Author Topic: worm not detected by avast  (Read 7157 times)

0 Members and 1 Guest are viewing this topic.

jumpingclear

  • Guest
worm not detected by avast
« on: June 24, 2005, 06:27:33 PM »
I have been using avast home edition for a while and was generally happy with it, however, I have recently been trying nod32 on a second partition and it picked up a worm in a file which avast says is clear. I have checked the file with kaspersky online which also picks up the worm.

Nod32 calls it VB.NBR worm
Kaspersky Worm.Win32.VB.an

MFB

  • Guest
Re: worm not detected by avast
« Reply #1 on: June 24, 2005, 06:43:46 PM »
Hey there, if you did not delete the file that has the worm, you can send the infected file in a zip-compress folder and email it to virus@avast.com

jumpingclear

  • Guest
Re: worm not detected by avast
« Reply #2 on: June 24, 2005, 08:18:42 PM »
Hey there, if you did not delete the file that has the worm, you can send the infected file in a zip-compress folder and email it to virus@avast.com

done

MFB

  • Guest
Re: worm not detected by avast
« Reply #3 on: June 24, 2005, 08:20:44 PM »
Alright, now you have to wait for the next update and see if avast! put your virus in the database.   :)

jumpingclear

  • Guest
Re: worm not detected by avast
« Reply #4 on: June 25, 2005, 09:14:06 PM »
just had latest update but worm is still not detected ???

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33983
  • malware fighter
Re: worm not detected by avast
« Reply #5 on: June 25, 2005, 09:36:11 PM »
Hi jumpingclear,

You have a linux worm. You did not state at the beginning that you have linux. All the linux virus scanners, including clam have them. But AVAST is not a linux scanner, as far as I know, but when I am correct they have an AV solution for linux server environment.  By the way you got the worm through P2P. If you have linux on your box, use clam.

greets,

polonus
« Last Edit: June 25, 2005, 09:38:55 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

jumpingclear

  • Guest
Re: worm not detected by avast
« Reply #6 on: June 25, 2005, 11:20:58 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33983
  • malware fighter
Re: worm not detected by avast
« Reply #7 on: June 25, 2005, 11:41:42 PM »
Hi jumpingclear,

If you are right, and this seems so, than it is this virus:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=70377

greets,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

jumpingclear

  • Guest
Re: worm not detected by avast
« Reply #8 on: June 26, 2005, 12:13:14 AM »
Hi Polonus

It did come from p2p not messenger. Kaspersky database search gives these results

http://www.viruslist.com/en/find?words=Worm.Win32.VB.an&search_mode=virus&search=Search+the+Kaspersky+Lab+Anti+Virus+Software+Corporate+Website.

which leads to this not very helpful page

http://www.viruslist.com/en/viruses/encyclopedia?virusid=86228     ;D

The ca description says they only added the page on thursday so it seems to be a recent virus.

Interestingly the ca online virus scan doesn't identify the virus either???? So nod32 and kaspersky both id the file as being infected and avast and ca online both don't detect anything.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33983
  • malware fighter
Re: worm not detected by avast
« Reply #9 on: June 26, 2005, 12:24:03 AM »
Hey jumpingclear,

We gonna get rid of this monstrosity, this worm. It must be a new
Bropia variant or such. What I can advice you just now is to get and download
stinger.exe.
This has all the latest 40 or so anti-malware definitions aboard,
it is free, and a specially made stand alone program  for these occasions
we have at our hands now. So download it from here http://vil.nai.com/vil/stinger/and run it,
and tell me what it found.
Then take your notepad program and note all you have found in
exact the same words as you find up. Very vital information.

Success,

polonus
« Last Edit: June 26, 2005, 12:26:42 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

jumpingclear

  • Guest
Re: worm not detected by avast
« Reply #10 on: June 26, 2005, 12:53:01 AM »
Hi Polonus

Thanks for the stinger tip but don't worry, my pc is not infected. Fortunately nod32 identified the infected file before I ran it. I had only just installed nod the day before instead of avast so I was lucky. I had heard good things about nod so I thought I would try it and see how it compares to avast. I have three winXP installs at the moment, one with avast, one with no internet and one with nod (plus one linux install). Fortunately I downloaded the file on the partition with nod32 installed.

I just wanted to report the virus so that avast can add it and I am a bit concerned after this experience whether to stick with avast or switch completely to nod.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33983
  • malware fighter
Re: worm not detected by avast
« Reply #11 on: June 26, 2005, 01:06:02 AM »
Hi jumpingclear,

Good for you. The virus solution that is perfect, my dear friend, does nor exist yet. Do not blame this on AVAST. It is a good program. There are a lot of people to see to it that new finds are posted (ReJZoR among others). You were lucky that NOD jumped unto your shoulder to save your day. If you insist on opening up to P2P you have to live with the risks, be extra careful and install Peer Guardian. That is the least I can give you as an advice. Scan everything and analyze with a Hex Viewer or BintScanner. To close the vulnerability window, and you know what that is now, although you nearly escaped, use online scans and a intrusion detection system. I also would advice the free checksum program Easy Integrity Checker, so that you can see nothing on your comp has been tampered with.

Have a nice day,

Yours sincerely,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!