotal.com/file-scan/report.html?id=ab96a70952980f010fea7f94221438851967c3e76d42f87bc5dd8683df325e1c-1291935563

http://www.virustotal.com/file-scan/report.html?id=2e565265aa5fa03f1b474ea5565f5917f07441f2dfeec1c72013861f90d37be2-1292148821
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 10, 2010, 06:12:53 AM
Trojan Dropper.

http://www.virustotal.com/file-scan/report.html?id=ab96a70952980f010fea7f94221438851967c3e76d42f87bc5dd8683df325e1c-1291957628
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 10, 2010, 07:27:43 AM
Not sure about this one.

0/43 on Virus Total:

http://www.virustotal.com/file-scan/report.html?id=5acddc9ce62ea190fe49abe84776a510412cb7c8c673cc59d2faf7ab16a7c2a5-1291960393

Uploaded it to VIPRES sandbox and it sure looks like Malware.

http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12070000&cs=0D04575BCE6EB3F61FB854915A1F44E3

MBAM finds it as Spyware.Passwords.XGen
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 11, 2010, 07:35:41 AM
Trojan.Scar. (MBAM)

http://www.virustotal.com/file-scan/report.html?id=4b505e12465fb5b4b554777a11af3dddb7cfcd9a493a76a9320baf85ede6463e-1292049114


Rogue A/V

http://www.virustotal.com/file-scan/report.html?id=703e9ef96679bc6e6fed691124404354f179dbead89cb2a4896ca4a2ec882079-1292050599



Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: SAMEE on December 11, 2010, 12:38:18 PM
 ??? Is it a Trojan or Botnet

http://www.virustotal.com/file-scan/report.html?id=182119cb8d3e207b91503b5a8bc017c8cf9d2212e83d150ae565c8a06f8092f9-1292060165
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: nsm0220 on December 14, 2010, 06:46:04 AM
http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1292239430

http://www.virustotal.com/file-scan/report.html?id=b65bee8cd4630c7012823608e9edb43ae058742ab8c09c1a2c69aaf05fd4a697-1289835235
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 14, 2010, 07:52:11 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=15ef8b684b98e5d1f4cf966418e17e5e78f1ff4922c29e06cfd31f1bf0814e57-1292309253

Trojan.

http://www.virustotal.com/file-scan/report.html?id=25061e5c53335d11fd193121765c284406dc02a328e5d4a5f0e5ebe2a73c8a35-1292311973


Rogue Antivirus, Same name as above, but different MD5.

http://www.virustotal.com/file-scan/report.html?id=09af306edfe77eebba501fea6bc78edaff36844c333c3ec0af34270c572ffac2-1292394619

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on December 15, 2010, 09:25:42 PM
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613

thanks.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: lastsamurai on December 15, 2010, 11:02:06 PM
Worm.Win32.AutoRun.bnex

http://www.virustotal.com/file-scan/report.html?id=477104941154d0d3673365a7f59173743ec903be6b3dbf9cfebf959898a6bff4-1292359804
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: lastsamurai on December 15, 2010, 11:04:06 PM
http://www.virustotal.com/file-scan/report.html?id=392070435000ec3c62cb705beebc964b84172d924af63c1d8cfc20eb2ffb0d25-1292349952

http://www.virustotal.com/file-scan/report.html?id=0299df68b2577a9171f8af95a8d62be69e5524d649822d5792e0b0d418f5c155-1292349980
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: lastsamurai on December 15, 2010, 11:05:53 PM
http://www.virustotal.com/file-scan/report.html?id=aaee85f33c79f5457a7458a42cbd182de96d7b091f541547e09fa01c23b487dc-1292355698
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 17, 2010, 06:27:40 AM
TR/Crypt.XPACK.Gen. (Antivir)

http://www.virustotal.com/file-scan/report.html?id=378840167bc5675cce79371d8bbeffbf786e4367c50962a554dd06d41f6b21c1-1292563149


Trojan Zbot.

http://www.virustotal.com/file-scan/report.html?id=c854f743769e79d886107c9b5e02e306a51a065006c233374c819716f76f658e-1292568029


Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=01d2504452de747f7383b85a71b06fedce3b1bca32f0837d630cb3eb414bbd50-1292570480
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 18, 2010, 12:18:29 AM
Posting just for fun......not often i see a 100% score   ;)

http://www.virustotal.com/file-scan/report.html?id=b6a17d16ee7db1bff201999f79f769fe7e4a6eacc5387437d8a5973457768961-1292540577

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on December 18, 2010, 01:01:35 AM
Posting just for fun......not often i see a 100% score   ;)
http://www.virustotal.com/file-scan/report.html?id=b6a17d16ee7db1bff201999f79f769fe7e4a6eacc5387437d8a5973457768961-1292540577
I have a doubt of it ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 18, 2010, 07:17:37 AM
Trojan-Ransom.

http://www.virustotal.com/file-scan/report.html?id=557f1bf993b4ddcff09a263ee8b72db52c903d207e5b0494ca7e3237e444f316-1292652859


Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=e9abf75ff9f28456d14f2e3e352b7c2048b33662a445c51d34b1f2990c8b1b48-1292655998
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on December 20, 2010, 04:27:31 AM
malware

http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1292708012
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 20, 2010, 07:25:52 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=7b6fe074ed8dcd8c4c4bb91447fb9fe721b4f867ec2eb19e591f6d15190d3ea3-1292825607
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 20, 2010, 07:47:23 PM
Trojan-Kazy Variant

Detected by Avast 5 but not 4.8.

http://www.virustotal.com/file-scan/report.html?id=2039251b594b50c65ce0a892df96e922959985b730875e9f244d51e3d83e32d1-1292830545
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 21, 2010, 06:29:36 AM
Trojan-Rogue Antivirus

http://www.virustotal.com/file-scan/report.html?id=cb45bb18b26dd2ab0fb63edb3e9cb516f1e65816fcbdf08274bb3168db399bae-1292909155

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: lastsamurai on December 21, 2010, 10:01:18 AM
a variant of Win32/Injector.DYK

http://www.virustotal.com/file-scan/report.html?id=f0231cdd2c015de8b22974adf8c67977713749b9eec1e97dafe8450bb6e8f7de-1292905135
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: lastsamurai on December 21, 2010, 10:02:34 AM
Win32/Spy.Banker.VCV

http://www.virustotal.com/file-scan/report.html?id=5be3687550fd58a96a483758232a18c1eed9220b73ccd168e7eec79adb088ccc-1292891741
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 22, 2010, 05:38:21 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=7b572d3a5695ec2df843a0fd4311cea65073895dd38de1296e85f4ac301bae45-1292992359


Trojan.Downloader.

http://www.virustotal.com/file-scan/report.html?id=2c89bf28901906e0878880ae507a2c68146d2ebc1028f91ec9285407fc92dfee-1292998812

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on December 22, 2010, 03:46:50 PM
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613

thanks.

still undetected?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Silk0 on December 22, 2010, 03:50:45 PM
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613

thanks.

still undetected?

Still have the program?
If yes, just send it again to VirusTotal... but at first look to the report on the quote seems a clean file.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on December 22, 2010, 05:47:37 PM
Every1 can make a keylogger with that program,similar to ardamax
http://www.virustotal.com/file-scan/report.html?id=4e413e6c5038348be3be70c5959baf579c91e2303eeadf42a1bbf8b020390d86-1292444613

thanks.

still undetected?


Still have the program?
If yes, just send it again to VirusTotal... but at first look to the report on the quote seems a clean file.

i've already sent it,i said similar to ardamax.It's 100% malware
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 23, 2010, 06:11:18 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=7a34a2ee512dd374946c1f9cd2bcc0d173715ca258f8f9eab417b84cfd24158d-1293080954


Same name as I reported above, Different MD5


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on December 23, 2010, 09:43:55 PM
http://www.virustotal.com/file-scan/report.html?id=95fafaebced50b0fc4e3e14a197494ccaf73642ca1539c91e201e5c91863f9e1-1293136846
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on December 23, 2010, 09:45:58 PM
http://www.virustotal.com/file-scan/report.html?id=95fafaebced50b0fc4e3e14a197494ccaf73642ca1539c91e201e5c91863f9e1-1293136846

this file was in my computer and avast did not detect it
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: CharleyO on December 24, 2010, 03:16:01 AM
***

Did you send it to avast so that it could be detected??


***
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 24, 2010, 07:58:08 AM
Trojan Spyeye.

http://www.virustotal.com/file-scan/report.html?id=c0dec0a55b9270a331ac2dfc633c86175fd69b921a98d0d963a1397cbf15b5be-1293173674


Rootkit.

http://www.virustotal.com/file-scan/report.html?id=b70dd7caca08c9856d20e42962f388bc38d944a5803dc29dad3e301f77876e44-1293175215




Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on December 24, 2010, 11:27:16 AM
Trojan downloader

http://www.virustotal.com/file-scan/report.html?id=a969f4f2bf5bc546659006f33b864933afd29064c88dc0987cb8f2b1d39dfba5-1284674539

Zbot / spyeye
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1287393580
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on December 24, 2010, 11:30:32 AM
Zbot / spyeye
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1287393580

Look here...
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1292058011
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on December 24, 2010, 11:35:52 AM
Zbot / spyeye
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1287393580

Look here...
http://www.virustotal.com/file-scan/report.html?id=fe8bfbea04126f2b26dda84cc4eeec3c4ac25435a1c8fd61854a8fb401d7d1c3-1292058011

eh, more up-to-date report mmm.
but this one:
http://www.virustotal.com/file-scan/report.html?id=da1c2b3807bfca9b29949442400bc8a68cac6a161feb49b648c729951ec629d6-1289874490
isn'tdetected by avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 25, 2010, 07:21:34 AM
Backdoor Trojan.

http://www.virustotal.com/file-scan/report.html?id=6f5e7a2092f6b4029c33e3df7ad5b34b165e47479c169f8ff8d6e41e67c08975-1293257481


Rogue Antivirus.

This is the third one with this name but different MD5.

http://www.virustotal.com/file-scan/report.html?id=cd8e3f8e48d829060a2e9ab1fb972272d631fd23f0d8526da0fa2993d08b7f5c-1293259721


Trojan Downloader.

http://www.virustotal.com/file-scan/report.html?id=48084612a4d111afceb5a557ea24dfd38a13bc27456f0b801953e7408f0258fe-1293262839




Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Gilgamesh214 on December 25, 2010, 08:06:04 AM
http://www.virustotal.com/file-scan/report.html?id=a76d913efcc776271b7ee7d233c49c6a3e107446b76cd8053814a869d6493614-1293259993
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 26, 2010, 05:46:55 AM
Trojan.

http://www.virustotal.com/file-scan/report.html?id=cf51f9c7bdfeff5e16ea92f8a9b24d5334208bd13ec69125e8b5b5a77b65bf07-1293338516



Trojan Dropper.

http://www.virustotal.com/file-scan/report.html?id=633b8d6a2125dd681fcc6e3b56e949edebb363f698d295cc8b1fda6677d51e26-1293340246
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 27, 2010, 06:14:10 AM
Trojan-Dropper.

http://www.virustotal.com/file-scan/report.html?id=9821eafcb0ca3984246cd0db26189f261516965751a1cb21f4b0950251423a93-1293426657
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on December 29, 2010, 06:23:49 AM
Trojan-GameThief.

http://www.virustotal.com/file-scan/report.html?id=e79a3a7ae2d2d9f171114c8eb31244e9125fca1841b9bd2378dce5773febbcee-1293600036



Trojan-Meredrop.

http://www.virustotal.com/file-scan/report.html?id=481eff7966fec5cde2da2558de947e8a3f7cdb4ea464feef732a40494c669113-1293602730
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on December 30, 2010, 02:13:38 PM
http://www.virustotal.com/file-scan/report.html?id=980048a34aeb00eb166c1002e655b5abc1a3f78172c761a6338fe43112d8b7f4-1293711830




Palevo?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on January 01, 2011, 08:18:35 AM
Trojan.Zbot

http://www.virustotal.com/file-scan/report.html?id=fb68af03c0b0dc28c7b8541bacc0d5bba1988830620be01a201c5d0fb740314f-1293866103
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on January 02, 2011, 05:36:51 AM
Trojan-Downloader.

http://www.virustotal.com/file-scan/report.html?id=d9653d13d89bcc5ab915d53569c80eb6df2184662a62231c43febfbd28267d93-1293942862


Trojan Downloader #2

http://www.virustotal.com/file-scan/report.html?id=bd6065b3a2d2be4c4c09932c56dc5f3d8d03043d8beb03aff609c2a0d027b228-1293948578





Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on January 02, 2011, 06:08:20 PM
Thanks Marc for helping improving detection.
Where are you getting that many samples? (you can PM me if you want) ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on January 02, 2011, 07:59:06 PM
Sent you a PM.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on January 02, 2011, 09:31:39 PM
Sent you a PM.
Thanks. Me too, with a third honeypot link.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on January 03, 2011, 06:02:08 AM
Trojan.KillAV

http://www.virustotal.com/file-scan/report.html?id=23f5c8525b56f0fc94ff6acca872d6789352468619d4d4ade4989f2138911a23-1294030811
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on January 04, 2011, 07:22:04 AM
Trojan-Ransom.

http://www.virustotal.com/file-scan/report.html?id=6484329b4044f19355263bcbce4830fc93a125aa67f8445eae1459561fd866af-1294122041
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: iRonzel on January 05, 2011, 07:53:55 PM
FakeAV

http://www.virustotal.com/file-scan/report.html?id=f5b3b8959908d2de29ff34222b7ec7ae51e1f7c0634f6028f26c17250aa0c954-1294252989
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on January 07, 2011, 06:35:01 PM




http://www.virustotal.com/file-scan/report.html?id=2bf94a1599e80d51a2d9c9dca0caf48e96b17516dfe4408faa59128f3fa45775-1294415684


http://www.virustotal.com/file-scan/report.html?id=7afcf69d42a053208c0262569e81a7cad403eca066358f67e87717682a05a38c-1294417539
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on January 08, 2011, 09:59:36 AM
Rogue

http://www.virustotal.com/file-scan/report.html?id=bee575ab0030b49d32c268d85ada5534143d2894a9e5a928456fc5551a666d14-1294476920
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on January 08, 2011, 10:34:23 AM
http://www.virustotal.com/file-scan/report.html?id=9a062a3511623c42dc8e76c400f9b12fc3e57067a8073329cc1cef9d1d4886eb-1294435119



http://www.virustotal.com/file-scan/report.html?id=e06864809154e423b95acb73e39fb8959850c5e1a57f06594284085156fbdaab-1294440627


These samples detected now
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on January 11, 2011, 08:03:06 AM
http://www.virustotal.com/file-scan/report.html?id=1a524958890c08f3f2580d1a0d4bc62fc21ba5e90affd94575dad80bcaffc617-1294729202
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on January 13, 2011, 09:44:56 PM
http://www.virustotal.com/file-scan/report.html?id=89ab49432bc7d004da63eef88380594cb52a8918e493142213a033d08345d622-1294936404
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on January 14, 2011, 10:31:52 AM
http://www.virustotal.com/file-scan/report.html?id=b40e831b843bc7efb7baea32cc6451399c830901b9feab16c38762dd84423567-1294993303
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on January 14, 2011, 11:01:03 AM
http://www.virustotal.com/file-scan/report.html?id=36de61175198135ac1d6cb8a7e58e34b788ab7b7fdea6817b78f75ff5c0bd4b1-1294998458

Send to Avast! / 13.01.11 / 08:01 h.

With two other threats, they are added and it's not!
Why?

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on January 15, 2011, 10:33:47 AM
http://www.virustotal.com/file-scan/report.html?id=abe490ee1505982ea8b8cb680750bb0a17da0466942364287f6fc9df09559f8c-1295079421

http://www.virustotal.com/file-scan/report.html?id=e9771228be35876e8881db3cc515d4a84d271e525039fbebd3b7cf907c41b4f3-1295080564

http://www.virustotal.com/file-scan/report.html?id=b860908a0ce8e12db727691e418fb011feb3d925a9f96d09e0db9e3739b41593-1295081247

http://www.virustotal.com/file-scan/report.html?id=90f4d26a39c65d545ee8f048af9e21f08b0053a084c86f836cff89e362ac65c2-1295081684

http://www.virustotal.com/file-scan/report.html?id=4c25f1cd0a7e65f2dba1c32d99c8d0d5efdee7bc13f8d486c2983c71891647e0-1295082318

http://www.virustotal.com/file-scan/report.html?id=1aaa29e20cda6fc418f5c14f62d1703e882e9b9110b0b0b1a9c5c1cbc80253b4-1295083603
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: kirill_ant on January 15, 2011, 03:05:22 PM
Autorun-Trojan
http://www.virustotal.com/file-scan/report.html?id=de2303914426964bcba26dc6d350d625b27665720f69d99c2001b71aee674142-1294996708
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Bender1000 on January 15, 2011, 07:43:04 PM

http://www.virustotal.com/file-scan/report.html?id=84b68fd5e08236f8dc1814542c1b288e9be2067e7d9d1445c22df5d2841c20ec-1295116584
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on January 15, 2011, 11:30:33 PM
http://www.virustotal.com/file-scan/report.html?id=7085183d7e8073b2d7419ed2d3bebae103e7cb3e8ae2edacc6f4f62fde7efa26-1295130264

http://xylibox.blogspot.com/2011/01/fake-kaspersky-site-host-ransomware.html


Sent to Avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 15, 2011, 11:38:06 PM
http://www.virustotal.com/file-scan/report.html?id=7085183d7e8073b2d7419ed2d3bebae103e7cb3e8ae2edacc6f4f62fde7efa26-1295130264

http://xylibox.blogspot.com/2011/01/fake-kaspersky-site-host-ransomware.html


Sent to Avast


Can you change http to hxxp. Thank you.

Bye Lep pozdrav ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Altarir. on January 15, 2011, 11:47:37 PM
Can you change http to hxxp. Thank you.

ehwhat, those links ain't malicious
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on January 15, 2011, 11:58:02 PM
Can you change http to hxxp. Thank you.

ehwhat, those links ain't malicious


+1
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on January 17, 2011, 05:02:14 PM


http://www.virustotal.com/file-scan/report.html?id=7085183d7e8073b2d7419ed2d3bebae103e7cb3e8ae2edacc6f4f62fde7efa26-1295279942


The threat was not added (
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on January 21, 2011, 11:00:24 PM
http://www.virustotal.com/file-scan/report.html?id=887bef6ec0076adedfca1923f3bc1dacef310b2f788f17de12cc3c400e04313e-1295645413


Please check this sample
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on January 22, 2011, 12:41:29 AM
KoenG, do you have that sample? Did you submit it to avast team?
Sure it is infected...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: iRonzel on January 22, 2011, 08:36:12 PM
Also, check this

http://www.virustotal.com/file-scan/report.html?id=a32eccc3279782c89e491a3840a0cc9a269d88183514b9cd21f911c9062e2018-1278522524

http://www.virustotal.com/file-scan/report.html?id=1df1026a0aaa32d58514cd6bb75acd4e4275310144b980f2d2506f0f07f328fc-1295703326
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spg SCOTT on January 22, 2011, 08:45:16 PM
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...


All it takes is for the person submitting the file to add it to the chest and scan it every couple of days, and when it is detected, simply edit the relevant post to say that it is now detected. Otherwise IMHO there is no point in just posting the links...
This is what I do if there is a sample that I have to submit (good or bad) leave a copy in the chest, and then scan it every couple of days, once it is detected/removed from detection then the file can go.

You can even add comments via the chest so that you can keep track of the file itself...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on January 22, 2011, 09:54:58 PM
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...
They already posted they won't "follow" this thread... They would analyze the samples sent to them.

This is what I do if there is a sample that I have to submit (good or bad) leave a copy in the chest, and then scan it every couple of days, once it is detected/removed from detection then the file can go.
It would be a good think a track back from the user, yes.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spg SCOTT on January 22, 2011, 10:02:55 PM
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...
They already posted they won't "follow" this thread... They would analyze the samples sent to them.
Sorry, I didn't mean avast team, I meant those that post the links...
For instance, Marc57's post (http://forum.avast.com/index.php?topic=64122.msg577568#msg577568) (nothing against him, just an example of what I meant) according to VT, there is another report which shows avast! detects it. All it needs is for the user to edit, and say it is now detected. Otherwise we just have a bunch of useless links...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: KoenG on January 23, 2011, 12:42:47 AM
KoenG, do you have that sample? Did you submit it to avast team?
Sure it is infected...
No tech i have not this sample i copy/paste a VT report to the Avast Forum
from the VT site
The problem I have with this thread is that there is no follow up from anyone that is posting the links to Virustotal...


All it takes is for the person submitting the file to add it to the chest and scan it every couple of days, and when it is detected, simply edit the relevant post to say that it is now detected. Otherwise IMHO there is no point in just posting the links...
This is what I do if there is a sample that I have to submit (good or bad) leave a copy in the chest, and then scan it every couple of days, once it is detected/removed from detection then the file can go.

You can even add comments via the chest so that you can keep track of the file itself...
And sorry But is there not any following as a VT link posting on the avast forum

sorry for my bad english and for possibly  
misunderstandings

And can everyone now back ontopic please






 
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on January 27, 2011, 06:24:01 PM
nice list
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on January 27, 2011, 06:27:00 PM
http://www.virustotal.com/file-scan/report.html?id=6de1250a22772eb6417e3e896961a3cc6e227b5eb781172d61ca8145c4018b7a-1296086845
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on January 27, 2011, 06:27:47 PM
http://www.virustotal.com/file-scan/report.html?id=fab272012d934f75915cd888f213e8857c390086363351eab3bf69f19ce67b65-1296108950
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: PaCKINheAT on January 27, 2011, 06:28:21 PM
suspicious http://www.virustotal.com/file-scan/report.html?id=a8e30a4da9360ec5350668beaf5e987d7ca60b0c7a68a4814daca11d62a4c99e-1294314942
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on January 27, 2011, 06:41:45 PM
nice list

But a pretty pointless one as no one goes back and edits their posts when the malware sample is detected.

The links are of no use to avast, only physical samples can be analysed, so just send those to avast.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on February 12, 2011, 12:20:48 PM
one more problem are


i have See real malware on virustotal links but ppl Say its goodware just for lure other ppl,

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on February 12, 2011, 02:59:32 PM
Are you really ready believe these anonymous people that you haven't a clue of their experience or intent, trust the weight of independent AV scanners rather anonymous comments.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: goodjohn1984 on February 13, 2011, 12:47:11 AM
Possible Java Malware:

http://www.virustotal.com/file-scan/report.html?id=ddfa23f9459b18b258f488fe0c06d66d5b7177e0f5325e72fde365df9ca8b30e-1297551741

http://camas.comodo.com/cgi-bin/submit?file=ddfa23f9459b18b258f488fe0c06d66d5b7177e0f5325e72fde365df9ca8b30e

MD5   : f780a5b1d533e3b906ba46d16e482fd8

Spirit.exe:

http://www.virustotal.com/file-scan/report.html?id=c8561e9b17c476344caadcfef70ce47d92c6c000261c549757457f4bfb190b7d-1297550795

http://camas.comodo.com/cgi-bin/submit?file=3751c585215f0f3126f0c761d6b314fd8634572ab09a9cf803d5cdc5393ffd3d

MD5   : 2b13ffc376f749f74a105a441f4a1517
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on February 14, 2011, 07:00:43 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=b3128a468a31dbb173bd8be9b62f57a739a367a72ff5b59d282c6eb26154c4e4-1297661465
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on March 20, 2011, 06:06:38 AM
Rogue Antivirus.

http://www.virustotal.com/file-scan/report.html?id=7781770a95896c5fb2ea83b9861ab99427a5f4da12dd67ffcacf56bdb4c249ea-1300597180
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 20, 2011, 05:29:00 PM
Good find, Marc57,

Avast also misses out on Palevo alias G bot a bit here: http://amada.abuse.ch/?search=91.217.162.24
Click the virustotal analysis there...and see for yourself

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on March 20, 2011, 05:41:17 PM
Rogue av called Clean this,clone of ThinkPoint and Palladium pro.
https://www.virustotal.com/file-scan/report.html?id=27eb412b15445b87ee8b35e419ce6147b69b4d623d6ce66a7993a331b8a0c708-1300519352
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on March 20, 2011, 07:35:18 PM
suspicious
http://www.virustotal.com/file-scan/report.html?id=190c6f801c134f32cba465e78d0a02efdf183dd8892514072a0505dd61a65be0-1300646017

suspicious
http://www.virustotal.com/file-scan/report.html?id=5cce92dc7ea0ba7f93b5f92bf2897a0697926bd3240e5f54237742a4d9fe84e4-1300646440

trojan
http://www.virustotal.com/file-scan/report.html?id=ce3b536fd55af6786370727ff47ed16ec7b285c26a197de35fb769772498cabf-1300647316

hotkeyshook
Why there is detection at all samples but not at this one (There should be HotKeysHook-I)
http://www.virustotal.com/file-scan/report.html?id=5fdb84a878575d3440a5f5600a6532a7ccc7bd0b401e9eb33c3af9843b977097-1300647461
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on March 20, 2011, 07:37:07 PM
danny96, did you submit the sample to avast? See #1 post of the thread.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on March 20, 2011, 07:39:34 PM
danny96, did you submit the sample to avast? See #1 post of the thread.
It's not from my PC. Just looking at some trainers on website www.abecedaher.cz...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on March 20, 2011, 07:39:52 PM
trojan h@tkeysh@@k.dll
http://www.virustotal.com/file-scan/report.html?id=0740e9df2dbb197a3b1a62be505ea2657673a5a4485815d56db7a56b9c874281-1300646150
(had this in computer - very danger)

Well, avast dedects it. Look at your VT link. ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on March 20, 2011, 07:43:31 PM
trojan h@tkeysh@@k.dll
http://www.virustotal.com/file-scan/report.html?id=0740e9df2dbb197a3b1a62be505ea2657673a5a4485815d56db7a56b9c874281-1300646150
(had this in computer - very danger)

Well, avast dedects it. Look at your VT link. ;)

LOL sorry. But shouldn't be added detection for Avast! 4.8?
EDIT: Added next link
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 20, 2011, 10:00:40 PM
What is this TrjKrap.AZ? Not detected here as Win32:Malware-gen by avast: http://www.virustotal.com/url-scan/report.html?id=66c68e7cdb39871cf218bf320f42686b-1288938948
see file analysis: http://www.virustotal.com/file-scan/report.html?id=a5976124178be0ff7c864f3d74d36f372422bcca404d01697e6431f29dff8f9e-1288942583
Found here:
2011-03-20 20:28:31   htxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9   F0E35CDBDBB2B56003EFD859720BDFC7   184.85.147.191   US   TrjKrap.AZ
2011-03-20 20:28:29   htxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7   F749BF47AB457E7F5670BE0B55C8DFA2   184.85.147.191   US   TrjKrap.AZ
See: htxp://jsunpack.jeek.org/dec/go?report=fbe72914baadd9d253939dad06b0b5ccf98a8e56
Found benign: http://wepawet.iseclab.org/view.php?hash=d2b1b6a4068971379ab528362d3ae0b2&t=1300654385&type=js
But see: http://www.pandasecurity.com/homeusers/security-info/218557/Krap.AZ/
Should be detected by avast as Win32:Malware-gen,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 20, 2011, 10:15:55 PM
Malicious Flash_Player_10.2_update_for_Win.exe not detected by avast as Win32:Renos variant...
see: http://www.virustotal.com/url-scan/report.html?id=48cb08b5fffd3b0c69f9662e2b1d8da5-1300651632
file analysis: http://www.virustotal.com/file-scan/report.html?id=8801fb51b54dc45069154d262135e1ddd77d2142aa8cb1a70e3e56bf3222d07b-1300655236
See: http://www.sophos.com/security/analyses/viruses-and-spyware/malfakeaviz.html?_log_from=rss
Also found to be suspicious here: http://wepawet.iseclab.org/view.php?hash=48cb08b5fffd3b0c69f9662e2b1d8da5&t=1300655461&type=js
Acompanying Anubis report here: http://anubis.iseclab.org/?action=result&task_id=1e47e25cfa4212b94d5c0dbfb942b6e07

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 21, 2011, 07:00:25 PM
This parasitic virus that infects Win32 PE executable files missed by avast, see: http://www.virustotal.com/url-scan/report.html?id=0fada3e4220ae5e9bb7e9a0f255115de-1300726070
file analysis: http://www.virustotal.com/url-scan/report.html?id=0fada3e4220ae5e9bb7e9a0f255115de-1300726070
= 2011-03-21 16:52:06   htxp://nutromchuu.co.cc/release/d2f0b5c46987429e2ad87a745a130a92/Internet-Explorer_update.exe   2D7307DCB9E615FFD1A28C3089F9CA4A   46 . 16. 240. 3    UA   JSSality.AO
See: http://wepawet.iseclab.org/view.php?hash=0fada3e4220ae5e9bb7e9a0f255115de&t=1300729945&type=js  (suspicious}
accompanying Anubis report to be found here: http://anubis.iseclab.org/?action=result&task_id=1cd3f576f2e1d72d4b1515c19f4c57216
see: htxp://jsunpack.jeek.org/dec/go?report=519636b9a472c69744b37908c41fe4409ab1c24c (this link only for experienced users)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 21, 2011, 10:43:19 PM
Here this suspicious IRCBot malware was not detected. Resides here: 2011-03-13 01:49:03   hxtp://www.etoro.com/SDL/typeC/eToro1140.EXE   AA34FA609C772A1A75960912A863E7AC   188. 95. 97. 212   NL   PHPIRCBOT.CE   

See url scan: http://www.virustotal.com/url-scan/report.html?id=58a3500d79093f8d48f351b8b2618894-1300739399
File analysis scan: http://www.virustotal.com/file-scan/report.html?id=6492099ee8a84d0a6e7c9152d44517444a8906244197a8453be52b29830c3311-1300743017
Suspicious: http://wepawet.iseclab.org/view.php?hash=58a3500d79093f8d48f351b8b2618894&t=1300743150&type=js
Anubis report: http://anubis.iseclab.org/?action=result&task_id=152b9df0e8a5515c4ed6a81498033f41c
 
Sig buster output: Wise_Installer vna SN:1361

another example of PHPIRCBOT.CE can be found here:
 htxp://2gov.co.cc/pk2/ktytyvjlfli see for this: http://www.malware.pl/report/195.80.151.83

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Marc57 on March 26, 2011, 05:04:11 AM
Rogue Installer.

http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301111394
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 26, 2011, 03:25:01 PM
Nice find, Marc57,

Good to give a couple of the resources where this malware is treated:
htxp://malc0de.com/database/index.php?search=KR&CC=on
Go there only if you are security aware enough and know what not to click and better even what not...
and then we will land here:
htxp://malc0de.com/database/index.php?search=vaccinescan_set (for experienced users only)
where we have 5 variants with ThreatExpert reports,
If we do a bit of reconaissance we see the malware site 124. 217. 218. 10 is down, so that makes the
find a bit more irrelevant. But there seems still activity from there:

htxp://down.rprotect.co.kr/rprotect/rpwacherh.dll
trojan fake-alert see: http://www.virustotal.com/latest-report.html?resource=f920958410f6ebaddfc9a1a4d66db082
Which avast naturally detects as Win32:Adware-gen
Do not visit that site, because it also infects with Win32:Virtob
see: http://www.virustotal.com/file-scan/report.html?id=9f1410c3796ddf9348f7a0bcc85a381b500d639b550918797f2abbd65e47a1d1-1299580539
So also neatly detected by good old avast, because we can only detect what is there,
and dead links or malware sites that have been brought down do not count...
But let us see if "vaccinescan_set_etc." resides somewhere else and is alive?
4 alive of 5 found at malware for domain search:
virustotal reports for the live ones are not very, very promishing,
so we see how important Marc57's posting was:
http://www.virustotal.com/file-scan/report.html?id=395feefcaa6ab9a02d489bbe03826e6df1bb6cda20087bc4dfec471341ddfa85-1300866728
&
http://www.virustotal.com/file-scan/report.html?id=8212515ad446410f6d47e9eae6eb4906fa9532b5e4952b28d843fd86b5dccfb5-1300853172
&
http://www.virustotal.com/file-scan/report.html?id=21b7dfcc8b2572ab78a30e4e7974a60998841c7d8ef7f746310d0813c6cdb445-1300853156
&
here detection is slightly better with 10 /42 (23.8%)
but avast misses it altogether:
http://www.virustotal.com/file-scan/report.html?id=bf12984f90b2c8afb8f3b5a5149eabc9c979a61736b2f414d444b6903a4135d3-1301117268

So sometimes it is worth delving a bit deeper with our cold renaissance methods,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 26, 2011, 09:38:39 PM
Oh and just another thing, if you know where to look, you can even find some binairies for the malware that
Marc57 found, let's see, here:  http://report.xandora.net/xangui/malware/view/efaeff5a90c6173b0b92d338b598f2f6

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 26, 2011, 11:39:20 PM
Here malware is residing at hxtp://cfteam.net/test/futurepack/tscplus.exe
Nice article on this malware can be found here:
http://www.offensivecomputing.net/?q=node/1448
See virustotal results here: http://www.virustotal.com/file-scan/report.html?id=84937ad73b04cf21c4bd9347ae4aeea578fe13db5cb8b7cae9fc72e1c0085ea2-1266518648
avast not detecting...
ThreatExpert report here: http://www.threatexpert.com/report.aspx?md5=b120c36aed67701358ad92e70f051820
Xandora does not have it yet, wepawet gives it as suspicious:
http://wepawet.iseclab.org/view.php?hash=1327791e62383cad70171e3ca315685e&t=1301178928&type=js
Anubis report: http://anubis.iseclab.org/?action=result&task_id=1e85aa90196fe77b41143c0da86cdd561&format=html

and look here: http://www.prevx.com/filenames/186858952724755476-X1/TSCPLUS.EXE.html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 27, 2011, 04:54:49 PM
This zbot detection missed: http://www.virustotal.com/file-scan/report.html?id=28ef64ff922b12a8ecbe261f8046745f7f8ece9b8a1bfabf816984620a219436-1301236544

malware found to reside here:
htxp://rtfsti.com/fb/comments/facebook.update.utility.exe

See: http://info.prevx.com/aboutprogramtext.asp?PX5=3F9CD08D0002F9FB182F02B901BA7D0045ACED23

Here avast finds another variant:
http://www.virustotal.com/file-scan/report.html?id=81b65dd4f92fc29ba3f8062ed69fcb89a703e1c7d1ded2ff956aee11d5a2c0f1-1300555240

There is a lot of variety in this malware: (searched for W32/Pinkslipbot.gen.ae):
http://xandora.net/xangui/malware/search?by=name&keyword=W32%2FPinkslipbot.gen.ae

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on March 27, 2011, 07:54:27 PM
Rogue Installer.

http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301111394
This one is detected
There is a more up-to-date report (13/42) for this file.
Title: Re: Samples missed by avast (VirusTotal links only!) [1 SOLVED en 1 non-detect]
Post by: polonus on March 27, 2011, 09:59:35 PM
Detection for vaccinescan_setup.exe as mentioned by danny96,

http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301111394
avast detect since:
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301236936

But from this domain this is still up: htxp://down.vaccinescan.co.kr/app/down/vaccinescan_setup.exe
virustotal result: http://www.virustotal.com/file-scan/report.html?id=bf12984f90b2c8afb8f3b5a5149eabc9c979a61736b2f414d444b6903a4135d3-1301226435
and
http://www.virustotal.com/file-scan/report.html?id=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301080931

ThreatExpert analysis: http://www.threatexpert.com/report.aspx?md5=41216f1f6e0358eaadd1d6782963e330

This new variant not detected ny avast

See: http://camas.comodo.com/cgi-bin/submit?file=bf12984f90b2c8afb8f3b5a5149eabc9c979a61736b2f414d444b6903a4135d3
and http://camas.comodo.com/cgi-bin/submit?file=dc6261c9d0b8d0f486ce55f8d191b96439007569df516087412cd3fb00462350-1301080931

description: http://www.norman.com/security_center/virus_description_archive/79262/nl  (norman detects this
malware)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 28, 2011, 10:17:02 PM
This malware resides here: htxp://youtub.hi2.ro/Client.jar  (JAVA_DLOADER.VTG)
See: http://www.virustotal.com/file-scan/report.html?id=35970e91c4d3364f8b05f5b40d892224084c7fc207af4db8165ebf6ca9bd5357-1301338614
See: http://wepawet.iseclab.org/view.php?hash=145d4e3fc6a7adc87d664b817fa57f08&t=1301342685&type=js
also found here: htxp://86.96.195.185/Client.jar
http://www.virustotal.com/latest-report.html?resource=a6091a6335ec1fd34e8358010c044270
&
htxp://bejn.fileave.com/Client.jar
http://www.virustotal.com/latest-report.html?resource=0521c911e442cd9eec927d8439731a76
&
htxp://80.74.139.159/joomla1/tmp/sernac/cl/informes/Client.jar
http://www.virustotal.com/file-scan/report.html?id=35970e91c4d3364f8b05f5b40d892224084c7fc207af4db8165ebf6ca9bd5357-1301339415
&
htxp://www.tinyology.eu/biliard/Client.jar
http://www.virustotal.com/file-scan/report.html?id=35970e91c4d3364f8b05f5b40d892224084c7fc207af4db8165ebf6ca9bd5357-1301339415

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 04, 2011, 11:53:36 AM
http://virusscan.jotti.org/en/scanresult/397d3a1752993f12d11499c860944b2fa3b923c5

http://virusscan.jotti.org/en/scanresult/d7929e26d39b47efdf14bc6848601ba81b312129/4b736f82be65d609f35f17e2785cd78047059860

http://virusscan.jotti.org/en/scanresult/5ab878a34f0ccc12367fcdd76af6a6e33c3346d2/57cbac84f39be03486b7d849bfdeb89bb4b1ab7b

http://virusscan.jotti.org/en/scanresult/6089fb91fbeb68c3bdf024c43f1f8fcd3c75884f/abfe303db49b96d3b83fff02e27de2cc2211c4bd

http://virusscan.jotti.org/en/scanresult/53a76d9807b6f542263639c14362087cd00b6192

http://virusscan.jotti.org/en/scanresult/a41f5aa76ceb8da0b2442f5aedc08487d46fff2d

http://virusscan.jotti.org/en/scanresult/51227e87ab211b9870023fadf3014200b6fda9f8

sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on May 04, 2011, 02:43:49 PM
Thanks Burkoff for helping improving detection :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 04, 2011, 05:38:11 PM
Another one here: https://www.vicheck.ca/md5query.php?hash=43cb55861b7fcf1dfb6968c9ef110bcc
with VT results here: http://www.virustotal.com/file-scan/report.html?id=d4abc27a80312e066fc816e537394a33719b8ac11f5d277dc26f88a899548dad-1304483504  new Spy.Spyeye variant...

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 06, 2011, 12:08:47 AM
Is this being detected, see: http://wepawet.iseclab.org/view.php?hash=a0beb67f63645e5251c6df9bd5334ab0&t=1304632923&type=js

See: http://www.virustotal.com/url-scan/report.html?id=81647288eaf692b562bedd017aa95f67-1304625248

webshield should flag Java Deployment Toolkit

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 06, 2011, 03:22:09 PM
Sample missed: http://www.virustotal.com/file-scan/report.html?id=ee2b6faa5ea31285a57b75e529f1592b07d97ba6988bf51fcacd44a8e6014f65-1304121091
and
http://www.virustotal.com/file-scan/report.html?id=73cd5020efbb972ab0231236db98c3de225c06c4d4378747426527a1685c965a-1304339382

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: cleanthis on May 06, 2011, 04:06:21 PM
this  http://www.virustotal.com/file-scan/report.html?id=550efefe40429ccada456de083bad2a31d1400868bc25bc7cdc0dd2d96559d6d-1304673863


infects xp, undetected by avast, runs fake fraud security program and disables avast

spybot sd was able to clean it out

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on May 06, 2011, 04:44:56 PM
As the title indicates this is for VT links only not the posting of file sharing for malware samples.

They should be sent directly to avast, as you have no control over who might access this link nor what they might do with the sample. So please remove the link.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 11, 2011, 11:10:45 AM
http://www.virustotal.com/file-scan/report.html?id=e2781ec26cc64f0607722627fab60816a3c160901d778fb463d1bec7a4d7f251-1305104212

http://www.virustotal.com/file-scan/report.html?id=f9fa550003521926e1d94413b3399f25bec11f96a232850211481a61c87d751e-1305035502

Sent.

