Author Topic: slowly updating virus definition  (Read 11504 times)

0 Members and 1 Guest are viewing this topic.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: slowly updating virus definition
« Reply #30 on: August 28, 2006, 07:24:48 PM »
AVG, Fortinet, Norman added now detection too ...

still waiting for Avast! and MS ... and they were first informed
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: slowly updating virus definition
« Reply #31 on: August 30, 2006, 09:49:31 PM »
as from today's VPS update, detection was added ...

Code: [Select]
AntiVir 6.35.1.11 08.30.2006 Worm/Rbot.1247232
Authentium 4.93.8 08.30.2006 W32/Sdbot.UIV
Avast 4.7.844.0 08.30.2006 Win32:Rbot-CCK
AVG 386 08.30.2006 IRC/BackDoor.SdBot2.GJR
BitDefender 7.2 08.30.2006  no virus found
CAT-QuickHeal 8.00 08.30.2006 Backdoor.Rbot.bho
ClamAV devel-20060426 08.30.2006  no virus found
DrWeb 4.33 08.30.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.72.110 08.30.2006 Win32/SpyBot.7bi!Worm
eTrust-Vet 30.3.3051 08.30.2006 Win32/Rbot.FOA
Ewido 4.0 08.25.2006  no virus found
Fortinet 2.77.0.0 08.30.2006 W32/RBot.BHO!tr.bdr
F-Prot 3.16f 08.29.2006 security risk named W32/Sdbot.UIV
F-Prot4 4.2.1.29 08.30.2006 W32/Sdbot.UIV
Ikarus 0.2.65.0 08.30.2006  no virus found
Kaspersky 4.0.2.24 08.30.2006 Backdoor.Win32.Rbot.bho
McAfee 4841 08.30.2006 W32/Sdbot.worm.gen.ca
Microsoft 1.1560 08.30.2006  no virus found
NOD32v2 1.1732 08.30.2006 Win32/Rbot
Norman 5.90.23 08.30.2006 W32/Spybot.AXEH
Panda 9.0.0.4 08.30.2006 W32/Gaobot.NZG.worm
Sophos 4.09.0 08.30.2006  no virus found
Symantec 8.0 08.30.2006 W32.Spybot.Worm
TheHacker 5.9.8.201 08.28.2006  no virus found
UNA 1.83 08.30.2006  no virus found
VBA32 3.11.1 08.30.2006 Backdoor.Win32.Rbot.bho
VirusBuster 4.3.7:9 08.30.2006 no virus found

As You can see Microsoft and BitDefende are still slower than Alwil :)))
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline Glass

  • Jr. Member
  • **
  • Posts: 41
Re: slowly updating virus definition
« Reply #32 on: September 04, 2006, 01:39:18 PM »
as from today's VPS update, detection was added ...

Code: [Select]
...
Avast 4.7.844.0 08.30.2006 Win32:Rbot-CCK
...

As You can see Microsoft and BitDefende are still slower than Alwil :)))
:o
Unfortunately avast! did not detect W32.Spybot.Worm even on the 1st September 06 on my system, after the supposed VPS update. Norman cleanup tool removed it.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83920
  • No support PMs thanks
Re: slowly updating virus definition
« Reply #33 on: September 04, 2006, 02:46:00 PM »
1. Did you confirm the detection was correct, by using either VirusTotal or Jotti, multi-engine AV scanners ?

2. If it is a correct detection by Norman cleanup, did you send a sample to avast so they can update the VPS ?

3. W32.Spybot.worm is different to what you quoted, there are many different aliases as there is no standard naming convention. So you would also need to confirm that although the names are different it is the same virus/malware.
Not only that but the worm detected by Norman cleanup is also different to that listed by Dwarden, so that would also indicate it is a different malware sample.
Code: [Select]
Norman 5.90.23 08.30.2006 W32/Spybot.AXEH
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.8.2432 (build 20.8.5684.602) UI-1.0.564/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Glass

  • Jr. Member
  • **
  • Posts: 41
Re: slowly updating virus definition
« Reply #34 on: September 04, 2006, 03:05:35 PM »
This W32/Spybot.worm virus had affected my netconf32.exe and my installed Norton AV detected and was giving alerts for about a month. But it was not able to clean it, only denied access.

So I junked Norton AV and installed Avast!, which did not even detect it. Then I downloaded Norman tool and it detected and cleaned the virus from netconf32.exe.

But the silver-lining is that Avast! detected and cleared another W32(?) virus in some screensaversinst.dll, that Norton didn't even detect.

I like the features, the 7 providers and the look & spin of Avast!; hoping the detection is perfect!

No, I didn't send the sample to to avast!; will do henceforth.
« Last Edit: September 04, 2006, 03:07:28 PM by Glass »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: slowly updating virus definition
« Reply #35 on: September 04, 2006, 03:08:07 PM »
Hoping the detection is perfect!
It will be never perfect... but it could be better...
Summer time in Europe means worse detection, in my experience. It's sad, but true  :P
The best things in life are free.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: slowly updating virus definition
« Reply #36 on: September 04, 2006, 04:16:13 PM »
lets hope for more generic sigs ... something for zlob family will be nice (like Antivir can do with heuristic)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83920
  • No support PMs thanks
Re: slowly updating virus definition
« Reply #37 on: September 04, 2006, 04:25:21 PM »
There is a Win32:Zlob [Trj] without any -xx suffix, e.g. Win32:Zlob-AA [Trj], perhaps that is come form of generic signature to go with the other 319 Zlob variants listed in the virus database.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.8.2432 (build 20.8.5684.602) UI-1.0.564/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: slowly updating virus definition
« Reply #38 on: September 05, 2006, 12:20:04 AM »
well i was refering to discussion(s) like this http://www.wilderssecurity.com/showthread.php?t=145483
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: slowly updating virus definition
« Reply #39 on: September 05, 2006, 08:36:16 AM »
Info on Zlob here:

http://www.lavasoft.com/lavasoftnews/2006/09/hijacks.html

Technically, how are the virus writers able to alter the virus every few hours so that it evades detection, yet with the virus still retaining its unique 'Zlobiness'? Why have so few AV's got a generic detection for Zlob, and how has Avira managed to do it, I wonder?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog