Author Topic: Trojan.DownLoader UFO.EXE  (Read 27387 times)

0 Members and 1 Guest are viewing this topic.

Offline olmor

  • Newbie
  • *
  • Posts: 12
Trojan.DownLoader UFO.EXE
« on: November 08, 2007, 09:04:21 AM »
Hi!

I found a virus on my machine with installed Avast Home. It does not detect it (with all last updates).
File UFO.EXE with virus is sent to Avast (from Virus Chest).

To developers: Did you receive my message (06.11.07)?
Is there any time frame to include this virus into VPS?

Below is the report from Virustotal.com
===========
Complete scanning result of "UFO.EXE", processed in VirusTotal at 11/08/2007 07:38:14 (CET).

[ file data ]
* name: UFO.EXE
* size: 18432
* md5.: 768eed49992d3cb66c8cbd5b6df06718
* sha1: 093bc70e1080048a858505e90a0d27c314c7bf2a

[ scan result ]
 AhnLab-V3      2007.11.2.1/20071102    found nothing
AntiVir 7.6.0.34/20071108       found [tr/Dldr.VB.bqh]
Authentium      4.93.8/20071101 found nothing
Avast   4.7.1074.0/20071106     found nothing
AVG     7.5.0.503/20071106      found [Downloader.Banload.GZA]
BitDefender     7.2/20071108    found [Dropped:Generic.Malware.Bdld.12921183]
CAT-QuickHeal   9.00/20071106   found [trojanDownloader.VB.bqh]
ClamAV  0.91.2/20071107 found nothing
DrWeb   4.44.0.09170/20071107   found [trojan.DownLoader.36149]
eSafe   7.0.15.0/20071028       found [suspicious Trojan/Worm]
eTrust-Vet      31.2.5276/20071107      found nothing
Ewido   4.0/20071106    found nothing
F-Prot  4.4.2.54/20071107       found nothing
F-Secure        6.70.13030.0/20071102   found [trojan-Downloader.Win32.VB.bqh]
FileAdvisor     1/20071108      found [High threat detected]
Fortinet        3.11.0.0/20071019       found nothing
Ikarus  T3.1.1.12/20071107      found [trojan-Downloader.Win32.VB.bqh]
Kaspersky       7.0.0.125/20071108      found [trojan-Downloader.Win32.VB.bqh]
McAfee  5157/20071106   found nothing
Microsoft       1.3007/20071108 found nothing
NOD32v2 2642/20071106   found [probably unknown NewHeur_PE virus]
Norman  5.80.02/20071106        found [W32/DLoader.DXFQ]
Panda   9.0.0.4/20071106        found [trj/Downloader.QZB]
Prevx1  V2/20071108     found nothing
Rising  20.16.42.00/20071102    found [trojan.DL.Win32.VB.yjo]
Sophos  4.23.0/20071107 found [Mal/Behav-160]
Sunbelt 2.2.907.0/20071031      found nothing
Symantec        10/20071108     found [W32.SillyFDC]
TheHacker       6.2.9.118/20071106      found nothing
VBA32   3.12.2.4/20071106       found [trojan-Downloader.Win32.VB.bqh]
VirusBuster     4.3.26:9/20071106       found nothing
Webwasher-Gateway       6.0.1/20071107  found [trojan.Dldr.VB.bqh]

[ notes ]
packers: UPX
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=768eed49992d3cb66c8cbd5b6df06718
packers: PE_Patch.UPX, UPX
==============

Regards, Oleg

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Trojan.DownLoader UFO.EXE
« Reply #1 on: November 08, 2007, 12:41:13 PM »
Thanks for helping improving avast detection.
After you've sent from Chest you should have been warned that the process finished successfully.
The best things in life are free.

Offline olmor

  • Newbie
  • *
  • Posts: 12
Re: Trojan.DownLoader UFO.EXE
« Reply #2 on: November 12, 2007, 07:13:01 PM »
Seven days have gone. The virus is still not detected (:

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Trojan.DownLoader UFO.EXE
« Reply #3 on: November 12, 2007, 07:18:13 PM »
Shame :P
The best things in life are free.

Offline olmor

  • Newbie
  • *
  • Posts: 12
Re: Trojan.DownLoader UFO.EXE
« Reply #4 on: November 19, 2007, 08:55:08 AM »
One more week has gone and nothing is changed. Is there any change to get this virus detected in Avast?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Trojan.DownLoader UFO.EXE
« Reply #5 on: November 19, 2007, 06:49:55 PM »
Yeah... these days are bad days for them...
http://forum.avast.com/index.php?topic=31038.msg263001#msg263001
The best things in life are free.

Offline diwmaron

  • Newbie
  • *
  • Posts: 2
Re: Trojan.DownLoader UFO.EXE
« Reply #6 on: November 26, 2007, 04:01:38 PM »
I have problem with a program with a similar name. It is allways on my USB Mass Storage (Kingston DataTraveler 1 Gb) when I plug in and plug out under Windows (Xp). You can't see it when you are in Windows. I saw first this file under LINUX. I deleted it but it returned after using in Windows. On DataTraveler there were 2 files: UFO.exe and autorun.inf . Could you tell me if it could by a virus? Is it the same Trojan.Downloader. I heard about that it moves by the USB mass storages. Can it be true?