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 11, 2011, 10:12:16 PM
Not detected by avast: http://www.virustotal.com/url-scan/report.html?id=641577c40b41da0a4e98c73f67524f04-1305137300
see: http://www.virustotal.com/file-scan/report.html?id=971c34a0b571d4a8da79b7d8cf52296a54ce18d9e6bff670b80c97dd4d603924-1305144526

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 15, 2011, 10:42:13 PM
http://virusscan.jotti.org/en/scanresult/d3619aff5e94ad739f3986992d537f58cb604b0f

and others sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!) [SOLVED]
Post by: polonus on May 16, 2011, 06:56:42 PM
Was this the same malware as scanned here: http://www.virustotal.com/file-scan/report.html?id=ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b-1305526099
reported to VT as Necurs rootkit with funny blacklist by VT Community User  EP_XOFF
Kaspersky does not detect it at the VT scan of May 16th last,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 18, 2011, 10:55:37 AM
Was this the same malware as scanned here: http://www.virustotal.com/file-scan/report.html?id=ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b-1305526099
reported to VT as Necurs rootkit with funny blacklist by VT Community User  EP_XOFF
Kaspersky does not detect it at the VT scan of May 16th last,

polonus

http://www.virustotal.com/file-scan/report.html?id=ae090428cb05c1d951e1641d0471b6533a5bda75db1c557cca057a3372d0336b-1305708308

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 19, 2011, 01:01:25 PM
http://www.virustotal.com/file-scan/report.html?id=ed19b58dc831d9b29d0cbb759be5f262df9723520308dcb1b7fb693f15f90ceb-1305800557

http://www.virustotal.com/file-scan/report.html?id=9976d50ad3d38cca91096a062a69875efc5758d6da8fe5ddbd7fa4f432deb1f3-1305794383

http://www.virustotal.com/file-scan/report.html?id=4012f175141859ccf79b82ff434b3bc78802ed276e99a75f97ce9c6f1ee9b8cf-1305800901

http://www.virustotal.com/file-scan/report.html?id=2caa418b31686dd8213a7b7ab5e8e965c612f68371be4d5a2b738d83f6449097-1305801522

http://www.virustotal.com/file-scan/report.html?id=5397a8aed08dc72b352c5f0d85d24f9e5cbb6028723860b8b1c6fd9dbe460b11-1305801694

http://www.virustotal.com/file-scan/report.html?id=5e8bf5047362c4d6e0abfb2439b80f02a93d80393322400fab9c48c4e7eb9590-1305801771

http://www.virustotal.com/file-scan/report.html?id=503d885e8f84d9fb3f2bf0d306c1270413e6450987076216f72779bc9215a469-1305801899

http://www.virustotal.com/file-scan/report.html?id=5a09cae05fe28d6067d516b045e9a646ebdf6a3c50cb5abd41c97b101968e5e4-1305801988

http://www.virustotal.com/file-scan/report.html?id=94105bafc9f65fd8b0585e75fe56046ef3f722be3253c2461fc79dee48945258-1305802096

http://www.virustotal.com/file-scan/report.html?id=9688c395c810e7d42ae0f1adad18ac580a72515fd467d4ca8de021137c0384f0-1305801674

http://www.virustotal.com/file-scan/report.html?id=d7e359f175b09f40ae19c4d58d22d4e5dfd3514aae36a810590059a39d5110d9-1305802429

http://www.virustotal.com/file-scan/report.html?id=1232441fc19e1699a5bb0e1fa8a1b512e34c12e115e5888c06336c14f0847188-1305801996

http://www.virustotal.com/file-scan/report.html?id=4ee4be381b51c96db49ea85b6db9d3fdcad5a705ae79d128e61523f3d58e6730-1305802579

http://www.virustotal.com/file-scan/report.html?id=1664f32dbd501190884bd2dedb15c5dc092fa057406592fa01ce7fc795695e3b-1305802676

http://www.virustotal.com/file-scan/report.html?id=72050a447bea7c7138080b931b885eb253eaa30598a2cad421cfd6e35c67386f-1305802745

http://www.virustotal.com/file-scan/report.html?id=bfae2d6eb055defad1a1ceb00d35f125cc7d6c59f1c04e42a901f52a1f0c7169-1305802295

http://www.virustotal.com/file-scan/report.html?id=d0ace36fd1326700a0f65c2d66a7193e5516b55760869f7689d7158b2dc376bc-1305802885

http://www.virustotal.com/file-scan/report.html?id=73960394a70b102c8484afda811a7b9420df960cface8647bfbe35f327726f47-1305802472

http://www.virustotal.com/file-scan/report.html?id=dd4180ea68df45fa0e210ce089b250a34d32e73dc677894a4466081a397b5547-1305803054

and others sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DCS on May 19, 2011, 05:51:48 PM
http://www.virustotal.com/file-scan/report.html?id=137e9afb4c49ceab45fff506f5a92b5cddedcac1694adcd5eb6b962d28dce5c1-1305819545
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 19, 2011, 06:32:07 PM
Hi DCS,

Similar malware not detected here: http://www.virustotal.com/file-scan/report.html?id=02fbee1adf9167199c07a27deede89f8db8710aed06fd3ffca9fe102ffeb5a72-1305737459


polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 21, 2011, 05:15:07 AM
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=625

http://www.securelist.com/en/blog/11266/Rootkit_Banker_now_also_to_64_bit

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on May 21, 2011, 01:53:58 PM
http://www.virustotal.com/file-scan/report.html?id=dfbdaf4621aa82cf142b02d2d4011fec8f3a1e942954949139791e963056ba41-1305977721

http://www.virustotal.com/file-scan/report.html?id=8b71c8e4bddef1b145b824365de43b2fe9b837a55b024448a578ef31bb334659-1305978627

sent to avast!  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 23, 2011, 12:51:48 AM
Another one here: http://www.virustotal.com/file-scan/report.html?id=fad4568347cc738715f369841c75c64c574a459ff232fc721de62fd6e9daf077-1306087743
a TR/Crypt.ZPACK.Gen variant detection...

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 24, 2011, 10:28:59 PM
VT scan result: http://www.virustotal.com/file-scan/report.html?id=d602509ad79860b3d019d90626836da344b09a24c28868347333ea6244fcae68-1305067609
and here:
http://www.virustotal.com/file-scan/report.html?id=d60d11aaaf0f89f77563cc49cf4e1deebb7f34b00353aee5f9512a8ddcb60a44-1303985474
See for malware: http://tools.sucuri.net/?page=tools&title=blacklist&seeall=1&detail=591226c1fb8da24e59e4e238bf8606ce

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 25, 2011, 12:18:57 AM
Hi Burkoff,

[SOLVED]
We have detection here: http://www.virustotal.com/file-scan/report.html?id=8b71c8e4bddef1b145b824365de43b2fe9b837a55b024448a578ef31bb334659-1306258405

and

http://www.virustotal.com/file-scan/report.html?id=dfbdaf4621aa82cf142b02d2d4011fec8f3a1e942954949139791e963056ba41-1306151345

Means avast users are now being protected,


polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: SHAGGIE on May 30, 2011, 11:36:18 AM
Below are just a few from a personal collection of mine over the years to find to my amazement, Avast is missing out on some fun. Now I do have to state I do like Avast and enjoy using the product, however I am sad to see things like this occur. I have submitted several of these files to the lab time and time again to find no new changes in my scans. I hope we can refrain from insulting me for my huge post here and maybe work together as a community and solve this lack of detection. If you care to view the links, Please take note on the Dates on all of them. I think you will be in for a good one.


Until next time,
Shaggie.Rydez
___________________

http://www.virustotal.com/file-scan/report.html?id=07fcc10185ff940d84a6ce10cd9dcb459a9316a472209e27f5bf835ca90abe20-1306744067

http://www.virustotal.com/file-scan/report.html?id=783a565ae5b4facf66622acb2ede3b11dadf655a4ef66bdd02feb0fc2224b770-1305044090

http://www.virustotal.com/file-scan/report.html?id=54c1d5e2059f880f76c361b18f3c5d93ef188e41e82c5ccc4c0b96830ceef7e0-1305296788

Setup-trial.exe: submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=cb9f592aa5dd134775c4c4a2599701c696e102d9f4b647530bcacc3558ae76c9-1306744525

http://www.virustotal.com/file-scan/report.html?id=9f2864435b39e128e0a4b8a81308461d014fbecb67a380ea215c3418ecc3c70d-1305755334

http://www.virustotal.com/file-scan/report.html?id=8281f06cc07dd377ecf78d9f1e435679f4b27f2d3f4f9ea727027e56e0e57b5f-1303293776

https://www.virustotal.com/file-scan/report.html?id=9529d01c9488ca48735610b8fe3a9be3f4749952b68e6e23fd1b0a62b8390250-1300057230

EXEfile.exe: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=1cff9194f37821f0141abab28afb08c36b0e8e795e6f766f400b7acaa95e4d64-1306745273

BE.exe: Sumbit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=ac4be6281d33f22c652083d88488892c0f7260b75b61f0ca519e7970dc9672a8-1306745910

antieta.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=3abce78c97f8a0fe9d4b3df48d91a425bf70eaae8db9a8c1f5b354fd72c67389-1306746581

Cih 14.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=e323f74fbc4c8b4855be2f08c340cbde3c3f5461b1af46bc7581930a568bbf05-1306746160

kompanio.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=3eabaab7a9914299abe3526586f70a038c770add1d4580031036b1fa8a1d60d9-1306746233

No Pasaran.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=433817e21202769645877386b8506b6be907ceb23ae1c7854b7826ef4d6cddd5-1306746829

nukeviruses.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=2d41e0c82f548fc09b972bbcdc19cc39660f548303b8c647788cc96fb1ded201-1306746884

ontario3.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=7deea85ae2d59f4b886a00e89f423833ea218ea16530ee745de0d6329d8dbd51-1306746422

v100.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=b79d7f4a2ff942479d562da6197fa983d953aa1b526e22a4dcbb98db3bb53f41-1306746497

virus.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=fba9f3edc6f9931fe9070ebbef0ef0114ff88d91b8f2f645dbd21280921640f4-1306747143

wpart_c.zip
http://www.virustotal.com/file-scan/report.html?id=02519abf272a415583bce7e45b8abe0ae70d7e160351b11b692ab01b7fb32933-1287410138
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 30, 2011, 11:44:17 AM
send undetected samples to  virus @ avast.com  in a password protected zip.file
Mail subject: undetected sample(s)
Password: infected
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on May 30, 2011, 12:12:04 PM
Below are just a few...

Thanks for reporting/helping..!
Btw, interesting: Some of these samples are dedected by old avast, but not by the new one..???
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 30, 2011, 12:21:00 PM
Below are just a few...

Thanks for reporting/helping..!
Btw, interesting: Some of these samples are dedected by old avast, but not by the new one..???

I am guessing....bc they are malware that only works/will harme older OS.... not supported by latest avast, so why detect
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on May 30, 2011, 12:23:45 PM
I am guessing....bc they are malware that only works/will harme older OS.... not supported by latest avast, so why detect

Well, maybe...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 30, 2011, 12:53:59 PM
googled a bit.... the second last sample...this is just a name search, not MD5

http://www.virustotal.com/file-scan/report.html?id=fba9f3edc6f9931fe9070ebbef0ef0114ff88d91b8f2f645dbd21280921640f4-1306747143

Virus.DOS.PS-MPC.2832Detected   
Oct 02 1998 20:00 GMT
Released   Oct 02 1998 20:00 GMT

http://www.securelist.com/en/descriptions/old16509 
if you scroll down, you find the avast detection name from the VT scan
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Jack 1000 on May 30, 2011, 12:58:04 PM
This thread should be pinned for easy reference!  It is a great resource!  Thanks Avast!

Jack
Title: Re: Samples missed by avast (VirusTotal links only!) [SOLVED]
Post by: polonus on May 30, 2011, 05:10:03 PM
New bancos variant detected: http://www.virustotal.com/url-scan/report.html?id=fece6f14a975a38232e01066097d6dab-1306760379
File detection VT: http://www.virustotal.com/file-scan/report.html?id=84906f0069350234d413f8c89aba48ec9543ea027adda400cba4c9fd5f8b0227-1306767585

polonus

Detection here: http://www.virustotal.com/file-scan/report.html?id=84906f0069350234d413f8c89aba48ec9543ea027adda400cba4c9fd5f8b0227-1307115470


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on May 30, 2011, 10:16:10 PM
I have submitted several of these files to the lab time and time again to find no new changes in my scans.
This worries me... I believe avast team has a good and hard effort to improve detection and probably your samples aren't in the wild... But should we wait that much? Does it worth submitting?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 11, 2011, 10:18:47 PM
Avast does not detect: http://www.virustotal.com/file-scan/report.html?id=4719f84d5d67d29fd8cdb24147ed303b75b93dfaeee7ba6fffd2b63d3fc10420-1307819072
See:
http://www.virustotal.com/url-scan/report.html?id=fede0daafc9754597fd358fb662331ba-1304017674

Trojan gen erci1.exe (on the sacour dot cn/list of malicious URLs

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: esr30 on June 12, 2011, 02:16:04 AM
http://www.virustotal.com/file-scan/report.html?id=4cd097131daffef84e6a038c0667d89a8bce5fdf55b1782e139cd706836d5cd3-1307807203

http://www.virustotal.com/file-scan/report.html?id=20a265379b06f20df28d452200b6ec517c2f8eb99827dfed3c50965e32e226cb-1307812518

http://www.virustotal.com/file-scan/report.html?id=14738c45344e8cddb6c1ceb9aaa4734a8b9bf94f8bcf062902a422153c65cecf-1307813175

http://www.virustotal.com/file-scan/report.html?id=c5ed637fa9da0eac54353d35ed49377d7ad3e9c9c02d980ea6d5577312713ae2-1307813398
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on June 12, 2011, 02:37:23 AM
Presumably you have sent these samples to avast, as just sending them to virustotal isn't very effective at all.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: esr30 on June 12, 2011, 11:59:35 AM
From virustotal FAQ

In exchange for providing an antivirus engine you will receive all files submitted to VirusTotal that are not detected by your product and are detected by at least one other antivirus, along with their corresponding VirusTotal reports.

So avast will get the files if I submit them or not.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on June 12, 2011, 01:47:39 PM
So avast will get the files if I submit them or not.

Yes, but it could take a while.
It's always better to submit it directly to the avast! av lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on June 12, 2011, 04:14:48 PM
So avast will get the files if I submit them or not.

Yes they do, but a) it takes time and b) they also get a lot of chaff with the wheat/samples, as has been mentioned in the forums. So it is going to take longer to sort that wheat from the chaff to get the benefit, direct submission to avast is quicker.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 13, 2011, 05:55:22 PM
Hi folks,

This one not yet detected by avast: http://www.virustotal.com/file-scan/report.html?id=75153fa12146d3505d83dda9fb2ae5cedc085f0360adad5640bfe29a2e14c6f1-1307976186

See: http://www.threatexpert.com/report.aspx?md5=5e27d125661e91796759b542c59240d3

See: http://www.garyshood.com/virus/results.php?r=5e27d125661e91796759b542c59240d3

Is the Trojan horse TR/Crypt.FKM.Gen..Fraudtool
Malware link forwarded to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 15, 2011, 10:10:57 PM
Hi folks,

This backdoor,... keys.jpg - ALERT: [PHP/BackDoor.D] keys.jpg
Contains detection pattern of the PHP virus PHP/BackDoor.D,
not detected by avast: VT scan: http://www.virustotal.com/url-scan/report.html?id=c1d19d8a76b2fb50290f6afd3a04b067-1308160512
file detection VT:
http://www.virustotal.com/file-scan/report.html?id=7c55c7b55c745d07ea75c2b944eb6a4ff57447bbc005e7d669851178c48505b6-1308167744  16/ 42 (38.1%)

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 18, 2011, 05:10:46 PM
Hi forum friends,

This sample not detected by avast yet: http://www.virustotal.com/file-scan/report.html?id=1ee330f81e3999a8bfdf95461ccf7052eac3ba04e2b061e7822f90f9fcb3e714-1308408426
generic malware
File hash: 9cd70492ad620bb922ad0bb815708c5a
See: http://vscan.urlvoid.com/analysis/9cd70492ad620bb922ad0bb815708c5a/cmVhZG1lLWV4ZQ==/
&
See: http://www.threatexpert.com/report.aspx?md5=9cd70492ad620bb922ad0bb815708c5a

Sent to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on June 18, 2011, 10:01:04 PM
uploaded to avast / MBAM / SAS   ;)


http://www.virustotal.com/file-scan/report.html?id=1b95fd5c45a1314f4abf593ce012f413f017b93949af506f7a8e85bd3fe79c71-1308425693

http://www.virustotal.com/file-scan/report.html?id=5cae17ca820c5a818e0648cf9de76ad1cc2a7c997c51f8912b67bcdd53b343ed-1308425362

http://www.virustotal.com/file-scan/report.html?id=91eda36708ce8277e84fcbecfb65dfb5e81c0f9ea0e89c70cd38872a66104601-1308425376

http://www.virustotal.com/file-scan/report.html?id=64dfb39015b938dca3e510b1eb3ba08a8535e830abe8ecbfcd2f3d1e765bae41-1308425387
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 18, 2011, 10:30:05 PM
Hi Pondus,

Can this have been a different variant, seen to the MD5 hash?
http://file.virscan.org/report/842711ae4167a3045aee49d8b9b43567.html

See: http://anubis.iseclab.org/?action=result&task_id=1b48f9caf85a67c142906d1ed5ed7893a&format=html

polonus

P.S. And this one: http://www.virustotal.com/file-scan/report.html?id=d6edb11340619afb783ff8086f64c4ecb6733373d26ec57d23432318b8791423-1308412278
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on June 18, 2011, 10:39:37 PM
sure looks like it.....not same MD5


ThreatExpert report on the first sample
http://www.threatexpert.com/report.aspx?md5=2c2d488d727589158f907dd36c04eb9e
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 19, 2011, 04:50:55 PM
Missed by avast redirect to Zeusv2, see: http://www.virustotal.com/url-scan/report.html?id=645dbea8d0d2249d2a3be5f523f28f36-1308487354
and http://www.virustotal.com/file-scan/report.html?id=a4888546e938c43404b307e6416fcaaa06cf7363d94efed5cfbd491280f564ab-1308494558
also re: http://wepawet.iseclab.org/view.php?hash=645dbea8d0d2249d2a3be5f523f28f36&t=1308494638&type=js
and accompanying Anubis report:
http://anubis.iseclab.org/?action=result&task_id=1947012aa7e40552481eed1a3ec1d6ad9
Info forwarded to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 19, 2011, 07:35:28 PM
This malbanker malware, Winsanta.exe not detected by avast, see:
http://www.virustotal.com/file-scan/report.html?id=51f4d16f405ec3d5b7b16d2528a0718613acceb3b03e7e1e4b33fd987350b40b-1308482476
Threatexpert analysis: http://www.threatexpert.com/report.aspx?md5=47ba243c524c6a978a53d36f73663a66

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 20, 2011, 09:12:25 PM
Generic trojan mot detected by avast, VT: http://www.virustotal.com/url-scan/report.html?id=097498da46f8ac24e7b4407db4ffa237-1308588739
File analysis at VT: http://www.virustotal.com/file-scan/report.html?id=0b8a79442001bede8cd3ff233a296e5868cfa48ae6a52b903f46d05e5f91135d-1308596320
See Anubis report: http://anubis.iseclab.org/?action=result&task_id=10a02c524dadf2b942dcdd8b155f0baea

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: grantdb on June 21, 2011, 11:13:07 AM
Hello
This malware was shutting Avast down especially it seemed while Avast was updating or scanning.

http://www.virustotal.com/file-scan/report.html?id=0ed55ae8fc6d7ff2dc4a5175b644f5fc6068c257ceaaf5f2b47e392b786bd1f9-1308641359

emailing sample to virus(at)avast

The file name is system32StopAllWorw.exe but not sure what its classified as (trojan, backdoor etc)

Thanks for great Antivirus software!

Grant
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on June 21, 2011, 01:28:41 PM
Thanks for submitting grantdb.
Malware that kill the antivirus must have special attention imho.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 21, 2011, 03:54:06 PM
Hi here is the behaviour summary for this: http://xml.ssdsandbox.net/view/334fa2a25a6097143f540b26dd13878b
Can also come as part of downloaders:  
e.g.
Look up at ViCheck.ca and get VT results: http://www.virustotal.com/file-scan/report.html?id=e548a71809e0c66deca4aa92752021c1dfa4db2f8deb95b8ba588c2d2abfc51a-1241488981
avast detects...
.\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 efd496c8e5507f188e47df4edbc91aa9  = MD5hash
 

 .\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 407364a0c3ebd0b544d8689c45383935

\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 3c41382942fb749fd6f1f2144e2e9dca

..\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 1db8c421b4fa7bfcddcc14bd38f5c89c


.\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 12cc1b486051536d9ffa7b3459cb745d

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 21, 2011, 05:39:17 PM
Undetected malware

1:http://www.virustotal.com/file-scan/report.html?id=8c16baa04cd8055ffb228cf152a03724cb80fccfbd7f39853af6d08217986ad7-1308667154

Sent to Avast team/lab

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Banankage on June 24, 2011, 05:40:39 PM
Fake antivirus that are not detected by avast

http://www.virustotal.com/file-scan/report.html?id=361d27adc51258db9e3e50858d592dbd6b236aeece3568993a768b255c1b2c6f-1308927934
http://www.virustotal.com/file-scan/report.html?id=d8b361811b4e12bc1e292b074f6cd6150d0f5e45b49ba0912043b8e2eec9a62e-1308928565
http://www.virustotal.com/file-scan/report.html?id=89ee3e6255ec44d1ef7ba3a746d49eecdf860c851c0ac8c0c7631f00fb614221-1308928781
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on June 24, 2011, 05:47:15 PM
Fake antivirus that are not detected by avast
<snip>

If you haven't already done so - Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on June 24, 2011, 08:41:41 PM
Sample send within Chest
http://www.virustotal.com/file-scan/report.html?id=776e3536e987359be4a2d5c7efb1f65e559778695864d1831d97ae74081d1f4c-1308940105
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 24, 2011, 10:50:10 PM
Hi Tech,

Is there a non-malcious variant of this here?
See: http://www.virustotal.com/url-scan/report.html?id=a755004c90acd2e1099ba75185c1a5fc-1308940633
and
http://www.virustotal.com/file-scan/report.html?id=bc9aeb88f809962165852b080f08a812d00880727f4877af8e8ffebc143d576a-1308947839
See: http://wepawet.iseclab.org/view.php?hash=a01a1b7802760698bb8bbf65a887917d&t=1308948344&type=js

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on June 24, 2011, 10:55:29 PM
Thanks Polonus. Just that browsing to learn about the software, I get the link for the malware :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 25, 2011, 12:11:18 AM
undetected malware

http://www.virustotal.com/file-scan/report.html?id=ae98df37be7d00d3dc3c79c7dd2688d8b2be463963795861f36e482dbd3e79c9-1308946250

Sent to Avast lab
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: dirk0914 on June 25, 2011, 06:00:59 PM
submitted to AVAST for more than a week

26/ 42 (61.9%)

http://www.virustotal.com/file-scan/report.html?id=593d8db1d08e10421b66cf8cb74ded2c270d382b3bd7f054a89ef8e7b630543f-1309016384

14/ 42 (33.3%)
http://www.virustotal.com/file-scan/report.html?id=8daef7d62192465bfb791d37cc1f9324444a13e4654e015fd3dc239def5910bb-1309016894

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 25, 2011, 08:32:38 PM
Hi dirk0914,

This could be because the first mentioned malware is no longer online, see: http://anubis.iseclab.org/?action=result&task_id=1a04231d0da67a47471f1fea01df87605 which report was generated 2010-12-23 05:50:01

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 25, 2011, 11:46:58 PM
Detection missed by avast for MSIE ADODB.Stream Object File Installation Weakness attack,
VirTool:JS/Obfuscator.BN aka JS/Kryptik.AX
see VT scan results: http://www.virustotal.com/url-scan/report.html?id=aa04e02c6fa3b44f7a7dc063330d9ec7-1309030299
and
http://www.virustotal.com/file-scan/report.html?id=a42e2ac81838ff31355994d743e0a6510d9ae295634f208b83ec891def1b587b-1309037894

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 26, 2011, 07:57:07 PM
undetected malwares

http://www.virustotal.com/file-scan/report.html?id=bf63ba64f31b09c0656e46beb967e8481816231aa0c59b2d87d959b278942972-1309102892

http://www.virustotal.com/file-scan/report.html?id=2774ecc4438de853e0e38481cce23d19f0c6c7cd5e100ad8692e491e36ef2075-1309105498

http://www.virustotal.com/file-scan/report.html?id=4192374526b17ab2b821a0c150ea11386bbc04163b85b178ce83115a5b150236-1309107430

http://www.virustotal.com/file-scan/report.html?id=b9625af9bd04030c711749e0ad8f434cba5078c771e1b34142b9671dab7f04d2-1309108498

http://www.virustotal.com/file-scan/report.html?id=9f2864435b39e128e0a4b8a81308461d014fbecb67a380ea215c3418ecc3c70d-1309109784

Sent to Avast lab/team
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: esr30 on June 27, 2011, 09:06:17 AM
How do you go about sending files to avast?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on June 27, 2011, 09:18:11 AM
How do you go about sending files to avast?

You can send samples from the chest.
Or send them compressed to: virus(at)avast.com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: esr30 on June 27, 2011, 12:29:16 PM
How do you go about sending files to avast?

You can send samples from the chest.
Or send them compressed to: virus(at)avast.com
Gmail won't let me send you the file.How do I upload the files to the virus chest?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: esr30 on June 27, 2011, 12:45:39 PM
never mind figured it out myself.

http://www.virustotal.com/file-scan/report.html?id=9ed0034f82e0f7ad4f9598576c42c10c5e5da8ba73c3308b7705320e7f3e4c3c-1304343770

http://www.virustotal.com/file-scan/report.html?id=3c9a790d8f31eaf058f0b1fd2be3e972a1c2614472bfa86babfdc51b44728f6e-1309170404
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on June 27, 2011, 01:37:47 PM
Gmail won't let me send you the file.

Sorry, I forgot to mention that you should also password protect the file.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on June 27, 2011, 01:41:49 PM
Sorry, I forgot to mention that you should also password protect the file.
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on June 27, 2011, 01:47:50 PM
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 27, 2011, 05:18:30 PM

undetected malware(s)

1: http://www.virustotal.com/file-scan/report.html?id=10a601f7f5b8e44dfd6633a94db6c6e12b75146b69c53bb35d50e5aa85f33265-1309184204

2: http://www.virustotal.com/file-scan/report.html?id=adff768f7edc9ef282eb192192eddc23adf9514b70fd819089e28f286419f1fb-1309186297

Sent to Avast lab/team
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: iRonzel on June 27, 2011, 06:44:27 PM
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...


True  ;)  Use Hotmail instead. (If you have it)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 27, 2011, 09:15:44 PM
undetected malware

1: http://www.virustotal.com/file-scan/report.html?id=9028e78d09567870788282a8ba7b58f85cc6b0151ef42194cf4880af9a297d84-1309199548

Sent to Avast lab/team
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 28, 2011, 05:17:52 PM
Hi folks,

Reported to avast previously: http://www.urlvoid.com/scan/i.cr3ation.co.uk
, but still no detection for the malware there: http://www.virustotal.com/file-scan/report.html?id=58fff56d2bc9ac02bf5c0a0d8ce8df9a7b9e47ced7fee3c2d79a952096afe8b4-1308867951
Anubis report here: http://anubis.iseclab.org/?action=result&task_id=136e7e4785ba99324b10d803b55bcf29b
http://www.threatexpert.com/report.aspx?md5=383b7a245c4f23699c652a050025a3b9
See: http://forum.avast.com/index.php?topic=78701.0

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: esr30 on June 29, 2011, 01:00:59 AM
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...

It does not matter because I figured out how to load it into the virus chest and submit the files to you guys
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 29, 2011, 10:47:39 PM
undetected malware

1: http://www.virustotal.com/file-scan/report.html?id=cd6771c37d8473837edd546dd92a57e84976c91973ee5a02ac2788024b167190-1309378612

Sent to Avast lab/team
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 29, 2011, 11:12:02 PM
Malware here or not? So report has been sent to virus at avast dot com

VT results:  http://www.virustotal.com/url-scan/report.html?id=c53b9f81a4ea232afa473180c8943a07-1309371901 (4 gave malware site)
Nothing found here here: http://www.virustotal.com/file-scan/report.html?id=97c6bf9b71d07503d784366498bed19dda9a37b1fe332e1cfbba2e4e6a7f3959-1309379521
and at sucuri: site scan gave an all green
Now see this analysis: http://wepawet.cs.ucsb.edu/view.php?hash=c53b9f81a4ea232afa473180c8943a07&t=1309380172&type=js
Particularly see this scan analysis: http://anubis.iseclab.org/?action=result&task_id=1137cec51f97233b49dd9eb35b34f26c9

I.m.h.o. this code has a backdoor trojan mutex! see: DDrawDriverObjectListMutex

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on June 30, 2011, 10:05:54 AM
Malware here or not?

Report    2011-06-30 09:41:41 (GMT 1)
Website    twistermp3.com
Domain Hash    b20cdc9f7cc85ad25ffbd0540bbe8c38
IP Address    50.22.41.94 [SCAN]
IP Hostname    50.22.41.94-static.reverse.softlayer.com
IP Country    -- (--)
AS Number    36351
AS Name    SOFTLAYER - SoftLayer Technologies Inc.
Detections    5 / 23 (22 %)
Status    DANGEROUS

http://hosts-file.net/?s=twistermp3.com
http://www.mywot.com/en/scorecard/twistermp3.com
http://www.malwareblacklist.com/searchClearingHouse.php?search=twistermp3.com
http://global.sitesafety.trendmicro.com/
http://www.websecurityguard.com/results.aspx?qkw=twistermp3.com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Omid Farhang on July 01, 2011, 08:47:32 PM
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...

7Z or RAR or every other compress format which encrypt file names ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on August 12, 2011, 08:27:33 PM
Undetected malwares:

http://www.virustotal.com/file-scan/report.html?id=a83d7a0c90f0066840470cc82e5fe14e3626f90b49b42db83a0cec7cf72b2404-1313171873

http://www.virustotal.com/file-scan/report.html?id=919ee7a324f3631c4f104eb8b18a9587cd65a5ea6c5c3fa18a75311920ed58f8-1313173302
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 12, 2011, 09:13:23 PM
Another recent variant of this Gen:Variant.Renos.96 executable: http://www.virustotal.com/url-scan/report.html?id=455545b7d6ba1ace8273b20f6be550be-1313167837
Accompanying Anubis report: http://anubis.iseclab.org/?action=result&task_id=14cdffe97d5c00d34898e75d30b1b1048&format=html
See: http://camas.comodo.com/cgi-bin/submit?file=6e24ea2a39c54b350cc145700f154a9c6201b2d4cc02ebc43b5a3b9b5413a45f

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 13, 2011, 03:54:22 PM
Trojan dropper not detected by avast:
http://www.virustotal.com/file-scan/report.html?id=5a7746eead66026c0cbea028cdfed76bbcd3d55125d25e5acc73303b67bfbc94-1313243176

See: http://www.threatexpert.com/report.aspx?md5=0be55123c40a8f4af0a355528551e306
and http://anubis.iseclab.org/?action=result&task_id=14e572957375b5c543db75b6e76ec98dd&format=html

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 14, 2011, 05:13:38 PM
Hi forum friends,

This PSW.Generic9.HIA aka Trojan.PWS.SpySweep.52 not detected by avast: http://www.virustotal.com/file-scan/report.html?id=60ddaeb87503bb25977b96bfb44c5a619f200f72db665308f8dbca8acb38e0f2-1313330535

reported to virus AT avast dot com for added detection,

polonus


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Meszarosbence on August 15, 2011, 02:05:08 AM
http://www.virustotal.com/url-scan/report.html?id=94986b54cc7a3a6e3abbd5f0b63a9bea-1313356410

Sorry if I'm wrong about it, I'm new to Virustotal.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on August 15, 2011, 03:13:14 AM
http://www.virustotal.com/url-scan/report.html?id=94986b54cc7a3a6e3abbd5f0b63a9bea-1313356410

Sorry if I'm wrong about it, I'm new to Virustotal.

This surely has nothing to do with missed samples, e.g. files not detected and your VT results relates to a site check rather than a file ?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on August 15, 2011, 10:03:29 AM
Quote
This surely has nothing to do with missed samples, e.g. files not detected and your VT results relates to a site check rather than a file ?
yea......but infected website is not detected

VirusTotal - html scan
http://www.virustotal.com/file-scan/report.html?id=009bdd5924e151b71cbaf5d3d37bc9bd7e6c3d0ccb0ccf300fd737be81b601a6-1313364210

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on August 15, 2011, 02:18:40 PM
Which again isn't a sample and not one which you can submit. Surely the whole purpose of this topic was/is to post the link and send the sample to avast for analysis.

Personally I still feel this topic a waste of time as there is zero follow up by the poster when the sample is detected. So you might as well cut out the topic middle man and just send it to avast.

Well going directly to the remote source (superpuperdomain.com/count.php) rather than the suspect origin site it becomes less and less clear cut, and would need to be reported to avast for further analysis. The script tag after the closing html tag is possibly where the suspicion is but Sucuri isn't to detailed on exactly what it finds.

See image of complete follow through from the script tag after the closing html tag (on all pages), to the final javascript file in the chain in adsshownow.com.

http://www.virustotal.com/file-scan/report.html?id=ff99d5233e40b1ba7e897172dacf3eae8fd436e3b65e251976ef5a7997f477d3-1313408365 (http://www.virustotal.com/file-scan/report.html?id=ff99d5233e40b1ba7e897172dacf3eae8fd436e3b65e251976ef5a7997f477d3-1313408365)

http://www.virustotal.com/file-scan/report.html?id=e0f41a7a5fca244e5d2f3c98a94a39d665f21cca86c89c90662d4f89deaffbaa-1313409355 (http://www.virustotal.com/file-scan/report.html?id=e0f41a7a5fca244e5d2f3c98a94a39d665f21cca86c89c90662d4f89deaffbaa-1313409355)

http://www.virustotal.com/file-scan/report.html?id=c15dd1360da706e839a14a224d4484b43bce90aaa1a7b01ba1aa9df87f16e39d-1313174208 (http://www.virustotal.com/file-scan/report.html?id=c15dd1360da706e839a14a224d4484b43bce90aaa1a7b01ba1aa9df87f16e39d-1313174208)

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 20, 2011, 03:17:24 PM
Facebook trojan missed

See: http://www.virustotal.com/url-scan/report.html?id=cb239244dc34713ace6ef1b04f61525c-1313837626
and: http://www.virustotal.com/file-scan/report.html?id=f13d7e4d0581c3797a6d3e4a32ee15b4889132b4b854f050d51efb0f075b73b2-1313845400

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on August 20, 2011, 08:53:02 PM
Thanks for helping improving detection Polonus.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 20, 2011, 10:28:34 PM
And this one, trojan not detected, see: http://www.virustotal.com/url-scan/report.html?id=0dd880b4802f5fdecd01bb5d82489473-1313863942
and
http://www.virustotal.com/file-scan/report.html?id=90d7cfe213e3b284572ffe97a258fd33524fc212f007f8bdf565d1a6a30ae6f0-1313871146
not found here: http://wepawet.iseclab.org/view.php?hash=0dd880b4802f5fdecd01bb5d82489473&t=1313871598&type=js
suspicious here: http://wepawet.iseclab.org/view.php?hash=19b0fe1cc91d2779f4762c8aec2eb34c&t=1313872016&type=js (avast detects as Win32:Malware-gen)
reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 22, 2011, 09:49:41 PM
See: http://www.virustotal.com/url-scan/report.html?id=953cadfb513f918a346d33515e928f5b-1314034094
and http://www.virustotal.com/file-scan/report.html?id=0259afbf7d09dc04b605cb379fa9f1d41801dcaecf722129b4c381aa7ba8b6f9-1314041844
Not detected by avast yet, also see: http://anubis.iseclab.org/?action=result&task_id=1e7ea79dfb6ffbee4b14069f6af09e177&call=first

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on September 10, 2011, 10:01:05 AM
http://www.virustotal.com/file-scan/report.html?id=4a44b4445a4913ccff3df0a13f1fa7aec1e353970af38d2e833d78db121fc3cf-1315640051

(http://t2.gstatic.com/images?q=tbn:ANd9GcRkFQKGIHqyEo-HBmH6yeIoOTwjWqtY4YZqO12J9Zm37-qs8SyW)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 10, 2011, 10:20:59 PM
hmmmmmm........Only the lonley   :-\     did you upload the sample Burkoff ?......if not i have  ;)




or is everyone wrong and avast! correct ?


sigcheck:
publisher....: Hades.net.cn
copyright....: Hades
product......: NBA 2K9 Mini Editor
description..: NBA 2K9 Mini Editor
original name: n/a
internal name: n/a
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



Well ThreatExpert say:
Quote
Contains characteristics of an identified security risk. - Severity Level High
http://www.threatexpert.com/report.aspx?md5=d3d5f0c4d959cb24a9b9194213a7a146

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 10, 2011, 10:53:25 PM
Hi Pondus,

Or possibly it could not be executed: According to the Unix file command your file is of the following type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit.......
See: http://wepawet.iseclab.org/view.php?hash=381aae8fcce7f9f82278615c4d054d36&t=1315687363&type=js
& http://www.prevx.com/filenames/X461520440149902130-X1/NBA2K9.EXE.html
&                                                                                                http://siteinspector.comodo.com/public/reports/329355

Finally got anubis analysis via direct url scan:
http://anubis.iseclab.org/?action=result&task_id=144bac9e65818aaf415500f4821117490&format=html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 10, 2011, 11:06:47 PM
Malwarebytes detect it as Virus.Alman

so i guess the detection is good......MBAM fp is rare
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 10, 2011, 11:18:51 PM
Hi Pondus,

Forwarded all info to virus at avast dot com, my friend. There still could be a remote possibility the protective Unix packer is being flagged by the rest of the "av pack", but I tend towards a non-detect more than to a FP.
Good we all helped out again and our initial thanks go out to Burkoff naturally for reporting this. Well, you could see, this non-detect blew his emoticon right out of proportion  ;D

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 14, 2011, 04:50:01 PM
See: http://www.virustotal.com/url-scan/report.html?id=5a9486f19c2f21434130ef542ff57332-1316003623
See: http://r.virscan.org/4b95ea748e3582f7adf6b3d2bfc8a903

Avast does not detect this Fake AV? Spyware Preventer
http://wepawet.iseclab.org/view.php?hash=5a9486f19c2f21434130ef542ff57332&t=1316011037&type=js
See: https://safeweb.norton.com/report/show?name=junye.us
Here it is not being flagged: http://www.garyshood.com/virus/results.php?r=e74784f6379cbbf107b64fc99c4c7eb6
But found a high risk page here: http://siteinspector.comodo.com/public/reports/345610

reported to virus at avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!) [SOLVED]
Post by: polonus on September 15, 2011, 06:05:19 PM
See: http://www.virustotal.com/url-scan/report.html?id=87589ce08721ebaf557afcc4767018d7-1316094314
Missed variant of a variant of Win32/Kryptik.SVN
see: http://www.virustotal.com/file-scan/report.html?id=63f11e6373b489e0a44abd84d03c98a8307c5a09d2d14fa3ac1a0bede3e19588-1316101979
Also see Wepawet Scan: http://wepawet.iseclab.org/view.php?hash=87589ce08721ebaf557afcc4767018d7&t=1316102196&type=js  (verdict suspicious)
and accompaning Anubis report: http://anubis.iseclab.org/?action=result&task_id=1695760ed51c6881445779f1ebb3a872f
Now added to avast detection,
polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on September 15, 2011, 08:37:43 PM
Hi, polonus

NBA2K9.exe No added !  ??? ::)

China url block.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 15, 2011, 10:52:36 PM
Hi Burkoff,

Do you have a MD5 hash of this variant, normally it is seen as safe: http://www.prevx.com/filenames/X461520440149902130-X1/NBA2K9.EXE.html
Well if you mean MD5 d3d5f0c4d959cb24a9b9194213a7a146 , well it is classified malware;
avast does not have detection for it yet: http://www.virustotal.com/file-scan/report.html?id=4a44b4445a4913ccff3df0a13f1fa7aec1e353970af38d2e833d78db121fc3cf-1315640051

polonus

P.S. If you have a block there, you could always go via the google cache file to get to the results,

D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on September 23, 2011, 01:19:19 AM
undetected malware

http://www.virustotal.com/file-scan/report.html?id=65a312b1fa70fa9d2d5a0049f7283f40cb5232855b2408504b4c88a06e50b3d3-1316732404
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 23, 2011, 07:19:02 PM
Not detected:
http://www.virustotal.com/url-scan/report.html?id=47575a05cc9aaa764fe5aa8204914a82-1316787750
&
http://www.virustotal.com/file-scan/report.html?id=9fc5b93e2dcd221f55b9c852b0dda00ebac5df170bca0c7f2db03d0b46e18de3-1316794954
see: http://siteinspector.comodo.com/public/reports/366456
analysis: http://anubis.iseclab.org/?action=result&task_id=1cd8971cb9a4e4cc42d62c7c50b94135f

polonus

P.S. Consider to check against: http://www.backgroundtask.eu/Systeemtaken/taakinfo/22396/spotify.exe/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Flash999 on September 23, 2011, 07:57:36 PM
http://www.virustotal.com/file-scan/report.html?id=a27944ab233975b0d36c8306dceeebeb1ceda67fd1bf50691ebcf61cc1f9445b-1316799765

ZEROACCESS ROOTKIT!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on September 23, 2011, 08:10:10 PM
If you haven't already done so send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 23, 2011, 08:43:44 PM
As DavidR says in his reply the malware should be reported to virus AT avast dot com before posting the VT (non)-detection link here, so a sample should be sent for avast analysis first.

