Hello,
I have a .Dat file that has one or more Java Exploits in it that I compressed in/to a .7z file, Avast Free can detect it as malware but fails to quarantine it (the .Class files that it detects within the .Dat file as malicious) during an on-demand scan and during a boot-scan with the Error:42111 saying that this operation is not supported for this type of archive; but programs like AVG Free, Emsisoft Anti-Malware Free, Microsoft Security Essentials can quarantine this file without a problem.
I am curious are there plans to make Avast Free able to quarantine these file types/archives in the future?
Here is the VirusTotal result of the entire file which is the .Dat file compressed in .7z:
https://www.virustotal.com/file/7dd6ec033f8ebfdabc5121869866e2b8c86223e7d75b843f58e57f1c294e84bb/analysis/1341683499/SHA256: 7dd6ec033f8ebfdabc5121869866e2b8c86223e7d75b843f58e57f1c294e84bb
SHA1: f473005fee07f505a3664ab4767c4cf64af56bcf
MD5: 511ef886e1f71a744873f0b9dc47a833
File size: 11.8 KB ( 12084 bytes )
File name: 58ea3e2-77f428fd.7z
File type: 7ZIP
Detection ratio: 21 / 42
Analysis date: 2012-07-07 17:51:39 UTC ( 0 minutes ago )
A while back one or more Java exploits were detected on my computer, and so I managed to save one of the files & I compressed it in/to .7z to submit it to various anti-malware companies; the file above is that file, and the one that Avast can detect but not quarantine.
Avast Free Program Version: 7.0.1456
Avast Free Database: 120707-0
Malwarebytes Anti-Malware Free Results:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.orgDatabase version: v2012.07.07.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
[administrator]
7/7/2012 3:59:26 PM
mbam-log-2012-07-07 (15-59-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 220440
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Emsisoft Anti-Malware Free Scan/Quarantine Results Of The File:
Emsisoft Anti-Malware - Version 6.6
Last update: 7/7/2012 3:46:54 PM
Scan settings:
Scan type: Custom Scan
Objects: C:\Users\\Desktop\58ea3e2-77f428fd.7z
Scan archives: On
ADS Scan: On
Scan start: 7/7/2012 4:14:27 PM
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\cuyaafacktruqsfqkjk.class detected: Java.CVE!E2
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\phnupm.class detected: Exploit.MS04.CVE-2004-0210-2012-0507!E2
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\twtndqmjecgs.class detected: Exploit.-!E2
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat detected: Exploit.-!E2
Scanned 1
Found 4
Scan end: 7/7/2012 4:14:33 PM
Scan time: 0:00:06
C:\Users\\Desktop\58ea3e2-77f428fd.7z -> 58ea3e2-77f428fd.dat -> jmennvlywkscqdbp\twtndqmjecgs.class Quarantined Exploit.-!E2
Quarantined 1
Thank you,
-John Jr