Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: xqrzd on May 05, 2011, 05:22:56 PM

Title: Code emulation not working properly?
Post by: xqrzd on May 05, 2011, 05:22:56 PM

I have an infected file that avast did not appear to detect (I scanned it from context menu), so I added it to the virus chest to send to avast. I decided to scan it from within the virus chest, and avast found it as Sf:Kelihos [Trj]. Why did the context menu scan not find it? I have every option enabled, and the heuristics is set to max. What is most dangerous about this, the file was not picked up by either the web shield or file system shield. I checked settings for FS shield, and code emulation is enabled, so I'm not sure what is going on. I'm using avast IS 6.0.1091 on Windows 7 x64.

Title: Re: Code emulation not working properly?
Post by: Lisandro on May 05, 2011, 05:33:49 PM

Wasn't there a virus definitions update in between, I mean, from the file arrival and the Chest scanning?

Title: Re: Code emulation not working properly?
Post by: xqrzd on May 05, 2011, 05:35:19 PM

No, all scanning was done with VPS 110505-0

Title: Re: Code emulation not working properly?
Post by: Lisandro on May 05, 2011, 05:38:02 PM

Can you submit the file to avast team within Chest and inform that?

Title: Re: Code emulation not working properly?
Post by: xqrzd on May 05, 2011, 05:42:48 PM

I have submitted the file through the chest with the info.

Title: Re: Code emulation not working properly?
Post by: Nesivos on May 05, 2011, 05:44:24 PM

Interesting what "VirusTotal" has to say about it.

Notice that according to their website Avast 5.0 identifies as a virus.

http://www.virustotal.com/file-scan/report.html?id=5f005f5d700f6706b6885efe4b264cd21979eb8b945697101473ceb7c43f53fc-1300965810 (http://www.virustotal.com/file-scan/report.html?id=5f005f5d700f6706b6885efe4b264cd21979eb8b945697101473ceb7c43f53fc-1300965810)

Title: Re: Code emulation not working properly?
Post by: xqrzd on May 05, 2011, 05:52:37 PM

Interesting, my file is not detected by avast on VT: http://www.virustotal.com/file-scan/report.html?id=d7aab0238e0a308283f139c81b0c6b6f6d8f9ffd3cbfdc374e9d0bec7bd5c768-1304610216
For some reason, avast only detects it when scanned in virus chest.

Title: Re: Code emulation not working properly?
Post by: Nesivos on May 05, 2011, 06:01:25 PM

Quote from: xqrzd on May 05, 2011, 05:52:37 PM

Interesting, my file is not detected by avast on VT: http://www.virustotal.com/file-scan/report.html?id=d7aab0238e0a308283f139c81b0c6b6f6d8f9ffd3cbfdc374e9d0bec7bd5c768-1304610216
For some reason, avast only detects it when scanned in virus chest.

I agree interesting.

In comparing the two VirusTotal scan results it could be that your virus is a variant but then I would think that the Avast heuristics would Id it.