If a MD5 hash exits other reports could be helpful, as in this case these scan results came up: reported 3defcb296fef1ac8a2c78ba83ff6bb07 = http://camas.comodo.com/cgi-bin/submit?file=a27944ab233975b0d36c8306dceeebeb1ceda67fd1bf50691ebcf61cc1f9445b&iframe=
Malware reported:
Thu, 22 Sep 2011 18:29:55 +0200   MD5: 3defcb296fef1ac8a2c78ba83ff6bb07
SHA1: fa98a481e32bf1c0d10b30e01ba8d64f78241341      0/43 (0%)
2011-09-22 16:10:54 (UTC) DrWeb detects as Trojan.DownLoader4.61543

Also take care to follow up and check the VT link afterwards for avast added detection. If not it could mean the malware is no longer available, e.g. up and alive (happens a lot, because malcreants are ready to comply with complaints when filed or malware is found up and then they migrate their malcreations out somewhere else, even hopping bulletproof servers on all continents and high seas) or the malware should be reported again or is found not to be genuine malware. This is another reason to get hold of a sample and send that to virus AT avast dot com....

polonus
Title: Re: Samples missed by avast (VirusTotal links only!) [SOLVED]
Post by: polonus on September 25, 2011, 12:47:42 AM
Hi Flash999,

Avast now has detection: http://www.virustotal.com/file-scan/report.html?id=a27944ab233975b0d36c8306dceeebeb1ceda67fd1bf50691ebcf61cc1f9445b-1316842762

@JuninhoSlo
http://www.virustotal.com/file-scan/report.html?id=65a312b1fa70fa9d2d5a0049f7283f40cb5232855b2408504b4c88a06e50b3d3-1316872770

So you see the results of your contribution here.
Well, thanks for helping towards avast detection here,

polonus

P.S. And detection for a non-detect I reported. Thank you, avast:
http://www.virustotal.com/file-scan/report.html?id=f13d7e4d0581c3797a6d3e4a32ee15b4889132b4b854f050d51efb0f075b73b2-1315480743

D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 25, 2011, 02:58:05 PM
Malware not detected: http://www.virustotal.com/url-scan/report.html?id=67d13f4f1935b57232f9e608ccb1b797-1316946995
Found safe here: http://urlquery.net/report.php?id=3531
Bundle.php; these bundles can open both their own malware code as well as the desired real application whilst conserving the look and feel of the real data....classtype: trojan-activity,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 27, 2011, 02:50:54 PM
Not detected by avast:
http://www.virustotal.com/url-scan/report.html?id=1824e7b0824027d9c2216e5931e6a15e-1317120057
and
http://www.virustotal.com/file-scan/report.html?id=f3c44f46ce20e60cf5fd5a30333ed748ef831ddcf675758428a9655c2eb1493d-1317127265
See: http://www.threatexpert.com/report.aspx?md5=a388dc7bc083bd22d3dec5520a29fc6d
infected with Trojan.AVKill.2
see: http://anubis.iseclab.org/?action=result&task_id=14d685be4054f05544db5f8a9e7792661
Nice with this Anubis Analysis is to search here for entities,
for instance because of this found in Reg Values read:

HKLM\​SOFTWARE\​CLASSES\​MIME\​DATABASE\​CONTENT TYPE\​IMAGE/X-WMF    Image Filter CLSID    {607fd4e8-0a03-11d1-ab1d-00c04fc9b304}
then we find:
http://www.internetsecurityzone.com/Entities/?_{607fd4e8-0a03-11d1-ab1d-00c04fc9b304}
CLSID leads to "NPROC SERVER:    %SYSTEM%\mshtml.dll",

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 27, 2011, 11:47:46 PM
Not detected by avast or FP where flagged: http://www.virustotal.com/file-scan/report.html?id=3811522f704444686fe58c885344ed195286fc09c377b38c69976380e5b6a6f6-1317136844
&
http://www.urlvoid.com/scan/management-training-development.com
Heuristic find, see http://www.garyshood.com/virus/results.php?r=4460691f639bc71530c55a828774e6e1

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 29, 2011, 04:28:41 PM
Detection for TR/PSW.Zbot.Y.2324 missed by avast:
http://www.virustotal.com/url-scan/report.html?id=a95e38d958044850175682c7c0023386-1317290733
and
http://www.virustotal.com/file-scan/report.html?id=02d5366226ad3e3ffd4ebba68041d3e6974d572cc23b4186ceb0d1112f3af33f-1317298629

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on October 02, 2011, 05:43:20 PM
Undetected malwares

1: http://www.virustotal.com/file-scan/report.html?id=dbb301c77256fe5f006916f502408d6dfcdead60030885e26d0f27a265497809-1317567623

2: http://www.virustotal.com/file-scan/report.html?id=b4b102e6771c0f1c1d32b4d44b1a7aee57fa4db4c1fb86b0ed4b408e606b1fb4-1317568668

3: http://www.virustotal.com/file-scan/report.html?id=eb2ea828e0bd71a2ca83ec380cfadfe014ed24f0d511634580af72f048daf300-1317569198
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: danny96 on October 03, 2011, 03:52:38 PM
Undetected malwares

1: http://www.virustotal.com/file-scan/report.html?id=dbb301c77256fe5f006916f502408d6dfcdead60030885e26d0f27a265497809-1317567623

2: http://www.virustotal.com/file-scan/report.html?id=b4b102e6771c0f1c1d32b4d44b1a7aee57fa4db4c1fb86b0ed4b408e606b1fb4-1317568668

3: http://www.virustotal.com/file-scan/report.html?id=eb2ea828e0bd71a2ca83ec380cfadfe014ed24f0d511634580af72f048daf300-1317569198

1: I think it is false positive
2: OK
3: ??? looks like infection
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 03, 2011, 03:59:20 PM
Quote
1: I think it is false positive
maybe.....but sure looks suspicious

First seen: 2011-10-02 14:26:45
Last seen : 2011-10-03 12:22:53

sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on October 05, 2011, 12:46:54 AM
undetected malware

http://www.virustotal.com/file-scan/report.html?id=238a885c0721551c23b9bd3f8a17f5db5cf1fde6a6ccf4c50336be36c3899c81-1317767024
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mmmm on October 23, 2011, 11:29:23 AM
http://www.virustotal.com/file-scan/report.html?id=b5bb33c3d08e98d3ab4c01fbc86894d5de4e40dcdbde49c7111193fd37326a46-1316718030

Trojan?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on October 23, 2011, 11:30:23 AM
Posting VT results here will not help unless you also upload the samples to avast.....did you?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mmmm on October 23, 2011, 11:32:35 AM
sorry guys :'(

if i am doing things wrong....i dont know much just want to help!

I am just a compulsive tinkerer who has been watching this forum from past 1 week...i am a avast! user no doubt...i just love avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mmmm on October 23, 2011, 11:38:42 AM
I will try and get some samples from Malc0de...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on October 23, 2011, 11:51:05 AM
I will try and get some samples from Malc0de...

First, thanks for trying to help..! :)
But be very careful, if you are not sure how to do this, it's better to stay away. ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 23, 2011, 12:48:33 PM
Not found Trojan-PSW.Win32.Kykymber.ajbc - see: http://www.nictasoft.com/angel/md5/07694F50E98C1D8406E70A8002D9F7B0
see: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Nothing here: http://wepawet.iseclab.org/view.php?hash=0008c26da3a22394da5967cae423368b&t=1319366553&type=js
and nothing here:
http://vscan.urlvoid.com/analysis/2a15fe4e164249efc7e130e5f635913e/cGFjaw==/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on October 23, 2011, 01:07:16 PM
Not found Trojan-PSW.Win32.Kykymber.ajbc - see: http://www.nictasoft.com/angel/md5/07694F50E98C1D8406E70A8002D9F7B0
see: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Nothing here: http://wepawet.iseclab.org/view.php?hash=0008c26da3a22394da5967cae423368b&t=1319366553&type=js
and nothing here:
http://vscan.urlvoid.com/analysis/2a15fe4e164249efc7e130e5f635913e/cGFjaw==/

polonus


hХХp://zerbilisim.com/patch//pack/
hХХp://zerbilisim.com/patch//pack/troy.exe
hХХp://zerbilisim.com/patch//patch.exe

http://online.us.drweb.com/cache/?i=50ef4246150d7b2342a55b9436595310
http://www.virustotal.com/file-scan/report.html?id=6680d01f92c1426ca3aa5d4930c452cfc7bb079425431c140f76eb2cee581184-1319367455

http://virusscan.jotti.org/ru/scanresult/f90c010e12a9c0b9366e79d57d8b0a96856f69df
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 23, 2011, 07:11:54 PM
Hi Dim@rik,

Certainly a malware site: http://www.virustotal.com/url-scan/report.html?id=eff2622252021746e44c3e64802486a6-1319381223
Thanks for your further evaluation.
But avast does not detect: http://www.virustotal.com/file-scan/report.html?id=92200560416ccbd1f9f4ac23a9ab3df4ce31fbb6587ca410ba49a159869ee428-1319154103
But I hit at these results: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Not found by DrWeb as it does not unpack the ASPACK packer: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2F
else it does find it as you have shown: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2Ftroy.exe
also: http://vscan.urlvoid.com/file/07694f50e98c1d8406e70a8002d9f7b0/dHJveS1leGU=/
http://urlquery.net/queued.php?id=5867
= virusname:   Trojan-PSW.Win32.Kykymber.ajbc found at ip:   46.45.136.234
from Istanbul - previous at -http://privategoldtrader.com/templates/beez/
and before that at =http://privategoldtrader.com/templates

MD5 hashes resp.: md5:   0209aa4baab3df392e487bb7d5f538a6 (the one I reported)
md5:   0209aa4baab3df392e487bb7d5f538a & md5:   3dd46205274955be03c2e8e4674011ea

Normally avast should have a good score for this malware with 34.02%

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on October 23, 2011, 09:27:43 PM
Hi Dim@rik,

Not found by DrWeb as it does not unpack the ASPACK packer: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2F
else it does find it as you have shown: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2Ftroy.exe

polonus

That's right ... this path directory where there are viruses.

hХХp://zerbilisim.com/patch//pack/troy.exe
hХХp://zerbilisim.com/patch//patch.exe

Send to Avast.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 23, 2011, 11:43:30 PM
Hi Dim@rik,

Site Inspector's cloud detection has it also: http://siteinspector.comodo.com/public/reports/463988
& while this one is missed by it: http://siteinspector.comodo.com/public/reports/464884
I reported there,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on October 24, 2011, 08:44:41 PM
undetected malwares

1: http://www.virustotal.com/file-scan/report.html?id=2b601b9b309a1c173f34fb9dcbcd9391a1b1c692a615c1e02747d8adb27b1b09-1319476939

2: http://www.virustotal.com/file-scan/report.html?id=8a68cff52f13b825062bb53f27428f4fe85bdfbbd07550487b0777bb0af972ad-1319286992

3: http://www.virustotal.com/file-scan/report.html?id=bd31db0b57939d330032579515b1b70b9717819ef8fecff566df0597b199d982-1319480831
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 25, 2011, 01:49:55 AM
JuninhoSlo, did you send the samples to avast? Otherwise they cannot improve detection of those ones.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on October 25, 2011, 12:46:58 PM
JuninhoSlo, did you send the samples to avast? Otherwise they cannot improve detection of those ones.

Of course ;)

Via:

- Email
- Chest
- http://www.avast.com/en-eu/contacts
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on October 25, 2011, 12:58:34 PM
Sorry to have asked. Thanks for improving detection.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on October 25, 2011, 01:04:04 PM
Sorry to have asked. Thanks for improving detection.

It,s OK  ;) Thank you  :D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 25, 2011, 11:05:03 PM
Hi JuninhoSlo,

There are more versions of that possible malware, see: http://f.virscan.org/Freesimser.exe.html
Did you follow up all of the various MD5 hashes to see if avast has detection for this
PE32 executable for MS Windows (GUI) Intel 80386 32 Some were given as VT goodware detetcions?
 87ed1485cd9b0d2ca0c4ff033a16d37f
see: http://reports.antivirus-lab.com/10300/malwarewin32-generic-96/
 459c5b2c63ec309789e3a7d0a0c170e0
 c1406b68d70a59f059fec3d2d21adbb4
 ecb1e6433d78850ade10ad8746f053a8
 see: http://www.threatexpert.com/report.aspx?md5=ecb1e6433d78850ade10ad8746f053a8
 d0375ea1f89f2a60dd4b8c0bd0783af7
http://r.virscan.org/8827b020c49ac0821e458a55d5d8a8b5
http://www.virustotal.com/file-scan/report.html?id=2742e12f906ec5c13bb57cf3feac314bd6deed6deda9a3200eb2df0e38c35851-1306013342
McAfee   5400.1158   6282   2011-03-11   PWS-SpyEye!env.a

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 26, 2011, 11:28:22 AM
Not detected by avast ZeuS Binary: http://vscan.urlvoid.com/analysis/542e9f10caffc69c2ed97db102b6e04a/Ym4tZXhl/
Analysis: http://anubis.iseclab.org/?action=result&task_id=13dc0cdf93d100f742d1557612e5b682a&format=html
reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 29, 2011, 03:33:29 PM
Another Trojan-Spy.Win32.Zbot.biwp detection missed...

Why not detected here: http://www.virustotal.com/url-scan/report.html?id=45666eb9e46b4d1c7f68a0786630a878-1319886530

http://www.virustotal.com/file-scan/report.html?id=8f3ff2e2482468f3b9315a433b383f0cc0f9eb525889a34d4703b7681330a3fb-1319894039

See: http://urlquery.net/queued.php?id=6539   = 0/39 (0.0%) Trojan-Spy.Win32.Zbot.biwp  http://www.threatexpert.com/report.aspx?md5=c33a3b5f4fb8bd991aae89fc83362cc7  and see:
https://zeustracker.abuse.ch/monitor.php?host=moneyindahouse.com

likewise on that IP 60.19.30.135 we have/had: http://malc0de.com/database/index.php?search=60.19.30.135&IP=on
 
Reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 31, 2011, 05:48:50 PM
Avast misses PHP/IRCBOT.E.29297, see: http://www.virustotal.com/url-scan/report.html?id=690874991353a45b81c54a9898c268f3-1320075080
and http://www.virustotal.com/file-scan/report.html?id=72647d00b6a72a09b90420324bc6fa874d093692bab91200cea982df85c24cde-1320078981
/fighter script - Rema [baby]-IRC-[BOT] Decoded Files
494e/d639826fadb0d1dd6457be70593d9e090a15 from -myheart82 dot waphall dot com/war.txt
Also see: http://urlquery.net/queued.php?id=6653

reported to virus AT abast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!) [SOLVED}
Post by: polonus on November 01, 2011, 06:34:52 PM
Generic25.BCJW missed by avast: http://www.virustotal.com/file-scan/report.html?id=cb6e91036a082b049bcb914fe031ac41210758ffb38aca8bda36c639c6349b59-1320164120
See: http://anubis.iseclab.org/?action=result&task_id=1d58b9a09bdda1e349d5dc550556ad882
see: http://urlquery.net/queued.php?id=6908
compare: http://www.threatexpert.com/report.aspx?md5=19a418e0400d554dda9b54520bdf52b4

polonus

Now detected by avast as Win32:Malware-gen

D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: John.A on November 02, 2011, 07:58:43 PM
http://www.virustotal.com/file-scan/report.html?id=2522c0ef1cb72c42e1250975ad511e165d4054a4fabf95f88b38cdb3e55e3966-1320252829

Keylogger. Sent it through the chest 3 days ago, still undetected.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 02, 2011, 11:03:02 PM
Detetcion missed: http://www.virustotal.com/url-scan/report.html?id=9d56c843261e819a7c745fcb6ab1d987-1320267352
and
http://www.virustotal.com/file-scan/report.html?id=0a88dd2f44b1c44f6d0e1470c7e1d018254f0d939f8b25fe10e08a73d7bdca6e-1320270960
See: http://anubis.iseclab.org/?action=result&task_id=11c954aee33e985e4c54f34891d9dee41

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 03, 2011, 02:56:43 PM
See: http://www.virustotal.com/url-scan/report.html?id=e1b3354a989a393c9b59a70f91683e4d-1320323964
FileAnalysis: http://www.virustotal.com/file-scan/report.html?id=b33d05f518f91280b692f0ac9db98042280af301d40ae9226360ec38ff2860a5-1320327855
See: http://urlquery.net/queued.php?id=7141
Checking with DrWeb's online url checker: -http://sydneymoon.com/legal.html
Engine version: 5.0.2.3300
Total virus-finding records: 2734855
File size: 3928 bytes
File MD5: 66a4e5fddbce8e70968e49e5a1ffc84f

-http://sydneymoon.com/legal.html - archive HTML
>-http://sydneymoon.com/legal.html/Script.0 infected with Trojan.DownLoad.3140

reported to virus AT avast dot com by

polonus

P.S. There is also a request for GET /tgpx/ HTTP/1.1
Host: -vsebudetzaebis.org  Threat see: http://wam.dasient.com/wam/infection_library/681b58b5ed26350b6af5d2dbc224cedc/vsebudetzaebis

Damian
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 05, 2011, 05:31:44 PM
Not detected by avast, see: http://www.virustotal.com/url-scan/report.html?id=bf3c5387ab299a2637a69bbefe4ad6f2-1320505950
File analysis: http://www.virustotal.com/file-scan/report.html?
id=bca3f956f79168b3fb9d45575a3297fbde77d82fbca42bc0eabc528e0d5f71a6-1320509859
&
http://r.virscan.org/c664fe9cf23bcac71b02f185e11c11dc
Suspicious: http://siteinspector.comodo.com/public/reports/581239 as with BL2, detected distributing of malware, exact find Trojan.Win32.VkHost.bvg (kaspersky)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 05, 2011, 05:46:37 PM
Non detected Trojan downloader

See: http://www.virustotal.com/url-scan/report.html?id=06e7a3fee5f284a7b953d8e079977ebe-1320506794
See: http://www.virustotal.com/file-scan/report.html?id=84ceb3c87dce08fbab3a9563d4185df4464a56ef0c02e1a8949b2b1504ffe48f-1320510684
See: http://anubis.iseclab.org/?action=result&task_id=1cfaa5ba804f491a439fb8d78b69895ac
also see: http://www.virustotal.com/file-scan/report.html?id=84ceb3c87dce08fbab3a9563d4185df4464a56ef0c02e1a8949b2b1504ffe48f-1320510684
for download03112011.exe

reported to virus AT avast dot com,

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on November 06, 2011, 02:19:04 PM
Not detected by avast, see: http://www.virustotal.com/url-scan/report.html?id=bf3c5387ab299a2637a69bbefe4ad6f2-1320505950
File analysis: http://www.virustotal.com/file-scan/report.html?
id=bca3f956f79168b3fb9d45575a3297fbde77d82fbca42bc0eabc528e0d5f71a6-1320509859
&
http://r.virscan.org/c664fe9cf23bcac71b02f185e11c11dc
Suspicious: http://siteinspector.comodo.com/public/reports/581239 as with BL2, detected distributing of malware, exact find Trojan.Win32.VkHost.bvg (kaspersky)

polonus

Your request has been processed by an automatic system. Sent you the file is located in the base of trusted (clean) files Dr.Web and not a threat.

File:     Darksiders_v1.0___10_Trainer.exe
MD5:      3f5b547fbb2b9f3e835f3db3a779a7c6
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 06, 2011, 04:47:51 PM
Hi Dim@rik,

Well about the detection. It should rather be flagged as a PUP. Maybe DrWeb and avast have different views on the PUP status of this one than for instance other av solutions that flag it,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 07, 2011, 12:01:24 AM
Avast does not detect TR/Gendal.35840.BR here, see: http://www.virustotal.com/url-scan/report.html?id=d31ed123849d17fb93a6ac24bc7c7b03-1320616157
and
http://www.virustotal.com/file-scan/report.html?id=e8533282e38abebbbf07a7da25594fea5e1c5e165c907f2a3551e7ebc907f856-1320620041

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 07, 2011, 02:14:09 PM
Not detected: http://urlquery.net/queued.php?id=7578
See: http://www.virustotal.com/file-scan/report.html?id=fc5c5ee368f446ea420f97be60fcc140624a1d14ef5f9b3f1d08bd4fef3cea80-1320664388
Infected with TrojWare.Win32.Trojan.Agent.Gen,
Suspicious: http://wepawet.iseclab.org/view.php?hash=361014083ccb4c04a85d415702e034dc&t=1320671503&type=js

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on November 07, 2011, 10:18:26 PM
Not detected: http://www.virustotal.com/file-scan/report.html?id=040b71dbc9b756a1053fdf93513f8bc2d7154a27a6ea9e58da31e173ac45bed3-1320699561


sample sent.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 08, 2011, 01:26:31 AM
Thanks chabbo for improving detection.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 10, 2011, 02:48:11 PM
Backdoor trojan not detected by avast:

See: http://www.virustotal.com/url-scan/report.html?id=851e64f4641f6bd8f5b9975193ecbff1-1320928604
See: http://www.virustotal.com/file-scan/report.html?id=60cee08a156021bbccaf0398dc87b48338591248c2875e49f286d6e32b29f264-1320932212
See BL3, detected distributing of malware (PHP/C99Shell.F)]: http://siteinspector.comodo.com/public/reports/608642

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on November 11, 2011, 11:54:27 PM
fake AV.

http://www.virustotal.com/file-scan/report.html?id=631a7cd023ae4d5295607f8cc0c21bb7d3048fb09cc3885de9fb34ee9a106ddd-1321051547

avast got sample 1 day ago still no detection,
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 12, 2011, 12:04:02 AM
Well here some find it safe: http://f.virscan.org/vclean.exe.html
Here it is seen as a dropper: http://www.prevx.com/filenames/1272200888907706236-X1/VCLEAN.EXE.html
Here it is not trusted: http://isthisfilesafe.net/sha1/29D50A116011FF0C317AC552F35E7CF2E1EAA242_details.aspx

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 12, 2011, 11:28:40 PM
Trojan-dropper or SPR/Tool.RDPBrute.241664.1 not detected by avast

See: http://www.virustotal.com/url-scan/report.html?id=a82b8cdf97b450e9c112d42c5a880d4f-1321046352
and
http://www.virustotal.com/file-scan/report.html?id=9fd83c6aadf764dded4effa3a2926a2c02269da04dd748cd90caaea92c6e5440-1321052723
See: http://www.threatexpert.com/report.aspx?md5=aaaaa7e2a9a7c93747df905fd1488406

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 13, 2011, 08:36:44 AM

http://www.virustotal.com/file-scan/report.html?id=4ea942bca8c6763964c64b4fb0f77f378b3251fdb650ec0ca8be87d93abbacfd-1321047395

http://www.virustotal.com/file-scan/report.html?id=b47d5e832843f4910560216f9b49b34d5bc1911ebb5cf59e5705c052b6e22f11-1321121282

http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321121178

http://www.virustotal.com/file-scan/report.html?id=b47d5e832843f4910560216f9b49b34d5bc1911ebb5cf59e5705c052b6e22f11-1321121282

http://www.virustotal.com/file-scan/report.html?id=375383b7f08e88713be5cb0febaa1d073f4c59fd1db98743a1718d7564a772f0-1320953150


samples sent to avast! by dim@rik

refer:
http://forum.avast.com/index.php?topic=88283.0
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 13, 2011, 10:15:10 PM
The links you gave in another posting were not all checked against the webshield.
This one was rightlt detected and blocked by the avast webshield as URL:Mal
-http://adensity.com/facebook-pic-
Most other links you gave there were flagged by DrWeb's URL Checker
-http://sandhuforgings.co.uk/images/1.exe infected with Trojan.DownLoad2.42876
-http://sandhuforgings.co.uk/images/had.exe infected with Trojan.DownLoader5.5922
-http://sandhuforgings.co.uk/images/dd.exe infected with Trojan.DownLoader5.11806
-http://familytindoor.net/stat/081111.exe infected with Trojan.PWS.SpySweep.52

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 11:27:55 AM
familytindoor.net/stat/081111.exe

http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321121178

not yet detected :'(....
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on November 14, 2011, 11:37:18 AM
familytindoor.net/stat/081111.exe

http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321121178

not yet detected :'(....
This VT scan is two days old   ;)   
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 11:48:51 AM
Quote
This VT scan is two days old ;)

thanks i hope it is detected  ::)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on November 14, 2011, 11:54:11 AM
Quote
This VT scan is two days old ;)

thanks i hope it is detected  ::)

Did you send the sample to Avast..??
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 11:59:02 AM

samples sent to avast! by dim@rik

refer:
http://forum.avast.com/index.php?topic=88283.0
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 12:01:05 PM
please send this for me....thanks! :-*

http://www.virustotal.com/url-scan/report.html?id=691a4b0ecc3a1f95fdf7178cbd1ae1e4-1320816656
http://www.virustotal.com/file-scan/report.html?id=79f63c0da8fe6c841ff52eaaa8d474c0a6b9b370912da3c1731ff1a904ae34cf-1320820260
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on November 14, 2011, 12:07:13 PM
please send this for me....thanks! :-*

Send it yourself. :P
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 12:09:37 PM
i dont want to risk myself....sorry! :-[....but..i want to improve detection! :-[
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 12:14:42 PM
thanks! in advance...please send it! :-*

http://www.virustotal.com/url-scan/report.html?id=5a6f0ab7963f959bca380a63c2c7a716-1321264168
http://www.virustotal.com/file-scan/report.html?id=a162ca722e00ab60820de6b733a90f31d4963128325fecac5f5cc26252f779d4-1321267940
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on November 14, 2011, 12:22:55 PM
i dont want to risk myself....sorry! :-[....but..i want to improve detection! :-[

Well, that's not how this thread works. ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 12:24:49 PM
Quote
Well, that's not how this thread works. ;)

Yes i know...but i am sorry...i am just a security freak! :-[ :'(
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 14, 2011, 12:52:03 PM
Hi true indian,

You could send the suspicious link to virus AT avast dot com and as long as the link is up and alive they can run the binairy analysis and add detection if found to be malicious.
The analysts should have received them anyway through the channels they use as resources, but some av take a couple of days to be "up to the mark". That is called the vulnerability gap, and it should not be left open too long. Av-solutions are not always overlapping and sometimes complementary. Just check the links you gave here: http://online.us.drweb.com/?url=1 and you see a lot of those you come up with are detected. That is why I have it as a complementary scanner next to avast web rep.
I assume the way Tech intended this thread is to add to detection in a way that one has/downloads a particular undetected file in zipped format and password protected and then send it to virus AT avast dot com with the password to be analyzed and eventually be added to detection. If you want to do that, you should have the VM lab settings for it, know how to work malzilla for instance and run a file in a sandbox environment. You should  know how to block script running and be able to determine when to click links or not and you should feel security aware enough,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 02:49:42 PM
thanks! for the advice polonus i will try as u said  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on November 14, 2011, 03:05:43 PM
Quote
i dont want to risk myself....sorry! ....but..i want to improve detection!
Quote
Well, that's not how this thread works. ;)

Yes i know...but i am sorry...i am just a security freak! :-[ :'(
Then you are not a real security freak   ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on November 14, 2011, 03:08:06 PM
Quote
This VT scan is two days old ;)

thanks i hope it is detected  ::)
VirusTotal
http://www.virustotal.com/file-scan/report.html?id=50482d07dbd2004aa05cc6f44b64d5f136b53b6cec9b2692c22a2e6b3e486b27-1321279046
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 04:21:44 PM
thanks! polonus good to see avast is detecting them :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on November 14, 2011, 04:28:05 PM
thanks! polonus good to see avast is detecting them :)
wrong name....Pondus and Polonus are not the same   8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on November 14, 2011, 04:29:34 PM
thanks! polonus good to see avast is detecting them :)
wrong name....Pondus and Polonus are not the same   8)

;D 8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 14, 2011, 05:43:45 PM
Quote
wrong name....Pondus and Polonus are not the same 8)

HEY! sorry...but thats rhyming ;D 8)...LOL
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 14, 2011, 07:43:14 PM
Hi true indian,

Well Pondus and polonus are not the same, but they are cooperating here to analyze malicious URLs etc. Pondus gets a lot of information from polonus and polonus gets a lot of information from pondus. And there are more users in this particular group of conaisseurs, as there is Asyn, Dim@rik, spg SCOTT, and a couple of others,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on November 15, 2011, 04:27:30 AM
Batch Oridginal
(AVAST DETECTED THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=716b077fa6b6994753800f6cad425d0b18fb36408809cb7d6f6a27b9d39a6df7-1321326555

Regular EXE
(AVAST DETECTED THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=7dadbe3fad94cdf27d9bc8c88039cdbaadff0a314a87fddfd512460a2c149fc6-1321326379

EXE Virus with password passavast & encrypted
(AVAST DID NOT DETECT THIS ONE)
http://www.virustotal.com/file-scan/report.html?id=d4af3f1ed1573f9b8cd2eab8b33d3ab18cb02529c8ae1f667a218f47cc442347-1321326498

The following files were made 10/23/2011.
On 10/23/2011, the following files had the following reports:
Oridginal Batch; 5/42, Avast Detects
EXE Virus; 6/43, Avast Does NOT Detect
EXE Encrypted and Password Protected; 1/43, Jiangmen Only, Avast Does NOT Detect

Comodo Results (What it does):
-http://camas.comodo.com/cgi-bin/submit?file=7dadbe3fad94cdf27d9bc8c88039cdbaadff0a314a87fddfd512460a2c149fc6
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on November 15, 2011, 05:17:41 PM
http://www.virustotal.com/file-scan/report.html?id=939e021f6a2500a172a3f08f1e734c9fb2f44519f7089cce4bb5fa6012fa51f3-1321373185

sent to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on November 15, 2011, 08:19:51 PM
Thanks for helping improving detection.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 16, 2011, 11:05:33 AM
http://www.virustotal.com/community.html

latest comments columns for VT results...

Sent to avast! by one of my friends.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on November 16, 2011, 12:36:53 PM
If only the VT comments column was sent, that doesn't help as you need a sample to analyse, comments are of no use.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 16, 2011, 01:02:33 PM
Hi DavidR,

Why true indian's comment? Makes no sense. Normally avast gets these hashes anyway, see: http://ore.carnivore.it/malware/engine/virustotal 
As I hope the avast virus analysts will get all the malware there automatically from Engines like VirusTotal, Anubis, CWSandbox to check on. But will they?
Apparently no one there has seen this one yet: http://ore.carnivore.it/malware/hash/b58c7ea56b3343419e7852176fe7ee4d (Avast does not detect),
so we still have to do lots of work for them,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on November 16, 2011, 01:11:16 PM
Well it is hard to read true indian's post, but my interpretation of it is I'm not sure if only the VT comments column information was sent to avast or the file and the comments or what was sent.

Yes they get samples, but A) not in a timely fashion and B) they (avast labs member) reported that there is so much junk in there that it isn't that helpful. Which is why I feel it best not to rely on VT sending any sample and send it directly yourself.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 17, 2011, 09:40:05 AM
my friend sent the password protected samples  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 19, 2011, 11:06:08 AM
http://www.virustotal.com/file-scan/report.html?id=4c32b819d8f5a08af3180d64d840d3ff0e12f18f9cf5a1e854b0b93fedef0982-1321683454

http://www.virustotal.com/file-scan/report.html?id=5b212d80e06647c698484145a77d6f7179b911c8bf3efe57ea71561149e1ff6c-1320762323

http://www.virustotal.com/file-scan/report.html?id=b541a7647ae211b82baa357681136a1557e5d5e63705fbed45768335063390d4-1321695885
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 19, 2011, 04:06:40 PM
L.S.

For the first VT file results given in the row in the previous posting. This info could also be interesting for users to know. Ssome more info about the general threat since November 16th last from Cisco's: http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=24212 link info provided by Cisco Threat Outbreak Alert by Cisco threat analysists, so a general mail threat!

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on November 20, 2011, 01:43:51 PM
http://www.virustotal.com/file-scan/report.html?id=dabe9b890b3af51c56d8990123b2bf6db0cf42c47e6aec7accd455894baf78de-1321792341


http://www.virustotal.com/file-scan/report.html?id=b611fb2dd28d05cdade1e2a7a60bc506503d857214efe4dffe42002585fa2f24-1321792565


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 21, 2011, 10:33:51 PM
Unknown google malware not detected here: http://www.virustotal.com/url-scan/report.html?id=7a8c4b07930ab724a8677f5806e7026a-1321906641
http://www.virustotal.com/file-scan/report.html?id=020a56d4541201f4daabe2c2b7c4e059ae6aac7838f073f1fe96e6073ed5d4f5-1321910484
Only Avira detects according to: http://vscan.urlvoid.com/analysis/358e5bf8168f49f29f3849a098da41f2/c2VsbG1lMi1leGU=/

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 24, 2011, 04:10:40 PM
So-called Toggle-virus to mdl_zeus v2 trojan bot detected by avast:
See: http://www.virustotal.com/url-scan/report.html?id=cb0a29dd89c7b5922bf16e1d92d4fdc8-1322143020
and file scan: http://www.virustotal.com/file-scan/report.html?id=d1522235c1bde90caeb3fe2a01cf20447dc0801c48d55ce168262bfeb11f8a6b-1322146839
See: http://threatcenter.crdf.fr/?More&ID=53545&D=CRDF.Malware.Win32.PEx.9885989241

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on November 26, 2011, 12:13:56 AM
Undetected malwares

1: http://www.virustotal.com/file-scan/report.html?id=5779c4e1f87bae0c9824cc0d7756eb18872f898b4b8a376450c21cc0af20853f-1322253312

2: http://www.virustotal.com/file-scan/report.html?id=fbebe07698a9131e21d3fe35135170ff66f276206ce8ea7a5f3dc8f03457e67b-1322258316

3: http://www.virustotal.com/file-scan/report.html?id=23ce319fe0bcfb2145c8235ea03c9a88e6f0f1c8a9012ca2566781a18e0df719-1317477939

4: http://www.virustotal.com/file-scan/report.html?id=957ee6fe70f078dde26cba2b7f3c459d46906b9b7e73abfb88c281d02ffa030f-1322262162
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 26, 2011, 04:02:30 PM
Not detected by avast TR/Dropper.Gen, see VT reports:
http://www.virustotal.com/url-scan/report.html?id=03eaaf10f32a125d14c7d671088811f2-1322315364
and
http://www.virustotal.com/file-scan/report.html?id=66c2910fdd8a276fa259ee5ebb8a7f6c8c80e9c850e431383835f05deaf997f4-1322319180

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 27, 2011, 01:03:36 AM
Hi folks,

See: http://www.virustotal.com/url-scan/report.html?id=0ae5f16b5624044f5994406e5e1d16ba-1322346824
and
http://sakrare.ikyon.se/log.php?id=19177
see Sucuri detection of mentioned malware:
web site:   -http://www.modeplatsen.se
status:   Site infected with malware
web trust:     Not Blacklisted

Malware found in the URL:
-http://www.modeplatsen.se

Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwjsanon7

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Adek022 on December 05, 2011, 09:31:06 PM
Virus?

http://www.virustotal.com/file-scan/report.html?id=d5e1bbc7c2338ff9326cb4a698b65a447bd3d9827d2947c39db1d4b4ebba313c-1323115997
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on December 06, 2011, 04:17:48 PM
Virus?

http://www.virustotal.com/file-scan/report.html?id=d5e1bbc7c2338ff9326cb4a698b65a447bd3d9827d2947c39db1d4b4ebba313c-1323115997


Looks like a very old macro for WinWord 95)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 06, 2011, 04:29:31 PM
Hi Dim@rik,

Well a year means ages in computer terms: 2011/01/15 13:57:20 (CET)
But 2008 means a golden oldie:
Detected   Jun 15 2008 16:27 GMT
Released   Jun 15 2008 21:14 GMT
McAfee Description Modified 2004-06-09

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on December 06, 2011, 04:33:08 PM
Hi Dim@rik,

Well a year means ages in computer terms: 2011/01/15 13:57:20 (CET)
But 2008 means a golden oldie:
Detected   Jun 15 2008 16:27 GMT
Released   Jun 15 2008 21:14 GMT
McAfee Description Modified 2004-06-09

polonus



Hi Polonus

Old macro :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 06, 2011, 04:48:59 PM
@Dim@rik

Stare przeboje.

pozdrawiam,

Damian
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 06, 2011, 06:25:00 PM
See: http://www.virustotal.com/url-scan/report.html?id=833ba4370a302059694636f14f1bd217-1323187934
and
http://www.virustotal.com/file-scan/report.html?id=2101461338093052af0a45936d9c1aa6c6fb4546849f192ab2a02a224a8c2bac-1323191725
High risk: http://siteinspector.comodo.com/public/reports/748001

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 07, 2011, 01:28:59 PM
Bookmarked
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 07, 2011, 01:34:05 PM
Bookmark it, stickies are a pain in the rear; not long back you had to scroll down to get to the live content too many stickies.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on December 07, 2011, 03:11:11 PM
Bookmark it, stickies are a pain in the rear; not long back you had to scroll down to get to the live content too many stickies.

+1
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 07, 2011, 06:39:05 PM
zeus v2 trojan detection
See: http://www.virustotal.com/url-scan/report.html?id=44fe92bbbdf8dba89791a2d93cb2aa21-1323275210
See: http://www.virustotal.com/file-scan/report.html?id=197073d0ff15cda527ab0eba11614885b533e6cf5d27a359719365e292fad7ed-1323278814
Blacklisted: http://siteinspector.comodo.com/public/reports/754142

reported to virus AT avast dot com

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on December 07, 2011, 08:09:43 PM
Winlock aka Ransom

http://www.virustotal.com/file-scan/report.html?id=b8fd8574cddd5f42cee752b90d335d273ce841b8832226888e796534951145ac-1323284069

http://www.virustotal.com/file-scan/report.html?id=d072a8782c4bf5e7c9d2f8194a52a17775fb0a5171ff76b64f20312e93ed2866-1323284252

exploit pack - Exploit.Java.CVE-2011-3544 (Caught on the same site where the spread blockers)

http://www.virustotal.com/file-scan/report.html?id=e033996289f657e5c3549239049432e1e0c342810eb8a9cabd28dfe070eecdb8-1323284330

Sent to Avast.

