« previous next »
Pages: [1]   Go Down

Author Topic: Another antivirus products already detected the file except your product. (SICHO  (Read 5685 times)

0 Members and 1 Guest are viewing this topic.

phuriwat

  • Guest
Another antivirus products already detected the file except your product. (SICHO
« on: January 21, 2010, 10:44:57 AM »
I sent a file Virus Sample(SICHOST.exe) or suspicious file submitted for analysis to virus@avast.com many times.
Sent time   : 2009/12/24

but today 2010/01/21

http://www.virscan.org and http://www.virustotal.com
report scan on web many program can detect it.
Why your product antivirus can not detect it?
A virus not detected by your product.

VirSCAN.org Scanned Report :
Scanned time   : 2010/01/21 16:32:23 (ICT)
Scanner results: 65% Scanner(s) (24/37) found malware!
File Name      : SICHOST.exe
File Size      : 762225 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : cf64069958fa08e72fef09ec52d31743
SHA1           : fcd0dd670a4043551346a6975f8325f3eab87b46
Online report  : http://virscan.org/report/5c9a0f36c4cf31f9ea14b0fa1e7b032b.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      4.5.0.8         20100121063125    2010-01-21  4.22   Worm.Win32.AutoIt!IK
AhnLab V3      2010.01.21.05   2010.01.21        2010-01-21  1.56   Win-Trojan/StartPage.762225
AntiVir        8.2.1.146       7.10.3.31         2010-01-21  0.49   DR/Autoit.RU.1
Antiy          2.0.18          20100120.3726318  2010-01-20  0.02   -
Arcavir        2009            201001210711      2010-01-21  0.10   -
Authentium     5.1.1           201001210013      2010-01-21  1.25   W32/Worm.NLG (Exact)
AVAST!         4.7.4           100121-0          2010-01-21  0.07   -
AVG            8.5.720         271.1.1/2635      2010-01-21  1.46   -
BitDefender    7.81008.4878579 7.29986           2010-01-21  4.23   Gen:Trojan.Heur.AutoIT.Uq3@bqmm3lci
CA (VET)       35.1.0          7249              2010-01-20  7.80   Win32/Yahlover.LV worm.
ClamAV         0.95.2          10319             2010-01-21  0.15   Trojan.Autoit.gen
Comodo         3.13.579        3409              2010-01-21  1.00   Heur.Suspicious
CP Secure      1.3.0.5         2010.01.21        2010-01-21  0.11   -
Dr.Web         4.44.0.9170     0004.00.00        0004-00-00  8.67   Win32.HLLW.Autoruner.12279
F-Prot         4.4.4.56        20100120          2010-01-20  1.25   W32/Worm.NLG (exact)
F-Secure       7.02.73807      2010.01.21.06     2010-01-21  0.19   Worm.Win32.AutoIt.ru [AVP]
Fortinet       11.399-         11.399            2010-01-20  0.20   W32/YahLover.A!worm
GData          19.10062/19.689 20100121          2010-01-21  5.79   -
ViRobot        20100120        2010.01.20        2010-01-20  0.41   -
Ikarus         T3.1.01.80      2010.01.21.75009  2010-01-21  4.44   Worm.Win32.AutoIt
JiangMin       13.0.900        2010.01.21        2010-01-21  4.75   -
Kaspersky      5.5.10          2010.01.21        2010-01-21  0.13   Worm.Win32.AutoIt.ru
KingSoft       2009.2.5.15     2010.1.21.13      2010-01-21  0.55   -
McAfee         5.3.00          5867              2010-01-20  3.38   W32/YahLover.worm!a
Microsoft      1.5302          2010.01.21        2010-01-21  6.93   Worm:Win32/Sohanad.AR
Norman         6.01.09         6.01.00           2010-01-16  4.01   Sohanad.CAW
Panda          9.05.01         2010.01.20        2010-01-20  1.94   -
Trend Micro    9.120-1004      6.790.03          2010-01-20  0.14   -
Quick Heal     10.00           2010.01.21        2010-01-21  1.32   Worm.AutoIt.te
Rising         20.0            22.31.03.04       2010-01-21  0.21   Trojan.Win32.Generic.51F48C25
Sophos         3.03.0          4.49              2010-01-21  3.34   Mal/Generic-A
Sunbelt        3.9.2390.2      5629              2010-01-20  3.39   -
Symantec       1.3.0.24        20100112.005      2010-01-12  0.00   -
nProtect       20100121.02     6960083           2010-01-21  4.11   Trojan/W32.Agent.762225
The Hacker     6.5.0.8         v00158            2010-01-21  0.73   W32/AutoIt.qn
VBA32          3.12.12.1       20100119.2151     2010-01-19  2.39   Win32.Sohanad.Gen
VirusBuster    4.5.11.10       10.119.13/2028414 2010-01-21  2.77   Worm.Sohanad.BZ




