Avast WEBforum
Other => General Topics => Topic started by: lee16 on November 22, 2004, 05:47:45 PM
-
Hi Alwil Team
May i ask if your giving replys to virus submisions now?
I ask because i have always been told that you don't, and i have just recived a reply from alwil team.
--lee
-
Hi Alwil Team. May i ask if your giving replys to virus submisions now? I ask because i have always been told that you don't, and i have just recived a reply from alwil team.
Maybe Karel likes you more than the majority of us ;D
Sorry, I received some in the past too ;)
I think the policy has not change... Just in some cases we receive the response.
-
Now I am jealous ;D
After 5 or 6 vps updates they finally added the virusses I submitted, and guess what.... :'( With the next release they were not detected anymore and they are still not detected again. :'(
-
With the next release they were not detected anymore and they are still not detected again.
Why not resubmitte them again then?
--lee
-
Now I am jealous ;D
After 5 or 6 vps updates they finally added the virusses I submitted, and guess what.... :'( With the next release they were not detected anymore and they are still not detected again. :'(
They should stay in the virus database forever unless what you submitted were falus positives
-
I checked with JOTTI. ALL av's there are detecting them, except for Avast.
-
Hey Karel...
Where is the VPS update! :P
We need it :(
-
Update:
- 2 virusses (in my virus "collection") weren't detected by Avast.
- after several updates of the avs the finally where detected.
- than (with a next version of the vps) both where not detected.
- with a new update of the vps only 1 is detected again but another (which has always been detected) now isn't :'(
What the heck is happening :-\
In my honest opinion this shouldn't be happening. And to me, it is really disapointing.
Don't get me wrong, I still very much like Avast (I am a pro user) and I will continue using it. After all, perfection doesn't excist but it is sure is a good thing to reach for it ;)
-
Hi,
yes, it shouldn't happen, sorry for it. There are 2 possibilities what happened. Either there was a false alarm with the detection string, it was disabled and I forgot to do a new string. Or there was a problem with virus database file, it was taken from backup and the string was missed. Could you please send the file to me again?
-
File send.
-
Hi,
I to have sent many samples and they usually get added over the next couple of VPs. I don't get a reply but I don't expect a reply as I know how time consuming it would be.
Howeverover the last month none of the viral submission I made have been added (one was a version of Loveletter which only Avast does not detect) and a few I-Worms found on the net.
Now whilst Avast are very quick to add a vps to a quick spreading virus (Sober) I still think that samples should be added in a reasonable time.
If you look at at this posting http://forum.avast.com/index.php?board=4;action=display;threadid=9046
A Membor got infected by downloading a macro tool program (which looked like legit software) This was posted 22nd Nov. I went to the website, downloaded the file and no AV software detected (According to Jotti, Virustotal and KAV)
I sent the file to Avast, and many others including F-secure. I had a response back from F-secure 30 mins later. Kav had added it by the same evening and Dr Web by the next morning.
I e mailed Pavel to say that a user was having a problems and since the link for this file was posted on this forum it really should be detected. To VPS later still no detection.
AntiVir BDS/Banito.S.1 (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender Backdoor.Banito.S (0.31 seconds taken)
ClamAV No viruses found (0.37 seconds taken)
Dr.Web BackDoor.Bandito (0.49 seconds taken)
F-Prot Antivirus virus dropper (0.06 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.Banito.s (0.58 seconds taken)
mks_vir No viruses found (0.21 seconds taken)
NOD32 Win32/Banito.S (0.36 seconds taken)
Norman Virus Control No viruses found (10.41 seconds taken)
I have used Avast for a year and it is great software and fantastic forum but I feel that samples do need to get looked at more quickly.
I do appreciate that if we all payed then maybe more virus analysist could be emplyed.
Thanks you Avast for providing fee AV protection but please speed up sample additions.
Kind Regards
Jlo
-
Just had a thought.