Dim@rik
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 09, 2011, 02:22:40 PM
W32/Pinkslipbot.gen.as

http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044 (http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on December 09, 2011, 02:28:38 PM
W32/Pinkslipbot.gen.as

http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044 (http://www.virustotal.com/file-scan/report.html?id=9f7b01a804dc29d301c169cd292bf6c8cd88b15ca1e0ee35f47c1aee8f3c9b99-1323436044)

Nice catch..! :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 09, 2011, 06:56:44 PM
http://www.virustotal.com/file-scan/report.html?id=305c4e7165d53f37fe537c53c9067518dcc069e55f58473fcba607c5b5d665ba-1323451619 (http://www.virustotal.com/file-scan/report.html?id=305c4e7165d53f37fe537c53c9067518dcc069e55f58473fcba607c5b5d665ba-1323451619)

Rogue.FakeHDD
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 09, 2011, 10:13:58 PM
Hi razoreqx,

Same category: http://www.virustotal.com/file-scan/report.html?id=e4e269d9ad00071607b85105055b223b781fc7ab0f0df70f79f084ae0d639304-1323464483
See this analysis, based on same MD5 hash: http://camas.comodo.com/cgi-bin/submit?file=e4e269d9ad00071607b85105055b223b781fc7ab0f0df70f79f084ae0d639304

This is how DrWeb's URL scanner detected this malware:
Checking: -http://46.166.157.31/up_4.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2910580
File size: 169.50 KB
File MD5: 0f38403648d34e9987abf501af245973

-http://46.166.157.31/up_4.exe packed by UPX
>-http://46.166.157.31/up_4.exe infected with BackDoor.IRC.NgrBot.42

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on December 10, 2011, 09:12:13 AM
Winlock aka Ransom


http://www.virustotal.com/file-scan/report.html?id=9533fad13324e0aa16ec9d7250753a28ea7ec1972c946c0dd9eb502ffd73372d-1323503872

http://www.virustotal.com/file-scan/report.html?id=b71cc22b75dde1610ba065151f87735d2715c4d4414846a68aca9b59dae9874b-1323504047

http://www.virustotal.com/file-scan/report.html?id=4b5a061be2f901a13ecb6b53cb3bf5ba111ae5cf53187cd7fae496d6822040ab-1323545076

http://www.virustotal.com/file-scan/report.html?id=cc8b56624eb01e5b1ed97176beee1069a0feedd3a889df726797b22e63efb8f1-1323545889

reported to virus AT avast dot com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 12, 2011, 01:12:13 PM
http://www.virustotal.com/file-scan/report.html?id=afe2dad20ed7197d4c5ea434754a8244ab74dca897eed1be406c49312410911f-1323690671 (http://www.virustotal.com/file-scan/report.html?id=afe2dad20ed7197d4c5ea434754a8244ab74dca897eed1be406c49312410911f-1323690671)


Win32/Kryptik.XDF


Sample uploaded
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 12, 2011, 01:19:37 PM
http://www.virustotal.com/file-scan/report.html?id=e0418aedec38ddd20ec322c736c1090f88de9522d00f49289c8cabb65e91d35d-1323691928 (http://www.virustotal.com/file-scan/report.html?id=e0418aedec38ddd20ec322c736c1090f88de9522d00f49289c8cabb65e91d35d-1323691928)
Rogue.FakeRean
Sample uploaded.

GET /SecureKit2011.exe HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: hxxp://ihbbdbungles.info/global-scan/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinTSI 08.01.2010; .NET4.0C; .NET4.0E)
Host: ihbbdbungles.info
Connection: keep-alive
Via: 1.1 OHAEPHQAS700
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Sun, 11 Dec 2011 19:40:22 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2011 19:37:03 GMT
ETag: "4e6d9e-44e00-4b3d6247715c0"
Accept-Ranges: bytes
Content-Length: 282112
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 12, 2011, 09:54:23 PM
VirusTotal - 10/43 - SkyKeygen Avast 6.x.x.exe
http://www.virustotal.com/file-scan/report.html?id=794c9496ba67d57f2efcbe14ad1c7ce3e4f8744d7c73933b31f9f918cffd79bf-1323722776

soon in avast inbox   ;)



ThreatExpert
http://www.threatexpert.com/report.aspx?md5=3687024420926c956f6260405aa08592
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 13, 2011, 04:26:45 PM
Trogjan.FakeAlert
file:  scandsk.exe
http://virusscan.jotti.org/en/scanresult/0fb58945fd6cadafc9c03010c7bceebc5691a315 (http://virusscan.jotti.org/en/scanresult/0fb58945fd6cadafc9c03010c7bceebc5691a315)

http://www.metascan-online.com/results.cgi?uid=gu4camxrse0oaaci043y25zp5tn4p9cx (http://www.metascan-online.com/results.cgi?uid=gu4camxrse0oaaci043y25zp5tn4p9cx)

ThreatExpert.
http://www.threatexpert.com/report.aspx?md5=8fa84e89b3d20659a6c9aec9bb5b0829 (http://www.threatexpert.com/report.aspx?md5=8fa84e89b3d20659a6c9aec9bb5b0829)

Sample Sent.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 13, 2011, 11:41:35 PM
Zeus config url not detected Zeus C&C everest-club dot ru: http://vscan.urlvoid.com/analysis/b1bf3c1430056ba2fefcc718f8e3be29/d2UtZXhl/
See: http://siteinspector.comodo.com/public/reports/show_log?id=5953

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 14, 2011, 04:54:31 PM
Trojan.Karagany

http://www.virustotal.com/file-scan/report.html?id=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369-1323876452 (http://www.virustotal.com/file-scan/report.html?id=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369-1323876452)

http://camas.comodo.com/cgi-bin/submit?file=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369 (http://camas.comodo.com/cgi-bin/submit?file=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369)

http://www.threatexpert.com/report.aspx?md5=59392f88262a30db38f29486b46bb7b6 (http://www.threatexpert.com/report.aspx?md5=59392f88262a30db38f29486b46bb7b6)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 14, 2011, 05:00:23 PM
Undetected, PUP, riskware or FP?

http://www.virustotal.com/url-scan/report.html?id=6c9e59e62b725654da98b9bf4be2927b-1323874134
&
http://www.virustotal.com/url-scan/report.html?id=6c9e59e62b725654da98b9bf4be2927b-1323874134
&
http://camas.comodo.com/cgi-bin/submit?file=9fa77a2795e02b6c3932a517cb573eb520c2421c9d78f79a003b4e06eb91fcce&iframe=

last scan gives undetected... see: http://urlquery.net/queued.php?id=11825 (suspicious)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 14, 2011, 05:05:49 PM
See: http://www.virustotal.com/url-scan/report.html?id=a194e954d39c0dd69ffb05f6c652e712-1323874466
&
http://www.virustotal.com/file-scan/report.html?id=8d08a15049f68e1352f08b2ac0b32b8d642c176801821811a235bf6ddf6bcc1a-1323878220

Here detected by DrWeb URL checker:

-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2928866
File size: 317.96 KB
File MD5: 5b1c5f2547628a212d403abd3f62cc9b

-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe contains an advertising software Adware.Searcher.1334

reported to vrtus AT avast dot com, could be added as PUP (so won't be seen, but can be added)

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 14, 2011, 05:51:26 PM
Submitted via Virus Chest.


http://virusscan.jotti.org/en/scanresult/6aaefaeb55cdae5e001f9b6f4e29b4049772e971 (http://virusscan.jotti.org/en/scanresult/6aaefaeb55cdae5e001f9b6f4e29b4049772e971)

http://www.threatexpert.com/report.aspx?md5=b69811163d48fc9ef16a939242dcbacc (http://www.threatexpert.com/report.aspx?md5=b69811163d48fc9ef16a939242dcbacc)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 16, 2011, 12:05:27 AM
WORM/Dorkbot.AD.1 not detected: http://www.virustotal.com/file-scan/report.html?id=ca156ba8d276e76787e6d433a392c8f3dc9755d9954e7bcb6d5c68d80b1cd663-1323989079
See: http://camas.comodo.com/cgi-bin/submit?file=ca156ba8d276e76787e6d433a392c8f3dc9755d9954e7bcb6d5c68d80b1cd663
and
http://www.threatexpert.com/report.aspx?md5=1b52eeaf196290fade3a8c1ad62a8710
malicious: http://urlquery.net/report.php?id=12105

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 16, 2011, 08:33:00 PM
See: http://www.virustotal.com/url-scan/report.html?id=ef0c31e8e60340a67f8a046f78e5d78c-1324059347
&
http://www.virustotal.com/file-scan/report.html?id=ca060c4b10b6a548cc50539ba38586fe51cee2cfc9bd27e5a83ccc74e333fccc-1324062950
TROJ_PIDEX.SMJ not detected
anubis analysis report: http://anubis.iseclab.org/?action=result&task_id=117cadcbdf18399f4792ad31722f749db

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 16, 2011, 08:44:06 PM
TR/PSW.Zbot.Y.2067 not detected:
http://www.virustotal.com/url-scan/report.html?id=6acdbdc39e21f86dd10d720857812e41-1324060092
&
http://www.virustotal.com/file-scan/report.html?id=2c07f90d8890b04ef45528869daae4b9e307a94cb8a8e14801379b23a0a4bff4-1324063832

reported to virus at avast dot com

Well and this one  was in their own back garden, abuse at nethost dot cz

D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 17, 2011, 08:55:36 PM
Detection of EXP/SWF.AH missed:
See: http://www.virustotal.com/url-scan/report.html?id=ab5f83eeac09e5ba58b7dbae15d7f1ff-1324127882
and
http://www.virustotal.com/file-scan/report.html?id=c2b39f12699301b18eba51660dd2e3991d58f3a48c2cf2dbb972e5110abc20ba-1324134052
Malware galore there: http://www.google.com/safebrowsing/diagnostic?site=http%3A//chat4freelab.in/content/field.swf

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 18, 2011, 04:30:47 PM
Detection missed for worm: http://www.virustotal.com/url-scan/report.html?id=e9ad4368a9d455a0cc25c9671634b9bb-1324214647
and
http://www.virustotal.com/file-scan/report.html?id=98bce191023c09a8c0265668a1f8fedc05baeed2fba3d15bab3acad07132e13d-1324218382

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on December 19, 2011, 12:00:27 AM
Undetected malwares

1: http://www.virustotal.com/file-scan/report.html?id=c16438de2cf1615ff5775ff8c3a6dfcd6c28b3490e611b02a26d7fe884e90aad-1324245994

2: http://www.virustotal.com/file-scan/report.html?id=0c59457bd4abeb6a7fb824ef9c297eb60ae5f8fa6b0a5966c93a39ef6165d7ce-1324246777
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 19, 2011, 12:14:32 AM
Is this the same by the way http://www.virustotal.com/file-scan/report.html?id=0c59457bd4abeb6a7fb824ef9c297eb60ae5f8fa6b0a5966c93a39ef6165d7ce-1324246777

a keyfinder set/up executable

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 19, 2011, 02:05:28 PM
http://www.virustotal.com/file-scan/report.html?id=9596cc829ec3aa8698d641822f552ae9a9aaed988706e3f89992d593fe71f318-1324299135 (http://www.virustotal.com/file-scan/report.html?id=9596cc829ec3aa8698d641822f552ae9a9aaed988706e3f89992d593fe71f318-1324299135)

http://virusscan.jotti.org/en/scanresult/0ff465579a7ce5235bf37c1429673cbe736b0586 (http://virusscan.jotti.org/en/scanresult/0ff465579a7ce5235bf37c1429673cbe736b0586)

http://urlquery.net/report.php?id=12565 (http://urlquery.net/report.php?id=12565)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 19, 2011, 04:00:48 PM
mdl_trojan Winlock/FakePoliceAlert to unknown_exe miised by avast see:
http://www.virustotal.com/file-scan/report.html?id=e874026aeae1c7182d8155dc2ca76887e1b31bd882f3626a56b7a0d3a9dc4531-1324293612
see: -http://urlquery.net/report.php?id=12533
WOT would stop you to go there any way because of very bad web rep:
http://www.webutation.net/go/review/git7868777777777.nl.ai

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 19, 2011, 04:04:03 PM
http://virusscan.jotti.org/en/scanresult/f5df750c0717aefbc74bc8686f0f117f0c7acb36 (http://virusscan.jotti.org/en/scanresult/f5df750c0717aefbc74bc8686f0f117f0c7acb36)
https://www.virustotal.com/file-scan/report.html?id=737e2c8e1729b860c65e4daf012e7eb4ec9855a9701ea3997626bb37167790dc-1324305873 (https://www.virustotal.com/file-scan/report.html?id=737e2c8e1729b860c65e4daf012e7eb4ec9855a9701ea3997626bb37167790dc-1324305873)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 19, 2011, 04:31:13 PM
Hi razoreqx,

Good find. PM-ed you about whyI think it is definitely trojan malcode i.m.o. Thanks for adding to avast detection,

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 19, 2011, 04:33:49 PM
Hi razoreqx,

Good find. PM-ed you about whyI think it is definitely trojan malcode i.m.o. Thanks for adding to avast detection,

pol

No thanks to you my friend!   You're an amazing researcher (and a good teacher)!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 19, 2011, 05:12:07 PM
http://virusscan.jotti.org/en/scanresult/580122ddae9bdcd79e09be0e397b1c80d1427e20/9a541f483fd5cef441aeb764d0b2622966a5f342 (http://virusscan.jotti.org/en/scanresult/580122ddae9bdcd79e09be0e397b1c80d1427e20/9a541f483fd5cef441aeb764d0b2622966a5f342)

http://www.virustotal.com/file-scan/report.html?id=67de3f40a965cda98a4e1485d05cb2b22c754e9cb6ae11da019fcca774e9f293-1324310635 (http://www.virustotal.com/file-scan/report.html?id=67de3f40a965cda98a4e1485d05cb2b22c754e9cb6ae11da019fcca774e9f293-1324310635)

https://anubis.iseclab.org/?action=result&task_id=1f66db2b0f30ceea42dc774349e143d39&format=html (https://anubis.iseclab.org/?action=result&task_id=1f66db2b0f30ceea42dc774349e143d39&format=html)



Trojan.Dropper
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 19, 2011, 05:30:40 PM
http://www.virustotal.com/file-scan/report.html?id=9c6008d77f2486a143405d295cb57729d8c8759bf4515aaa2f6b6fea149ce3f5-1324311747 (http://www.virustotal.com/file-scan/report.html?id=9c6008d77f2486a143405d295cb57729d8c8759bf4515aaa2f6b6fea149ce3f5-1324311747)

http://virusscan.jotti.org/en/scanresult/36084b8cef9c33f286ed25e79a2d422978ed6c61 (http://virusscan.jotti.org/en/scanresult/36084b8cef9c33f286ed25e79a2d422978ed6c61)


FakeAV.HDD


Server DNS Name: manateigolkey.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) manateigolkey.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: thelangleuber.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) thelangleuber.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: sixboysowners.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) sixboysowners.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: lotughtdenve.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) lotughtdenve.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: gelongotbalebs.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /?ylOdR9GQqXquMlTvsmXlkaz1x3EX+A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) gelongotbalebs.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: shatretodangun.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) shatretodangun.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: cozumesubar.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) cozumesubar.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: rubesolanolex.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /up.php?0Q9oBPXEN0uECUgzEJ95RQsagj3vq1aG3F/2q5oNqwOd0A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) rubesolanolex.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: zownerubpres.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /?ylOdR9GQqXquMlTvsmXlkaz1x3EX+A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) zownerubpres.com   
Others Cache-Control: no-cache 
 
 
Server DNS Name: nuberolubenyc.com   Service Port: 80
Direction Command User-Agent Host Connection Pragma
GET /?ylOdR9GQqXquMlTvsmXlkaz1x3EX+A== HTTP/1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) nuberolubenyc.com   
Others Cache-Control: no-cache 
 
 
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 19, 2011, 07:35:59 PM
Not detected by avast - TR/Crypt.CFI.Gen- see: http://www.virustotal.com/url-scan/report.html?id=132341ba37080f8939a990e881d2502c-1324301045
and
http://www.virustotal.com/file-scan/report.html?id=bda30a652d09b6786feada3c8a44e1258d20df0bc9525986e16b3b7c28b1e787-1324304650

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 20, 2011, 03:42:14 PM
http://www.virustotal.com/file-scan/report.html?id=0b529def03e6fe2e97684b1431b2f97b22ad1347bf513c275ff6a43011b0925c-1324391090 (http://www.virustotal.com/file-scan/report.html?id=0b529def03e6fe2e97684b1431b2f97b22ad1347bf513c275ff6a43011b0925c-1324391090)

https://anubis.iseclab.org/?action=result&task_id=1843010ff24a4968479ef2f65debdcdf4&format=html (https://anubis.iseclab.org/?action=result&task_id=1843010ff24a4968479ef2f65debdcdf4&format=html)

http://www.threatexpert.com/report.aspx?md5=ede031e94dba203b2d027e2334a4c352 (http://www.threatexpert.com/report.aspx?md5=ede031e94dba203b2d027e2334a4c352)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 20, 2011, 04:03:54 PM
@razoreqx

That looks like a CNET download installer.....FP ?.....or does it comes with AdWare



sigcheck:
publisher....: CNET Download.com
copyright....: CBS Interactive
product......: CNET Download.com Installer
description..: CNET Download.com Install
original name: n/a
internal name: CNET Download.com Installer
file version.: v2.0.2.108
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 20, 2011, 04:08:49 PM
@razoreqx

That looks like a CNET download installer.....FP ?



sigcheck:
publisher....: CNET Download.com
copyright....: CBS Interactive
product......: CNET Download.com Installer
description..: CNET Download.com Install
original name: n/a
internal name: CNET Download.com Installer
file version.: v2.0.2.108
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Got the ThreatExpert report back on that too.   Remind me never to download anything from cNET!!
Im not sure I would call this FP.  Did you see the remote host calls?   


Code: [Select]
00000000 | 3041 3043 7A75 7443 3051 7443 3046 7442 | 0A0CzutC0QtC0FtB
00000010 | 3057 7443 3047 7443 3049 7443 3046 7443 | 0WtC0GtC0ItC0FtC
00000020 | 3054 7443 3051 325A 3046 7443 3052 7443 | 0TtC0Q2Z0FtC0RtC
00000030 | 3046 7443 3048 744E 3050 3143 3049 3044 | 0FtC0HtN0P1C0I0D
00000040 | 7A75 3151 3147 3149 3151 7446 3152 3146 | zu1Q1G1I1QtF1R1F
00000050 | 3148 744E 3055 3049 3044 7A75 7444 7444 | 1HtN0U0I0DzutDtD
00000060 | 7444 3043 7442 7A79 3043 3042 7443 7A7A | tD0CtBzy0C0BtCzz
00000070 | 7942 7443 3044 7443 3041 7945 7444 744E | yBtC0DtC0AyEtDtN
00000080 | 3057 3056 7A75 7944 7446 7443 744E 3057 | 0W0VzuyDtFtCtN0W
00000090 | 3053 3050 7A75 7442 744E 3050 3143 3053 | 0S0PzutBtN0P1C0S
000000A0 | 3259 3153 7A75 744A 3156 3057 3150 3043 | 2Y1SzutJ1V0W1P0C
000000B0 | 3154 3143 3150 744E 3052 3053 7A75 7449 | 1T1C1PtN0R0SzutI
000000C0 | 744E 3054 304B 7A75 7944 7442 7943 7943 | tN0T0KzuyDtByCyC
000000D0 | 7A7A 744E 3057 3150 3043 3154 3143 3150 | zztN0W1P0C1T1C1P
000000E0 | 3053 3150 3142 3142 314C 3146 3147 7A75 | 0S1P1B1B1L1F1Gzu
000000F0 | 7443 7A79 7942 7942 3154 7944 3151 3152 | tCzyyByB1TyD1Q1R
00000100 | 7447 7A7A 7A79 7443 7944 7447 3154 3150 | tGzzzytCyDtG1T1P
00000110 | 7944 3150 7447 7943 7942 3151 7944 7447 | yD1PtGyCyB1QyDtG
00000120 | 3152 7443 314F 7945 3151 3151 7441 3152 | 1RtC1OyE1Q1QtA1R
00000130 | 7444 3153 7942 7442 744E 3049 3052 3056 | tD1SyBtBtN0I0R0V
00000140 | 3045 3052 7A75 7944 7446 7442 7442 744E | 0E0RzuyDtFtBtBtN
00000150 | 3042 3052 3057 7A75 3049 3045 3058 3050 | 0B0R0Wzu0I0E0X0P
00000160 | 304C 304F 3052 3045 7446 3045 3058 3045 | 0L0O0R0EtF0E0X0E
00000170 | 744E 3048 3154 3142 304C 304D 7A75 7443 | tN0H1T1B0L0MzutC
00000180 | 744E 3052 304E 3154 3148 3150 7A75 3152 | tN0R0N1T1H1Pzu1R
00000190 | 744F 7441 3041 744F 7944 3043 3257 314C | tOtA0AtOyD0C2W1L
000001A0 | 3147 3151 3146 3257 3142 744F 7944 3043 | 1G1Q1F2W1BtOyD0C
000001B0 | 3142 3255 3142 325A 3150 3148 7441 7442 | 1B2U1B2Z1P1HtAtB
000001C0 | 744F 7944 3043 3142 3154 3148 3145 3149 | tOyD0C1B1T1H1E1I
000001D0 | 3150 3156 7443 7446 3150 3256 3150 744E | 1P1VtCtF1P2V1PtN
000001E0 | 304C 3154 3147 314E 7A75 3045 3147 314E | 0L1T1G1Nzu0E1G1N
000001F0 | 3149 314C 3142 314D 744E 3049 3045 3056 | 1I1L1B1MtN0I0E0V
00000200 | 3150 3143 7A75 7943 7446 7444 7446 7442 | 1P1CzuyCtFtDtFtB
00000210 | 7A79 7444 7444 7446 7442 7443 7A7A 7444 | zytDtDtFtBtCzztD
00000220 | 744E 304A 3053 7A75 7443 744E 3142 325A | tN0J0SzutCtN1B2Z
00000230 | 3154 3143 325A 3150 3151 7A75 7443 744E | 1T1C2Z1P1QzutCtN
00000240 | 3142 325A 3154 3148 3145 7A75 7443 7444 | 1B2Z1T1H1EzutCtD
00000250 | 7443 7443 7441 7945 7444 7443 744E 304C | tCtCtAyEtDtCtN0L
00000260 | 304D 3156 3053 3045 3043 7A75 7442 744E | 0M1V0S0E0CzutBtN
00000270 | 3154 3145 314C 304C 3146 3154 3151 3054 | 1T1E1L0L1F1T1Q0T
00000280 | 314C 3148 3150 7A75 7945 7943 7A7A 744E | 1L1H1PzuyEyCzztN
00000290 | 3154 3145 314C 3050 3143 3146 3151 3044 | 1T1E1L0P1C1F1Q0D
000002A0 | 3154 325A 3150 7A75 7442 7444 7444 7945 | 1T2Z1PzutBtDtDyE
000002B0 | 7447 7444 7441 7447 7443 7444 744E 3154 | tGtDtAtGtCtDtN1T
000002C0 | 3145 314C 3050 3143 3146 3151 3053 314C | 1E1L0P1C1F1Q0S1L
000002D0 | 3254 3150 7A75 7945 7942 7442 7A79 7444 | 2T1PzuyEyBtBzytD
000002E0 | 7942 7A7A 744E 3145 3154 314E 3150 3048 | yBzztN1E1T1N1P0H
000002F0 | 314C 3142 325A 3146 3143 3255 7A75 3149 | 1L1B2Z1F1C2Uzu1I
00000300 | 3146 3154 3151 314C 3147 314E 3050 3154 | 1F1T1Q1L1G1N0P1T
00000310 | 314E 3150 7448 7942 7443 7A79 744F 7441 | 1N1PtHyBtCzytOtA
00000320 | 3042 3257 3150 3149 3152 3146 3148 3150 | 0B2W1P1I1R1F1H1P
00000330 | 3050 3154 314E 3150 7448 7442 7A79 7942 | 0P1T1N1PtHtBzyyB
00000340 | 744F 7441 3042 3146 314F 314F 3150 3143 | tOtA0B1F1O1O1P1C
00000350 | 3050 3154 314E 3150 7448 7443 7441 7944 | 0P1T1N1PtHtCtAyD
00000360 | 7A79                                    | zy

This went over port 80.  Looks like a CERT? 
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: MD Rockstar on December 20, 2011, 10:38:15 PM
http://www.virustotal.com/file-scan/report.html?id=c0ed59b993c085a9ed81dd955ac3a8d8f83992a68f8ff731330812f7bea9c4d3-1324307337


Do i need to send the file to avast.com or virus total link is ok ?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 20, 2011, 10:45:44 PM
http://www.virustotal.com/file-scan/report.html?id=c0ed59b993c085a9ed81dd955ac3a8d8f83992a68f8ff731330812f7bea9c4d3-1324307337


Do i need to send the file to avast.com or virus total link is ok ?
send it in a password protected zip file to  virus @ avast.com
mail subject:  undetected sample
zip password:  infected

it is recommended to use a zip program that also encrypt the file, this will prevent it form being blocked
winrar or 7zip will do this...

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 21, 2011, 02:00:08 AM
Pondus,

You can also find it here: http://forums.malwarebytes.org/index.php?showtopic=102430
contributor = osso  Just searched for the MD5 hash, easy peasy,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 21, 2011, 02:24:42 AM
Not detected unknown_file_Delivery.Pdf: http://www.virustotal.com/url-scan/report.html?id=2760a374f86eae024e9093bece8fbff9-1324426373
see: http://www.virustotal.com/file-scan/report.html?id=a507423dafb1b47af556093f48f21ded75801a0b78d1d422074a802b13079d85-1324430098
Detected by DrWeb URL scanner:
Checking: -http://academiamates.com/Delivery.zip?PuremobileIncID97089437
Engine version: 5.0.2.3300
Total virus-finding records: 2953092
File size: 47.07 KB
File MD5: 93e77bfff47d620ace7cce9c6a303fe0

-http://academiamates.com/Delivery.zip?PuremobileIncID97089437 - archive ZIP
>-http://academiamates.com/Delivery.zip?PuremobileIncID97089437/Delivery.Pdf____________________________________________________________________________________.exe infected with Trojan.Siggen3.31711

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 21, 2011, 04:17:18 PM
Trojan.Karagany

http://www.virustotal.com/file-scan/report.html?id=a31b5e52c2fb8d0f2e98a4a2ef9c5aa7e3fb1105274251cfea2167fdc910161b-1324479799 (http://www.virustotal.com/file-scan/report.html?id=a31b5e52c2fb8d0f2e98a4a2ef9c5aa7e3fb1105274251cfea2167fdc910161b-1324479799)

http://virusscan.jotti.org/en/scanresult/f3a129b6467e19ebb8f5445e4635caf5d8bd69a2 (http://virusscan.jotti.org/en/scanresult/f3a129b6467e19ebb8f5445e4635caf5d8bd69a2)

http://urlquery.net/report.php?id=12955 (http://urlquery.net/report.php?id=12955)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 21, 2011, 05:22:40 PM
Adware Downloader

http://www.virustotal.com/file-scan/report.html?id=05aee16f88b45a8bfb81d1083fb298193d68942f1b16612b225ce2e77e6d03c5-1324483656 (http://www.virustotal.com/file-scan/report.html?id=05aee16f88b45a8bfb81d1083fb298193d68942f1b16612b225ce2e77e6d03c5-1324483656)

http://virusscan.jotti.org/en/scanresult/328f87e09b442d34377f9e1b8ae6f38ba8590946 (http://virusscan.jotti.org/en/scanresult/328f87e09b442d34377f9e1b8ae6f38ba8590946)

http://www.threatexpert.com/report.aspx?md5=38a7083ec6feb55dfca2a0c2607701e4 (http://www.threatexpert.com/report.aspx?md5=38a7083ec6feb55dfca2a0c2607701e4)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 21, 2011, 05:39:29 PM
Hi razoreqx,

Is this report somehow related to it? see: http://www.threatexpert.com/report.aspx?md5=5281fd5adcfc75202622bc586043e282
See: http://jsunpack.jeek.org/dec/go?report=d495bbeb8ebb44c204e25422b65d814d1f220d0e

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 21, 2011, 05:50:09 PM
Hi razoreqx,

Is this report somehow related to it? see: http://www.threatexpert.com/report.aspx?md5=5281fd5adcfc75202622bc586043e282
See: http://jsunpack.jeek.org/dec/go?report=d495bbeb8ebb44c204e25422b65d814d1f220d0e

polonus
\
I just got that back about 10 mins ago.. You're fast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 21, 2011, 07:57:16 PM
Not bashing CNET but anything that modifies my firewall rules, and without asking I have an issue with!


http://www.virustotal.com/file-scan/report.html?id=751850a5e527c5987201d400fae2ac8aab0f644a042af89c2e02aaa757f06ea3-1324494179 (http://www.virustotal.com/file-scan/report.html?id=751850a5e527c5987201d400fae2ac8aab0f644a042af89c2e02aaa757f06ea3-1324494179)

http://www.threatexpert.com/report.aspx?md5=bb411fef75d17a07bc82da72b67919cc (http://www.threatexpert.com/report.aspx?md5=bb411fef75d17a07bc82da72b67919cc)

http://virusscan.jotti.org/nl/scanresult/d443623bd73f4f10a8caa76b5902bf5d1524716a (http://virusscan.jotti.org/nl/scanresult/d443623bd73f4f10a8caa76b5902bf5d1524716a)

http://support.clean-mx.de/clean-mx/viruses.php?domain=we-care.com&sort=email%20asc (http://support.clean-mx.de/clean-mx/viruses.php?domain=we-care.com&sort=email%20asc)

https://anubis.iseclab.org/?action=result&task_id=174430ff4cd876654254372d4c6abb2de&format=html (https://anubis.iseclab.org/?action=result&task_id=174430ff4cd876654254372d4c6abb2de&format=html)

http://urlquery.net/report.php?id=12984 (http://urlquery.net/report.php?id=12984)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 21, 2011, 09:19:56 PM
Hi razoreqx,

This is what I get back  from abad iFrame detektor scan:

Check took 6.06 seconds

(Level: 0) Url checked:
-http://we-care.com
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.we-care.com/templates/ac_runactivecontent.js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.we-care.com/templates/wc.js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.we-care.com/templates/fat.js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://we-care.com//scripts/jquery.js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://tag.didit.com/js/tman_iframe.js
Zeroiframes detected on this site: 1
No ad codes identified

(Level: 2) Url checked: (iframe source)
-http://tag.didit.com/js/+d+
Blank page / could not connect
No ad codes identified

(Level: 2) Url checked: (script source)
-http://tag.didit.com/js/+scriptstr;jscall+=&tmlogit=0;if(tmparam.tmcampid||tmparam.levrev||tmparam.levresdes)window.tmcbrequired=1;jscall+=&tmtag=js
Blank page / could not connect
No ad codes identified

(Level: 1) Url checked: (script source)
-http://www.google-analytics.com/urchin.js
Zeroiframes detected on this site: 0
No ad codes identified

see (embed) -cdn.we-care.com/Content/SWF/titles.swf?tvalue=Responsible+Shopping+and+the+We-Care.com+Community&tcolor=0xFF6600

All there will redirect eventually to appnexus.com an ad retargeter with not such a very good web rep:
http://www.mywot.com/en/scorecard/appnexus.com
http://www.webutation.net/go/review/appnexus.com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 22, 2011, 12:12:00 AM
Avast does not detect this SpyEye binairy:
http://www.virustotal.com/url-scan/report.html?id=c37f975f900b98d2b5d61a18f69c1e2b-1324488656
and
http://www.virustotal.com/file-scan/report.html?id=e4767c0989108a271011e117871e0fad141bd44ec3a119080e2bac864a7b0ad3-1324492270
Anubis report from SpyEyeTracker: http://anubis.iseclab.org/?action=result&task_id=13c4c9e7e7c442f5419f26785d839c2cc

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 22, 2011, 12:15:53 AM
The link is dead now

http://www.virustotal.com/url-scan/report.html?id=c37f975f900b98d2b5d61a18f69c1e2b-1324505134
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 22, 2011, 12:36:40 AM
Hi Pondus,

You are right status: offline. But avast did not have had it, if it had been up and alive,

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 22, 2011, 12:41:13 AM
sooner or later they recive it from VT
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on December 22, 2011, 01:54:05 AM
What? CNET is messing firewall rules? Is it posible? Am I reading correctly?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 22, 2011, 02:42:12 AM
What? CNET is messing firewall rules? Is it posible? Am I reading correctly?

User desktop firewalll... Not parameter fw...  the details are in the sandbox output
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on December 22, 2011, 02:42:20 PM
http://www.virustotal.com/file-scan/report.html?id=d9c38651d8b9e3bfb50eb19070e49398599f60b2413554e6cf0103f4680ba8da-1324560750 (http://www.virustotal.com/file-scan/report.html?id=d9c38651d8b9e3bfb50eb19070e49398599f60b2413554e6cf0103f4680ba8da-1324560750)

Sample sent
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 24, 2011, 12:38:51 AM
Not detected: TR/Hijacker.Gen
See: http://www.virustotal.com/url-scan/report.html?id=5c6dd3a08ed1467955086049015a5d38-1324677601
and
http://www.virustotal.com/file-scan/report.html?id=1221916ed2f4bcab2141e378aa0670601742fdad787c0b7d59dc93f977125ea8-1324681317
See: http://reports.antivirus-lab.com/13726/winudapter-exe-2/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Lisandro on December 24, 2011, 12:50:50 AM
Polonus: we'll never thank you enough for helping improving deteccion. Merry Christmas.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on December 24, 2011, 12:52:26 AM
Polonus: we'll never thank you enough for helping improving deteccion. Merry Christmas.

+1 :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 24, 2011, 05:00:34 AM
Polonus should be a virus analyst in this case  ::) ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 26, 2011, 12:31:42 AM
Hi forum friends,

Missed PUA.Script.PDF.EmbeddedJavaScript, see: http://www.virustotal.com/url-scan/report.html?id=a19a42caa602f40334b29884f0e44d51-1324851413
and
http://www.virustotal.com/file-scan/report.html?id=27d65ecd5ad0142f541e3b896651ad143522b3c80862c95c7c3310bcd592c723-1324855026
See: http://urlquery.net/queued.php?id=13411  verdict malicious
compressed Filter/FlateDecode stream object

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on December 26, 2011, 12:37:08 AM
Good catch. - Defintely malware..!!! ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 26, 2011, 12:49:24 AM
Hi Asyn,

Hope this will help avast detection. Especially users with older Adobe Reader and Acrobat versions are vulnerable to the exploits used here:  Collab.collectEmailInfo() JavaScript Overflow (CVE-2007-5659) and Util.printf() JavaScript Overflow (CVE-2008-2992).
This malware takes advantage of a vulnerability to remotely access or attack a program, computer or server,

Damian
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 28, 2011, 10:22:29 PM
See: http://www.virustotal.com/url-scan/report.html?id=1c99945185ca03882745329c8e2b15ce-1325103177
and
http://www.virustotal.com/file-scan/report.html?id=f5ffb9d7575551b6470a92b9213a47f78f0a8910b4fa11f9295d758c33ab0f27-1325106790
unknown exe See: http://www.threatexpert.com/report.aspx?md5=8aac478bb8ba38a3b03a3d30cda9b510

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on December 29, 2011, 06:27:44 PM
 optimize  virustotal .... :>

https://new.virustotal.com/ (https://new.virustotal.com/)

Java fake

http://virusscan.jotti.org/en/scanresult/288920b9ae922935e775d529b182ae30f40655b7

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 29, 2011, 07:28:19 PM
Nice the new https VT now has a 32MB upload limit.

Just hope they beef up the server as the load gets horrendous at times and this page took some time just to load, haven't tried submitting anything yet.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 30, 2011, 12:51:42 AM
Hi DavidR,

Did they also fix the problem with loading newer VT result links?

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 30, 2011, 01:09:20 AM
I have no idea, as I said I haven't submitted anything so I didn't have a results link to test. But I honestly don't know what is going on with the links as I had never experienced the problem.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on December 30, 2011, 08:02:35 AM
https://new.virustotal.com/file/9e243a83be426211ed22b9e41e3a0d9dbee713412429014a16291632a296e6d6/analysis/1325226582/

Malwarebytes' Anti-Malware - Java fake
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 30, 2011, 01:41:12 PM
Well the link works, which is a good first step on the new.vt, the server is still slow. Don't particularly like the new layout too big and expanded, too much white space.

I like the additional information at the bottom is nice, this one is a bit of a strange beast as it give information on the "Sigcheck digital signature information" and this is saying it has a digital signature.

Quote from: VT sig Info
publisher................: Sun Microsystems, Inc.
product..................: Java(TM) Platform SE 6 U26
internal name............: javaw
copyright................: Copyright (c) 2011
original name............: javaw.exe
file version.............: 6.0.260.3
description..............: Java(TM) Platform SE binary

All the other info pulled from the file also indicates it is a Sun File, if it is a fake, they have gone to extraordinary lengths. But given its file size it is very large 888KB for javaw.exe (so suspect). I have an old copy for javaw.exe jre6 update 27 and that is only 141KB and that comes up clean on VT.

Since virtually all of the detections are generic/heuristic/crypt/packer. I would certainly send it to http://anubis.iseclab.org/?action=home (http://anubis.iseclab.org/?action=home) for further detailed analysis.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: YoKenny on December 30, 2011, 02:49:33 PM
Does anyone wonder why Burkoff has the avast! revolving icon in his signature: ???
http://images.backata.com/image-62A6_4D301DF5.gif
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on December 30, 2011, 02:52:56 PM
Does anyone wonder why Burkoff has the avast! revolving icon in his signature: ???
http://images.backata.com/image-62A6_4D301DF5.gif
Thats not a VT link! ::)

Well the link works, which is a good first step on the new.vt, the server is still slow. Don't particularly like the new layout too big and expanded, too much white space.
+1
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 30, 2011, 06:37:29 PM
Hi folks,

And as yet not fully functional for searching on a URL for file scan results. Asked jotti in a mail  to come up with a url scan link function as well, but the man there said as for now they cannot find the time to do it. Only alternative I have is Garyshood Online Virus Scanner with URL scan (hampered now because depending on VT reults?). This scanner - http://urlscan.chanret.com/ seems only to have DrWeb URL scanner results implemented, and I advise against the use of it because avast Web shield may alert the search results it delivers, for instance JS:Redirector-MX[Trj] was found when scanning for results on scanning  JS/Agent.aln   ARIN   AR   ivitor at -towebs.com   200.62.54.127    to 200.62.54.127   -dentalflores.com.ar   -http://dentalflores.com.ar (also blocked by Google Safebrowsing by the way - and WOT, see: http://www.webutation.net/go/review/dentalflores.com.ar )

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 31, 2011, 02:36:46 PM
Not detected by avast, TR/Spy.Gen, see: http://www.virustotal.com/url-scan/report.html?id=85e70e0b4afa97e773d99020e167cbf9-1325334179
and http://www.virustotal.com/file-scan/report.html?id=438f18f570c9365f407a588825812c457494b714e158a8f4f69946e79783a51e-1325337792
Also see:
http://camas.comodo.com/cgi-bin/submit?file=438f18f570c9365f407a588825812c457494b714e158a8f4f69946e79783a51e&iframe=

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 03, 2012, 06:34:17 PM
Not detected: http://www.virustotal.com/url-scan/report.html?id=b80dc2cfd03eb0d9a04f093379690f87-1325607516
and
http://www.virustotal.com/file-scan/report.html?id=10975776bf2e7e52cddf98dac34aff6fd6959909f92dbbf508fe0c4ba4dc7683-1325611195
infected with TR/Dropper.Gen

reported to virus AT avast dot com
see also: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-ULS/detailed-analysis.aspx
&
http://www.threatexpert.com/report.aspx?md5=b65bb482a940ab00705271151ee88d85

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 03, 2012, 09:44:40 PM
undetected malware:

https://new.virustotal.com/file/904d9840f39231f253cef9f57c374936a3b3ba4927f8da5bf0d39a8a17e40889/analysis/1325623059/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: avastfan18 on January 03, 2012, 10:03:28 PM
undetected malware:

https://new.virustotal.com/file/904d9840f39231f253cef9f57c374936a3b3ba4927f8da5bf0d39a8a17e40889/analysis/1325623059/
AVG had catched it! Respect!
But is that real threat?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 03, 2012, 10:08:27 PM
Hi avastfan18,

It is a fake av ransom trojan, so a real threat. Dit you forward this to virus AT avast dot com?

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on January 03, 2012, 10:11:41 PM
Hi avastfan18,
It is a fake av ransom trojan, so a real threat. Dit you forward this to virus AT avast dot com?
polonus

Hopefully JuninhoSlo already did send it. ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 03, 2012, 10:21:48 PM
Hi avastfan18,
It is a fake av ransom trojan, so a real threat. Dit you forward this to virus AT avast dot com?
polonus

Hopefully JuninhoSlo already did send it. ;)

I sent UD malware -via:

-email
-chest
-http://www.avast.com/contacts
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 03, 2012, 10:22:50 PM
Hi JuninhoSlo,

Thanks for adding to avast detection,

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 04, 2012, 06:52:43 PM
Hi JuninhoSlo,

Thanks for adding to avast detection,

pol

Any time ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 05, 2012, 04:52:51 PM
unknown_file_$INSTDIR/Winup.exe not detected by avast:
http://vscan.urlvoid.com/analysis/c692522ec46913bc0b05febb718e6b2d/d2ludXBiZy13cDAxNi1leGU=/
see: http://www.virustotal.com/url-scan/report.html?id=e8a3bc64470f99c3bcc6600a17b52b72-1325773847
& http://www.virustotal.com/file-scan/report.html?id=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850-1325777542
& http://anubis.iseclab.org/?action=result&task_id=149d599224d926784c1d77666c679ec32
See: http://camas.comodo.com/cgi-bin/submit?file=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850
See: http://siteinspector.comodo.com/public/tasks/81175  with this last scan nothing found
reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 06, 2012, 01:35:46 AM
I get a new VT result via the MD5 hash: http://www.virustotal.com/file-scan/report.html?id=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850-1325794663
VT Community Opinions differ - 50% goodware 50% malware
&
http://camas.comodo.com/cgi-bin/submit?file=70d89418677bb8ba0dd76f2be0e50df0cb3a9cc8aa73bec8e4db3915da83c850&iframe=

See: http://www.threatexpert.com/report.aspx?md5=43d3f031ab9e1bd78ce82c55ca564997
seen as low risk, could it be riskware or even a PUP?