I'm sorry that I have a lot questions :/ If you need more information I will cooperate :P

Offline misak

  • Avast team
  • Sr. Member
  • *
  • Posts: 234
    • Personal page (CZE)
Re: Trojan.DownLoader UFO.EXE
« Reply #7 on: November 26, 2007, 04:35:17 PM »
Avast chest is not best solution to send files, there are not detected by Avast. Main problem is not in chest, but in processing. We extract only files that has somewhere in description word "false" or files detected by Trojan-gen. Other files are silently discarded.

So please send us suspicious files to virus@avast.com in password protected archive. This email is batch processed to extract attachments. Files are unpacked whit following passwords: infected, virus, avast, a, 123, 1234, 12345, password. If is used other password then we try search password manually in original email.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 82291
  • No support PMs thanks
Re: Trojan.DownLoader UFO.EXE
« Reply #8 on: November 26, 2007, 05:47:33 PM »
Avast chest is not best solution to send files, there are not detected by Avast. Main problem is not in chest, but in processing. We extract only files that has somewhere in description word "false" or files detected by Trojan-gen. Other files are silently discarded.

I have to say I'm both surprised and disappointed that I have wasted my time submitting sample to avast from the avast chest. More so for those who I suggested use the User Files section to add undetected samples and to submit from the chest as I have wasted their time also.

I have to say that this policy is absolutely crazy, these are samples undetected by avast on avast users who are using avast to protect their systems and in that regard have failed. These are also avast users who have taken the time to submit samples only for them to be discarded, no wonder there are so many topics about samples not being included or huge delays.

Submitting samples where the user is required to create a password protected zip file (to avoid interception en route) is such a pain in the rear when the submission from the chest is much easier for most and it takes care of the interception issue because the samples are encrypted by the process.

You can't believe how disappointed I am about this total waste enough not to bother suggesting people send samples at all.
Why should I bother if you don't.
Why should others bother if you don't.

In almost three and three quarter years of using avast this is without doubt the lowest I have felt. I have absolutely no idea what the new submission system is to be but this one for me is pathetic when samples are discarded, silently or otherwise.

I will end now as I'm getting mad, not just disappointed.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.544) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline sanctuary24

  • Sr. Member
  • ****
  • Posts: 323
Re: Trojan.DownLoader UFO.EXE
« Reply #9 on: November 26, 2007, 06:02:33 PM »
I would feel easier if someone from Alwil team could just say we are setting up a brand new protocol for handling submitted files

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Trojan.DownLoader UFO.EXE
« Reply #10 on: November 26, 2007, 06:08:09 PM »
Other files are silently discarded.
I can't believe!!!  :o :o
Am I reading right that you just discard the submitted files?  ::) ??? :o
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Trojan.DownLoader UFO.EXE
« Reply #11 on: November 26, 2007, 06:11:14 PM »
I have to say I'm both surprised and disappointed that I have wasted my time submitting sample to avast from the avast chest. More so for those who I suggested use the User Files section to add undetected samples and to submit from the chest as I have wasted their time also.
Me too.

You can't believe how disappointed I am about this total waste enough not to bother suggesting people send samples at all.
Why should I bother if you don't.
Why should others bother if you don't.
Are there any avast team member reading our posts?
We're posting here from 3 years that sending file from Chest is the most safe method...
I just can't believe...

In almost three and three quarter years of using avast this is without doubt the lowest I have felt. I have absolutely no idea what the new submission system is to be but this one for me is pathetic when samples are discarded, silently or otherwise.

I will end now as I'm getting mad, not just disappointed.
I'm bored, disappointed, upset too...
The best things in life are free.

Offline diwmaron

  • Newbie
  • *
  • Posts: 2
Re: Trojan.DownLoader UFO.EXE
« Reply #12 on: November 26, 2007, 06:27:15 PM »
OMG I am reason of it? I'm sorry!!!!

I sent files packed in rar sfx file named ufo-files.exe with password: 123

Is it correct?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: Trojan.DownLoader UFO.EXE
« Reply #13 on: November 26, 2007, 06:42:29 PM »
This time, I'll throw in my whole 2 cents.  >:(

Like DavidR and Tech, I'm very disappointed and upset. I spent hours with a very nervous person, not only in finding and removing infected files, but also in extracting them to the chest after they had been safely quarantined. This computer was in a real mess when we started and one wrong click could have started everything all over.  >:(

Now you're telling me that that whole stressful time was just a waste of time???  ???

One thing we found, don't know where the thread is, that some mail providers have the ability to "see" into a zipped archive and if the file is executable, refuses to send it.

Well so much for me trying to convince people to submit the samples to avast to make it a better product. These are people who just what the crude off there computers asap.

@DavidR, Tech .....kinda gives you a kick right in the old credibility, don't it?  :'(
« Last Edit: November 26, 2007, 06:47:27 PM by oldman »

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: Trojan.DownLoader UFO.EXE
« Reply #14 on: November 26, 2007, 06:50:12 PM »
OMG I am reason of it? I'm sorry!!!!

I sent files packed in rar sfx file named ufo-files.exe with password: 123

Is it correct?

No, it wasn't anyhting you did, some us just got blind sided with this little bit of news.

You sample should be all right.