What about a diffent virus submission e mail address just for some of the more experence people on this forum, (Such as Eddy, Technical etc) where they can send file straight to one of the Virus researchers.
I am sure that the virus submission address must get bombarded with 'crap' as well and it must take sometime to wade through the rubish to find the true malware.
People like Eddy, Technical and myself will have already scanned with Jotti Scanner and made further investigation and I am sure most of the file we submit would be malware and worthy of addition?
Just wondered if that would help?
Only an idea
Kind Regards
Jlo
-
What about a diffent virus submission e mail address just for some of the more experence people on this forum, (Such as Eddy, Technical etc) where they can send file straight to one of the Virus researchers.
Jlo, I have no condition to receive virus samples :P
I'm only protected by avast, if it fails my system brokes :-\ :'(
-
Since I started using Avast Home Edition 4.5 (not so long ago) I've sent many malware such as adware, trojandownloader and other that are not detected by Avast to its virus lab. All those malware are not downloaded form VX sites (yes, at least it's circulating in the real world) but they tried to hit my machine while I did my normal operation such as surfing, downloading software from the internet and the last one I sent (if I rememer correct) is W32/Delf-IV. But almost of them are not included in Avast VPS by now and hope all will add in monthly trojan VPS as always.
http://www.sophos.com/virusinfo/analyses/w32delfiv.html
I think ALWIL reserves its resources to detecting only real-world threats and the most damaging threats according to this thread.
http://forum.avast.com/index.php?board=2;action=display;threadid=8739;start=msg71974#msg71974
And if you can remember when MS04-028 JPEG Exploit are found, Avast is one of the last AVs that detect it and maybe Avast forced by users to do that.
But I think it's not good in marketing scene when compare to other AVs such as Kaspersky because the average users like me not even know what is real-threats, what is viruses, what is spyware like, what is trojan like but I don't want it and want my antivirus detects/stops it, if it fails it should be blamed.
The whitepaper called "Why Less is More in Virus Protection" written by Joe Wells (the founder of The WildList Organization International) may or may not true. :)
-
Hi Technical,
Sorry I think you may have misunderstood me. I did not mean send samples to you. I meant for people like you and eddy who come across samples to send them to avast via a diferent address from the normal user eg straight to Pavel etc as they will know the malware they have received is likely to be real malware and can deal with more quickly.
Cheers
Jlo
-
It's not up to Technical, me or anybody. Alwil has its own policy for adding things to the vps and that won't change if I or someone else sends something to a different email as the rest of the users.
On this board are several people who have submitted and example that not (yet?) has been added to the vps. Alwil is very open to its users. Other are not. It may just seem that it takes Alwil quite a lot of time to add something. Another thing is that Alwil is a small company compared to Symantec, McAfee and some others. They just can't assign as many people as the others just to update the vps as the larger companies can.
It may take some time, but if the send in samples are truly harmfull and if they contain the entire malware code, it will be added to the vps.
-
Sorry I think you may have misunderstood me. I did not mean send samples to you. I meant for people like you and eddy who come across samples to send them to avast via a diferent address from the normal user eg straight to Pavel etc as they will know the malware they have received is likely to be real malware and can deal with more quickly.
Oh, I see :-[
If Pavel give us the honor ;) 8)
Other issue: some time ago I asked for a @avast.com email address but they say it's only an internal server that could not be reach by the users... So, we won't have an @avast.com email :'(
-
Cheers Eddy and Technical for your feedback.
One thing which does leave avast from the rest is that it is free for the home user (apart from AVG), Great forum and they do get VPS our for fast spreading viruses, even on the weekend and during the night!
Anyway I am getting of topic now!
Best Wishes
Jlo
-
Hi,
Just to give you an update on the virus submission sent in on the 22nd Nov. Check this link http://forum.avast.com/index.php?board=4;action=display;threadid=9046
I am sorry to report that even though this file had infected a user on this forum and I had sent the file to avast twice the file still is not detected by avast :'(
Kav and Dr Web detected on the same day (I sent the file to all the main AV vendors) and bitdefender soon after. When I first scanned the file on Jotti scanner no AV showed imalware.