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 06, 2012, 12:42:29 PM
Trojan-Downloader.Win32.Karagany

http://www.virustotal.com/file-scan/report.html?id=ac1dc4d0c949f3d801f3220dc05d89e9cd0e261a3a1d24b2e999a70125aae1ad-1325849510 (http://www.virustotal.com/file-scan/report.html?id=ac1dc4d0c949f3d801f3220dc05d89e9cd0e261a3a1d24b2e999a70125aae1ad-1325849510)

http://urlquery.net/report.php?id=14831 (http://urlquery.net/report.php?id=14831)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 06, 2012, 06:46:31 PM
http://www.virustotal.com/file-scan/report.html?id=486924457c58d4c9a5d23e287fb3eff8efaaa098c55987c4bc39a0f04a3c6d70-1325869063 (http://www.virustotal.com/file-scan/report.html?id=486924457c58d4c9a5d23e287fb3eff8efaaa098c55987c4bc39a0f04a3c6d70-1325869063)

http://anubis.iseclab.org/?action=result&task_id=19d59e40e7a331b4465decf76ba5923f8&format=html (http://anubis.iseclab.org/?action=result&task_id=19d59e40e7a331b4465decf76ba5923f8&format=html)


Fake.AV    


Submitted.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 06, 2012, 10:01:12 PM
See: https://new.virustotal.com/url/204247e99fbb5985046cce37b742b2433794c68cd9e4ff876a48887f8cab9391/analysis/1325883253/
and
http://vscan.urlvoid.com/analysis/7139ee9bad5b095c589c316ec27de84a/YWdlbmRhLWV4ZQ==/
See: https://new.virustotal.com/file/e4abc9d2a62fd7775738f6b36931ea14ab4b29bca2e6394f338f9508757deb63/analysis/
See: -http://jsunpack.jeek.org/?report=043e665c96f3f6945e7b09f61cc25f1649ee6b85
Visit above link only when security savvy, with ample script protection and in a VM,

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 06, 2012, 11:27:05 PM
Not detected by avast, TR/Spy.Banker.53248.13, should be detected as Win32:Malware-gen, see:
http://vscan.urlvoid.com/analysis/376702393caa1d8f6800b5bf7125765d/YXNzaXN0aXItYW9zLXZpZGVvcy1pZHMtMDAwMTIw/
See: https://new.virustotal.com/url/95ada4f72abcb65054e5241dec30309e07e8072ed3c9b9a0a8ff3c32b25320de/analysis/1325888647/
DrWeb URL checker flags: Checking: -http://198.106.204.222/view/videos/downloads/Assistir_AoS_Videos=iDs=00012012_.exe
Engine version: 7.0.0.11250
Total virus-finding records: 2511482
File size: 52.00 KB
File MD5: 376702393caa1d8f6800b5bf7125765d

-http://198.106.204.222/view/videos/downloads/Assistir_AoS_Videos=iDs=00012012_.exe infected with Trojan.DownLoader5.31000
and in this case avast does detect: http://www.virustotal.com/file-scan/report.html?id=142e69c070aa3d418a1f8fdcb121ec6aaf2c1b19572dcb7f7ba25bdbd45b5a0e-1325886727
as: Win32:Malware-gen

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 08, 2012, 12:02:47 AM
Re: https://new.virustotal.com/url/bf8f68458cdf3d1be3b1aad36f072033c4c6a1f94c5eb08ff7dcdc69b5a67ecf/analysis/1325976924/
and
http://www.virustotal.com/file-scan/report.html?id=c2c7eda4fc5f34f3e6e734d907e2eff642d78ebda1a75a904c5b31350557621e-1325970284
See: http://vscan.urlvoid.com/file/ec6a2d79b13d3dd8427cc0413dcdde4b/bWUyc3VwcG9ydGVyLWV4ZQ==/
It is Trojan-Banker.Win32.Banker

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 08, 2012, 06:54:18 PM
Trojan/Win32.Blocker not detected: http://www.virustotal.com/file-scan/report.html?id=c56bcc8b9cb97bb6df30f18dd4360e36614b2e058203547f6f3da00a427248eb-1326043721

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 11, 2012, 08:18:39 PM
undetected malware

http://www.virustotal.com/file-scan/report.html?id=37b8446d6f82c77fa9ff88417af08aa5faef69bf6c86138d2460d2ee7c95e5fb-1326307856
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 11, 2012, 08:28:58 PM
undetected malware

http://www.virustotal.com/file-scan/report.html?id=37b8446d6f82c77fa9ff88417af08aa5faef69bf6c86138d2460d2ee7c95e5fb-1326307856

http://www.isthisfilesafe.com/md5/66CBC40C85B9163CB9275367663D5E2F_details.aspx (http://www.isthisfilesafe.com/md5/66CBC40C85B9163CB9275367663D5E2F_details.aspx)

Good find
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 12, 2012, 02:17:48 PM
trojan.zbot.
Trojan.Danmec

https://www.virustotal.com/file/f582e283d9da5d9d7031f93d7ce4f973f45f0b461e7118b23e2b5509d48f7fa8/analysis/ (https://www.virustotal.com/file/f582e283d9da5d9d7031f93d7ce4f973f45f0b461e7118b23e2b5509d48f7fa8/analysis/)

http://urlquery.net/report.php?id=15840 (http://urlquery.net/report.php?id=15840)

Uploaded
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 12, 2012, 06:37:40 PM
#W32/Yakes.

https://www.virustotal.com/file/b084faf441fc3c68f3a2cd6f4fb66dfe6e07084217a0a3176d37cc405c061253/analysis/1326389697/ (https://www.virustotal.com/file/b084faf441fc3c68f3a2cd6f4fb66dfe6e07084217a0a3176d37cc405c061253/analysis/1326389697/)

Submited
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 12, 2012, 06:46:49 PM
https://www.virustotal.com/file/bcbfc3882cb3d8b3e6188f3a46bfbb2e6f16c0e6c4cfbedcc8279a49d049b250/analysis/1326390293/ (https://www.virustotal.com/file/bcbfc3882cb3d8b3e6188f3a46bfbb2e6f16c0e6c4cfbedcc8279a49d049b250/analysis/1326390293/)

#Rogue.FakeRean

Submited
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on January 12, 2012, 09:48:41 PM
Winlock

https://www.virustotal.com/file/a2d90463b7acce176af1933d8539e9e1f653d5ba8dcf8b71c0b5c5553dd30277/analysis/

https://www.virustotal.com/file/8c1c8c27093257f9d21d3dc57e798f04bfb9c3b5e198aa5343d505d17a595c3c/analysis/1326400820/

https://www.virustotal.com/file/829243518e7f1a51f79cfc2ea5cec218be3c136fd12696ef7daa7546f0a12ddd/analysis/1326400847/

https://www.virustotal.com/file/ca97030ba892535e784a1cbcfce5c0c2359f711bbca2ab9defcefbe2e08a91ee/analysis/1326400854/

https://www.virustotal.com/file/d96de5ab60bb93855840a00893ba8a42e47b676bd93da9984dbbf5e56dfc7d93/analysis/1326430284/

Submited
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 14, 2012, 12:25:01 AM
Dim@rik,

It is a pity that the use of this tool was not mentioned: http://support.kaspersky.com/faq/?qid=208282275 in the case of this reported: https://www.virustotal.com/file/ca97030ba892535e784a1cbcfce5c0c2359f711bbca2ab9defcefbe2e08a91ee/analysis/ This special decryptor tool was designed for these trojans - scanner download at site there, link source Kaspersky Support...

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on January 14, 2012, 11:24:49 AM
Dim@rik,

It is a pity that the use of this tool was not mentioned: http://support.kaspersky.com/faq/?qid=208282275 in the case of this reported: https://www.virustotal.com/file/ca97030ba892535e784a1cbcfce5c0c2359f711bbca2ab9defcefbe2e08a91ee/analysis/ This special decryptor tool was designed for these trojans - scanner download at site there, link source Kaspersky Support...

polonus

Good day Polonus

No, not much so, that you have a link to the utility for deciphering virus cryptor.

A Winlock look like this https://www.drweb.com/xperf/unlocker/gallery/

Just like Trojans and I sent.
Title: Re: Samples missed by avast (VirusTotal links only!) [SOLVED]
Post by: polonus on January 14, 2012, 06:42:27 PM
Malware EXP/SWF.AS not found by avast - low detection anyway:
https://www.virustotal.com/url/4533dedc7b44843bc1a6bfa417e00e61c2a9ebb5db863f72937671579a2f606f/analysis/1326562266/
see: https://www.virustotal.com/file/42fdb8be709abed7a12a8c76e9e4ff5b85a54c659862c59a25b2f09baebef0df/analysis/
see: http://vscan.urlvoid.com/analysis/689f5374450115b9a3f90024883732af/Mjc=/
Also see: https://www.virustotal.com/file/b191f7b5bde474869140f30165b6ae9879cb6af3073c0abc05650c585172fb28/analysis/

reported to virus AT avast dot com with all other instances at VW,

polonus

Goodware blackhole to discredit av detections: https://www.virustotal.com/file/42fdb8be709abed7a12a8c76e9e4ff5b85a54c659862c59a25b2f09baebef0df/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 15, 2012, 09:15:56 PM
undetected malwares

https://www.virustotal.com/file/a641219006c0c8d76c3f0b610f11f15140eb7ce673b97d8ab97f6e53abb3e81b/analysis/1326651018/

https://www.virustotal.com/file/4ad877a8587e1baa288b5c89545d07d299f293b514f195e5088d9a8d6d1d4249/analysis/1326653818/

https://www.virustotal.com/file/eb7aa41abeabfaa9cdeb8758cba25678ef071e6dd96475facd26185002311424/analysis/1326654974/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 15, 2012, 09:20:45 PM
Hi JuninhoSlo,

The first one was this: http://threatcenter.crdf.fr/?More&ID=64651&D=CRDF.Trojan.Win32.PEx.91916191925
Related to this: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=387fb9d8f1969d118c3abcf4da46e9a2 or this: http://vms.drweb.com/virus/?i=1719341

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 17, 2012, 01:11:30 PM
Rogue.FakeRean

https://www.virustotal.com/file/11cb777880e1abfd1a9285fb98b598e6e7d5b5c25b11ef4610d3ea695e6dcba2/analysis/1326802024/ (https://www.virustotal.com/file/11cb777880e1abfd1a9285fb98b598e6e7d5b5c25b11ef4610d3ea695e6dcba2/analysis/1326802024/)
Title: Re: Samples missed by avast (VirusTotal links only!) SOLVED
Post by: polonus on January 18, 2012, 12:11:52 PM
Not detected by avast: http://vscan.urlvoid.com/analysis/ab9403919144c1d4f9dd2d4378a452c8/ZnR1MTAwNC1leGU=/

reported to virus AT avast dot com,

polonus

P.S. Detected as PUP see: https://www.virustotal.com/file/d6474fe7b8ec47bf8152f197cb83f99c7af5f7a32548a73963ec145faefdb14f/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 18, 2012, 08:15:20 PM
Submited.

Trojan.Karagany
https://www.virustotal.com/file/24c09d3920beee4b5c5e3b56a7a095c737bdaca3766ae2880c6cf12d4bb7aa70
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 19, 2012, 08:36:51 PM
submitted.

#rogue.Fake.HDD

https://www.virustotal.com/file/96f825b5810eb220ae7fb6e2a148261b009ab564f507ca57ede7db4562acc937/analysis/1327001583/ (https://www.virustotal.com/file/96f825b5810eb220ae7fb6e2a148261b009ab564f507ca57ede7db4562acc937/analysis/1327001583/)

new Fake.HDD fast flux campaign. 
livofotaltv.com
onelenolecubs.com
wautilber.com
withijs.com

RGX:
GET /britx/a HTTP1.1
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on January 23, 2012, 03:26:34 PM
Cidox


https://www.virustotal.com/file/41aaf73598c481bfc9633a6be45fce76aedc29e0063afb3a171ee8dd78940382/analysis/1327327826/

https://www.virustotal.com/file/6cc87cfe04023d7189b2c3f6a547bc81ba0ff7ed5ca7d7dd88686962f8d79c7e/analysis/1327328072/

https://www.virustotal.com/file/ae4c86f1ceb2228f2f11175a9901918ee7a2ba28cf56787b9724e4377bf95d88/analysis/1327328173/


Some samples sent on Saturday morning and Avast are not defined.

Slow processing of samples.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 26, 2012, 03:25:49 PM
https://www.virustotal.com/file/10548bcbd80a9a8144d76e8d34700b77de70216285bed1268b5be17f11b35e94/analysis/1327587770/ (https://www.virustotal.com/file/10548bcbd80a9a8144d76e8d34700b77de70216285bed1268b5be17f11b35e94/analysis/1327587770/)

Sample Sent
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 29, 2012, 12:32:37 AM
Trojan winlock.V not detected by avast:
https://www.virustotal.com/file/b4b2ce263e475515e687f3f75bc33ce5537cc55a6e376d1dce08abb6f679f728/analysis/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on January 31, 2012, 01:53:23 PM
Submitted

https://www.virustotal.com/file/63dddb0a63c8b451bf115907c50f5516bcc8d7ed070b12f870c0ad6de9f3d598/analysis/ (https://www.virustotal.com/file/63dddb0a63c8b451bf115907c50f5516bcc8d7ed070b12f870c0ad6de9f3d598/analysis/)

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 31, 2012, 11:24:45 PM
Nothing detected here: http://vscan.urlvoid.com/analysis/78314d320bcecf33c5ab83bd678b1081/MzI=/
flagged as Trojan-Ransom.Win32.Foreign.xy by kaspersky's
Suspicious: http://urlquery.net/report.php?id=18597
See: http://anubis.iseclab.org/?action=result&task_id=137ec74bf307e2cf411f8a83b60ef88a5&format=html
VT results:
https://www.virustotal.com/file/04fc3e16bda3568cf5be72a031eda73fab5908ade5e1c7b627bded8480a04fce/analysis/
reported to virus at avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on February 01, 2012, 04:18:36 PM
https://www.virustotal.com/file/efbe07b84aa9e5fab4497ac9f639907d3eb7e97494392b62d94e177d345f1764/analysis/1328109225/ (https://www.virustotal.com/file/efbe07b84aa9e5fab4497ac9f639907d3eb7e97494392b62d94e177d345f1764/analysis/1328109225/)

Submited
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on February 02, 2012, 05:06:17 AM
https://www.virustotal.com/file/6b864aab9ac841074a6e9aeae39b2bdce95441369965fd9e3482443469ac5585/analysis/1328155272/

https://www.virustotal.com/file/2a4e71017ec0eea41a8b71e6f20ba821ca57c71b28529aca3170e2c0010afe9d/analysis/1328155287/

https://www.virustotal.com/file/33806dd561edd18b83668cd026c68d44324ab159b5d260d7205c23d5784a2588/analysis/1328155306/

https://www.virustotal.com/file/b4fa589bbd3ade90acb3e7f3ff61287d5aab749e0d78685e6e9f71a5716da23a/analysis/1328155319/

https://www.virustotal.com/file/5228e85720fbb7b1e66e0852faab2a879ddb55289d5b454f36603967778e4d03/analysis/1328155332/

https://www.virustotal.com/file/6d295b677c9092338b2e882d9c8831a00cda9e39fce0d81df78c4d16f061b33c/analysis/1328155341/

Submited
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on February 02, 2012, 05:31:12 PM
https://www.virustotal.com/file/f98467ca503ea197e973516818ea256eb48f223a5babccba43237853dd4b0181/analysis/ (https://www.virustotal.com/file/f98467ca503ea197e973516818ea256eb48f223a5babccba43237853dd4b0181/analysis/)

Submited
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 02, 2012, 07:40:25 PM
Not flagged: http://vscan.urlvoid.com/analysis/06c257e1bf122b61b5fdf5b2fd8ff69b/Y2xhc3NpY21lbnUtZXhjZWwtMjAxMC1leGU=/
see: http://anubis.iseclab.org/?action=result&task_id=1462de462286de304c14ae5a46796f884
and VT scan: https://www.virustotal.com/url/6676996ba4a9bd5c288515636801cfb3dea6fb88cb4261ca05cf9504a2d15d59/analysis/
Not detected here is ADWARE/Agent.1886490.2 or Trojan.Generic.6670956, also known as Backdoor.Win32.Agent.iba

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on February 05, 2012, 09:17:58 PM
https://www.virustotal.com/file/7e8bb57ad97ace3aa4a8f3ecaf5538e84b58a06e16569f3f60f190fa3e83f80b/analysis/1328464255/

https://www.virustotal.com/file/b0da44b15ab0097ced6af589437f5ec975cadcb5245a5be4d234aa68f2413f29/analysis/1328465733/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on February 06, 2012, 08:54:43 PM
Тhe second day there is no detection of threats  :( Win32:LockScreen


https://www.virustotal.com/file/36b2a0c387fea7bace73154a2eb68daec0ca8f8d7ba863438b671fcdfdb5da61/analysis/1328557748/

https://www.virustotal.com/file/11d9efbf2d1c34959cee8989b8f3a922c1b5faec71d7f07fcd00c788b9a55fd8/analysis/1328557767/

https://www.virustotal.com/file/be7fc0c6b4358ae6c55fa64e6d617924dffb282259f8f354f06e7dd922995fcc/analysis/1328557780/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on February 07, 2012, 05:12:02 PM
#Trojan.Karagany

https://www.virustotal.com/file/290853e5d2451bbcba738412efba7f3d50f5e9572a6fb23476e7ba8b966b15fa/analysis/1328630874/ (https://www.virustotal.com/file/290853e5d2451bbcba738412efba7f3d50f5e9572a6fb23476e7ba8b966b15fa/analysis/1328630874/)


Submitted
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 14, 2012, 06:21:37 PM
Non detected HTML/Agent.NP, see: hxtps://www.virustotal.com/file/a72d07ac7c8e6a07dc0f0f0c4cb8c24136da5acea1e5dc3e3c6aff9d095fb661/analysis/
see: hxtp://vscan.urlvoid.com/analysis/f382fe3d08efcce6cd54e56071cac771/Y256ejYtaHRtbA==/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 15, 2012, 11:54:15 PM
Not detected, see: htxp://vscan.urlvoid.com/analysis/927ae0659a7cefd8435d9f7b680da729/aW5kZXg=/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: razoreqx on February 16, 2012, 12:51:09 PM
https://anubis.iseclab.org/?action=result&task_id=1fa86a345dd2a5204cd5b2fe588b79bce&format=html
https://www.virustotal.com/file/f5cc4b10818133d64825d8aaacc3fd2996604a0bd6c33161d209062a156b162c/analysis/

#Fake.AV


Submitted
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 17, 2012, 05:20:31 PM
Not detected by avast flagged as BDS/IRCBot.adit.11, re: htxp://vscan.urlvoid.com/analysis/1cd3a366d926ecc90a5ef9a8de9f3be2/ZS1ncmVldGluZ3MtZXhl/
See: htxp://siteinspector.comodo.com/public/reports/316047

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on February 17, 2012, 06:51:32 PM
undetected malware

https://www.virustotal.com/file/495d315808242be519213cc5226e78d96152212c3c54f71f6aad4b7bf1d8da80/analysis/1329499841/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Burkoff on February 18, 2012, 05:38:31 PM
https://www.virustotal.com/file/a474534bf4185fc604b66396b69fb3a032c9f47b38bcf5ab4e9104d25cfe1054/analysis/

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 18, 2012, 07:02:56 PM
Hi Burkoff,

The threat you mention is as yet still unconfirmed: http://threatcenter.crdf.fr/?More&ID=73847&D=CRDF.Trojan.Trojan.Win32.Spy372115777
Another instance of this malware flagged : https://www.virustotal.com/file/a474534bf4185fc604b66396b69fb3a032c9f47b38bcf5ab4e9104d25cfe1054/analysis/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:20:34 AM
Not detected facebook trojan:
https://www.virustotal.com/file/0b93e830d387218e628b18509f8e7bd0552e231224e23695c8b1582e4507016d/analysis/1329642980/

Sent via virus chest.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:39:04 AM
FakeAV
https://www.virustotal.com/file/c426ee3d74fdbbc00a5eab8b22ed8a911d7a1337c0b925fa51dd6c7adce0c922/analysis/1329644318/

 sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:41:21 AM
CRDF.Trojan.Dropper.
https://www.virustotal.com/file/7d8342b53cc049baff60ad69aaa7c14e5a8aef601a1e497506399c10dc08d6c5/analysis/1329644421/
Not detected.

Sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:43:34 AM
CRDF.Malware.Win32.PEx.Delphi
https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/1329644585/

Not detected sent to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:48:28 AM
https://www.virustotal.com/file/e268ce5b04325c3cc719b732edf2d5c3217023994a8a6c9908b3bba2251f90c6/analysis/1329644885/

Not detected.

Sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:49:18 AM
Last sample from me today  :)
https://www.virustotal.com/file/40e57c819409a025de6a4596e18b156521f31e19c50dc878f5479f724c4753d2/analysis/1329644939/

Not detected.

Sen to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on February 19, 2012, 10:53:56 AM
@true indian: Please summarise your findings in one post..!! Thanks.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 10:56:44 AM
@true indian: Please summarise your findings in one post..!! Thanks.

Sorry asyn i am currently Not at home and i am doing this from a another machine.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on February 19, 2012, 11:01:56 AM
@true indian: Please summarise your findings in one post..!! Thanks.

Sorry asyn i am currently Not at home and i am doing this from a another machine.

Well, not sure why posting from another machine would make a difference..??
Anyway, please remember it for the next time. ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on February 19, 2012, 11:09:51 AM
CaM.Malware.Win32.PEx.C.91167921839
https://www.virustotal.com/file/8d7abf40f309ae3c3dba5b6ce4c588a8ec4112f297e6a6369b8883e2ee2db4cb/analysis/1329645931/

Not detected... sent to avast!

TR/Offend
https://www.virustotal.com/file/3bd58f2bca88b72d3d8c158913eddaab4dc34f7203608108d38253a69dd10564/analysis/1329646147/

Not detected sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on February 20, 2012, 06:25:57 PM
FakeAV
https://www.virustotal.com/file/c426ee3d74fdbbc00a5eab8b22ed8a911d7a1337c0b925fa51dd6c7adce0c922/analysis/1329644318/

 sent to avast!

First seen by VirusTotal   2010-01-05 05:03:03 UTC ( 2 year, 1 month ago )


Sigcheck
publisher................: Trend Micro
product..................: HouseCall
internal name............: HouseCall
copyright................: Copyright (c) 2009 Trend Micro
signing date.............: 11:00 AM 12/25/2009
original name............: HouseCall.exe
signers..................: Trend Micro, Inc.
               VeriSign Class 3 Code Signing 2004 CA
               Class 3 Public Primary Certification Authority
file version.............: 1.0
description..............: Trend Micro HouseCall updater and launcher
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on February 20, 2012, 06:29:50 PM
CRDF.Malware.Win32.PEx.Delphi
https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/1329644585/

Not detected sent to avast
hmmmm....what do you think   ::)

First seen by VirusTotal    2007-09-11 11:18:56 UTC ( 4 year, 5 months ago )
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 21, 2012, 12:53:38 AM
Hi Pondus,

Lucky for true indian, the malware is still with us: https://www.virustotal.com/file/06d28a88c7186156ea17612baf79a80f124e6e961de8e700cc988c7890bf4cca/analysis/
Last given at MalcOde on 2012-02-18, actual status not given,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: liosant on February 22, 2012, 07:36:39 PM
https://www.virustotal.com/file/af96e40a254c99038610bc5a0df5b47e708511aba23d09f5b0b1f0b6d9c7561e/analysis/1329935605/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 22, 2012, 11:52:05 PM
Hi liosant,

What you gave is an undetected Zeus trojan detection, dated 2012/02/22_18:15 from stratoserver dot net.
See: htxp://vscan.urlvoid.com/file/1655be4bd82fb8db376336c604f945a0/bWQ1dnJibmktZXhl/  [none flagged it]
Did you send it to virus AT avast dot com?

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 27, 2012, 03:42:17 PM
This trojan backdoor is not detected by avast: https://www.virustotal.com/file/719702c00da3f540f2e7a43b0dcd031a7ca2b6bd79d06e90dbd5ff8b7426b6ff/analysis/
See: htxp://vscan.urlvoid.com/analysis/516025d2f8a55e5c93d138b75e594962/Y29weS1kdmQtbW92aWUtbm93LWV4ZQ==/
anubis analysis: htxp://anubis.iseclab.org/?action=result&task_id=18421afa1aaadf3149d3edafd7a43ad09

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on February 29, 2012, 05:46:20 PM
TR/Dldr.Delphi.Gen not detected by avast see: http://vscan.urlvoid.com/analysis/21a42bf899a01b32b23266a6eb3fac5a/Ym9sZXRvLWNsaWVudGUtaWQtMjU2OC16aXA=/
Sent to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 03, 2012, 01:37:12 AM
Exploit.JS.Blacole not detected by avast

See: htxp://zulu.zscaler.com/submission/show/1e746713b9ddd676c658e51d7fba651f-1330733871
and htxp://vscan.urlvoid.com/analysis/e889828042cb5e1ba61b06ffcdc48bb7/aW50LW1hcmtldC1odG1s/
see: htxp://urlquery.net/queued.php?id=27509
Says:  Detected Blackhole exploit kit v1.2 HTTP GET request
- Detected Live Blackhole exploit kit

reported to avast, via virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 04, 2012, 05:36:47 PM
See: htxp://zulu.zscaler.com/submission/show/8798b69cb50a0e2f38cc81234c6cffdf-1330878473
and hxtp://vscan.urlvoid.com/analysis/25c96c26895da3f701c2714a09d9fda7/Y2FzdGxlLWV4ZQ==/

hxtp://www.toppopgames.com/castle.exe/{app}\Update100.exe infected with Trojan.MulDrop.49139 aka TROJ_DROPPER.BS

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: REDACTED on March 07, 2012, 07:15:12 PM
https://www.virustotal.com/file/916e1957c18f845ff7b674624bed2b2942b9e2c42102bfd4524a78ad8ad60803/analysis/1331143828/

https://www.virustotal.com/file/4253307f888b997acc04aeb55b174a1b8d83c215087f3e9f5ade7da1f217baf5/analysis/1331143846/

https://www.virustotal.com/file/64d586cbe6bcddc12902e88d46451808f4141644fcbc438bf1b73e2be78f0fc1/analysis/1331144147/

For a long time do not add to the database.

Sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 08, 2012, 12:36:04 AM
Hi Dim@rik,

Thank you very much for adding to avast detection,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 08, 2012, 02:30:29 PM
See: htxp://vscan.urlvoid.com/analysis/be551a9b2f4723e9b83b72135eb93153/aWRmb2xkZXJwcm90ZWN0b3JzZXR1cC1leGU=/
See: htxp://zulu.zscaler.com/submission/show/cf79a66f79c459dad2fff3da61d07b4a-1331213009
See: hxtps://www.virustotal.com/file/7985035c8fdc8df0a33b207d23239684aef662f252a5d38939cf17b9dc91aef4/analysis/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 12, 2012, 09:32:15 AM
Trojan downloader not detected? See: htxp://zulu.zscaler.com/submission/show/d4d9d08f1f65746d58671660a7884484-1331540714
See: htxps://www.virustotal.com/file/f581cd8afd8720e57d3f72ad8e5c20929fb1355ea958aa054d6615c5788dffa8/analysis/
See:
htxps://www.virustotal.com/file/f581cd8afd8720e57d3f72ad8e5c20929fb1355ea958aa054d6615c5788dffa8/analysis/1331541685/
reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on March 12, 2012, 06:59:22 PM
https://www.virustotal.com/file/5000f2f8eb553bde47a2fff77b9658c3d1fc187c10981ca6b842017f03e4eeb0/analysis/1331573829/ (https://www.virustotal.com/file/5000f2f8eb553bde47a2fff77b9658c3d1fc187c10981ca6b842017f03e4eeb0/analysis/1331573829/)
https://www.virustotal.com/file/22cc879095bbcb09731d5f7941d15b6b2e4995ad92ef742eeef941c7b79ec4cd/analysis/1331573841/ (https://www.virustotal.com/file/22cc879095bbcb09731d5f7941d15b6b2e4995ad92ef742eeef941c7b79ec4cd/analysis/1331573841/)
https://www.virustotal.com/file/bd8c7ee2a2d68ba233f41d4703356301bf0244cb0fd0b9494133d01a74c3de62/analysis/1331573852/ (https://www.virustotal.com/file/bd8c7ee2a2d68ba233f41d4703356301bf0244cb0fd0b9494133d01a74c3de62/analysis/1331573852/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 13, 2012, 04:58:39 PM
Not detected by avast, see: htxp://zulu.zscaler.com/submission/show/99a787d447fffe9623a635f45e8c8a8e-1331653986
and https://www.virustotal.com/file/9cd2c476b012a1b59176351d19e2a90910dd412011c4f2225567d572cbc9b319/analysis/
see: http://zulu.zscaler.com/submission/show/99a787d447fffe9623a635f45e8c8a8e-1331653986
htxp://qsbwq.info/Aktuelle-Rechnung.exe infected with Trojan.FakeAV.10767

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on March 16, 2012, 06:36:44 AM
Possible virus sent to avast!
https://www.virustotal.com/file/b0dc81eb634d259a26309ae0a13394a9baa3b51d68f480fe630bf15627beb7ff/analysis/


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 19, 2012, 07:17:35 PM
Nor detected by avast yet: htxp://www.malware.com.br/cgi/search.pl?id=VHJvamFuLURvd25sb2FkZXIuV2luMzIuQXV0b0l0LnVk
See: htxps://www.virustotal.com/file/67778758c650ae8d806db50201c6dd2f55f5f9c5452b6759e48e4bea08c788dd/analysis/
reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on March 22, 2012, 05:18:26 PM
https://www.virustotal.com/file/deb3b1435596eea7911462abc7320284e6690548ac065f27f38bab9b61c8ac37/analysis/1332432938/

no detected


sample sent.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 23, 2012, 07:11:51 PM
Not detected: htxp://zulu.zscaler.com/submission/show/97a41db3569e17f3e53f1813cc2dd6fe-1332525884   has TR/Crypt.XPACK.Gen
see: https://www.virustotal.com/file/9b1d23ccee1aa9804c2f4703715f1e5f718dd68abba6ccbf2fd75df184b40557/analysis/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on March 23, 2012, 07:18:54 PM
Detected by Malwarebytes as Trojan.Zbot.AHGen

uploaded to superantispyware   ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 24, 2012, 10:23:15 PM
Not detected by avast HTML.Redirector, see: htxp://zulu.zscaler.com/submission/show/dfea7c633f3ebd6f32209496a6e3aa8a-1332623766
see: htxp://vscan.urlvoid.com/analysis/30621fc99bdf2160782295db247a26e3/aW5kZXg=/

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 27, 2012, 03:33:08 PM
Not detedted TR/Dldr.Delphi.Gen: htxp://zulu.zscaler.com/submission/show/da28c9bae449230b256f0dac6379ed8d-1332854900
and
htxps://www.virustotal.com/file/e7609daa27a2a1756c2c6dacc7909bd1de8e96d11d55c4f238140b47fe48731b/analysis/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on March 28, 2012, 10:26:57 PM
Found by Chabbo   ;)

From Fake scan URL (will not post that here)

VirusTotal
https://www.virustotal.com/file/1dde88e37d0c2bdb21a7e009c43e6adb0745d4dbf2f27c69f1c900aeb6167b97/analysis/1332966051/

Metascan
http://metascan-online.com/results/ht9m21ps66km6k536laohr86pn0mv4iu

Malwarebytes detect as - Rogue.installer.SFXGen1

Sendt avast lab   ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: justorange on March 31, 2012, 08:37:04 PM
not detected Winlocker (blue screen with sms sending)
https://www.virustotal.com/url/92342723de2defb4c5e79b12582aa304e781d51c0c94a2a532c1182088eb0d94/analysis/1333218729/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 02, 2012, 07:10:02 AM
All files sent to avast via chest and also reported at virus@avast.com.

https://www.virustotal.com/file/53ed4270865af043f1760343d260057f136bbc1e048af5de2498cdecf50fd229/analysis/
https://www.virustotal.com/file/ef2c6266f16f9bc2820f8983562878585fec524e521a0508c5ab7a54bbbdbd68/analysis/
https://www.virustotal.com/file/cd03fdc07dda157dcd6cb0f1c569e379af2850fd86d7c78169420aca251a37a5/analysis/
https://www.virustotal.com/file/0f824b88d9388c4cb01d50cc5a8c2976106eb37f1cb1f4f255194fbdf32539e4/analysis/
https://www.virustotal.com/file/7ef67c670d63e345e3d3978e992554a0d5920fdbf5151c5f4ac154a3abae8666/analysis/
https://www.virustotal.com/file/c612f01e7ab4bb8a2be334184979630a914d60060b3dd8e3aa9005eb637e4a0a/analysis/
https://www.virustotal.com/file/c612f01e7ab4bb8a2be334184979630a914d60060b3dd8e3aa9005eb637e4a0a/analysis/
https://www.virustotal.com/file/54f7595a44f846f1abbc333d0901a266e1948d99f5757bdaceae5a03ac764b71/analysis/
https://www.virustotal.com/file/080340441fbbb9738e770b4b7604432c9745ae051309dd9ddc8e6b896b120bce/analysis/
https://www.virustotal.com/file/30b4eb6bfc45d7734a59b8c80638f1191d5edd85936a7e8c33df4a8cf2796df2/analysis/
https://www.virustotal.com/file/f32b491aaf3768cb5d58cd0f0c41950c190841aca358a8ffe7caeec40e850bf9/analysis/
https://www.virustotal.com/file/5c396eea9dd6c4b48e69afc20ac8db16b9fcf29b08d51f73c4140443be9a7be0/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 04, 2012, 05:45:27 AM
Rogue:Win32/FakePAV aliases fake antivirus 2012

uploaded from chest and reported to virus@avast.com

see:
https://www.virustotal.com/file/6ba2818cf9124a1c323cfa31f76df1b9251a66d2883e8d5da14fa2e0693f7751/analysis/1333510969/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 04, 2012, 04:28:32 PM
Not detected by avast: htxp://zulu.zscaler.com/submission/show/544eabcc9d60a9ff34630bca97b03529-1333549339
and htxps://www.virustotal.com/file/c1ff8f8af97cc54baca50aace421ec86b52601808a092a51f13ca01158f191e6/analysis/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 06, 2012, 08:00:16 AM
TR/VB.Downloader.Gen -Not detected....
https://www.virustotal.com/file/811a6db7ffc22a7c576df9c16c0e69dfd99747c83a07d78f17a0da902f076a48/analysis/1333691557/

TrojanSpy.KeyLogger.cqsj-Not detected.
https://www.virustotal.com/file/69115de3bada409ff29936c5351139e30c9688302efeabc92a3d7428c5d159f2/analysis/1333691953/

sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on April 06, 2012, 08:06:37 AM
Not so sure about that one.....( acceleratedvdtoipod.exe )     ;)

Sigcheck

publisher................: Accelerate Software Co., Ltd.
copyright................:
comments.................: This installation was built with Inno Setup: -http://www.innosetup.com
file version.............:
description..............: Accelerate DVD to iPod Converter Setup


First seen by VirusTotal
 2011-12-08 08:38:30 UTC ( 3 måneder, 4 uker ago )


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 06, 2012, 08:25:52 AM
Not so sure about that one.

sorry pondus...i grabbed this one from a disinfected pc  :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 06, 2012, 08:29:03 AM
suspected piece of malware.
https://www.virustotal.com/file/9165b7407f6cf386c1c807e458a9150884f083aa25c67339bd62c42978dfd349/analysis/1333693637/

sent for analysis

EDIT: somoto adware not detected from past 2 weeks  :'(
https://www.virustotal.com/file/54f7595a44f846f1abbc333d0901a266e1948d99f5757bdaceae5a03ac764b71/analysis/1333693975/

sent for analysis
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 06, 2012, 08:45:51 AM
Trojan.Win32.Generic.1270F32B
https://www.virustotal.com/file/432ec13b162c9343598c7b8ac44780a420c86bd985d2bcfb9c40fe6b0d7d8d1e/analysis/1333694646/

DR/VB.kqn   
https://www.virustotal.com/file/91011b0b63395ff05f398acf9b574623fa09ac73274ddb8a90b10c00f0e6739e/analysis/

EDIT: https://www.virustotal.com/file/5197286e3c5d2df5be0bc74464d71a829db8af5243c47d4a920e11d49d8da46b/analysis/

sent to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 06, 2012, 11:32:01 AM
TR/Chifrax.
https://www.virustotal.com/file/a42b7b16d9b1887486d13b7f82a83b6a8617d228d86e0f25b69efa9c43604ae5/analysis/

TR/Offend.KD.469180
https://www.virustotal.com/file/0282225de752d60254a97934c292d542402e471ba139ab1d2ab400eb06e96406/analysis/

WS.Reputation.1
http://www.virustotal.com/latest-report.html?resource=dd8ce2b806edf4c303f7a893886f546d

Trojan.KeyLogger.12238
https://www.virustotal.com/file/5197286e3c5d2df5be0bc74464d71a829db8af5243c47d4a920e11d49d8da46b/analysis/


sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 06, 2012, 11:38:52 AM
DIPG.exe:
https://www.virustotal.com/file/8c9798eaff7455e42563fdf43f9d974e2e4c9f9d4c6075430e2ec4154ea2900e/analysis/1333704925/

unknown exe
https://www.virustotal.com/file/9d2f35a89366c6c7460ab2cad14ba25c9a6d4041410e1a927c284f8a927568c7/analysis/1333705527/

sent for analysis.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on April 07, 2012, 07:57:18 AM

https://www.virustotal.com/file/aa95ab83464a12bab687bcef7ab5bfc5bd98eec8b29b6c7ae83d55a2cd1323ff/analysis/1333777890/ (https://www.virustotal.com/file/aa95ab83464a12bab687bcef7ab5bfc5bd98eec8b29b6c7ae83d55a2cd1323ff/analysis/1333777890/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 08, 2012, 03:47:52 AM
Windows Processes Accelerator Rogue
Not detected here: https://www.virustotal.com/file/c88842eb9a89c4c675656f0671113e57a3eeeff36389dd30a23d2583341c0682/analysis/

reported to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 08, 2012, 01:58:36 PM
See: htXp://sitecheck.sucuri.net/results/http://cimislia.net
See: htXp://siteinspector.comodo.com/public/reports/show_log?id=544832   But I get a 404 File not found.
Missed here: htXp://zulu.zscaler.com/submission/show/9503176b1afd09c1b82a2fb834476a0f-1333885620
and missed here: htXps://www.virustotal.com/url/cc2ce5819bb48ae41d18d4030dbe91f05556c758cbf1a572985802c6701bee24/analysis/1333885686/
links to suspicious domain: document.write('<iframe src="htXp://link.link dot ru/show

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 08, 2012, 05:10:56 PM
Hi true_indian,

You grabbed reports from here, for instance: for the Windows Processes Accelerator Rogue you gave
: http://forums.comodo.com/comodo-internet-security-cis/submit-malware-here-to-be-blacklisted-2012-no-live-malware-t80088.0.html;msg596587

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 09, 2012, 02:07:59 PM
Hi polonus no they are not from comodo forum...

Windows Stability Maximizer Rogue
https://www.virustotal.com/file/61ede6100349ee25dcb03d5872d92a388a1636a817d5852423671dcb75606113/analysis/1333944810/

Reported to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on April 10, 2012, 08:44:23 AM
https://www.virustotal.com/file/b8fbdae4a73c2c5961923966fbbc3d1f5e80451fe62e2dec2915340ec004e2db/analysis/1334039907/ (https://www.virustotal.com/file/b8fbdae4a73c2c5961923966fbbc3d1f5e80451fe62e2dec2915340ec004e2db/analysis/1334039907/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 12, 2012, 07:59:47 AM
Windows Antibreaking System Rogue
Not detected...
https://www.virustotal.com/file/c48b0a6509f38869e9fb0a72a9e1a34294037b14e4ef5fa2200b08c0f997ad61/analysis/1334210015/

Reported to avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 12, 2012, 06:55:22 PM
Missed trojan.Zlob variant:

htxp://zulu.zscaler.com/submission/show/da0256c76b0000392e0f5ff57c8170fc-1334249398
and
htxps://www.virustotal.com/file/c36d51d5b8185a307171e73720c40b4b6bfbfd1e5186cf39470701bace049a88/analysis/

reported to virus AT avast dot com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 12, 2012, 06:57:44 PM
SecurityTool.T also known as rogue windows cure

https://www.virustotal.com/file/aec468db98c73336f3a6a83a59561a0a3292801d9ce99ea49418b5845a95acda/analysis/1334249705/

reported from chest  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 12, 2012, 07:21:38 PM
Hi true_indian,

Why report this one as it is updated that many times and the malware will survive just over an hour before it is being closed again, better to have a web- or netshield block? So, senseless action i.m.o.

