Help me....

[NHFTech]

Hi All... i'm a quiet new to this forums.. can somebody told me why this file cannot be detect by avast as a virus

http://www.uploading.com/files/0JN05RZW/MS32DLL.dll.zip.html

http://www.uploading.com/files/TG3080L5/My_Heart.zip.html

password for zip files is nhftech

[DavidR]

Send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 29 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

[polonus]

Hi NHFTech and DavidR,

Scanned those two files with DrWeb's av link checker and both are clean, this could mean a FP. If uploading to VirusTotal or Jotti give the same results, the files could be uploaded as possible False Positives,

polonus

[DavidR]

If they are password protected, how can DrWeb link checker scan them ?

And there is no way I'm going to enable javascript on that site to download the files to test.

[polonus]

Hi DavidR,

Well it can, because it says the zip file is clean, but eventually we will know if the owner of the files update them to virustotal or jotti?

polonus

[DavidR]

Well it shouldn't be possible to extract the contents to scan them if the zip file is password protected, this may be a failing in the scan not reporting it cant extract the contents.

[DavidR]

Update I downloaded the my_heartzip extracted (with password) and uploaded to VirusTotal and there are multiple hits with very many different malware names, see image. Just going to repeat the process for the other zip file.

Since DrWeb also detects ti that would tend to confirm it failed to scan the password protected zip but also failed to report that, simply saying no virus found.

[DavidR]

OK downloaded , extracted and uploaded the second MS32DLL.dll.vbs file and that too was detected by 23 of the scanners. I have also sent both of the samples to avast.

[NHFTech]

thanks all for help.... just want to tell u all, i'm from malaysia... sorry for bad english. anyway i hope someday this 2 files will be detect by avast.. tq  

[DavidR]

No problem, your English is fine.

Welcome to the forums.

You can also add the file to the User Files (File, Add) section of the avast chest it can do no harm there and you can scan the files in the chest to see if they have been added to the VPS updates.

[NHFTech]

Hi everybody, sorrry for disturb all of you again. I have scan this 2 files with avast latest vps 19.3.2007 - 0725-1. The result is my_heart.exe is detected as Win32:VBcinta but MS32DLL.dll is not detected at all

[Lisandro]

But MS32DLL.dll is not detected at all

Maybe they're working on the virus signature to update avast database... Who knows?