Author Topic: Christmas trojan NOT detected by avast!  (Read 5129 times)

0 Members and 1 Guest are viewing this topic.

jamesvaul

  • Guest
Christmas trojan NOT detected by avast!
« on: December 31, 2006, 10:04:35 AM »
Christmas trojan NOT detected by avast!  :'(  :'(
www(dot)codecsnet(dot)biz / setup.exe


« Last Edit: December 31, 2006, 10:06:28 AM by jamesvaul »

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Christmas trojan NOT detected by avast!
« Reply #1 on: December 31, 2006, 10:16:59 AM »
Did you sent a sample to virus@avast.com ? Zip it with a pass word, include the password in the body of the email, along with any other info you can think of. You can also send it from the chest.

zivilist

  • Guest
Re: Christmas trojan NOT detected by avast!
« Reply #2 on: December 31, 2006, 01:23:18 PM »
Hello avast team,

please make a sticky thread how to send a sample virus like oldmans post.
Every day the same answer is posted here.

thanks

Offline Bluesman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 912
  • Amiga Power!
Re: Christmas trojan NOT detected by avast!
« Reply #3 on: December 31, 2006, 02:48:48 PM »
please make a sticky thread how to send a sample virus like oldmans post.

Good suggestion!

Also how you handle a false positive would be nice to have in a sticky.
"The blues are the roots, everything else is the fruits" -Willie Dixon

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9404
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Christmas trojan NOT detected by avast!
« Reply #4 on: January 01, 2007, 11:21:05 AM »
Just for your information:

# 31.12.2006 - 0666-1

Win32:Agent-EAK [Trj]

Sample was added yesterday.
Visit my webpage Angry Sheep Blog

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: Christmas trojan NOT detected by avast!
« Reply #5 on: January 01, 2007, 01:24:13 PM »
Just for your information:

# 31.12.2006 - 0666-1

Win32:Agent-EAK [Trj]

Sample was added yesterday.


yesterday morning i had the same file in my pc,i submitted it to http://virusscan.jotti.org/ and when i saw that its a trojan and avast didn't detect it,i sent it to virus@avast.com for investigation..they are really fast..yesterday night they released the update with this trojan..good work ALWIL!!! :D
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

jamesvaul

  • Guest
Re: Christmas trojan NOT detected by avast!
« Reply #6 on: January 01, 2007, 02:35:35 PM »
they are really fast..

no they're not fast because this trojan is well known since before christmas (december 25) but avast added it on december 31  :'(
Too late!
« Last Edit: January 01, 2007, 02:37:18 PM by jamesvaul »

Offline Bluesman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 912
  • Amiga Power!
Re: Christmas trojan NOT detected by avast!
« Reply #7 on: January 01, 2007, 02:50:39 PM »
"The blues are the roots, everything else is the fruits" -Willie Dixon

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86796
  • No support PMs thanks
Re: Christmas trojan NOT detected by avast!
« Reply #8 on: January 01, 2007, 03:39:16 PM »
One thing to note when using VirusTotal they don't seem to have the latest VPS loaded.

This is becoming more and more common when a user detects a virus and uses VT to confirm only to find that avast doesn't detect it. This would appear to be because of auto updates the users VPS is fully up to date, however, with a live on-line system VT can't update as frequently.

How often they do update signature files isn't available to us mortals, nor is the signature file version they are using displayed, just the AV version.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9404
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Christmas trojan NOT detected by avast!
« Reply #9 on: January 01, 2007, 11:44:05 PM »
Plus, these scan services are using specially modified versions of scanners which tend to miss stuff that end user products actually detect (like Home Edition). That especially applies to Jotti and sometimes also to VT.
Visit my webpage Angry Sheep Blog

zivilist

  • Guest
Re: Christmas trojan NOT detected by avast!
« Reply #10 on: January 02, 2007, 12:21:44 PM »
wrote a mail to virustotal:

> Hello virustotal-team,
>
> i notice, that there are a big difference between the update cycle
> of every Antivirus scanner.
>
> I scanned a file on 01.01.2007, 15:55:57 (CET) and I see
> the scan engine last updated from 12.18.2006 (Sunbelt) till 01.01.2007
>
> The Avast Team (antivirus producer) suggested to a more detailed output
> (exactly version of the signature file like in avast 0666-1), because
> some virus scanner update more than once a day):
> http://forum.avast.com/index.php?topic=25722.0 (posting from "DavidR")
>
> I hope you can improve your service.
>
> Thanks

Answer:

All scanners are checked for updates each 5 minutes. The Sunbelt case is
a problem we're discussing with them. The Avast one is another problem
we're trying to solve as soon as possible, and it is due some special
configuration of the update resources we use.
« Last Edit: January 02, 2007, 12:33:44 PM by zivilist »

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: Christmas trojan NOT detected by avast!
« Reply #11 on: January 02, 2007, 01:14:05 PM »
wrote a mail to virustotal:

> Hello virustotal-team,
>
> i notice, that there are a big difference between the update cycle
> of every Antivirus scanner.
>
> I scanned a file on 01.01.2007, 15:55:57 (CET) and I see
> the scan engine last updated from 12.18.2006 (Sunbelt) till 01.01.2007
>
> The Avast Team (antivirus producer) suggested to a more detailed output
> (exactly version of the signature file like in avast 0666-1), because
> some virus scanner update more than once a day):
> http://forum.avast.com/index.php?topic=25722.0 (posting from "DavidR")
>
> I hope you can improve your service.
>
> Thanks

Answer:

All scanners are checked for updates each 5 minutes. The Sunbelt case is
a problem we're discussing with them. The Avast one is another problem
we're trying to solve as soon as possible, and it is due some special
configuration of the update resources we use.


good work.. :) this suggestion isn't maden by avast team though but by an advanced user of avast ;) this is a forum for users of avast..
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86796
  • No support PMs thanks
Re: Christmas trojan NOT detected by avast!
« Reply #12 on: January 02, 2007, 03:13:19 PM »
wrote a mail to virustotal:
<snip>
> The Avast Team (antivirus producer) suggested to a more detailed output
> (exactly version of the signature file like in avast 0666-1), because
> some virus scanner update more than once a day):
> http://forum.avast.com/index.php?topic=25722.0 (posting from "DavidR")
<snip>
Answer:

All scanners are checked for updates each 5 minutes. The Sunbelt case is
a problem we're discussing with them. The Avast one is another problem
we're trying to solve as soon as possible, and it is due some special
configuration of the update resources we use.

It is good that you have taken the time to contact VirusTotal and the fact that they confirm that effectively they don't always have the latest version of the VPS, at least clears up what I suspected.

However, I would like to point out that I am just an avast user like yourself and not a member of the avast Team.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security