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on April 12, 2012, 07:25:00 PM
Why report this one as it is updated that many times and the malware will survive just over an hour before it is being closed again, better to have a web- or netshield block? So, senseless action i.m.o.

Well,there is no web or net shield block for this...more ever it is a rogue and it is a critical one even MBAM Detects it we need that in tha avast database  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 12, 2012, 07:31:44 PM
Hi true_indian,

How can you create detection for a piece of malware that does not respond any longer or has been closed and what for? You are not knowing what you are talking about. And if you have detection for another older variant what good would it do on the next version? These are generic unclassified malware detections,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 15, 2012, 05:58:19 PM
Reported to virus AT avast dot com a variant of W32 solimba

htxps://www.virustotal.com/file/3daef7c43e3d4cfd0f706c155f216c0bb5ea1fc1637e67b6c815daf5fa5231cc/analysis/
and
htxp://zulu.zscaler.com/submission/show/5b1c27f8a0bacb574ba5bdd5289642bb-1334505055

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 15, 2012, 07:13:04 PM
see: htxps://www.virustotal.com/file/73f9128f37aeb8d1282b8750df727b5fab39e7eb3700361979ee2d9e358714ad/analysis/
and
htxp://zulu.zscaler.com/submission/show/d2dd47258549965563800957c3bbf034-1334509595 (TR/PSW.Fareit.E)

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 19, 2012, 10:48:40 AM
See: htxp://zulu.zscaler.com/submission/show/310bdfbdd56857fee5761037a9448c58-1334825007
VT: htxps://www.virustotal.com/file/04e9a0f7a102418967eae889b0ff8e8725f51d81bad14fc8fa6f7b0cf4c01d89/analysis/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Mr Wrong on April 27, 2012, 10:06:55 PM
Undetected malware (Trojan?) https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/ (https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on April 27, 2012, 10:09:28 PM
Undetected malware (Trojan?) https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/ (https://www.virustotal.com/file/8d6a364bf9aff67cd1067ab47079223b6ffe21d93e4e90147d6a15710c19e86f/analysis/1335557018/)
did you send the sample to avast?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 28, 2012, 01:07:55 AM
See: htxp://zulu.zscaler.com/submission/show/6d51102e1c5923a997de688f1ff3871b-1335548167
and htxp://vscan.urlvoid.com/analysis/92a816b15e958aee9c26d6a756c0c86b/ZG5mLWV4ZQ==/

TR/Dldr.Delphi.Gen reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Mr Wrong on April 28, 2012, 08:47:50 PM
Quote
Quote from:Pondus on Yesterday at 08:09:28 PM
did you send the sample to avast?

Of course I've sent.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 28, 2012, 11:19:22 PM
Detection missed for Trojan.SuspectCRC, see: htxp://zulu.zscaler.com/submission/show/3b1e347a8ee11ab1061bf2fd647083ff-1335647081
See: hxtp://vscan.urlvoid.com/analysis/dae13e232acaa1cce12d4b608de01540/dXBkYXRlLXVwZA==/
VT results: htxps://www.virustotal.com/file/bc675a110dd06174b5b2e1102576fd6becba71b91b9c0f8c64d6073f2709c8cb/analysis/
reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Mr Wrong on April 29, 2012, 03:06:13 PM
https://www.virustotal.com/file/38bb8656c63946ece05680a10a71b660cc47dab09a5d5ad82dd1a4befc2cbeb5/analysis/1335704355/ (https://www.virustotal.com/file/38bb8656c63946ece05680a10a71b660cc47dab09a5d5ad82dd1a4befc2cbeb5/analysis/1335704355/)

https://www.virustotal.com/file/4e34f75037e77d558b6faba0368bafec5eeabdd24f586b1f6bdb7be4c9301434/analysis/ (https://www.virustotal.com/file/4e34f75037e77d558b6faba0368bafec5eeabdd24f586b1f6bdb7be4c9301434/analysis/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on April 29, 2012, 07:25:07 PM
See: htxp://zulu.zscaler.com/submission/show/b17a92cfbde005a450a6866f77668513-1335719417
Found here: hxtp://wepawet.iseclab.org/view.php?hash=9780abb65c19255633e7a5bd7fb25377&t=1335719822&type=js
See: hxps://www.virustotal.com/file/374a11472c3d4a869eaef8bd322ed0f73f6f7b2a8cb8d41632fb385ff798e786/analysis/

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 02, 2012, 03:23:42 PM
Trojan downloader Banload variant: htxps://www.virustotal.com/url/9c4b70ddfea087abed2b35d8ad1d809d5004de944baa9c5aff5353b61fb950ff/analysis/1335964615/
see: htxps://www.virustotal.com/file/a25731ff295e96bb082faacd2582d7b803908a65e487ab02185c69272d60c86c/analysis/

reported to virus AT avast dot com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 05, 2012, 03:47:41 PM
Not Detected Live BlackHole exploit kit

virustotal
https://www.virustotal.com/file/ac17aca352ae40dfe1dd39e80ddf2fadb5c43119fd48ea12684397843e442786/analysis/1336224968/

urlQuery   
http://urlquery.net/report.php?id=51033

sucuri 
http://sitecheck.sucuri.net/results/http://seattle-carpet-repair.com/wp-includes/ps.html

Zulu analyzer
http://zulu.zscaler.com/submission/show/cfadbe4214ea2c512e7b438f8f0d79b8-1336225005


sendt avast lab


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 05, 2012, 04:05:02 PM
Hi Pondus,

Good find, my friend. I went to that site with malzilla and took the attached picture of the malicious code.
Detected were:
- Detected BlackHole exploit kit HTTP GET request
- Detected Live BlackHole exploit kit
- Detected malicious injected iframe
That is why this stays my favorite URL scanner to verify BlackHole issues: http://urlquery.net/report.php?id=51148

And again it is of the utmost importance for all users here to keep their OS and 3rd party software fully updated
and fully patched, so blackhole could not do any harm via vulnerable software exploits to their comps.
Use the online scanner here to see if you are not vulnerable: http://secunia.com/vulnerability_scanning/online/


polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: kyuuketsuki_kurai on May 11, 2012, 02:50:12 PM
Sent in an obvious phishing e-mail.
Came as file, not a link. Should really be picked up, if possible.
https://www.virustotal.com/file/0243b059675aa4853cb1ec73ff1e0407509713307bec8415cdd70c167538adb9/
Only Sophos detects it as Mal/Phish-A
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 13, 2012, 01:03:34 AM
Attack log reported to virus AT avast dot com: htxps://www.virustotal.com/file/58f30f9cd84db12c798b8a5f2b562dae257ec8fb834343bbbae0ca416f8c8e8a/analysis/1336351748/
see: hxtp://sakrare.ikyon.se/log.php?id=38752 (log report) typically found for a Blackhole attack as Trojan/Script.Gen, Mal/Iframe-W, JS/Exploit-Blacole.l,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 13, 2012, 06:53:34 PM
see: hxtp://zulu.zscaler.com/submission/show/be820963ec680424e249fe3e3526fa21-1336927485
and htxp://vscan.urlvoid.com/analysis/26aab2dcab242492e53be0256e4c7d1c/aW5kZXg=/  HTML/Infected.WebPage.Gen2 aka  Trojan.JS.Iframe.BDQ
not detected and reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 14, 2012, 12:32:30 PM
Not detected here: https://www.virustotal.com/file/3635144a0bbf5cf99087114adcc03782f2c958534d2a823aaa68fa357ce09153/analysis/1336989764/

Trojan-FakeAV.Win32.SecurityShield.bfa


reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 14, 2012, 12:36:22 PM
Trojan.FakeSysDef. Rogue Data Recovery

http://r.virscan.org/report/e2bd222bd7cb781c511fde03b661aaf7.html

reported for analysis  ;)


Fake scan URL [Will not post it here] [Found in my e-mail Junk]

reported to avast
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 14, 2012, 12:47:05 PM
Trojan Ransom

https://www.virustotal.com/file/8b09cf7b...336884057/

reported for analysis ;)

(https://www.botnets.fr/images/thumb/0/0f/Reveton_2_AT.png/800px-Reveton_2_AT.png)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 14, 2012, 01:09:02 PM
Backdoor.Win32.ZAccess.lzn

https://www.virustotal.com/file/91badc3df93645b303a381abcb0ca94d/analysis/

reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 14, 2012, 01:31:48 PM
roguescanfix_setup.exe

https://www.virustotal.com/file/8eb24d4ef3a8d349aee103c8c2d6a3cfa7f06ed8773552435b2baf30c70987a2/analysis/1336994276/

reported to avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 14, 2012, 10:47:20 PM
Not detected: htxps://www.virustotal.com/file/0fc8b26edb1f20c4e9048b9e49322475a6c67017d8496d25e50e63add10443be/analysis/
see: htxp://zulu.zscaler.com/submission/show/b9c0b18ba77ccc2f4f65e6f8d1c3eb87-1337028150

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 15, 2012, 01:50:26 PM
Rogue Super scan 4

https://www.virustotal.com/file/dc01f0835207ad7264284e20b0c02048f8705c813c2c8d7071ed2f653d0209aa/analysis/



Reported for analysis  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 16, 2012, 09:48:03 AM
- Detected BlackHole exploit kit HTTP GET request
- Detected Live BlackHole exploit kit

http://urlquery.net/report.php?id=54555

http://zulu.zscaler.com/submission/show/57563010e557ca01c429eeefa48933af-1337158962

Detection missed by avast! so sent to virus lab.   ;)



Ransom GEMA - German
https://www.virustotal.com/file/911740ab567a7ac3ea3b68d64b21fc4205a24775119a5559b497e592ef5890ec/analysis/

sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 16, 2012, 12:55:16 PM
Rogue.Win32.RegistryVictor.

https://www.virustotal.com/file/92a4c559f6d32b24f3b3d2e1eae2ab415e42cc4dda114234df5f7d608d1767ae/analysis/1337165386/


reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 16, 2012, 05:55:25 PM
Trojan-Ransom.Win32.Blocker.gzn

https://www.virustotal.com/file/142cd19226855746534068a12c2cda8cb5480501a1452616878c0054301a8b9b/analysis/1337183641/

Reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 08:33:57 AM
French #Ransom - Trojan:Win32/Ransom.FL

https://www.virustotal.com/file/142cd19226855746534068a12c2cda8cb5480501a1452616878c0054301a8b9b/analysis/1337236334/

Reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 09:12:08 AM
Backdoor.Win32.Ruskill.fgj   

https://www.virustotal.com/file/f2b51cbb2d5ebcbe244be0757259f76312cad2ae3b69fb1cb70f22ec8a5f16f6/analysis/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 09:29:27 AM
Trojan-PSW.Win32.Tibia!A2   
https://www.virustotal.com/file/f7a7ba8f61821f3d783a31d3180947a5dbddd1e849d40e0e879ad44d43425343/analysis/1337239531/

Trojan.Generic.KD.623383   
https://www.virustotal.com/file/b1427b1e00f422d56688901e9444bf85f2e945374319eadf951f6e94a8e2de95/analysis/

Gen:Variant.Barys.2209   
https://www.virustotal.com/file/94560f73d8ef265ad02fc91881e09b7f746c9e16e7636740137835d39a6213dc/analysis/

TR/Fraud.Gen4   
https://www.virustotal.com/file/34a9848c7fc4a7fb304e597cde45efbf13fd4b1aed420646ce6d322fe781e5ea/analysis/


Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 09:39:48 AM
Trojan.Win32.Autorun.dm (v)   
https://www.virustotal.com/file/84c90377421a63cfe767c17d7079877b7dab0f4c63d6b0d9f87ddb48e7a50360/analysis/

Reported for analysis
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 17, 2012, 03:57:40 PM
Hi true indian,

Could well be that bmp.exe is found up by avast flagged as PUP risktool. For safe variants of that media player tool see: htxp://www.backgroundtask.eu/Systeemtaken/taakinfo/30932/BMP.exe/
htxp://www.runscanner.net/lib/bmp.exe.html and
where this Chinese active malcode is being flagged as TR/FlyStudio.AI.1129, see: htxp://zulu.zscaler.com/submission/show/002b26f390d7be7416d1574ab05c8298-1337262299 avast does not detect it yet (possibly as PUP when run): hxtp://vscan.urlvoid.com/analysis/0cb2f654fd22256efa7ae84f2b8c9625/Ym1wLWV4ZQ==/
See Comodo analysis here: htxp://camas.comodo.com/cgi-bin/submit?file=84c90377421a63cfe767c17d7079877b7dab0f4c63d6b0d9f87ddb48e7a50360
Another variant of mentioned TR/FlyStudio.AI.1129 trojan-dropper is: File Name: shengguangtupian.ex-
MD5: 0cb2f654fd22256efa7ae84f2b8c9625
974890   AntiVir   2009/06/12 11:17:27 (CEST)
Meaning that bmp.exe is a 2009 variant trojan dropper that was resurrected and re-launched 2 days ago, so old wine in new sacks really,
reported the above to virus AT avast dot com for verification,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 17, 2012, 04:22:09 PM
Not detected by avast: htxps://www.virustotal.com/file/528e5fe23f9208f9f3726fdcd794517d3df3eaaef4b055ef88017eb9bc9fadc2/analysis/
see: htxp://zulu.zscaler.com/submission/show/bad6c4bbfdb76b8cc8abeaf333ae3014-1337263557

A block should be considered because there are 18 reports of various  MSIL/Solimba application or Gen:Variant.Barys.2069 active from that domain &
bad host for 1 yr and 7 months on 896 appearances in spam e-mail or spam post urls.

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 06:05:26 PM
Hi true indian,

Could well be that bmp.exe is found up by avast flagged as PUP risktool. For safe variants of that media player tool see: htxp://www.backgroundtask.eu/Systeemtaken/taakinfo/30932/BMP.exe/
htxp://www.runscanner.net/lib/bmp.exe.html and
where this Chinese active malcode is being flagged as TR/FlyStudio.AI.1129, see: htxp://zulu.zscaler.com/submission/show/002b26f390d7be7416d1574ab05c8298-1337262299 avast does not detect it yet (possibly as PUP when run): hxtp://vscan.urlvoid.com/analysis/0cb2f654fd22256efa7ae84f2b8c9625/Ym1wLWV4ZQ==/
See Comodo analysis here: htxp://camas.comodo.com/cgi-bin/submit?file=84c90377421a63cfe767c17d7079877b7dab0f4c63d6b0d9f87ddb48e7a50360
Another variant of mentioned TR/FlyStudio.AI.1129 trojan-dropper is: File Name: shengguangtupian.ex-
MD5: 0cb2f654fd22256efa7ae84f2b8c9625
974890   AntiVir   2009/06/12 11:17:27 (CEST)
Meaning that bmp.exe is a 2009 variant trojan dropper that was resurrected and re-launched 2 days ago, so old wine in new sacks really,
reported the above to virus AT avast dot com for verification,

polonus

thanks polonus u are quick person and a good teacher!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 06:11:34 PM
Ransom Kuluoz

https://www.virustotal.com/file/361e0b4554ca3748f3400138dded289532f7aa53fd1c2b2fd2e921df531cdf21/analysis/1337270928/

remains undetected....

http://zulu.zscaler.com/submission/show/fa1f2b17cb31d1b0bb10da8ead1058e1-1337270982

reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 06:43:11 PM
Rootkit Sinowal/Mebroot

https://www.virustotal.com/file/c46c9904032aa9cb4939ba36c270a39a3fbbda0335f9d7f2e801009fbdfe7820/analysis/
https://www.virustotal.com/file/91889b00b570964e1689cfa188992ad9bd6d2897adf9ca57f1002d467de913ea/analysis/
https://www.virustotal.com/file/8a295ccfb0cb7c41d2588662b81dc9f7c2b993da40019303ab89eff31e15d372/analysis/

Reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 06:46:15 PM
Ransom.Win32/LockScreen.AJU   

https://www.virustotal.com/file/1673ec3cc708e5092276b2104bc1836df8a370f8077eda1a5ae4126212a7c835/analysis/

Reported to avast! 
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 06:50:51 PM
Windows Safeguard Upgrade Rogue

https://www.virustotal.com/file/92aad05c19d5e16f0acd5239310cc769eabb1c42de6bc46a4a2ae02b023a8ddb/analysis/

Reported to avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 06:59:05 PM
Rootkit Sinowal/Mebroot

As a side note,i can confirm these are real rootkit samples...found them on many on my clients machines during remote assistance online...they are fresh ones spreading here in india....anubody who wants samples please PM me  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 17, 2012, 07:13:13 PM
 Ransomware - Polska Policja (Polish Police)

https://www.virustotal.com/file/d2164cdbc9c78db0115f382a139ccd758f8a25ebfc5ab3e0034e7aef0fe0b6b4/analysis/

Reported to avast!


(http://i.imgur.com/tCbAF.jpg)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 17, 2012, 07:32:05 PM
Ransom Kuluoz

https://www.virustotal.com/file/361e0b4554ca3748f3400138dded289532f7aa53fd1c2b2fd2e921df531cdf21/analysis/1337270928/

remains undetected....

http://zulu.zscaler.com/submission/show/fa1f2b17cb31d1b0bb10da8ead1058e1-1337270982

reported to avast!  ;)


First seen by VirusTotal
 2010-06-25 09:46:39 UTC ( 1 år, 10 måneder ago )     yea.....must be malware   ;)

Sigcheck
publisher................: MBTY
product..................: RansomHide
internal name............: ransomhide
file version.............: 0.06.0024
original name............: ransomhide.exe
comments.................: For http://forum.simplix.ks.ua






Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 17, 2012, 07:35:09 PM
Rootkit Sinowal/Mebroot

https://www.virustotal.com/file/c46c9904032aa9cb4939ba36c270a39a3fbbda0335f9d7f2e801009fbdfe7820/analysis/
https://www.virustotal.com/file/91889b00b570964e1689cfa188992ad9bd6d2897adf9ca57f1002d467de913ea/analysis/
https://www.virustotal.com/file/8a295ccfb0cb7c41d2588662b81dc9f7c2b993da40019303ab89eff31e15d372/analysis/

Reported to avast!  ;)

First seen by VirusTotal
 2012-04-08 13:33:07 UTC ( 1 måned, 1 uke ago )    and only detected by SOPHOS ......suspicious ?

why not upload to SOPHOS and see if they give it a FP  ;)      https://secure.sophos.com/support/samples/


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 17, 2012, 07:52:07 PM
There is detection for Polska Policja: https://www.virustotal.com/file/7bbd11c0e9902e6bed46bb4ea2832be45155591f4d85356d5f961b03489a21e1/analysis/

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on May 17, 2012, 10:53:55 PM
Rogue Super scan 4

https://www.virustotal.com/file/dc01f0835207ad7264284e20b0c02048f8705c813c2c8d7071ed2f653d0209aa/analysis/

Should be flagged as PUP, if flagged at all.

See: hXtp://www.mcafee.com/us/downloads/free-tools/superscan.aspx
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 18, 2012, 01:11:57 AM
Hi !Donovan,

You are right as one of the sacn results give specifically "non-malicious",

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 18, 2012, 08:21:58 AM
Ransom Kuluoz

https://www.virustotal.com/file/361e0b4554ca3748f3400138dded289532f7aa53fd1c2b2fd2e921df531cdf21/analysis/1337270928/

remains undetected....

http://zulu.zscaler.com/submission/show/fa1f2b17cb31d1b0bb10da8ead1058e1-1337270982

reported to avast!  ;)


First seen by VirusTotal
 2010-06-25 09:46:39 UTC ( 1 år, 10 måneder ago )     yea.....must be malware   ;)

Sigcheck
publisher................: MBTY
product..................: RansomHide
internal name............: ransomhide
file version.............: 0.06.0024
original name............: ransomhide.exe
comments.................: For http://forum.simplix.ks.ua

NORMAN lab
Quote
ransomhide.exe : Clean!

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 18, 2012, 08:53:42 AM
There is detection for Polska Policja: https://www.virustotal.com/file/7bbd11c0e9902e6bed46bb4ea2832be45155591f4d85356d5f961b03489a21e1/analysis/
pol

Pol,i guess thats a same one with a different file MD5.  ::) The sample i have is not detected yet.And as far i as the Mebroot samples go i will try looking into sophos FP...


Thanks!  ;D

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 18, 2012, 08:57:33 AM
Here we go again... ;D

Same baddie but different MD5

https://www.virustotal.com/file/f85ed4acbf504d67407f385021c2c1bd5c14ab71dd85809aef5b586038039c60/analysis/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 18, 2012, 09:40:27 AM
TR/Crypt.XPACK.Gen   
https://www.virustotal.com/file/98562164ccf323a656495fa63549f16e9a589e5339e693b109efb37cb6ae08c0/analysis/

Trojan-Ransom.Win32.Foreign.oud   
https://www.virustotal.com/file/89c35017051d428b20fcfbb00a653b6ae6df9973d8efaa4ceec269f0e0383027/analysis/


Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on May 18, 2012, 11:20:22 AM
https://www.virustotal.com/file/34bba08af67f71658c4e117970bae6e37f199279adb925aa5bc44a3ee2abd961/analysis/1337332685/

fake av send to avast.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 18, 2012, 11:35:02 AM
https://www.virustotal.com/file/34bba08af67f71658c4e117970bae6e37f199279adb925aa5bc44a3ee2abd961/analysis/1337332685/

fake av send to avast.
jotti
http://virusscan.jotti.org/en/scanresult/a50b864f890356e660242e9ce4826cbf3605f09d

Metascan
http://metascan-online.com/results/u9nbucv90cm0nbeprkmkevi1ln3eei1a

detected by Malwarebytes - Rogue.FakeAV
detected by superantispyware - Trojan.Agent/Gen-FakeProtector

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 18, 2012, 03:38:22 PM
Hi Pondus,

Thank you, Pondus, keep these reports coming to add to and to check avast detection. You prove that one has to be selective as what to report to virus AT avast dot com, so that the detections fit their categories.
This thread proves that the common user should have additional non-residential protection next to his avast residential av-solution WITH the shields enabled, like MBAM and SAS on demand and keep these fully updated and perform a quick scan with them now and again.. Personally I combine that with some third-party  in-browser protection like DrWeb's online scanner and BitDefender TrafficLight and  QuickScan to further close the vulnerability gap/vulnerability window. But scanning feedback is very important. If DrWeb's online pre-scanner misses detections I report back (that is why Dim@rik came to join our forums) , and also when Zscaler Zulu does not have detection I will give feedback of what has been found with other scanners.
On a side note. I tried Quttera WIS (beta) at htxp://www.quttera.com/ against all sorts of verified malcious URLs and all the time the scan comes up as clean. Is this scanner a scam for their services or just worthless?

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 18, 2012, 05:44:20 PM
See: htxp://zulu.zscaler.com/submission/show/7168cb24855e4ad93246acc1fd01ae81-1337355518
and accompanying VT results: htxps://www.virustotal.com/file/e56df40e2ba498dec082ef61412c04c578636c618f07cbec6bd1ecf060360ebf/analysis/
trojan banker detection missed,
reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 18, 2012, 06:03:32 PM
W32/Ransom.AJL   

https://www.virustotal.com/file/49cbc766c4b4ebec1e1c5d4cac5283062b1f0eecde4e9eaeab4bad8c11d138f1/analysis/

Trojan-Downloader.Win32.Banload.bvkc   

https://www.virustotal.com/file/19d7d3969e18a42291db48db5b97491f41c188aae53c96277aac6c64cf91b933/analysis/

Reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 19, 2012, 07:02:57 AM
Trojan.Winlock.5600   

https://www.virustotal.com/file/49cbc766c4b4ebec1e1c5d4cac5283062b1f0eecde4e9eaeab4bad8c11d138f1/analysis/

Trojan-Downloader.Win32.LilyJade.a

http://virusscan.jotti.org/en/scanresult/28eafbf1e9e1f01a517e4c9786563018338a7fe8

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 19, 2012, 07:22:02 AM
TR/Crypt.XPACK.Gen   
https://www.virustotal.com/file/49cbc766c4b4ebec1e1c5d4cac5283062b1f0eecde4e9eaeab4bad8c11d138f1/analysis/

Worm/Rebhip.A.4947   
https://www.virustotal.com/file/88153a883b7633b1fc0208fe8cffdb3cd9e87f1f4aac5e1d74949524a91155d4/analysis/

TR/Crypt.ASPM.Gen
https://www.virustotal.com/file/3984e91ec5b0ee5b3a0e1efb9b9fc4312e004bfc2b27a88eabc938bf058b0cda/analysis/

Win32/IRCBot.worm.variant   
https://www.virustotal.com/file/ffc086b6577dac19c99f53569dec5a86e0a6f5709d9588c56ca75f499d883a62/analysis/

Malware.JS.Generic (JS)   
https://www.virustotal.com/file/b8a0a684fe02172343272b5e3fa348cd1ed2f25a71194063f7ccf4d62c3d745e/analysis/

Reported to avast!
https://www.virustotal.com/file/ffc086b6577dac19c99f53569dec5a86e0a6f5709d9588c56ca75f499d883a62/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 19, 2012, 07:26:32 AM
Exploit.Java.Blacole.K   
https://www.virustotal.com/file/8699be5447dd8ba5e530dac02310ac34fd6134d955dbf666804ec804bae3a170/analysis/1337404989/

zulu analyser:
http://zulu.zscaler.com/submission/show/087f8e3493fbf9e4e300a6d02750bc98-1337405033

reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Mr Wrong on May 19, 2012, 08:04:27 PM
Undetected malware (Trojan?) https://www.virustotal.com/file/4d75f50ec70dbcc69ad1dd43a57c6cac30bfb8b6f36ffc3478b14b3931b206d2/analysis/1337450149/ (https://www.virustotal.com/file/4d75f50ec70dbcc69ad1dd43a57c6cac30bfb8b6f36ffc3478b14b3931b206d2/analysis/1337450149/)

Have sent to avast lab
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 19, 2012, 09:58:44 PM
Hi Mr Wrong,

This a Smidfraud adware detection,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 20, 2012, 06:25:46 AM
Virus.MSExcel.Laroux.ja   
https://www.virustotal.com/file/2b06021a97d6212aa995cdf4b778a26343272654e5da8ecea15beaf02d1a890e/analysis/

Trojan.Win32.StealthProxy   
https://www.virustotal.com/file/717b9352fb16efb5f863f30d1fe7b72af97e7b5a6e68fe2e3de4a32842d8705a/analysis/

Gen:Variant.Strictor.552   
https://www.virustotal.com/file/1295dfac3c682f2d12bcf2e8de07bcdca4dd5fd0ed5d04251330922163257525/analysis/

Trojan.Generic.KD.623610   
https://www.virustotal.com/file/bc38899ced186b840a903af7d4d413bb2b471d74286d9eda8de8d567364d7012/analysis/

Reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Mr Wrong on May 20, 2012, 08:20:16 PM
Undetected malware

https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/ (https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/)

https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/ (https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/)

https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/ (https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/)

Have sent to avast lab
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 20, 2012, 08:31:32 PM
Undetected malware

https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/ (https://www.virustotal.com/file/fce7548bb591412569fc091b29784d43790850fd84b248cbd9416fad0b8c3302/analysis/1337537369/)

https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/ (https://www.virustotal.com/file/cbf2700de3655a89f459f26dbe3a4a0114c660edbf2b544ab866832b3c1d5d08/analysis/1337537503/)

https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/ (https://www.virustotal.com/file/484b7de26369566d473675d08b23b17c0ea0556977c0db2d8cd8b3598d05ce9d/analysis/1337537408/)

Have sent to avast lab
first file......hmmmmm   ???

First seen by VirusTotal
 2007-06-19 08:44:26 UTC ( 4 year, 11 months ago )


Third file........ hmmmmm   ???

First seen by VirusTotal
 2010-06-28 15:45:09 UTC ( 1 year, 10 months ago )

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 21, 2012, 11:00:57 AM
Third file........ hmmmmm   ???

First seen by VirusTotal
 2010-06-28 15:45:09 UTC ( 1 year, 10 months ago )

Why?? when the 3rd one is a serious piece of malware its stuxnet  ???
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 21, 2012, 11:19:28 AM
Trojan.Winlock.5490   
https://www.virustotal.com/file/c7e6b8b89089784e62f73d99bd65b3f236613b356c7b0b3b62afb28ab9fdf529/analysis/

TR/Dropper.Gen   
https://www.virustotal.com/file/28a503e05cabddab8dd6bcd39f52997124810b8840a40851558eb1f4d5b793a5/analysis/

Trojan.Win32.Jorik.Vobfus.dwml   
https://www.virustotal.com/file/dcbb70d9a7aeffc0fb11cdd94fe3cfa24392bc5fb82a2690c01d2da282d7bade/analysis/

Trojan/Downloader.Banload.abdr   
https://www.virustotal.com/file/3770bc7120b6ee942df276ffb11b507b3ffc9013b191f69d83324d6055b1374b/analysis/

TR/Crypt.CFI.Gen   
https://www.virustotal.com/file/d22d84b72030d398dbe57e736e7f78eba784234e3780f38a8f1e283347cca730/analysis/

Trojan-Banker.Win32.Banz!IK   
https://www.virustotal.com/file/4120fc50e0d4b42d5966a8c53de46cb40e16b03d76031de5c600d04c1800ffef/analysis/

TR/PSW.QQpass.bcss   
https://www.virustotal.com/file/18f990e42194d52bf4f5c9be033fb1d372be10c4c5711f83292a37bd89f3e860/analysis/

Tool.InstallToolbar.25   
https://www.virustotal.com/file/5c507b86b646d60f12d02a5ca6de92fd586985788cd18da38c6e1eb4ece69a1a/analysis/

Trojan-Ransom.Win32.Birele.nfs   
https://www.virustotal.com/file/e483257677affbcfd25a303c8f1bf9366c021e232850c6f9f8612132d05e77c0/analysis/

TrojanDownloader:Win32/Scar.D   
https://www.virustotal.com/file/3cf1ccfb6b219dcece5e10392f1ea5a8402c74c77ba3786be59627c864b3209d/analysis/

Trojan.Genome-360   
https://www.virustotal.com/file/19dde6d47997f7631d27a4ce65fe1bf9521e6c33610974cd368ec57ad091d18d/analysis/

reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 21, 2012, 01:17:31 PM
In one of the aforementioned links there is also a redirect to see htXp://minotauranalysis.com/search.aspx?q=0FDEA8A2436EDEE771C77275C574A399
Comodo blocked this. Malware: W32/Zbot.AAN!tr (Hacktool.Win32.Generic) FORTINET flags this...
htxps://www.virustotal.com/file/c6fb5249e1cd4f80aa06735aa03ec18ddc3bac63599db6af77a02af5089db4ae/analysis/
Avast probably will detect this as PUP,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 21, 2012, 04:48:44 PM
Trojan/Banker.yjy   
http://zulu.zscaler.com/submission/show/ba9c46d3a1fa389a90fdae7442e853e6-1337611666

detection missed here: https://www.virustotal.com/file/7d7793b382828ad64fe3b2619dcf4b03/analysis/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on May 21, 2012, 09:32:12 PM
Undetected malwares

https://www.virustotal.com/file/ee814d798c6071977a9e51568fb83c0232d44106a96c5b85492e339b0ba50f18/analysis/1337626776/

https://www.virustotal.com/file/e68f23d459e260600e50cef34adbc354841cf492eebb56194141b3f917bbf2f9/analysis/1337627789/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 21, 2012, 10:15:50 PM
Avast does not detect TR/Barys.2666.22, see according here: htxp://vscan.urlvoid.com/analysis/ec252a1247da4889b51f6c8dcd6a0503/MjBkZjE=/
But according to this avast detects: htxps://www.virustotal.com/file/7519c433e5fc7fa08af9b616c27ec0770732682068d9150d08358cb7ed4cd8a1/analysis/

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 22, 2012, 10:33:02 AM
Avast does not detect TR/Barys.2666.22, see according here: htxp://vscan.urlvoid.com/analysis/ec252a1247da4889b51f6c8dcd6a0503/MjBkZjE=/
But according to this avast detects: htxps://www.virustotal.com/file/7519c433e5fc7fa08af9b616c27ec0770732682068d9150d08358cb7ed4cd8a1/analysis/

reported to virus AT avast dot com,

polonus

hi pol, are they the same malware with different MD5?? i have seen this happening a couple of times in past
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 22, 2012, 11:08:28 AM
TR/Buzus.GR.172   
https://www.virustotal.com/file/d32eec590fb75c4f3e4f0b678a493ee3e0daa59e05f337714c6f613a0e85f68d/analysis/
   
TR/Ransom.Birele.nfw   
https://www.virustotal.com/file/a640c862a2be297f7a05010cdd7543abd424d6b6aa624541864fa12d6edd357d/analysis/

TR/Rogue.7434052   
It was detected by older VPS but current VPS produces no detection...scanned at onlinescan.avast.com

HIDDENEXT/Worm.Gen   
https://www.virustotal.com/file/95ced819bffda7fbfc45a508c0f9ad6b8c155f509d4345a0b9e49cadcd1e8010/analysis/

Trojan.Win32.UpToDown.AMN!A2   
https://www.virustotal.com/file/f7459ea4cc4212628428366a5326014c8f8f8ecb2c200a4eefc2565c994248ef/analysis/

TR/Crypt.XPACK.Gen   
https://www.virustotal.com/file/1db95c7a368187f48c5261deedd399b96c4b22331159698e28071522fe5ea478/analysis/

BDS/Bifrose.dtpg   
https://www.virustotal.com/file/060a6ed22052d3ea944369e86fd2c265364177f62cda3fb0f4d2b56c9ffa95e1/analysis/

Win32.Infostealer.ga   
https://www.virustotal.com/file/75ad57c086b7ee16c7e8038426f4862f52e8c8d2ec4914154083a3f5e5ba2f1b/analysis/1337678401/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 22, 2012, 11:09:27 AM
HTML/Infected.WebPage.Gen2   
https://www.virustotal.com/file/f05fb0c81f0eefe8916c951b3aa76e3abd492e2ee3bbbdff7a2615d1244a78e3/analysis/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on May 22, 2012, 01:18:28 PM
You can just report them to Avast,stop posting here in order to increase your Posts,for god's sake.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 22, 2012, 02:34:03 PM
You can just report them to Avast,stop posting here in order to increase your Posts,for god's sake.

I am just posting things that i feel to be posted...Actually i sent over 50 samples to avast today...i didnt post all here..so it's more than what u see i am reporting here   :-[
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on May 22, 2012, 02:45:31 PM
In all honesty, posting here (not just for you) achieves nothing, especially when those posting here don't go back and edit their posts as and when they are added to the virus definitions.

Otherwise this is pointless, it achieves nothing.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 22, 2012, 02:54:03 PM
In all honesty, posting here (not just for you) achieves nothing, especially when those posting here don't go back and edit their posts as and when they are added to the virus definitions.

Otherwise this is pointless, it achieves nothing.

Really?? I thought the virus analysts are looking at this topic...sorry  :-[

So can anybody explain me why and what should actually be reported here?  ???
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on May 22, 2012, 04:20:37 PM
Even if they did monitor the topic (which I rather doubt, they have more to do than monitor this topic) the virus analysts can do nothing with reports, they need samples.

So the reports are essentially worthless in terms of getting it added to the definitions. All that is achieved is a report in this topic when there is no follow up (modify post) when added to the database then it is just an unbalanced topic, lots of reports and no reports of addition to the database.

I can't explain why post here, as I feel it doesn't get it added to the database, that will only come on receipt of the sample and analysis.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 22, 2012, 04:41:34 PM
true indian,

Report a few days upon a sample of the actual malware has been sent to virus AT avast dot com.
You should at least extensively check and counter-check and re-check after some time has elapsed.
For instance you report as undetected a downloader that avast has detection for as Win32:Ivelog-D PUP
The malware that is missed could have been found up when run as a riskware toolbar download aka TR/Dldr.Agent.apg.
Now avast team analysts has decided to treat this as a PUP detection.
You miss a detection with URLVoid, but the Networkshield flags it. Avast has protection for it.
You scan a so-called missed detection just before avast detection is being added. Sometimes detection cannot be made
because the malware is no longer active, closed etc., Some malware only survises for a minimal time online (generally 3 1/2 hrs).
As you do not know what the avast detection brew is made up with, do not comment the contents!
here I give you an example for which the greens (active) and reds (closed, taken down) are not showing the real-time situation results:
htxp://www.mwis.ru/  (a lot of greens are actually to be interpreted as reds),

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 23, 2012, 09:05:34 AM
Ransomware - Fake Police Alert
https://www.virustotal.com/file/3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458/analysis/1337756549/

Submitted to avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 23, 2012, 11:49:24 AM
true indian,

Avast already detected a previous version: https://www.virustotal.com/file/d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523/analysis/
as Win32:Malware-gen. See: htxp://www.threatexpert.com/report.aspx?md5=c4c129fa72b3c0a6364635e33ee3d9b7
Tested your submission with avast Networkshield: URL:Mal detected with webBug get...
So my question is - did you check the url with the microsoft: Trojan:Win32/Weelsof.A against avast Networkshield?
I guess you did not, for we have detection there,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 23, 2012, 12:30:43 PM
i got the sample from another site called malwares.pl   :-[
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 23, 2012, 01:47:40 PM
true indian,

There was only an image from an image sharing site on VT, from : http://i.imgur.com
That image is not from malwares.pl !
As we can see from the image url.
The original forwarder was: htxps://www.virustotal.com/user/tommyklab/
and this one: hxtps://www.virustotal.com/user/24tachion/
As these finds for https://www.virustotal.com/file/3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458/analysis/
are also landing on the avast desks, so detection will be added sooner or later anyway.
This time I think I have to agree with a couple of DavidR's remarks,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 23, 2012, 03:38:23 PM
TR/Crypt.XPACK.Gen undetected by avast:
https://www.virustotal.com/file/1ac55d11a737f0fee48c8226cd37dca69f79c70fff57deecf49308871b998f75/analysis/1337779565/
Up and alive malware since 2012-05-23 04:50:02
DrWeb's online scan detects: htxp://91.202.244.89/files/cd88e infected with Trojan.Winlock.5600
reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 23, 2012, 06:10:39 PM
true indian,
You shamelessly copied that, so again you are feeding us fud. That image is not from malwares.pl !
polonus

Pol,i didnt say the image is from malwares.pl i said the sample is from malwares.pl yes the image is from VT comments but sample from malwares.pl...I thought u understood my previous post...Please ask me before blindely accusing..U misunderstood my previous statement  :-\ ..Thats all i want to say.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on May 23, 2012, 06:34:31 PM
Regardles of this I see no need for an image it adds nothing to help detections, samples are king, just send the samples, the rest is just wasted time.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 23, 2012, 06:40:53 PM
As I initially misinterpreted that I have changed my initial posting accordingly.
Thanks for that explanation and the link to malwares.pl.
Well I misunderstood that because when users are going to visit the VT results, they can see that image anyway.
So like DavidR says this only takes forum disk space....as the image is availanle anyway to those that are interested.
For malwares.pl I do not know whether you provided the malware sample there, but that could be.
I think avast will add detection for it anyways within the next day or so,

polonus


Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 24, 2012, 09:40:07 AM
Hi pol,
I am sorry for troubles...I will put the description from the sample source next time
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 24, 2012, 09:41:45 AM
See: http://zulu.zscaler.com/submission/show/910c0046443f9e7f5a794e7e3cada966-1337845129
Given as rogue RealRegistryCleaner  here but avast missed it:
https://www.virustotal.com/file/4e09f3f888c58f152d9da643075a2f29/analysis/

I also added the Associated URL's hosting these nasties in the E-mail so they can apply analysis and block down these sites with network shield  ;)

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 24, 2012, 10:08:36 AM
true indian,

This software is bordering on being suspicious/malcious. They try to prove their software comes without malware: htxp://www.softwaredownloads.org/windows/system-utilities/system-maintenance/virus-report/system-boost-elite/
When it is being flagged it is via WOT rep reports, because it comes with additional adware.
This rather should be reported then to MBAM and SAS etc. to be added to detection there,
see: http://v.virscan.org/Adware.Win32.RealRegistryCleaner.AMN!A2.html

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 24, 2012, 10:10:01 AM
I am uploading this sample to MBAM now  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 24, 2012, 10:21:42 AM
See:
https://www.virustotal.com/url/0d67512199f0b583d8db822a6e349eaab317505ecc5c64e7dd769a68cf927296/analysis/

Given as rogue but detection missed:
https://www.virustotal.com/file/64fa80d1b2d0f36655f79a70bf0b06ed66acd888f64b75c1b542a03a0df27567/analysis/1337519916/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 24, 2012, 10:33:29 AM
PowerBackupandRestoreSetup Rogue as given here:
https://www.virustotal.com/file/0eb6c55cf33e5eb5df9421668e053492/analysis/

See: http://zulu.zscaler.com/submission/show/86fe042ecff6fb676437e9aea6199675-1337848118

Detection missed!

reported to avast! with the link to sites hosting malware  ;)

Uploading sampe to MBAM now  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 24, 2012, 02:08:30 PM
Hi true indian,

Again a questionable one as I will explain below.
Given as non-malicious here: htxp://www.isthisfilesafe.com/md5/0EB6C55CF33E5EB5DF9421668E053492_details.aspx

Maybe a detectionwas flagged because the program is protected against reverse engineering with modern-wizard.bmp, which some scanners
will flag as a possible malware packer, but actually comes virusfree, and because of the presence of "checkver104.exe
& ioSpecial.ini / silent installer also sometimes flagged, depending on the location of it.

