Author Topic: Two unrecognized viruses  (Read 16933 times)

0 Members and 1 Guest are viewing this topic.

yvs

  • Guest
Two unrecognized viruses
« on: August 07, 2007, 06:45:28 PM »
Here - http://www. yvs. makeevka. com/files/viruses.zip
two viruses. Password - virus.
Virus@avast.com not hear me one month.
Why?..
Heeeelp...
« Last Edit: August 08, 2007, 07:24:55 AM by yvs »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Two unrecognized viruses
« Reply #1 on: August 07, 2007, 07:21:44 PM »
Please, don't post live links to infected files (even password protected).
After you have sent the samples to virus@avast.com you can try sending the files to Chest and, from there, resend to Alwil for analysis.

The preferred way for submitting samples is e-mail (or sending them from Chest). Although, you can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won't have READ access to the ftp server, just write - so you won't even be able to see what you've just uploaded).

Anyway, this is not an excuse for not having improved the detection yet... Shame on virus analyst team...
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Two unrecognized viruses
« Reply #2 on: August 07, 2007, 07:30:16 PM »
File AUH5j6Ma.exe received on 08.07.2007 19:00:52 (CET)Antivirus   Version   Last Update   Result
AhnLab-V3   2007.8.3.0   2007.08.07   -
AntiVir   7.4.0.57   2007.08.07   TR/Crypt.ULPM.Gen
Authentium   4.93.8   2007.08.07   -
Avast   4.7.1029.0   2007.08.07   -
AVG   7.5.0.476   2007.08.06   -
BitDefender   7.2   2007.08.07   GenPack:Win32.Worm.Luder.F
CAT-QuickHeal   9.00   2007.08.07   -
ClamAV   0.91   2007.08.07   -
DrWeb   4.33   2007.08.07   Trojan.Inject.351
eSafe   7.0.15.0   2007.07.31   suspicious Trojan/Worm
eTrust-Vet   31.1.5040   2007.08.07   -
Ewido   4.0   2007.08.07   -
FileAdvisor   1   2007.08.07   -
Fortinet   2.91.0.0   2007.08.07   -
F-Prot   4.3.2.48   2007.08.07   -
F-Secure   6.70.13030.0   2007.08.07   Trojan.Win32.Agent.avd
Ikarus   T3.1.1.8   2007.08.07   Win32.SuspectCrc
Kaspersky   4.0.2.24   2007.08.07   Trojan.Win32.Agent.avd
McAfee   5092   2007.08.07   -
Microsoft   1.2704   2007.08.07   -
NOD32v2   2442   2007.08.07   -
Norman   5.80.02   2007.08.06   -
Panda   9.0.0.4   2007.08.07   W32/ZlFake.A.drp
Prevx1   V2   2007.08.07   Trojan.Lozyt
Rising   19.35.12.00   2007.08.07   -
Sophos   4.19.0   2007.08.01   Mal/HckPk-A
Sunbelt   2.2.907.0   2007.08.04   -
Symantec   10   2007.08.07   -
TheHacker   6.1.7.163   2007.08.07   -
VBA32   3.12.2.2   2007.08.07   Trojan.Win32.Small.oj
Webwasher-Gateway   6.0.1   2007.08.07   Trojan.Crypt.ULPM.Gen

File ZARAZA.DOC received on 08.07.2007 19:01:12 (CET)Antivirus   Version   Last Update   Result
AhnLab-V3   2007.8.3.0   2007.08.07   -
AntiVir   7.4.0.57   2007.08.07   HEUR/Macro.Word97
Authentium   4.93.8   2007.08.07   could be infected with an unknown virus
Avast   4.7.1029.0   2007.08.07   -
AVG   7.5.0.476   2007.08.06   -
BitDefender   7.2   2007.08.07   Macro.VBA
CAT-QuickHeal   9.00   2007.08.07   -
ClamAV   0.91   2007.08.07   -
DrWeb   4.33   2007.08.07   W97M.VMPCK
eSafe   7.0.15.0   2007.07.31   O97M.GNcsin
eTrust-Vet   31.1.5040   2007.08.07   Word97Macro/Nid.A (weak rule) fa
Ewido   4.0   2007.08.07   -
FileAdvisor   1   2007.08.07   -
Fortinet   2.91.0.0   2007.08.07   -
F-Prot   4.3.2.48   2007.08.07   -
F-Secure   6.70.13030.0   2007.08.07   Possibly infected with an unknown virus
Ikarus   T3.1.1.12   2007.08.07   Virus.MSWord.Zaraza.b
Kaspersky   4.0.2.24   2007.08.07   Virus.MSWord.Zaraza.b
McAfee   5092   2007.08.07   W97M/Generic
Microsoft   1.2704   2007.08.07   -
NOD32v2   2442   2007.08.07   a variant of W97M/Generic
Norman   5.80.02   2007.08.06   -
Panda   9.0.0.4   2007.08.07   W97M/Havix.A
Prevx1   V2   2007.08.07   Generic.Malware
Rising   19.35.12.00   2007.08.07   Unknown
Sophos   4.19.0   2007.08.01   -
Sunbelt   2.2.907.0   2007.08.04   -
Symantec   10   2007.08.07   W97M.VMPCK1.gen
TheHacker   6.1.7.163   2007.08.07   W97M/Generico
VBA32   3.12.2.2   2007.08.07   -
VirusBuster   4.3.26:9   2007.08.07   -
Webwasher-Gateway   6.0.1   2007.08.07   Heuristic.Macro.Word97
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Two unrecognized viruses
« Reply #3 on: August 07, 2007, 07:50:50 PM »
Well I have also sent them from the chest so lets see what happens.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #4 on: August 07, 2007, 08:29:04 PM »
Please, don't post live links to infected files
Why?

