Trojan recycle_bin.exe not immediately detected

[darkultra]

File name: recycle_bin.exe

Test Results:

Avast 4.6 Home VPS 0609-3 free edition allowed recycle_bin.exe to run, but alerted about infected files being copied around the system.

AVG Free 7.1.375 reacted immediately I copied recycle_bin.exe over. I tried to run it, but couldn't.

WARNING THIS IS A TROJAN WILL MAKE YOUR PC A ZOMBIE
*removed*
Archive password: virus

[FreewheelinFrank]

Hi darkultra,

Please don't post links to malware. You can send the suspect file to:

virus at avast.com (Substitute @ for 'at')

This is a report processed by VirusTotal on 03/05/2006 at 13:21:31 (CET) after scanning the file "recycle_bin.exe" file.

Antivirus   Version   Update   Result
AntiVir   6.33.1.53   03.04.2006   no virus found
Avast   4.6.695.0   03.03.2006   no virus found
AVG   718   03.03.2006   Dropper.Agent.ZV
Avira   6.33.1.53   03.04.2006   no virus found
BitDefender   7.2   03.05.2006   BehavesLike:Trojan.Downloader
CAT-QuickHeal   8.00   03.04.2006   no virus found
ClamAV   devel-20060126   03.05.2006   no virus found
DrWeb   4.33   03.04.2006   Trojan.MulDrop.3065
eTrust-InoculateIT   23.71.93   03.04.2006   no virus found
eTrust-Vet   12.4.2104   03.03.2006   no virus found
Ewido   3.5   03.04.2006   Dropper.Agent.vx
Fortinet   2.71.0.0   03.05.2006   suspicious
F-Prot   3.16c   03.03.2006   no virus found
Ikarus   0.2.59.0   03.03.2006   no virus found
Kaspersky   4.0.2.24   03.05.2006   Trojan-Dropper.Win32.Agent.vx
McAfee   4710   03.03.2006   MultiDropper-OB
NOD32v2   1.1430   03.04.2006   Win32/TrojanDropper.Agent.VX
Norman   5.70.10   03.03.2006   no virus found
Panda   9.0.0.4   03.05.2006   Suspicious file
Sophos   4.03.0   03.04.2006   no virus found
Symantec   8.0   03.05.2006   no virus found
TheHacker   5.9.5.106   03.04.2006   no virus found
UNA   1.83   03.02.2006   no virus found
VBA32   3.10.5   03.03.2006   Trojan-Dropper.Win32.Agent.vx

For better protection: avast! and Ewido!

[CharleyO]

***

Welcome to the forums, darkultra.   

If you are running 2 resident anti-virus programs on the same computer, then you have a greater risk of infection on that computer. In this case, 2 is not better than one ... because the 2 will conflict with each other causing less protection than just one and more chance of infection.


***

[FreewheelinFrank]

Bump!

This still isn't detected!!!

[Spiritsongs]

   Hi all :

     Seems Darkultra's "VPS : 0609-3 " & "Virus Total's
     "4.6.695 " are NOT the latest VPS. 0614-1 and 4.6.763 !?

[DavidR]

Very good point Spiritsongs, I must admit that when I upload samples to Jotti or VirusTotal I don't check and see if they are using the latest VPS or version, I have always assumed that they would be the latest. It is certainly something to watch. It would be different for us to check Jotti as it uses the Linux version of avast and that doesn't have the same version numbering.

I know they don't update immediately, but I thought it would be much quicker than that, 4.6.695 is quite old, so I wonder what the actual VPS is that is being used.