Scanned htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe with DrWeb's oneline check turns up these results,
at some occasions commented by me at the end of the scan lines....

Engine version: 7.0.2.4281
Total virus-finding records: 2874792
File size: 962.25 KB
File MD5: 0eb6c55cf33e5eb5df9421668e053492

htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe - archive NSIS (NSIS packer identified by Fprot packer identifier)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/script.bin - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\ioSpecial.ini - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\modern-wizard.bmp - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/AutoBackup.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/Backup.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/FileBackup.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/FolderTree.dll - Ok (validity should be checked)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/IrisSkin2.dll - Ok  (Sunisoft - safe)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/LogViewer.exe - Ok  (- Module'
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/PowerBackupandRestore.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/SimpleSync.dll - Ok (location should be verified)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe - archive BINARYRES
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data001 - Ok
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002 - archive JS-HTML
>>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002/JSTAG_1[9][8c] - Ok
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002 - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\iOClean.ini - Ok  / silent installer, could evoke Sandbox alert
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\InstallOptions.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\ExecDos.dll - Ok
>hxtp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\System.dll - Ok
htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe - Ok

Typical executable flagged by Emisoft, malware active since 012-05-18 08:10:59 - other instances from other domains closed.
Analysis see:
http://camas.comodo.com/cgi-bin/submit?file=9a0dd7a6e08b7476fde0dc774b72d0e8cd780883bd53a2747c078eab6ef0e4c7
a variant of Win32/Agent.SZW
Bitdefender flagged this variant of Win32/Agent.SZWas ROJ_LOWZONE.BMC (backdoor)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 24, 2012, 02:13:51 PM
that does seem a interesting one pol...i will surely upload this sample to comodo valkyrie and check if we have anything to be detected  :)

Thanks for the reports and analysis  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 24, 2012, 02:24:43 PM
Hi true indian,

What I mean to say is it is interesting as all file analysis for malcode is in my view, but i.m.o. this detection does not qualify to be added to avast detection.
Emisoft´s and other´s detection is based on a false interpretation of resource engineering protection and packer evaluation. The analysis that flags it is just not good enough to give the right interpretation and the malware and backdoor status is location dependant. All seems right there. At the end of the day it might well be this is a false possitive, but leave the final verdict to avast analysts.
I for one would qualify it as a PUP detection not more, see -
htxp://anubis.iseclab.org/?action=result&task_id=185ec922d48bb01141d5963d0c58bd1d9&format=html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 24, 2012, 09:08:14 PM
New undetected:
hxtp://urlquery.net/report.php?id=59292
but found malcious
htxp://zulu.zscaler.com/submission/show/5b124e86cc043c9d5a27951ccda33296-1337885769
hxtps://www.virustotal.com/url/e74c423163a1c2a577817added8452bf77f3907a65cff6bb726a44d594da3d6b/analysis/1337885933/
file scan gave: https://www.virustotal.com/file/ee093983a238538765e23737bdd82e8296fa895f27dbc532150accee74534c8b/analysis/1337885946/
a generic dropper dtection for a variant of MSIL/Injector.ACV
reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 25, 2012, 03:44:12 PM
See: htxps://www.virustotal.com/url/d957ed47e8e37a165ea08052eda3d435e86c62ffadcc7fc44d4d595f45cc9c3e/analysis/
and
htxps://www.virustotal.com/file/ee51df51d91daa155caf8b167d6966e65c3587347a207380b5449e1582f200f7/analysis/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 25, 2012, 07:20:56 PM
Rogue - Windows Safety Maintenance
https://www.virustotal.com/file/b388e80f7a73523a0861115a6d59070627e237ef0dc3c94373ab267776c7c55f/analysis/

reported to avast!  ;)

EDIT: Detection added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 26, 2012, 01:28:15 PM
 FakePoliceAlert Ransomware
https://www.virustotal.com/file/d95312a777a941af73fe9c14821664423bd83893f75775ce49789a09dd1942af/analysis/1338031561/

submitted to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on May 26, 2012, 03:57:56 PM
Undetected malwares:


https://www.virustotal.com/file/f87ded45828c004fb47bb3da57bffb1378b00c9d1953c5d09c04c4ea767f6eaa/analysis/1337968556/

https://www.virustotal.com/file/1a0d99cbf36ac600d250ee653e72a8adef3bc685c3990821b1c3dde850e521c2/analysis/1337968740/

https://www.virustotal.com/file/f92bda7141b962e1eee36d2d54dd22a03ea27c0dee6924eeba96baedea85961c/analysis/1338039267/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 27, 2012, 01:59:40 AM
Even from the VT link I can reconstruct the original malware site for that detection. Let me guess, it was this one htxp://zulu.zscaler.com/submission/show/8fe6f00a94e39973e4c97060f369deef-1338076028
accompanying VT scan: htxps://www.virustotal.com/file/f92bda7141b962e1eee36d2d54dd22a03ea27c0dee6924eeba96baedea85961c/analysis/
somewhat earlier as your one. But as you give an identifiable hash together with a searchable file-name I could do the reconstruction via
htxp://minotauranalysis.com/search.aspx?q=4d2ea30db117d9689f3d4718bbe44ebc
and what I can do others can do. It does not need rocket science to do this reconstruction to find the non-detection URL!
So I agree with and lean more and more towards DavidR's point of view to first send a sample and VT results
to virus At avast dot com, and try to be restrictive with info here, until detection has been added,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on May 28, 2012, 09:37:13 PM
found by Chabbo.... on Fake scan site

jotti
http://virusscan.jotti.org/en/scanresult/a2976e42d5d70b9d725f3c634aaa310f1bdad145

detected by Malwarebytes as Trojan.Dropper

uploaded to avast and SAS     ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 29, 2012, 08:55:15 AM
Java/Exploit.CVE-2012-0507.AP   
https://www.virustotal.com/file/89c110e01a7c7769f4acace2007e48f5549d0dee757598e68570338911306f72/analysis/

reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 29, 2012, 12:19:00 PM
Java/Exploit.CVE-2012-0507.AP as reported by true indian is known to be a malicious backdoor Trojan, which runs without user knowledge and allows remote access to a PC for cyber criminals. This malware uses various files that exploit Java vulnerabilities. When it infects your system, hackers might get access to personal information like passwords or files.

Trojan.Maljava has the ability to block some programs from running, to make you think that your PC is at high risk. Every file of it is considered to be malicious, so if you find any - remove it as soon as possible under the guidance of a qualified removal expert.
On Vista & Win 7 malcode files can be found as:
%AllUsersProfile%\~[random]
%AllUsersProfile%\~[random]r
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].exe
%UserProfile%\Desktop\Trojan.maljava.lnk
%UserProfile%\Start Menu\Programs\Trojan.maljava\Uninstall Trojan.maljava.lnk
%UserProfile%\Start Menu\Programs\Trojan.maljava\Trojan.maljava.lnk

To be protected alwats make sure you have the latest java version installed if you have java installed, so you are not vulnerable, check: http://www.java.com/nl/download/installed.jsp

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 30, 2012, 09:32:09 AM
TR/Spy.Banker.Gen   
https://www.virustotal.com/file/976e238360bc2febba432ce968705731743518879567caeaa144f15624c01a27/analysis/

Trojan-Banker.Win32.Bancos.uga   
https://www.virustotal.com/file/928fb059c5569fd369b99aa20034119384422bf927a3c10a7e8e1306afa7a090/analysis/

reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 31, 2012, 06:24:02 AM
Worm.Win32.Flame.a   
https://www.virustotal.com/file/029bcd72dc2ca4b31778cf4ee086038d8bd6c59ed2ed485e247aed56f909f881/analysis/

TR/Flame.A.8
https://www.virustotal.com/file/1999c26614de76068d9431b8184e933c63b5813b76a95fac6cc4b47e93832c23/analysis/


reported to avast! and uploaded to MBAM  8)

PM me if u want samples for flame  ;)

EDIT: detections added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 31, 2012, 05:40:49 PM
TR/Spy.ZBot.aav   
https://www.virustotal.com/file/40bd4160bb37ccf944799129463933a61f32bbb306a2dac3f95a9d3cb19598f5/analysis/

reported to avast!  :)

Edit: detection added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 31, 2012, 06:49:22 PM
Windows Antivirus Rampart - FakeVimes

https://www.virustotal.com/file/4d0a1e0213904a7d397d51e38c4aaed26f8824984e9ca162505ea22a9ffae15c/analysis/

reported to avast!  ;)

EDIT: detection added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 01, 2012, 07:22:59 PM
 Windows Malware Firewall - new FakeVimes rogue

https://www.virustotal.com/file/b4d5db39daf38597453fb3acb9c403976fea86508b599e506d144ac42206d70b/analysis/

reported to avast!

edit: detection added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 01, 2012, 10:30:07 PM
Missed JExploiS/t-Blacole.cx /fake LinkedIn Spam lrading to this malware via CVE-2011-3521 vuln, see: htxps://www.virustotal.com/file/d3af335637df9a1b29b9ed5e1cc0db6e60f313039ec758bfccfe0acebfb1e8d8/analysis/
see: htxp://zulu.zscaler.com/submission/show/e99c8ecf9c2b888f079a9ef0655ee90e-1338581545
IP address: 187.85.160.106, 184.106.200.65, 50.57.88.200, 50.57.43.49

Also found here that there was LinkedIn spam
Sop the payload is also here:

The payload is on immerialtv dot ru:8080/forum/showthread.php?page=5fa58bce769e5c2c  hosted on the following IPs:

50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)
184.106.200.65 (Slicehost, US)
187.85.160.106 (Ksys Soluções Web, Brazil)  See this address for our find

Plain list for copy-and-pasting:
50.57.43.49
50.57.88.200
184.106.200.65
187.85.160.106

all this reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 01, 2012, 10:34:23 PM
Another one here, Trojan:JS/BlacoleRef.W missed: htxp://zulu.zscaler.com/submission/show/f58b27f17b497ce2c367cb12a7694ff5-1338582640
see VT results -> htxps://www.virustotal.com/file/38addb00e677ec62da4d04da6344107aeaa00ba204ab3f02d9806d3e0284e85d/analysis/
see: htxp://urlquery.net/report.php?id=62312  mdl_Leads to exploit kit detected 2012-06-01 13:22:00 live malware,
which avast should normally detect as HTML:RedirME-inf [Trj]
 Detected BlackHole exploit kit HTTP GET request
- Detected malicious injected iframe -> iframe src='htxp://mazdaforumi.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c
(the one we reported in the previous posting)
We see this is an ongoing problem through a malware campaign (5 hrs ago, 6 hrs ago) when we search for: htxp://www.google.nl/search?sugexp=chrome,mod=9&ix=h9&sourceid=chrome&ie=UTF-8&q=iframe+src%3D'http%3A%2F%2Fmazdaforumi.ru%3A8080%2Fforum%2Fshowthread.php%3Fpage%3D5fa58bce769e5c2c

reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 01, 2012, 11:54:46 PM
Another Trojan:JS/BlacoleRef.W, not detected, htxps://www.virustotal.com/file/07ca7776a566cc872c2fd0602da135072e780a10b062175e00c2710f3f63a365/analysis/
from: htxp://zulu.zscaler.com/submission/show/af5d670395a65113f12e98337f95bb64-1338587387
see: htxp://urlquery.net/queued.php?id=62630
- Detected BlackHole exploit kit HTTP GET request
- Detected malicious injected iframe

reported to virus AT avast dot com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on June 02, 2012, 12:03:09 AM
Hi Polonus,

Not a new exploit method given in your post regarding "wire-transfer.htm".

I've seen the exact algorithm somewhere else.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 02, 2012, 12:17:34 AM
Hi !Donovan,

Well then they are running a new campaign with this again. So old wine in new sacks, so to say. Thanks for your evaluation.
I just report what I see happening while scanning and when I cannot get a avast detection, I immediately report back to the avast base,
well analysts. I think you are developing a very good "feel" for the various varieties of malcoded scripts out there,
as it is inspiring for both of us,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 02, 2012, 07:48:40 AM
Hi malware reporters  ;D

Trojan-FakeAV.Win32.Agent.rkx
https://www.virustotal.com/file/e1aaa0a98fc43f47d0d5777429631eaa4f8449bdbdbc268fb03d48fc910df8a3/analysis/

trojan winlock
https://www.virustotal.com/file/36ad11081c1b29b3540b918337478740921ddec0a90c45aabc0cc367f34e6763/analysis/

reported to avast! ;)


EDIT: detections added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on June 02, 2012, 10:16:51 PM
From the latest VT Comments:
Weelsolf BotNet (9-40)
https://www.virustotal.com/file/f25296744471f5f29718832998c20ac15bb968f426ae2259b5bdcb57a249d47f/analysis/

Rouge AV Live Security Platinum (8-42)
https://www.virustotal.com/file/cca6e3ecef865d2a5623c2e3b04a27d96c10abc90c5e67a3b5477d7ba215c438/analysis/

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 03, 2012, 07:07:15 AM
Hi Friends,

found by makcunknown

trojan ransom.
https://www.virustotal.com/file/d5faa80f5c8c083d37bc276f5dfe1598599fa07f67e8c9d55bbf8c41caa5bb62/analysis/

reported to avast!

EDIT: detection added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on June 03, 2012, 06:47:14 PM
undetected malware

https://www.virustotal.com/file/b11c2b9b1dff86529ae399eb2bb2181e8edf720c722029a9000f6a7adad7248d/analysis/1338741938/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 05, 2012, 01:54:53 PM
reported to virus AT avast dot com: https://www.virustotal.com/file/524b01eeee5d8c40918f552a1eb3543c37a3a773af9505070ecab24ccc7b31a7/analysis/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on June 05, 2012, 02:36:48 PM
No AV Detect..yet.
https://www.virustotal.com/file/2a8d08b52bad72da37b15e56a0f8bfb41bee1188c15808e7e5a0a2b0a5ccec35/analysis/
See comment from mwsniffer
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 05, 2012, 11:04:04 PM
See: htxp://vscan.urlvoid.com/analysis/e88bca0faa4901001e23d338727d9327/aW5kZXg=/
See: htxp://sitecheck.sucuri.net/results/www.wandelhalle-hamburg.de

reported to virus AT avast dot com,

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Andrey,pro on June 06, 2012, 02:18:38 PM
Trojan.Mayachok.17105 detects only by Dr.web
https://www.virustotal.com/file/1091ad4f18ada3c85bd69ac724e32f31585fc1a15a432a21e92d03087066777b/analysis/1338983553/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 06, 2012, 02:42:10 PM
Hacktool or backdoor not detected by avast: htxp://zulu.zscaler.com/submission/show/61e0aaa070b0a7ac40098af1a3a433f0-1338986102
and VT results: htxps://www.virustotal.com/file/80725340b7830288dfe4969eb070a542516a040efc2c1e6473b6051d086f46ab/analysis/
reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Theo Peterbroers on June 06, 2012, 02:52:27 PM
https://www.virustotal.com/file/b918547ded8f978ba5bfc2f1dd48cd2bf620635d18c869b1a3c513dd8efa2edf/analysis/1338986572/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 08, 2012, 08:51:02 AM
TR/Flame.A.7   

https://www.virustotal.com/file/0a96ba671bebc78e705ae2d2360bf49a3f34f46a7522555eec47b31d90069c71/analysis/

reported to avast!  8)

Edit: detection added
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 08, 2012, 09:48:55 AM
Mal/FBJack-A   
detection missed...contains obfuscated Iframe..new Facebook HTML malware/spam..redirects to faked Jason Bieber video

https://www.virustotal.com/file/57726a46a0debac32dec0a06d1fa9df2b79566f2f8a2ef8754a66775e86f939c/analysis/1339141426/

reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: MDRockstar on June 09, 2012, 03:41:35 PM
Malware sent yesterday to avast but still no detection ?

https://www.virustotal.com/file/06f2dde9b6e726480e52f02fc3af75278fedc1270764b10dbbfb349a9876b23b/analysis/1339248959/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 09, 2012, 04:16:55 PM
Hi MDRockstar,

This because the suspicious file ltastd.exe is flagged as riskware. It might be opened by avast to be run first in sandbox for evaluation,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on June 09, 2012, 04:29:52 PM
Not many of the larger AVs are detecting it either. Many that are are using heuristics and are calling it PUP or riskware.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 09, 2012, 04:50:45 PM
Hi DavidR,

Thank you for confirming the PUP status. The poster probably sent it because of this report: http://systemexplorer.net/db/ltastd.exe.html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Andrey,pro on June 11, 2012, 05:23:38 PM
Detects by Dr.web as Trojan.SMSSend.2917.
https://www.virustotal.com/file/551d2509a5d4769e1212c47116300795f0dc8708fe50ce43683d14c0fe8d3dff/analysis/1339428024/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Left123 on June 11, 2012, 08:51:42 PM
This topic shall be closed,samples can be sent directly to AvastLab.If you want to increase your post count,think of something smarter.No offense but it's the true.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on July 16, 2012, 05:39:40 PM
undetected malware

https://www.virustotal.com/file/8a79715f3e63650f8897a24ffe8b0301f447958b303ecd45ab00ac883ecbaf4f/analysis/1342451827/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 03, 2012, 05:06:33 PM
Was cleaning a computer infected with win8 security system and found that avast does not detect this rootkit that comes bundled along with this rogue.

https://www.virustotal.com/file/3945861e049199662423a539e96b0c49a904501e9aef02faa4da678633cbcc37/analysis/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 03, 2012, 08:00:04 PM
Hi true indian,

Subject had already been mentioned extensively  in an earlier thread here: http://forum.avast.com/index.php?topic=104668.0
Why did not you react there?

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 11, 2012, 10:42:23 AM
Somebody posted this on our avast! FB wall..
https://www.virustotal.com/file/da5e7057fd1bd488c5e9ff8fede941f00d32d58bae8f3ca4b5b8096189d4768f/analysis/1347769210/

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 11, 2012, 10:48:20 AM
see the sigcheck and first seen by VT
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 11, 2012, 10:50:58 AM
see the sigcheck and first seen by VT

Sigcheck
publisher................: Oracle Corporation
product..................: Oracle VM VirtualBox
internal name............: VirtualBox.exe
copyright................: Copyright (C) 2009-2011 Oracle Corporation
original name............: VirtualBox.exe
file version.............: 4.0.4.70112
description..............: Oracle VM VirtualBox Manager

First seen by VirusTotal
2012-09-11 08:39:32 UTC ( 1 minute ago )

I had checked for a digital signature earlier itself when i downloaded it..and it didnt have one so i guess this is 100% Malware.

P.S. I like the name given by SAS on VT: Heur.Agent/Gen-FakeAvast ....interesting.. ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on September 11, 2012, 11:00:41 AM
you may run it at treathexpert to see what it does
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 11, 2012, 11:24:36 AM
you may run it at threatexpert to see what it does

I dont think it does really anything much...i couldnt get into my threat expert account because i forgot my username and password.
http://anubis.iseclab.org/?action=result&task_id=12633cb1584a7e084498422305d2e74d6&format=html
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 11, 2012, 04:04:49 PM
Hi true indian,

Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 12, 2012, 08:37:39 AM
Hi true indian,

Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632

polonus

yes that was me who posted this there...

Avast! now has detection... ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 15, 2012, 01:30:27 PM
Again some piece of Malware on avast! FB wall..

https://www.virustotal.com/file/13fdec273e3240acbc1ea323a2c4a4c0c64cd6d9da04107b51315a0d28ccc2d4/analysis/

it [rar file] extracts a hidden text file called significant.txt which contain BKDR/symmi

Reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 17, 2012, 08:58:55 AM
Trojan-Ransom.Win32.Gpcode.dm
https://www.virustotal.com/file/c0603fcd04d8e2fe78559a1fc07d0d8e569c08225ecb864850edd9511b11a439/analysis/1347881864/

sent to avast!  ;)

edit: latest streaming update detects this now after sending.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 18, 2012, 12:54:05 PM
Microsoft IE 0 Day

https://www.virustotal.com/file/75bd9b405fd0239644ab0c6aae6579096a407ddedd3c6139219f8c8e8f5b2db3/analysis/

reported to avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 19, 2012, 07:01:05 AM
Again some malware posted on avast facebook wall...

https://www.virustotal.com/file/c25a1c46aa91763bf657fe0d8d89ef7ce6ffa3502a68e7b1bcbbfa36da210600/analysis/
reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 21, 2012, 08:40:32 AM
Payload of IE 0-day
https://www.virustotal.com/file/a5a04f661781d48df3cbe81f56ea1daae6ba3301c914723b0bb6369a5d2505d9/analysis/

reported to avast!  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 21, 2012, 09:16:20 AM
Hi true indian,

As you can see the payload is the infostealer bancos y trojan variant. For Threat Expert awareness of this file and what subfiles it creates, see: http://www.threatexpert.com/files/111.exe.html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 21, 2012, 07:04:42 PM
Again Malware on avast! facebook wall...

https://www.virustotal.com/file/2d9b9a8860ce97177891ca1bb5e7faba880eb079e2d8025762d6a72518e96a90/analysis/1348247024/

reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Win32:Sality on September 26, 2012, 01:28:54 PM
I'm not sure if it's malware, but i found it and it looks suspicious:

1 file

https://www.virustotal.com/file/fd115514291e2855c204decc03270628e3dbe7c8da0dc797c1ce1389fd2a0ba8/analysis/1348657526/

2 file

https://www.virustotal.com/file/7abc66b037c23f80fbb861e02f894900c9b9590bf70b10852d28a84229109aa4/analysis/1348657408/

3 file

https://www.virustotal.com/file/e3f10f3119da4f4a54c5c99508c5314265f177046898b3b7f811e3febeb6e0d1/analysis/1348657652/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 26, 2012, 01:42:28 PM
@ sality

Have you sent the files to avast! labs via e-mail or from the chest??
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Win32:Sality on September 26, 2012, 02:00:48 PM
Yep, I send yesterday.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on September 26, 2012, 02:24:48 PM
Yep, I send yesterday.

yes thats good...keep sending them if they are not detected  :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 26, 2012, 06:14:53 PM
These temp files were never found to ne malicious: http://www.threatexpert.com/files/100.exe.html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Win32:Sality on September 27, 2012, 08:58:20 AM
Yes, virustotal said it's clean, but i started it on my virtual machine, and it was weird. I send it to the avast too.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on September 27, 2012, 12:54:16 PM
New Dorifel-variant downloading the zero access rootkit not detected: https://www.virustotal.com/file/6d32a06be42f9c9b09038279d5121c8f9edd3fc3d5c670f3691d20d92dcddbff/analysis/1348728915/#additional-info

Time for TDSS killer investigations from our malware removal experts, zero access rootkit to perform clickfraud is a mighty nasty threat at the moment going under the av radar. The new Dorifel variants seems to be more aggressive as the former...
Malware produces a new unique hash making it harder to detect, This domain was registered: https://forum.perfect-privacy.com/member.php/?u=4578
The ransom hijacker uses a picture of Mohamed Ali, formerly known as Cassius Clay  A special Dorifiel decrypter should be used for the encrypted documents:
http://www.surfright.nl/nl/support/dorifel-decrypter. Information from SurfRight's and kudo's go to Mark Loman and Fabian Wosar...

polonus

P.S. Regarding Perfect Privacy Forum, like to add the following security information: 
web bug detector gives a webbug on that very page: https://forum.perfect-privacy.com/member.php/cron.php?s=073e2639f73d26cb026449410960b785&rand=1351336814 
so that is not very encouriging for establishing the right privacy circumstances,
and makes the site vulnerable to attacks, see: http://drupal.org/node/1080486 (link article author Drew Mathers).
It should be protected from the protect it from the webserver layer.
Executing code on your webserver from remote is always a security risk.
cron.php only runs once, so the risk is not that extreme,
but users of Drupal should be aware to not give access.
Renaming cron.php is no option, because it is security through obscurity.

Private cache control is alerted for not following best practice, no secure attribute for cookie bb sessionhash
settings not secure for x-content-type-options N/A   x-xss-protection N/A x-frame-options   
N/A   x-content-security-policy   N/A   strict-transport-security   N/A   
Check this yourself using the Recx Security Analyzer extension on that page.
Privacy ratting does not go further as a meagre 70,

Damian
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 03, 2012, 07:16:17 PM
Found via Facebook: http://zulu.zscaler.com/submission/show/f635b729ae5ed08dfc8831847acc9661-1349284508

redirects to: http://zulu.zscaler.com/submission/show/04d2c77ccb3d047a3fa861f651a3b3fa-1349284530

Reported this to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 04, 2012, 01:10:08 PM
Malware On Avast! FB Wall

https://www.virustotal.com/file/838f9ca46793bd5c5f0735d2e9a67119b5166f71813ea9449b7e03dd7d28f00f/analysis/1349348552/

sent to avast! labs..
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 05, 2012, 07:23:10 AM
Malware On Avast! FB Wall

https://www.virustotal.com/file/85a9a7a7d9fd52c9d3bce6a31733b0e4f71f31d602c161588aa86a42b11bf99c/analysis/1349411730/

sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 08, 2012, 12:55:03 PM
Malware On Avast! FB Wall

https://www.virustotal.com/file/dbd19a5b301e20b6dfaed8da671d0ce8b0f81a671352727ee579942ba23aa81c/analysis/

sent to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 12, 2012, 03:35:13 PM
Malware On Avast! FB Wall

https://www.virustotal.com/file/1c52c6efc89a8bb32c8dd75e77e72bb6d61ba5a31dc5fa56a143e7b9151a1688/analysis/1350048692/

sent to avast!

P.S. it has a avast icon too  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 14, 2012, 11:59:28 AM
Exploit.HTML.IframeRef!IK   
https://www.virustotal.com/file/d280279a32686ba766b8c6375e9f79338d1ea0c750752ad2090d5cba2feafc7f/analysis/1350208298/

reported to avast!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Asyn on October 14, 2012, 12:36:45 PM
Good catch. :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 14, 2012, 12:48:48 PM
As an Update to my previous detection of Iframe.The site that is loaded by the Iframe is already detected: http://vscan.novirusthanks.org/analysis/6674455f2c5206efa75a21c86081a339/dGVzdC1odG0=/

So we should be protected anyway.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 23, 2012, 02:01:01 PM
Malware on avast! FB Wall

https://www.virustotal.com/file/fa7fd9b5686c3f0410bd8e9f2ad1bd638389584b2d96112d60eec59485d51375/analysis/1350970912/

reported to avast!  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 27, 2012, 12:29:48 AM
Hi true indian,

We have detection now: https://www.virustotal.com/file/fa7fd9b5686c3f0410bd8e9f2ad1bd638389584b2d96112d60eec59485d51375/analysis/
we are being protected,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 30, 2012, 12:16:42 PM
Not detected? http://zulu.zscaler.com/submission/show/59273a77959881472c65c7243ccb05e7-1351595253
see: https://www.virustotal.com/file/776303a0a9794f0abc8696c395892d84de37b050c5adb76e2f7fe64f594090e1/analysis/
alive and OVERDUE 2012-08-23 12:11:59
New analysis report to be found here: http://anubis.iseclab.org/?action=result&task_id=1d980218979be3ed4452737f984e83694&format=html
reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on October 30, 2012, 04:49:18 PM
Another one: http://zulu.zscaler.com/submission/show/b3dd2a02c23620b356526f878291ee61-1351612010
See: https://www.virustotal.com/file/ea1a86e40ae76052c7828153c600a8a9b1de438d7596977eadb252ee2a722847/analysis/

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on October 30, 2012, 05:49:43 PM
Not detected? http://zulu.zscaler.com/submission/show/59273a77959881472c65c7243ccb05e7-1351595253
see: https://www.virustotal.com/file/776303a0a9794f0abc8696c395892d84de37b050c5adb76e2f7fe64f594090e1/analysis/
alive and OVERDUE 2012-08-23 12:11:59
New analysis report to be found here: http://anubis.iseclab.org/?action=result&task_id=1d980218979be3ed4452737f984e83694&format=html
reported to virus AT avast dot com

polonus

First seen by VirusTotal
2009-12-15 14:10:46 UTC ( 2 years, 10 months ago )

Quote
Emsisof: Riskware.Keygen.WinRAR (A)

Still in question for avast analysts if its to be detected or left alone.We may even have sandbox detection
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 05, 2012, 06:19:52 AM
Trojan.GBPBoot.1 new MBR infector  :o

http://news.drweb.com/show/?lng=ru&i=2927&c=9

Reported to virus AT avast DOT com  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 08, 2012, 09:40:19 AM
Probably a Trojan:
https://www.virustotal.com/file/87be42ea7c8de7fde284b9149352a6fab551d386f0c545e1c0ff6de61798d49e/analysis/1352363750/

Reported to virus AT avast DOT com.  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 08, 2012, 04:47:22 PM
See: https://www.virustotal.com/file/be37b9b39f41510e4941e63528bf6e96/analysis/
Malware still alive: http://malc0de.com/database/index.php?search=filepop.co.kr%2Fdown_fs%2F00000001_fsetup_703_20.exe%09

should this be detected is the question:
First seen by VirusTotal
2011-05-31 09:56:00 UTC ( 1 year, 5 months ago )

Spreading via IP: hxtp://211.215.18.239/ which is being blocked by MBAM IP Blocker!!!

Reported all the discovered URL's to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 10, 2012, 04:48:50 PM
See:https://www.virustotal.com/file/214713c0f6d00003fdbac583cc585fd6ce8256f2cdc3da43cf29bbe496cf180a/analysis/
&
http://minotauranalysis.com/search.aspx?q=8fa6c23df708ae478322bf3c17921917

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 13, 2012, 12:02:28 PM
Missed: https://www.virustotal.com/file/faf4ac103a1caf42c691f05e9a829cb3d7a0ab967956fadb28f064dd5eb07f4f/analysis/

reported to Virus AT Avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 13, 2012, 03:40:50 PM
Backdoor:Java/Jacksbot.A    :o

EDIT: VT link removed..

reported to virus AT Avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on November 20, 2012, 07:41:19 AM
Suspicious for Trojan Downloader.
https://www.virustotal.com/file/91d48f6c435d0b4adec680a25dd809c9a3d9c497b7b6e64a41e1418bcf697e2d/analysis/1353393295/

reported to Virus AT Avast Dot Com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on November 20, 2012, 01:15:10 PM
Hi true indian,

Was not this posted by your alter ego? http://forums.malwarebytes.org/index.php?showtopic=118370

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 05, 2012, 03:00:08 PM
Missed: https://www.virustotal.com/file/f61a6a3e1922ba9df7be668966efc8a7fc0183336539bb7da2f85f15fbd9ce28/analysis/

Reported to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on December 05, 2012, 11:50:07 PM
(New) KaiXin Exploit Kit 1.1
https://www.virustotal.com/file/88af04ee7c18a3487e83b06b6c945dd858a4716de157a8d23f879eda47114ec2/analysis/
https://www.virustotal.com/file/9cf6c1f26c235b0922d1f20552403bb18e9cc660d6c1f4ff419426879719127a/analysis/

For more information see my comments.

~!Donovan
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Tonanet on December 06, 2012, 10:09:49 AM
Hello,

I have submitted the file bellow 3 times to avast, however it still not being detected:

 https://www.virustotal.com/file/27947b0c0acc357a8637f7d0d3dc27119bcf4fa3e68b07d2b3cf8e49c083db60/analysis/1354784726/

Thanks for your time!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 06, 2012, 11:39:23 AM
Hi Tonanet,

It is being flagged here: http://www.isthisfilesafe.com/sha1/80DD271CB1A9A52A7467B15D16AA4D8DF447D398_details.aspx
Could be the avast shields flag it?

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 06, 2012, 12:01:41 PM
Hi !Donovan,

I went after the IDS alert for "Detected live KaiXin exploit kit" at urlquery.net and saw that DrWeb has a very good detection rate for this exploit kit malware detection

htxp://adsup.co.kr/pgm/  avast detects here:  https://www.virustotal.com/file/5004b899bc5c8dd17e3b54cf28f930484e9f1e6c36de1a28a61de2c9cd61cc76/analysis/
htxp://204.13.71.29/home/flash.html  I get The network link was interrupted while negotiating a connection. Must be ZeroExploit shield intervening or ABP malware block list enabled...
These are the IDS sigs: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17956 (info author = gmane)
Emerging Threats Daily Rulesets update: http://www.emergingthreats.net/2012/11/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Tonanet on December 06, 2012, 12:21:51 PM
Hello Polonus,

Thanks for the reply.

It seems to be a new file, as this one isnt detected by Avast, AVG or Panda with the latest definitions...

Thanks for your time,

Tonanet
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 06, 2012, 12:30:42 PM
Hi Tonanet,

Yes, will be reported to virus AT avast dot com,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 17, 2012, 11:40:50 AM
New Unknown Malware: http://certcc.ir/index.php?name=news&file=article&sid=2293

According to Crysis its batch wiper...

reported all samples to virus AT avast DOT com.  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 17, 2012, 01:01:13 PM
See: http://labs.alienvault.com/labs/index.php/2012/batchwiper-just-another-wiping-malware/?utm_source=rss&utm_medium=rss&utm_campaign=batchwiper-just-another-wiping-malware (article author = jiame biasco) Quate from Jiame Biasco:
Quote
We don’t have details about the infection vector but based on the dropper it could be deployed using USB drives, internal actors, SpearPhishing or probably as the second stage of a targeted intrusion.

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 17, 2012, 07:09:48 PM
Latest update on that malware news: http://www.securelist.com/en/blog/208194052/GrooveMonitor_Another_Wiper_Copycat  (article author = Roel)
Malware does not funtion on 64 bits-Windows apparently,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on December 19, 2012, 07:30:36 AM
https://www.virustotal.com/file/ca822605407966dbdf338b6596cbf08109b469d0535cf1b37f61a6eda69f754c/analysis/1355898491/ (https://www.virustotal.com/file/ca822605407966dbdf338b6596cbf08109b469d0535cf1b37f61a6eda69f754c/analysis/1355898491/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 20, 2012, 12:22:57 AM
Hi mrapi,

Here I also get a zero flag result: http://f.virscan.org/ezcddax.zip.html
As it is crack MS it should be suspicious by nature,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 22, 2012, 04:36:56 AM
Missed: https://www.virustotal.com/file/bf8b0bc0c8e1db52d94719fb01db1765/analysis/
reported to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 22, 2012, 04:43:30 AM
https://www.virustotal.com/file/d8f57888cfe31d104b04bc30747120d9e1a69b2a1f82c7165936fc45f07ccfba/analysis/1356492745/
https://www.virustotal.com/file/99a2c01acb8b237f7ec3d526533cde343df64c8e6d0dd5e7afe004beeff2d051/analysis/1356492737/
https://www.virustotal.com/file/b24f4498fc40fc8b80bd79c0364ff3dbe2fba5379fe4322988a81f55ac8c2cca/analysis/1356492726/
https://www.virustotal.com/file/e1f7108d21edb1b836ad96b7b7d26ec82b8d1d7e11ff7a3a1061308ded0f59fb/analysis/

2 Tepfer trojans and 1 Lockscreen Missed and not being detected even after being reported constantly by me  >:(

Reported again virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 25, 2012, 04:41:28 PM
This one missed: https://www.virustotal.com/file/d8f57888cfe31d104b04bc30747120d9e1a69b2a1f82c7165936fc45f07ccfba/analysis/
See: http://siteinspector.comodo.com/public/recent_detections/show_website?url=http%3A%2F%2Fsecegbiw.ru
See: http://zulu.zscaler.com/submission/show/4ca58b921729091c2f7df9dc8a9cf884-1356435452

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 27, 2012, 06:50:06 AM
Win32/Reveton.N   
https://www.virustotal.com/file/4420885eb5e32c29f344691c36ff3732c2244e2704a28f5fd7c0f6ed90501493/analysis/1356664948/

Reported to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 02:20:17 PM
Trojan
https://www.virustotal.com/file/78d356dd295f27ba3b893beed6492a40f7feb8bfb4f2ed3e3f717beb84dbc2a0/analysis/
Already submitted throught chest.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 02:21:53 PM
Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 02:26:19 PM
Suspicious
https://www.virustotal.com/file/5db455071ca1bcf62ebbda43ad94646c521c1d179fd5b49fa57c774e6a43fd2e/analysis/
Submitted from email.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 02:32:48 PM
Trojan
https://www.virustotal.com/file/53377d93e3dfdf32a05befde859b034379b924dc33f1fe8c457508c521e2689a/analysis/

Backdoor
https://www.virustotal.com/file/02bdf5cdb3ce4a36a950b181e624c178765552b1a62ec98c02279a4e38d58e91/analysis/

FakeAV
https://www.virustotal.com/file/5f3ed8095cb3e5f5a171454dfe90473a94970bd929d2e46e69359bcb2bce9b7f/analysis/
Submitted from email.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 02:52:05 PM
ZeroAccess
https://www.virustotal.com/file/63d13ceff8870228b6b0f2e08b0274541884e255c6c299908b37464d4afef24f/analysis/
Submitted from email.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 27, 2012, 03:51:46 PM
Trojan
https://www.virustotal.com/file/78d356dd295f27ba3b893beed6492a40f7feb8bfb4f2ed3e3f717beb84dbc2a0/analysis/
Already submitted throught chest.

ZeroAccess
https://www.virustotal.com/file/63d13ceff8870228b6b0f2e08b0274541884e255c6c299908b37464d4afef24f/analysis/
Submitted from email.

Avast network shield is already blocking the websites that gives these 2 infections as bad URL's...so you dont need to worry about the sig detection....anyway,thanks for sending!!!   ;)

Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.

First seen by VirusTotal
2012-09-16 23:40:32 UTC ( 3 months, 1 week ago )

you sure this still exists in terms of real life usage??

On everything else...i would say good catch!!!! but keep in mind a lot of the web infections get blocked by the network shield URL blocker before even we have sig detection...just see to it you dont report samples from already blocked URL's  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 27, 2012, 03:53:18 PM
Found via a USB stick...its Ramnit!!!
https://www.virustotal.com/file/29defdc42517a3e5137ab0fe3d201a8f9d053fc669ca4dc6e172785a3e3c4dfb/analysis/1356753297/

Reported to virus AT avast DOT com

FakeAV
https://www.virustotal.com/file/73eb87b0012138c2120e0ecb5e503cf3/analysis/
 
sent to labs!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 05:14:33 PM
Adware (good detection rate).
https://www.virustotal.com/file/0f0cc0ac9f3bcdd540c566c690a072e8861c6cab268eb9e98534bfc7a6e59239/analysis/
sent to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 27, 2012, 05:24:42 PM
Hi true indian,

Found that here: 2012-12-26     [D] carlahahn dot de/jqYnYs8B.exe    1FE5C899B8DF52C198B1582CE15B30A4    39D96ED5A5DBFFF3A2EF5782851541356070AA8E    284672    82.165.87.2    M TE R MG UQ Data from VX Vault
DrWeb URL checker detects: Checking:htxp://carlahahn.de/jqYnYs8B.exe
Engine version:7.0.4.9250
Total virus-finding records:3513894
File size:277.50 KB
File MD5:4ff9db792185de2457cb3c6ddc91da53

htxp://carlahahn.de/jqYnYs8B.exe packed by FLY-CODE
>htxp://carlahahn.de/jqYnYs8B.exe probably infected with Trojan.Packed.196

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 27, 2012, 07:10:59 PM
Malware
https://www.virustotal.com/file/82d77152b6fe8b61267186db7b947d7ddc8e69e9fcd70f5720dc0fdcd08b58a5/analysis/
submitted to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 27, 2012, 07:35:41 PM
See: http://www.runscanner.net/lib/TOP.exe.html
and
http://www.pcpitstop.com/libraries/process/i/TPop.exe.html
Could well be that avast will detect this as a PUP (Possible Unwanted Program) when you try to run it for the first time....