http://www.virustotal.com/analisis/7eb0d8ad215b3b2385fc09fb063db063c08261fb0a1130164e6f120e0aa21ee9-1264066333
File SICHOST.exe received on 2010.01.21 09:32:13 (UTC)
Current status:finished
Result: 34/41 (82.93%)
Logged

John2009

  • Guest
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #1 on: January 21, 2010, 01:08:35 PM »
No anti virus has 100% detection files. Avast is going to have problems too, but it's one of the best...

You can't just say it sucks just because it missed one file. This is why it's reccommended to have a layered defense, install things like Malwarebytes/SuperAntiSpyware and spyware blaster or anything that won't conflict with your anti virus
Logged

Eka-X

  • Guest
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #2 on: January 22, 2010, 09:45:38 AM »
This point is not detection rate, I known anti-virus can't get 100% detection rate.
but this point is slow response of avast team, This virus is common in Thailand and make many problem to computer user but Avast team not pay attention with this.
Logged

Ringman

  • Guest
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #3 on: January 22, 2010, 11:01:43 AM »
Hello I'm just follow this topic in somr forum.
I'm agree that the point of this topic was "the response"
However I've send the sample to this address too but there was no response,
I understand that's avast team working hard to detect malware that's raised in every minutes.
But It's not good to let some malware and ignored virus report email.

Every user have right to report malware or PF.
Not for Like some small vendor that's only paid customer awareness.

Note: Malware are aruond the world not just Europe, Americas and China.

Regards
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #4 on: January 22, 2010, 09:08:36 PM »
Hi Ringman,

I have posted about this here: http://forum.avast.com/index.php?topic=43270.0
And have given a free removal tool for it,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

llariel

  • Guest
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #5 on: January 22, 2010, 09:39:32 PM »
Ok, these is not the unique, avast also not detect a lot of spywares. like this:

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatId=-2147368587

the trojan was submmitted the same day to both (alwil & microsoft) and microsoft have the final analysis. What happen with Alwil Labs? the file was submmitted since 2 months.
Logged

Ringman

  • Guest
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #6 on: January 23, 2010, 09:47:30 AM »
Quote from: polonus on January 22, 2010, 09:08:36 PM
Hi Ringman,

I have posted about this here: http://forum.avast.com/index.php?topic=43270.0
And have given a free removal tool for it,

polonus

Thanks,
So Will avast detect it in the future ?

I hope it will.
Logged

Offline jsejtko

  • Avast team
  • Full Member
  • *
  • Posts: 171
    • ALWIL Software
Re: Another antivirus products already detected the file except your product. (SICHO
« Reply #7 on: January 23, 2010, 12:00:09 PM »
Quote from: phuriwat on January 21, 2010, 10:44:57 AM
I sent a file Virus Sample(SICHOST.exe) or suspicious file submitted for analysis to virus@avast.com many times.
Sent time   : 2009/12/24

but today 2010/01/21


This file is already detected -> please update your program. Virustotal uses old build too - it doesn't support AutoIt unpacking.

Best Regards
Logged
Pages: [1]   Go Up
« previous next »