Now these viruses in known, and user can find infected files with the help of any file manager.
For example: find *.doc files with string "c:\windows\system\sys_z.drv".

Dangerous is not a virus, dangerous is slow virus analyst team. :'(

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Two unrecognized viruses
« Reply #5 on: August 07, 2007, 09:38:22 PM »
Whilst this link is to a zip file (not an executable), it is still clickable allowing for accidental exposure by those not so well equipped to deal with a possible infection, more so one not detected by avast.

So it is better to break any link and those of us who don't feel it a problem can still get at it without much of a problem, but it is a step that keeps the unwary and inquisitive away, e.g. http :// www . yvs.makeevka.com/files/viruses.zip.

So please modify you link so it isn't clickable, it is just good practive to avoid accidental exposure.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Two unrecognized viruses
« Reply #6 on: August 07, 2007, 09:56:53 PM »
Dangerous is not a virus, dangerous is slow virus analyst team. :'(
For the other users, dangerous is the infection due to virus link exposure and a slow virus analyst team.
The best things in life are free.

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #7 on: August 08, 2007, 07:31:22 AM »
please modify you link so it isn't clickable
Modified.

yvs

  • Guest
Re: Two unrecognized viruses
« Reply #8 on: August 08, 2007, 07:55:12 AM »
After you have sent the samples to virus@avast.com you can try sending the files to Chest and, from there, resend to Alwil for analysis.
...
use Alwil FTP server as a second way

 :o

Why?...

File AUH5j6Ma.exe i was send to Alvil (virus@avast.com) and to DrWeb (http://www.drweb.ru/newvirus/).

Alvil not hear me.

From DrWeb i was recive immediately confirm e-mail message with special ID for meeting about this virus if i want. After some hours i recive e-mail with thanks and with name of virus added to database.

I like Avast. Why Avast not like me...

Sorry for my french.

Jem

  • Guest
Re: Two unrecognized viruses
« Reply #9 on: August 08, 2007, 01:10:22 PM »
For me, some kind of response from the Alwil team would be appropriate. This is not the first time they have been accused of being slow. Not really acceptable, as the product doesn't have heuristics to fall back on...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Two unrecognized viruses
« Reply #10 on: August 08, 2007, 02:36:50 PM »
Why?...
File AUH5j6Ma.exe i was send to Alvil (virus@avast.com) and to DrWeb (http://www.drweb.ru/newvirus/).
Alvil not hear me.
It's a problem of the virus analyst team... hope they hurry up with (more) this sample.
The best things in life are free.

sanctuary24

  • Guest
Re: Two unrecognized viruses
« Reply #11 on: August 08, 2007, 04:18:26 PM »
Not to hijack the thread/topic but will Avast have heuristics added in future updates?

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Two unrecognized viruses
« Reply #12 on: August 08, 2007, 04:27:22 PM »
yvs: the executable will be detected by some new vps in near future (added to internal vps already)... and the doc file needs some more time but will follow soon..

Tech: you know.. we don't ignore this sample, but there are many other viruses, which are more dangerous or more spreading and it's legitimate to add Tibs, Zhelatin, Warezov or Virtumonde/Vundo first and this sample with a little delay... simply bacause of virus priorities.. hopefully the whole process will become faster (i'm working on a new detection module)... ;)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Two unrecognized viruses
« Reply #13 on: August 08, 2007, 04:31:30 PM »
Tech: you know.. we don't ignore this sample, but there are many other viruses, which are more dangerous or more spreading and it's legitimate to add Tibs, Zhelatin, Warezov or Virtumonde/Vundo first and this sample with a little delay... simply bacause of virus priorities.. hopefully the whole process will become faster (i'm working on a new detection module)... ;)
Good to know we'll have a new detection module.
I understand the virus adding priority. The problem is that the user is infected with a virus and not will all the other dangerous one round... so he/she complains about that: my infection is the worst for me myself...
The best things in life are free.

sanctuary24

  • Guest
Re: Two unrecognized viruses
« Reply #14 on: August 08, 2007, 04:40:23 PM »
yvs: the executable will be detected by some new vps in near future (added to internal vps already)... and the doc file needs some more time but will follow soon..

Tech: you know.. we don't ignore this sample, but there are many other viruses, which are more dangerous or more spreading and it's legitimate to add Tibs, Zhelatin, Warezov or Virtumonde/Vundo first and this sample with a little delay... simply bacause of virus priorities.. hopefully the whole process will become faster (i'm working on a new detection module)... ;)

Good to know there are many improvements on the way, keep up the good work.  One more thing by new detection module what do you mean ie heuristics, better scanning techniques etc (sorry for probing for answers I'm just trying to learn new things) :)