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 12:31:31 AM
brand new trojan
https://www.virustotal.com/file/5fd73990c07b9fed483678689ed03ade960bea8921a0be5514b7040653e7add5/analysis/
submitted to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 28, 2012, 12:58:55 AM
Hi spywar,

Did you check for shield detection? Did you report to virus AT avast dot com? See: http://www.processlibrary.com/directory/files/tibia/427525/
and http://www.threatexpert.com/files/tibia.exe.html
Here Bitdefender TrafficLight alerts this download link as malware: htxp://pedump.me/a5ea47f911614697d0b2ce85222909a1/
See: https://www.virustotal.com/url/b328e6eff71a370b3c5d37df4df0bd264154209f2e2a935866f6135c9cb6df74/analysis/1356652004/
All detections in the past were from NOD32 only ->
http://webcache.googleusercontent.com/search?client=flock&channel=fds&q=cache:eB2tyD05MPMJ:http://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html%2Bhttp://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html&oe=utf-8&hl=en&ct=clnk

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 01:02:45 AM
Hi spywar,

Did you check for shield detection? Did you report to virus AT avast dot com? See: http://www.processlibrary.com/directory/files/tibia/427525/
and http://www.threatexpert.com/files/tibia.exe.html
Here Bitdefender TrafficLight alerts this download link as malware: htxp://pedump.me/a5ea47f911614697d0b2ce85222909a1/
See: https://www.virustotal.com/url/b328e6eff71a370b3c5d37df4df0bd264154209f2e2a935866f6135c9cb6df74/analysis/1356652004/
All detections in the past were from NOD32 only ->
http://webcache.googleusercontent.com/search?client=flock&channel=fds&q=cache:eB2tyD05MPMJ:http://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html%2Bhttp://v.virscan.org/Win32/PSW.Tibia.NGI%2520trojan.html&oe=utf-8&hl=en&ct=clnk

polonus
Yes checked for shield detection, submitted via "virus@avast.com" yes.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 09:10:37 AM
trojan downloader
https://www.virustotal.com/file/f77ab065b1a6051582646f576792a6e8c76cd5d0227b8d69b52a490cabee3b1f/analysis/
submitted to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 10:04:33 AM
Ransomware
https://www.virustotal.com/file/2fba9a749f631961f7a0541dc75bec0a75268c02b41a8f26caa60982f0c39704/analysis/
submitted to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 28, 2012, 11:43:09 AM
Spywar,I hope you are checking the URL's from where you get the samples...and not reporting samples coming from URL's that network shield already blocks....btw,thats a banker malware not a ransom...its funny how even the big kaspersky misses that one. ;D

I even see you have a nice catch on malware that was out since past weeks and AV companies are tend to miss them..Keep up the great work!
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 11:52:06 AM
they don't come from url  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 01:38:59 PM
trojan downloader (not from url)
https://www.virustotal.com/file/d95f3016c1aefd77ad80cef058b22c8cdbe88d6776d09f4e8cd352f15fc9bdd6/analysis/
sent to lab.

also, about 60 samples sent to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 01:39:55 PM
1 week old certified malware
https://www.virustotal.com/file/aad3fd0acdb9610a921a8d4776b56254116a8122c434c066f2963c0d35f33385/analysis/
sent to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 01:41:13 PM
1 week old sample
https://www.virustotal.com/file/6d46e93f812f504bba42c027ca380522d9d6359feb68ad553490701bfcee1242/analysis/
Detection ratio:   40 / 46
sent to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 01:48:14 PM
Worm delf
https://www.virustotal.com/file/8941c06058682a75f43e5f0b24a85b99aaff9ba66b8c37e851cad35c5f51e3ab/analysis/
sent to lab.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 28, 2012, 02:10:05 PM
1 week old sample
https://www.virustotal.com/file/6d46e93f812f504bba42c027ca380522d9d6359feb68ad553490701bfcee1242/analysis/
Detection ratio:   40 / 46
sent to lab.
the VT scan here is 4 days old....sure it is not detected?
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on December 28, 2012, 02:11:13 PM
Worm delf
https://www.virustotal.com/file/8941c06058682a75f43e5f0b24a85b99aaff9ba66b8c37e851cad35c5f51e3ab/analysis/
sent to lab.
this VT scan is 2 days old....sure it is not detected?



why not post latest VT scan ?

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 02:23:08 PM
I scan foldr with PUP enable.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 28, 2012, 03:45:36 PM
There really is no need to make a new post for every sample sent.

The other point, my particular hobby horse, this topic is pointless, these reports do nothing they can't be analysed, only sending the samples to avast does.

So if you have sent to sample, then the post is pointless, even more so if you make the report in this topic then really you should follow it up and modify the post when the sample is detected. Otherwise it is just totally unbalanced only showing missed samples and no follow up to show the sample has been added to the virus definitions.

If you have sent the sample all of this additional stuff is moot, pointless, doesn't achieve anything.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 28, 2012, 03:58:39 PM
I too think this topic isn't helpfull, I read from 1st page and saw Milos who said it was pointless so I have to agree ;)
Off course I send everything to them using email.
In Comodo's forum, there is a topic like that but that's not the same, you submit with VT links, they grab the SHA-1 values for each links and they locate them throught their cloud based DB.
But as you previously said, this topic should be closed.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 28, 2012, 04:03:49 PM
Topics generally don't get closed unless they infringe general forum policy, which this doesn't.

But it really is pointless as every now and then I drop my little reminder. For any SHA-1 # to be collected it would require constant monitoring by someone in the virus labs and my guess they have better things to be getting on with.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 28, 2012, 10:55:29 PM
What could be worth mentioning in this thread is malware that is so-called "long overdue" malware and has not been detected by avast for some time or detection was never added.
Long overdue is a particular malware that has been active for say 1200 hrs and over and for which many av solutions have detection and (only some and) avast has not.
Avast is known to have certain "blind spots", e.g. certain types of malware where it does not reach over average in detection percentages or even less (e.g. in the past certain banking trojans were missed).
Then another particular phenomenon is that for instance DrWeb's and avast detection overlap. I mean to say what avast detects DrWeb's does not and vice versa.
There are a couple of issues we have to consider.
A a large proportion of malcode is blocked and alerted by the avast shields.
Then there is malware that no longer exists and is still listed as active elsewhere, while the malware has been closed or isn't active any longer.
Another thing is checking av detection related to Intrusion Detection alerts (like URLquery gives) could add detections.

Then there is another issue that makes the use of this thread less reliable. That is that VT results do not measure up all of anti-malware detection, because it only gives part of the overall detection.

Another issie is with VirusWatch when we compare the percentage of av solutions' detection of a certain type of malware.
Again here we also have a good parameter to get certain patterns where a certain av solution is so-called "under par" considered to others.
It is a good thing that a lot of sites are not being visited because of Google Safebrowsing alerts in certain browsers.
Or users must ignore these alerts, which is a stupid thing to do.
Some users like Bitdefender's Trafficlight, Trustwave or WOT, and DrWeb's URLChecker to guide them through search engine results pages or Netrcraft's anti-phishing extension. So there are trafficlights: red, yellow and green to consider while surfing or clicking.
Extensions like NoScript and RequestPolicy are always a good option for further added overall in-browser protection if you know how to use and toggle these extension settings. And in certain cases it could be an option to run a browser in a sandbox...

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 28, 2012, 11:05:58 PM
In all honesty that to is pretty pointless, reporting here is going to do nothing, sample submission rules.

People posting here don't go back even a day to their previous reports to confirm they have been added to the virus definitions, what makes you think they are going to go back much further.

As I have said for so long this topic really is pointless when we can't/shouldn't attach samples, reports are not samples and samples sent directly to avast are king.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 28, 2012, 11:22:08 PM
Hi DavidR,

I do go back to check on detection, hope others do likewise. But in case this will give negative results it should be reported somewhere, else no one or only the in-crowd would know clearly where we stand (detection level). Some like that all would go on "out of sight" and we will have so-called perfect "security through obscurity". I have always been against security through obscurity as far as where this is concerned.
Not everyone will visit e.g. VirusWatch clean mx and will look up a certain malware to see the overall detection range of various av solutions to know where "avast has dropped stitches in their knitting work". Positive criticism always helps a good product to even get better and that is and always has been the aim of this avast user...

polonus,
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 29, 2012, 12:32:23 AM
You are probably the exception to the rule, but even so it still doesn't get away from the point that posting here doesn't actually get anything done. Only sample submission does, so for me it is just wasted effort when there are other valuable things you could be doing with your time.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 29, 2012, 01:30:08 AM
Hi DavidR,

Prior to reporting any missed detection here or in any other thread on the avast webforums I have reported to virus AT avast dot com when I thought that would help. This should be priority one.
I know these reports are/were helpful. I would encourage others to do likewise. We are with many here.
Sending samples will help, sending suspicious uri's will help.
Someone there should use the material towards better shield blocking, better script alerts, follow the IDS implementation consequences etc. etc.
I am certain that our efforts here has helped towards avast detection. The expertise achieved over time in website content analysis, potential suspicious script analysis, website software vulnerabilities and attack pattern awareness have helped avast detection.
Also know that malware removers in training are being sent here for instruction (also to for instance to !Donovan's site) and so the mutual efforts bring results,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on December 29, 2012, 02:16:58 AM
I'm not talking about any other actions other than this topic.

The effort of posting here achieves nothing as has been confirmed by a member of the virus labs, the only thing that helps them is the receipt of samples. So those that are doing it have already played a part that this topic simply can't achieve.

What is done outside of this topic doesn't justify or sanction this topic as being useful to avast in getting 'samples' added to the definitions.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 29, 2012, 05:04:06 AM
Hi true indian,

Found that here: 2012-12-26     [D] carlahahn dot de/jqYnYs8B.exe    1FE5C899B8DF52C198B1582CE15B30A4    39D96ED5A5DBFFF3A2EF5782851541356070AA8E    284672    82.165.87.2    M TE R MG UQ Data from VX Vault
DrWeb URL checker detects: Checking:htxp://carlahahn.de/jqYnYs8B.exe
Engine version:7.0.4.9250
Total virus-finding records:3513894
File size:277.50 KB
File MD5:4ff9db792185de2457cb3c6ddc91da53

htxp://carlahahn.de/jqYnYs8B.exe packed by FLY-CODE
>htxp://carlahahn.de/jqYnYs8B.exe probably infected with Trojan.Packed.196

polonus

Hi Pol,
Now Avast! Network shield is actively blocking this URL after I reported the URL and the sample  8)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 29, 2012, 05:16:08 AM
Trojan
https://www.virustotal.com/file/8389e8a4f61c818f521bd4c214d989f84ff7d451905f030494539eaf73503f81/analysis/
Submitted from email.

Here we now have avast! network shield blocking the URL actively.

see: http://zulu.zscaler.com/submission/show/6cabbf804d61debf0e2ed900e3313dd1-1356754537
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 29, 2012, 09:09:45 AM
Nice thanks for sharing  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: chabbo on December 29, 2012, 11:01:42 AM
https://www.virustotal.com/file/e4ce09b9033f9b7d730739319b6519e17ad6c8c00aa16b352683603ee3b2d3df/analysis/1356774989/
https://www.virustotal.com/file/573861426c28f0cfcda20ffeca53741a929de8aaab32b22c65f715dc07fe78b9/analysis/1356775061/
https://www.virustotal.com/file/73dbe3b40ffe5dc90e7b868cb76c47b7a2d006c0122d3907bea219264e96ae5a/analysis/1356775070/
https://www.virustotal.com/file/f22fa0ee469eebb6d419670db69c9ee4bdd7c5be9df14bbfc7c8430a05905873/analysis/1356775073/
https://www.virustotal.com/file/98e65f3b1ca7d6c1e20584c615d6065562b9192785c7892f33cf52dcf249273c/analysis/1356775075/
https://www.virustotal.com/file/7323cb1b27fc132ab1eb5fefc50d80710d08caa3c6562159eae51800bf649ab6/analysis/1356775077/

and about 20 more i wont post here.


all sample sendt.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 29, 2012, 02:00:12 PM
Hi Chabbo,

What I discussed on so-called "long overdue" does not concern riskware and particular adware as the avast PUP or riskware detection does not show in VT results generally. That is why I stated that VT results does not give a good picture of all that avast av detection covers (PUP-detection, avast various shields' detection, etc.). So VT results as a means is not the right tool to measure av detection and av detection patterns.
Then there is also the vulnerability window to be considered. At the beginning there is one, or there are two, three av solutions that detect, then others follow within a couple of hours to a couple of days for the av solutions that are slow to pick up. When 5 av solutions detect we speak of  100/100 % malware (zulu Zscaler)
Then we have malware that is being launched uniquely every time. There the launch sites or migration sites should be blocked period. Malware knows various ways to circumvent detection and that is an ongoing chess game between the good and the dark forces on the "Interwebs".
Furthermore we have potential suspicious files, detected by the fact that some script is running with anomalities together with IDS alerts other sources of malcreation can be determined and listed (Quttera's, wepawet, file viewers, urlquery etc.). Then there are blocklists where blocked ranges are only to be lifted if proven to be benign over some timespan (Google Safebrowsing for instance). Another factor is the possible insecurity of websites and how easily they could be (re-infected) (sucuri scans, safersite, dorks, vendor vulnerability lists) because  server abuse through misconfiguration or outdated website software or bugs in the website software.
There we are running behind the facts always and all of the time because there is an enormous amount of unawareness from website owners/website admins and hoster staff even as how to protect the average user not to get infected by visiting their infestious websites. And then we have to add malware launching sites per se driven by cybercrime and co on bulletproof and FastFlux webservers with malware that is hard to close down. Here in browser added security through extensions like NoScript and RequestPolicy could protect the browser user to quite an extent.

So as the odds are against us, still with the right insight users can be online free of  malware for years and years . To educate others how to achieve this is why we are here and do what we do,

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on December 30, 2012, 01:41:09 AM
Hi :)

Undetected malware.

https://www.virustotal.com/file/f6570c423a085618e86a753a068139f50df069ae9696902d2f9117000549fb2d/analysis/1356809075/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on December 30, 2012, 09:02:30 AM
Trojan-Ransom.Win32.Blocker   
https://www.virustotal.com/file/9da225cd393e132a152085e9ea9ca2a786240ab50115c9f22bdbffbe529edf72/analysis/1356932339/

reported to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on December 30, 2012, 01:50:03 PM
Hi :)

Undetected malware.

https://www.virustotal.com/file/f6570c423a085618e86a753a068139f50df069ae9696902d2f9117000549fb2d/analysis/1356809075/
sample is 1 year old  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on December 30, 2012, 10:29:32 PM
1 year old, still actual: http://www.backgroundtask.eu/Systeemtaken/taakinfo/186568/Main/rss.php
latest: https://www.virustotal.com/file/f6570c423a085618e86a753a068139f50df069ae9696902d2f9117000549fb2d/analysis/
Avast will detect this as a PUP...http://minotauranalysis.com/search.aspx?q=3c07d4db52e25e7fb66f7314650bfda7
NORTON BLOCKED IP 198.153.192.4

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on January 03, 2013, 03:52:45 PM
CVE-2012-4792

Avast detects this one: https://www.virustotal.com/file/c6586b543ca30894a36c43a3136943bfc3b29d200dded6867d59c3147ed92903/analysis/1357224525/

This one is missed:
https://www.virustotal.com/file/e2a61961f96ae2079d38d1c4cfb6703b28f233b2a25b20951376186b8c277e94/analysis/1357547939/
Reported to Virus AT Avast DOT com.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 06, 2013, 10:09:37 PM
An analysis from exodusintel: http://blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/
and one from SpiderLabs Research here: http://blog.spiderlabs.com/2013/01/dissecting-a-cve-2012-4792-payload.html?utm_source=twitterfeed&utm_medium=twitter
@true indian,
Did you post this as well? http://forums.malwarebytes.org/index.php?showtopic=120412
while you have seen this? http://stopmalvertising.com/malware-reports/cve-2012-4792-analysis-of-today.swf.html (link author = Kimberley)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 06, 2013, 10:29:23 PM
See: https://www.virustotal.com/url/668476583e5a22997785b10062b67051af81f6895ce5a5e28e3e9c989eab666d/analysis/
and
https://www.virustotal.com/file/3e2fa77239bfd02e2004ddea2917070e0ffb9cc55a2861f25191c3fe9b5c28ce/analysis/1357507441/
see: http://urlquery.net/report.php?id=624509

reported to virus AT avast dot com

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on January 09, 2013, 08:09:37 PM
Hi ;)

Undetected malware:

https://www.virustotal.com/file/20525159aaaefebe6231982a52b47d4ce19cd5d3a368d9d17effd7d89c86a73e/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on January 10, 2013, 04:25:34 PM
See: https://www.virustotal.com/url/b8da28d174eaabcac70543da38099fe27c32cc678abd7a98ae1e2ffa3daaa74f/analysis/1357831007/
and https://www.virustotal.com/file/da47808b4dd41ea2df8d63f6d60f6a285e20c4f4e6d862a4d4bc7055363fd47f/analysis/1357831017/  nothing
>htxp://www.audiotoolsfactory.com/download/video-converter.exe/{sys}\ac3filter.ax - file too large, skipped
see: http://anubis.iseclab.org/?action=result&task_id=165fa6d9a424fc5844d6bd28fd2ca1d1a&format=html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on January 10, 2013, 05:34:05 PM
See: http://zulu.zscaler.com/submission/show/cb9a276a923e2b8550287816eb2800ed-1357835602
Missed: https://www.virustotal.com/file/1e602851a1e5254ce345a4ad5dace9d0/analysis/

Reported to virus AT avast DOT com
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on January 15, 2013, 08:01:13 AM
Autorun Sample.
https://www.virustotal.com/file/3d98aeea05995d456de53bdcfd46a85347dc5e9c5f210a67177251f5803857aa/analysis/1358351427/

Reported to avast labs.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on March 02, 2013, 10:03:05 PM
https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/ (https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on March 03, 2013, 12:57:49 AM
Why this thread is still open ?  :o
I don't think any analyst come everyday to check here best thing that works well is e mail submission chest or support/report virus to virus lab (in V8).
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: !Donovan on March 03, 2013, 06:10:07 AM
https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/ (https://www.virustotal.com/en/file/6013992376f054510ed02d6fff88c32275e152b3d32da05a92d5574562055176/analysis/1362258046/)

Why would someone even think about downloading a .rar.zip when the installer can be downloaded from the official site? Makes no sense imo.
For those interested: http://www.jetbrains.com/phpstorm/

As for this topic, I'd assume it's useless. As shown in the above example, you would have no way of knowing where the user downloaded the offending content and rather it's legit or not. Such information can determine the difference between false positive and potential malware.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on March 03, 2013, 02:15:06 PM
I have said for ages this topic is a waste of time.

Most people post, but don't follow up: A. avast need the sample sent directly and more so B. when the signature is added then the post should be modified to reflect that it is now included.

On point B seeing that in this topic is rarer than rocking horse droppings.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: SpeedyPC on March 03, 2013, 02:40:17 PM
On point B seeing that in this topic is rarer than rocking horse droppings.

True and who is going to clean it up after rocking horse droppings ::).....................Not me I'm out and I would rather light a match ;D ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Pondus on March 03, 2013, 02:45:10 PM
Quote
On point B seeing that in this topic is rarer than rocking horse droppings.
you can buy that  ;)    .... only 6.50    http://thebigrockinghorse.com.au/?p=1305

 ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: spywar on March 03, 2013, 02:47:14 PM
I have said for ages this topic is a waste of time.

Most people post, but don't follow up: A. avast need the sample sent directly and more so B. when the signature is added then the post should be modified to reflect that it is now included.

On point B seeing that in this topic is rarer than rocking horse droppings.
No one is able to lock it ? ..
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: SpeedyPC on March 03, 2013, 02:49:26 PM
Quote
On point B seeing that in this topic is rarer than rocking horse droppings.
you can buy that  ;)    .... only 6.50    http://thebigrockinghorse.com.au/?p=1305

 ;D

ROFLMAO ;D ;D ;D ;D Looks Rock Solid there ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: JuninhoSlo on March 04, 2013, 04:18:50 PM
undetected malware

https://www.virustotal.com/sl/file/e302bfb198f7fcb761200a079d4e398674f5c1d5f0aeb8fd4ce1f1e7a17274de/analysis/1362406043/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on March 05, 2013, 01:44:56 PM
undetected malware

https://www.virustotal.com/sl/file/e302bfb198f7fcb761200a079d4e398674f5c1d5f0aeb8fd4ce1f1e7a17274de/analysis/1362406043/

First seen by VirusTotal
2012-04-16 12:21:05 UTC (10 months, 3 weeks ago)

Yeah,Must be malware  ;)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on March 05, 2013, 03:35:21 PM
The filename rabr.exe was last seen on 3.4.2013, and it is considered as unsafe.
Threat name
   Malware
Filename
   [System32Root]\rabr.exe
Filesize
   Unknown
Last seen
   3.4.2013
Status
   Known as unsafe.

This file can perform following behavior.

- File is created as process on the disk.

- This process can create, delete or modify files on the disk,

pol
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on May 18, 2013, 08:55:17 AM
https://www.virustotal.com/en/file/d9189fc6da7539be9f5c4768f902a4721473328b6fd470b0e68287f8a4e535d7/analysis/1368859977/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 18, 2013, 02:03:49 PM
Hi mrapi,

Normally avast! should detect this as Win32:FakeAV-EAI.
Did you check for avast! shield detection?
It is a detection for a rogue/fake security tool (trojan)

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on May 18, 2013, 07:35:03 PM
Hi polonus,thanks for the answer,I couldn't find any setting for shield to add rogue/fake
That trojan should be detected by default,it acts as an antivirus and stops any  application execution and asks for money to disinfect...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on May 23, 2013, 07:20:13 AM
it is solved,thanks !
Hi polonus,thanks for the answer,I couldn't find any setting for shield to add rogue/fake
That trojan should be detected by default,it acts as an antivirus and stops any  application execution and asks for money to disinfect...
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 24, 2013, 01:24:42 AM
Thanks for that feedback. I always enjoy we have added protection.
That is the main reason why I keep frequenting the avast webforums
well to aid/add to making avast! av even better than it already is...

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on May 25, 2013, 08:47:04 AM
you're welcome... :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 26, 2013, 03:01:04 PM
Chinese fake av not detected via VT file result scan: https://www.virustotal.com/nl/url/39a56bcdeaed17cf338f9ede28bd55e4809682bc1e5adf34e339873e19594a89/analysis/1369572621/
and
https://www.virustotal.com/nl/file/9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a/analysis/1365605849/
URL vip.dns-vip.net failed to be located in database...
What should be detected: http://urlquery.net/report.php?id=2637824
The recent detection pattern for the dropper: http://support.clean-mx.de/clean-mx/viruses.php?domain=dns-vip.net&sort=id%20DESC
Avast does not detect: https://www.virustotal.com/nl/file/a5eb9b868da9adebe0f23b0623f27072118431c315261bdd327ec1a6eee6364d/analysis/
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem,
not necessarily malicious, may provide a threat!

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 26, 2013, 03:58:18 PM
What about this one: https://www.virustotal.com/nl/url/f94533b9150663a3727ff4c7101b47715f7c94ea31edc0eb1939b0dd2842996f/analysis/1369576163/
and https://www.virustotal.com/nl/file/d28a53b05b30ab450d856d85d1ba9bffc5f40ebdf899c8c31a074b372353f0a3/analysis/1369327457/
TR/Rogue.kdv.866075.20 not detected

Moreover hxtp://fsua-01.gamenet.ru/installers/qgna/bs/live/bs.exe is in Dr.Web malicious sites list!

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on May 29, 2013, 06:04:46 PM
This thing is all over our forum...JS autorun malware via USB.

https://www.virustotal.com/en/file/abb9839405654d2f44e85e4e36d6da429513a34322ce5b181807b30c56b96c73/analysis/
sent to avast.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 29, 2013, 11:24:20 PM
How is detection for File names:   - c3b5bc549e274296..., 3453e448961cf479..., be227e817c7ea7e1..., defa9f7681c9969a...,
Fingerprints:    f252ef92144d60b4..., 2a3a8ea7b8d2d032..., a7d0a0fb7cc0e091..., d0dcb66b8217343d..., d291a94334e46a1c..., e8b1aef6eece8f85..., 5683c3a9f2529ece...
See: http://r.virscan.org/ca892b3b26798e0672cc8803c15808c8  &  http://v.virscan.org/Trojan.JS.Autorun.A%20[Aquarius].html

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on May 30, 2013, 09:13:06 PM
https://www.virustotal.com/nl/file/dd07e26833431f5cb2ee4c43686fdea8651940d8b8c72d2728800b42619564d8/analysis/
for htXp://zozvupeb.ru/angrim2.exe -> http://urlquery.net/report.php?id=1525619
See: http://www.backgroundtask.eu/Systeemtaken/taakinfo/184509/angrim2.exe/

polonis
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 10, 2013, 01:50:03 PM
Why Not detected!? Win64/Olmarik.AW   
https://www.virustotal.com/en/file/153b6508da404e0ef02bd0ef074f97607ffddabf4be90cfc4e9e308489c02034/analysis/

No shield detection...no nothing.

Reported to virus AT avast DOT com.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on June 10, 2013, 06:32:04 PM
No Clue. https://www.virustotal.com/en/url/b858a9e79fc77d11ac2c6bde20f3030b159e86196cd8a4dcf795bbab90aeb480/analysis/1370881787/

HTML Document. Chrome blocks, Avast will not. There is said to be a file download, I didn't get it
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 10, 2013, 06:49:56 PM
See: http://www.malwaredomainlist.com/mdl.php?search=www.tdms.saglik.gov.tr

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 11, 2013, 01:45:15 PM
Yet another VBS autorun malware varient.

https://www.virustotal.com/en/file/005b007ed4b1f6f431e62d6035ce0080e08a958f45e9cc06fe7fa3ba4abe0f59/analysis/1370950728/

sent to avast.  ;D
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 11, 2013, 02:19:38 PM
Someone is not following the threads here, see: http://forum.avast.com/index.php?topic=124252.0
Not so safe as was reported here: http://www.isthisfilesafe.com/sha1/F4991FB4740AB85B45EEBB5DD33D39DD88AAEB11_details.aspx
Side effects:
   • Registry modification

 Files It copies itself to the following location:
   • %temp%\Updatea.vbs

Threat considered low damage, avast could detect this as PUP/riskware...

polonus

Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 13, 2013, 02:49:52 PM
Good find Pol,show how fast these things spread  :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 15, 2013, 11:56:20 AM
Again FUD autorun sample  >:(

https://www.virustotal.com/en/file/3ff323e2bd69cab9f2a015f1df6402c96477c6591625bcb73c6defa597f0d6e7/analysis/1371289602/
https://www.virustotal.com/en/file/a293e9a0edb0c34de2b348ffa053a2ee4c965a5b678fd545a81ea16414494dc4/analysis/1371289603/

submitted to avast.

EDIT: WTF one of the sample is 4 days old and still FUD,no AV vendor see's it yet  :o :o :o :o:

First submission 2013-06-11 08:24:31 UTC ( 4 days, 1 hour ago )
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on June 15, 2013, 01:53:17 PM
These samples were found here: http://forums.malwarebytes.org/index.php?showtopic=127787
and also sunmitted here: http://support.emsisoft.com/topic/11569-true-indians-submissions/
i04040.js for instance should be detected by avast as HTML:Iframe-MS [Trj]

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 24, 2013, 05:32:39 PM
Bad Boys gathered from USB

https://www.virustotal.com/en/file/c379ef4ffe8bd8abd5a3cb31a76c55de6946a1756a62d26398d27c3222f54e5b/analysis/1372086166/
https://www.virustotal.com/en/file/96b11e12f04062130ae4155d7dc6395735f61d829fa3b4eaf371af89e4acf944/analysis/1372086268/
https://www.virustotal.com/en/file/42257f704c68bb9bb4b10e3a670d859551d971c9addc1e126a8543daebcb5595/analysis/1372086319/
https://www.virustotal.com/en/file/c7bd252296272693d8ad658295de6ca89c6c0dd42c054ebb58f571aad1d8cc1f/analysis/1372086748/

Sent to avast and reported to MBAM.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on June 24, 2013, 06:15:42 PM
There should be no distribution of samples via this forum, it is a support forum and not a quasi malware distribution service.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on June 24, 2013, 06:19:10 PM
There should be no distribution of samples via this forum, it is a support forum and not a quasi malware distribution service.

Oops! many apologizes david..I have removed that from my reply I was only saying that because if anyone else wants to circulate the samples to some other AV vendors but I will take a note of that.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: TheBeateMaker on July 08, 2013, 07:12:40 PM
https://www.virustotal.com/de/file/55719cc99fcc00e38a00e67c1b34cc031f37dae73094b188627189559aca056f/analysis/

https://www.virustotal.com/de/file/a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb/analysis/

https://www.virustotal.com/de/file/78c3b546d51b60c014764681feba004bee69c2bec1531667117adf2a823fd4d2/analysis/

https://www.virustotal.com/de/file/bab2f1e61b9dacabd4cb0e51238af7418a23499626a4ed005db7bd818fc00cf1/analysis/

https://www.virustotal.com/de/file/60c722ed7e6f15ad5bf55ca4a8f9c83e127001021fef93651c71e0dda84f270c/analysis/

https://www.virustotal.com/de/file/4a23542d116fc351f8016e5f24146c0256ffea910393f80ffac71e90b9d2152b/analysis/

https://www.virustotal.com/de/file/3c26ac826b462b67f7eb81dde234e74acbd59335512a1de038f49c10c1fa0668/analysis/

https://www.virustotal.com/de/file/a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb/analysis/1373298617/

https://www.virustotal.com/de/file/1ab214bcb937d9baa981ccd9f9b13661c758ffe081b44b437db7aeb9fa7b3ca1/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: TheBeateMaker on July 08, 2013, 07:17:31 PM
https://www.virustotal.com/de/url/4dd7770bb0d2ba7d1a22ca558dc820389df49a2376a0f866f7322db0e1718390/analysis/
https://www.virustotal.com/de/file/0e0e477684bb8d0a6ada4b646c07d94e42046c0096c7b402c9eb3b1c3085d571/analysis/
https://www.virustotal.com/de/file/677933e1bb7d64297f03ce8b3118a11c261e6550532640b0cd708e3832a7a1e9/analysis/
https://www.virustotal.com/de/file/f3efcd13e0fdf8784296c77ba42889e01489f5329baf40a5a6fd163f2be09609/analysis/
https://www.virustotal.com/de/file/55719cc99fcc00e38a00e67c1b34cc031f37dae73094b188627189559aca056f/analysis/
https://www.virustotal.com/de/file/78c3b546d51b60c014764681feba004bee69c2bec1531667117adf2a823fd4d2/analysis/
https://www.virustotal.com/de/file/bab2f1e61b9dacabd4cb0e51238af7418a23499626a4ed005db7bd818fc00cf1/analysis/
https://www.virustotal.com/de/file/60c722ed7e6f15ad5bf55ca4a8f9c83e127001021fef93651c71e0dda84f270c/analysis/
https://www.virustotal.com/de/file/4a23542d116fc351f8016e5f24146c0256ffea910393f80ffac71e90b9d2152b/analysis/
https://www.virustotal.com/de/file/3c26ac826b462b67f7eb81dde234e74acbd59335512a1de038f49c10c1fa0668/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: TheBeateMaker on July 08, 2013, 07:29:20 PM
https://www.virustotal.com/de/file/83eac1bc7aa643e82215911f7fc5bbae1e9c0bf290d02f1ba2783c264891d60a/analysis/
https://www.virustotal.com/de/file/164864255d356996cd8111dd74b5b2733fa578a60081a433eb6ff8ee70315281/analysis/
https://www.virustotal.com/de/file/afaae780f6d98834728b31b799cf1f094c4429398a54702946d68ea7642aec98/analysis/
https://www.virustotal.com/de/file/22cd8de3dcba2fb38cd8b4a11c39c899f8ce5441f6020d7aff5c4e789b1b593a/analysis/
https://www.virustotal.com/de/file/41b87401075228c0d8129e3a8522f1ab6ca4fb592aacbff53c241a14cfafa7b4/analysis/
https://www.virustotal.com/de/file/a4661ed1dff681b214f04a22c57ef06bbe79ea57c51f10eaca61f9364e267559/analysis/
https://www.virustotal.com/de/file/893fcdfdc1797eaea7d56d92f98068b27d1b68f9eaadd17495118a4d7c6d4885/analysis/
https://www.virustotal.com/de/file/315f9a5fcd45dc3a3cad55d74e59a445b9758319bf286cb9ae9bb3cb1d56e15b/analysis/
https://www.virustotal.com/de/file/237bedfebbcce3d2751c49cf6cc6f879ce4a81ee34eaee74f053e3706a5ded68/analysis/
https://www.virustotal.com/de/file/393215b42032762ec30cfebf731fd7756fcd9c6535032ea5f78f0e9b74831805/analysis/
https://www.virustotal.com/de/file/0a18573765d6e32a12c070ea5fbfd09b848ad24281ff315450121dca274322dd/analysis/
https://www.virustotal.com/de/file/8b66cd525e28891f8d57bb1c7ea502c1f61e9d3dd9deb7045b744d9b41e460e5/analysis/

https://www.virustotal.com/de/file/f0f903dcbd8df45681478cf11b8a5ae405b9705350dc3b94130eccdb12e46216/analysis/
https://www.virustotal.com/de/file/de19110db290c4bcb94d0d9302a6c44c976bde1389c75cecd245363627e16123/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on July 10, 2013, 06:17:02 PM
TheBeateMaker,Are you sending all samples to avast via virus@avast.com through e-mail,if not then posting links here will be of no use.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on July 10, 2013, 07:50:35 PM
See for various posted there is avast detection now, e.g.
https://www.virustotal.com/de/file/164864255d356996cd8111dd74b5b2733fa578a60081a433eb6ff8ee70315281/analysis/
https://www.virustotal.com/de/file/83eac1bc7aa643e82215911f7fc5bbae1e9c0bf290d02f1ba2783c264891d60a/analysis/

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on July 11, 2013, 02:34:15 PM
https://www.virustotal.com/en/file/1a7f702a9b5a88d2f0e1047f4be6a37a52b8c3a95ab156db389e6a509c409277/analysis/1373544700/

PUP-File. deemed Safe by Essex
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on July 11, 2013, 02:54:52 PM
IDS flagged it here: http://urlquery.net/report.php?id=3533128
loaded will be kernel32.dll (where IsDebuggerPresent is located)
The circumvention is for a particular code example !
mov eax,dword ptr fs:[18]
mov eax,dword ptr ds:[EAX+30]
mov byte ptr ds:[eax+2],0

This will patch the IsPresent flag, ensuring IsDebuggerPresent always returns 0 
(credits go to  kuba on reverse engineering)

Adware - two detect in latest scan: https://www.virustotal.com/en/file/411240f7d25a1a63a68b0874eb8d122c3b2c2e0bddb94eee55818b6a535b6915/analysis/ (installer detection -> Global\Phoenix_Installer (failed) & RasPbFile (failed), this issue is a class of bug called a "Token Leak"....

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on July 18, 2013, 12:37:49 PM
https://www.virustotal.com/en/file/619531aa8bf0000586f23549475d523b36ac70a0f916ba17ddf9586137d532f4/analysis/1374143415/

Adware. It was "Supposed" to be a movie. I noticed the .exe part at the end. I figured it'd be malicous, thought I'd see what I could do to help. This seems like a good place.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on July 18, 2013, 12:41:26 PM
https://www.virustotal.com/en/file/619531aa8bf0000586f23549475d523b36ac70a0f916ba17ddf9586137d532f4/analysis/1374143415/

Adware. It was "Supposed" to be a movie. I noticed the .exe part at the end. I figured it'd be malicous, thought I'd see what I could do to help. This seems like a good place.

send the file to virus@avast.com via mail,dont report it here it is not going to help avast in anyway  :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on July 18, 2013, 01:07:10 PM
True Indian, I tried to do that. But gmail is being a * today and is saying it won't allow me. Virus obviously. Any other way? I've tried compressing it, renaming the Extension from .exe to .part.

Any help is awesome.

Thanks
Michael
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on July 18, 2013, 01:11:27 PM
True Indian, I tried to do that. But gmail is being a * today and is saying it won't allow me. Virus obviously. Any other way? I've tried compressing it, renaming the Extension from .exe to .part.

Any help is awesome.

Thanks
Michael

Hi Buddy,
You can simply archive your sample using 7-zip  and password protect it.Password should be : infected

Be sure to mention the password in mail body and provide some additional info of the source of the sample eg: site address,IP,virustotal scan link etc
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on July 18, 2013, 01:16:35 PM
Will do. Thanks
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on July 18, 2013, 05:59:49 PM
Hello true indian and alan1998,

Good you two reported here.
It is the installer that is involved and that installer (wrapper) should be detected as junkware laden.
See the Sophos analysis here: http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/InstallRex/detailed-analysis.aspx

This is something we see happening more and more and it is really frustrating for those users,
that download a legit program and are troubled by nasty and very hard to uninstall crap- and junkware.
CNet downloads also come with this uninvited junk installer for their downloads.
Just google this combination: installmate adware and you get many interesting info, my good friends,

dware InstallMate
SHA256: ecf7e1de8ef7a049a1abb3fb36e8b47786b7d96aa5123a4e86e2a3a44bbe11b0
SHA1: b87fe0346097f3b49b7fb01b85ef0004162bfc5a
MD5: 5192e5dcdbfc466042f55386a03f89a3
File size: 305456 bytes
Created files:

%WinDir%\TEMP\Tsu6193197D.dll – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\Setup.exe – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\_Setup.dll – Adware InstallMate
%WinDir%\TEMP\{5CF5495C-FB77-790F-9BE4-B35587166BAA}\_Setupx.dll – Adware InstallMate

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Tonanet on July 26, 2013, 03:08:35 AM
Already submitted this file 2 times but it's not detected yet:

https://www.virustotal.com/pt/file/931d08a2c2ea526ac631a2d03fd8fb916d724b7e0e74bd6e82ef53ad6bb4074a/analysis/1374800638/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: mrapi on August 13, 2013, 07:36:53 AM
https://www.virustotal.com/en/file/2c6e6d0af78e09051b795e0d1cfba32d51d620a2731c9f48931a7e921fbbf002/analysis/1376371996/ (https://www.virustotal.com/en/file/2c6e6d0af78e09051b795e0d1cfba32d51d620a2731c9f48931a7e921fbbf002/analysis/1376371996/)
https://www.virustotal.com/en/file/d796dc13c8ec119d6f96c8b3b5f8af1012ad19a838ec3dbdd03603e06210ef28/analysis/1376372006/ (https://www.virustotal.com/en/file/d796dc13c8ec119d6f96c8b3b5f8af1012ad19a838ec3dbdd03603e06210ef28/analysis/1376372006/)

https://www.virustotal.com/en/file/7a9cc4cdcf4aa4c7c78c2ef47af3d5234597004a48b087feb3510bfebc4aeb83/analysis/1376374833/ (https://www.virustotal.com/en/file/7a9cc4cdcf4aa4c7c78c2ef47af3d5234597004a48b087feb3510bfebc4aeb83/analysis/1376374833/)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: true indian on August 13, 2013, 11:08:50 AM
Hi Mrapi,

Thanks for helping in sending undetected samples to avast.Hopefully,you are submitting them to avast via e-mail or via avast virus chest. :)
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: polonus on August 13, 2013, 04:22:44 PM
Hi true indian,

This one reported above has some low detection rates: http://f.virscan.org/quarantine.zip.html
and just watch here: http://r.virscan.org/f06fbf6719e0f5909416043d64ecca56

polonus
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: jefferson sant on May 04, 2014, 04:47:23 AM
I have no sample, a variant Trojan LNK  not detected

https://www.virustotal.com/en/file/4148f39bc53f587b3777551c770fd2b372fa00414d3447b2854e623ef97b12c1/analysis/
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on May 04, 2014, 08:00:43 PM
https://www.virustotal.com/en/file/94c193fe61207b3fe74e313309cdf65884f61307011729a1c7d640d0c85de4d0/analysis/1399226305/

Sample emailed to AVAST
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: DavidR on May 04, 2014, 08:18:10 PM
You will have noticed this topic hasn't been used for some time (13 August 2013, 15:22:44) as it is pointless - the only action worth anything is the submission to avast.

Avast can do nothing with a VT reference link, it needs only the sample.
Title: Re: Samples missed by avast (VirusTotal links only!)
Post by: Michael (alan1998) on May 04, 2014, 09:13:55 PM
kie Dokie