What is this virus and why avast is not detecting it?

[sulav]

Complete scanning result of "SCVVHSOT.exe", received in VirusTotal at 06.18.2007, 12:56:25 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.16.0 06.18.2007 Win-Trojan/Downloader.290419
AntiVir 7.4.0.32 06.18.2007 DR/Sohanad.AS.1
Authentium 4.93.8 06.16.2007 Possibly a new variant of W32/Trojan-disguised-based!Maximus
Avast 4.7.997.0 06.18.2007  no virus found ?
AVG 7.5.0.467 06.17.2007 Worm/Generic.BRS
BitDefender 7.2 06.18.2007 Win32.Worm.IM.Sohanad.K
CAT-QuickHeal 9.00 06.16.2007  no virus found
ClamAV devel-20070416 06.18.2007  no virus found
DrWeb 4.33 06.18.2007 Win32.HLLW.Obfuscated
eSafe 7.0.15.0 06.17.2007 Win32.Sohanad.as
eTrust-Vet 30.7.3726 06.18.2007  no virus found
Ewido 4.0 06.18.2007  no virus found
FileAdvisor 1 06.18.2007  No threat detected
Fortinet 2.85.0.0 06.18.2007 W32/Sohanad.AS!worm.im
F-Prot 4.3.2.48 06.15.2007 W32/Trojan-disguised-based!Maximus
Ikarus T3.1.1.8 06.18.2007 Worm.Win32.VB.cj
Kaspersky 4.0.2.24 06.18.2007 IM-Worm.Win32.Sohanad.as
McAfee 5054 06.15.2007  no virus found
Microsoft 1.2607 06.18.2007  no virus found
NOD32v2 2336 06.18.2007 Win32/Hakaglan.G
Norman 5.80.02 06.18.2007  no virus found
Panda 9.0.0.4 06.17.2007 Bck/Sniper.J
Prevx1 V2 06.18.2007 Covert.Sys.Exec
Sophos 4.18.0 06.12.2007  no virus found
Sunbelt 2.2.907.0 06.16.2007 Win32.Worm.IM.Sohanad.K
Symantec 10 06.18.2007  no virus found
TheHacker 6.1.6.134 06.18.2007  no virus found
VBA32 3.12.0.2 06.15.2007 IM-Worm.Win32.Sohanad.as
VirusBuster 4.3.23:9 06.17.2007  no virus found
Webwasher-Gateway 6.0.1 06.18.2007 Trojan.Sohanad.AS.1


Aditional Information
File size: 290419 bytes
MD5: 3ca30fdc5e4b2150f42aa09ba37f326e
SHA1: 4f83b6cfaadf9e6eddfc80ec272067e6b05740a2
packers: UPX
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=3ca30fdc5e4b2150f42aa09ba37f326e
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=259b98434633
  :'(

[DavidR]

If you are not getting a virus warning that you believe is a new, undetected virus then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

[sulav]

did as you suggested too bad norton didn't detect it.I sent it via yahoo mail.Hotmail detected it as a threat though.I had changed it's extension name from SCVVHSOT.exe to SCVVHSOT.txt

[DavidR]

You wouldn't have needed to change the file name if you had zipped the suspect file and password protected it as mentioned.

If you didn't zip and password protect the file there is a likelihood that it will be scanned on route and the sample deleted if detected. The avast email server obviously won't be deleting samples but there are likely to be other email servers on route.

[sulav]

well it seems that avst is not detecting it as of yet.what's the problem?

[DavidR]

As I said they may not have even got your sample, it really does have to be zipped and protected otherwise the chances of it getting intercepted are high.

It is usually better if the sample is sent from the avast chest, but if you only have/use web based email that won't be possible.

You could also place it on a file share site and post the link here.
- Rapidshare file upload -  Host your files with RapidShare FOR FREE! http://rapidshare.com useful if you haven't got an email client.
- 4shared.com - free file sharing and storage - http://www.4shared.com/

[Lisandro]

I hope they improve detection of this one... quickly!