Backdoor.Win32.VB.boa

[neogrey]

I'm using Avast Home Edition...and it obviously skipped that one: Backdoor.Win32.VB.boa . Thank God, I have a firewall too, which reported that lsass.exe is trying to connect to the internet. the worm has been placed in C:/WINDOWS/Config/ directory - not a place for lsass.exe. I scanned the file with Kaspresky online scanner which told me that the file is a worm...is it what we get for FREE from Alwil Software - is it supposed to pass those viruses???

[Lisandro]

The problem is not that avast is free or not, but that every software is not perfect and can miss some detections.
Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks for helping avast to improve detection.

[neogrey]

Sorry, I already trashed the file ...booted in Safe Mode and renamed it, then on the next restart I trashed it...it was stupid of me, I should be sending this to you, indeed. Sorry.

[Lisandro]

Sorry, I already trashed the file ...booted in Safe Mode and renamed it, then on the next restart I trashed it...it was stupid of me, I should be sending this to you, indeed. Sorry.

Never mind. Next time you already know.
Welcome to avast forums. Feel free to come back any time you need help you just to change experiences

[polonus]

Hi Tech,

Here is the description for our forum members:
Trojan.Win32.Agent.boa
Type   Malware
Type Description   Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category   Trojan
Category Description   Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level   High
Level Description   High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type   Remove
Release Date   Sep 21 2007
Last updated on   Sep 21 2007
File Traces   
    ie.exe
COMODO BoClean protects against this trojan boa

polonus