I think that this has been to long since the 22nd Nov to not have been added by Avast. Please sort it out. I love your product otherwise but am loosing my confidence if malware is not added!
Cheers
Jlo
See Jotti report below run 5th Dec
AntiVir BDS/Banito.S.1 (0.15 seconds taken)
Avast No viruses found (1.53 seconds taken)
BitDefender Backdoor.Banito.S (0.34 seconds taken)
ClamAV No viruses found (0.39 seconds taken)
Dr.Web BackDoor.Bandito (0.50 seconds taken)
F-Prot Antivirus virus dropper (0.06 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.Banito.s (0.59 seconds taken)
mks_vir Trojan.Banito.S (0.20 seconds taken)
NOD32 Win32/Banito.S (0.37 seconds taken)
Norman Virus Control No viruses found (10.97 seconds taken)
-
I think maybe ALWIL team have more prior things to do or they consider this malware is not urgent case so it may add later.
AVG FE can detect this malware too.
-
Thanks Tap,
Yes I sent the file on the 22nd Nov to AVG as well as avast and the other main AV vendors.. Good to see they have added it.
I think Avast is very quick at 'in the wild fast spreading viruses' and many of us have witnessed several VPS updates in one day with beagle outbreaks etc and I am sure they make other malware, trojans low priority.
I think Norman AV work on the same lines. They have hardly added any malware submission I have sent and I don't think they will get added unless they receive multiple submissions from different users.
Maybe Avast does the same thing.
Cheers
Jlo
-
Jlo,
since it was a backdoor you submitted, I doubt it will be on the priority list to add to the vps. Most backdoors are already stopped by a good firewall, and there is more destructive malware than that.
-
Hi Eddy,
Thanks for your post. I do agree with you that a good firewall will stop a backdoor but you still have to go to the trouble to get rid of it of your system when you have executed the file on your computer.
Whilst I apreciate that there is more malicous malware about out there I still want to be protected from this type of threat. Some of us are not as experianced as you as manually removing malware.
Cheers
Jlo
-
Ok, back on the subject of virus submissions again, how much detail should you give in the email about the malware submissions?
I sent some more off today but was not sure if i gave enough info on the files.
Copy of email below:
Inside the attached encrypted file are three variants of a suspected virus (mostly known as ‘Swizzor ‘).
I found them on a mate’s computer and they all add iexplorer.exe processes to Task manager (even when IE is not open), which pop right back up as the process is killed.
I believe they came from the ‘wares P2P manager, he uses.
Nucyezqr.exe and t were tofdfogg.exe were found in ‘C:\Documents and Settings\Kieron\Local Settings\Temp’ and Flap 2.exe in ‘C:\Documents and Settings\All Users\Application Data\Gris bolt.
They also added Start-up items to the registry.
To open the encrypted/zipped file the password is virus
OS = Windows XP Home
Avast 4.5 VPS 0453-0 (does not detect the viruses).
--Lee
Is that enough Info?
--lee
-
I have submited so many samples that i've established a special tracking method of marking submission emails.
Samples are also always encrypted the same way,mail structure is always the same or very similar,subject filed is always formatted same way,mail carries signature with date and sequence number...
I belive it's easier for Alwil guys to deal with nicely done mails than some quickly made hard-to-read mails...
Yeah,i took it pretty serious hehe ;D
-
LOL, sorry for the stupidity, but are you saying there is too much info or not enough. ??? ::)
Thanks for the help
--lee
-
I also send in malware that I see posted in USENET.
Newest is xp.exe. I encrypt it a zip format with a password.
I never thought of including any info,I just send the file.
What should I state in my message?
-max
-
I usually check files with Kaspersky (also shows used packers along malware name) so the job is easier for Alwil guys to identify specific piece of malware.