Author Topic: Too much for me!  (Read 14476 times)

0 Members and 1 Guest are viewing this topic.

wetabax

  • Guest
Too much for me!
« on: November 12, 2007, 04:14:43 PM »
The image below expains better as me. There are 6 now! Almost all other antivirus in www.virustotal.com mark the samples as virus. Avast not. All of them sent by chest with all information needed.
All of them appears in my Thunderbird as message sent.
And silence over the earth.

I really don't know why I paid a 2 years subscription for this software.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Too much for me!
« Reply #1 on: November 12, 2007, 04:35:12 PM »
Hi wetabax,

The chest is a place where malware can do no harm, and you can safely delete the malware if you do not longer need the files (some malware infect system files your OS cannot do without). The chest is a place like limbo where malware waits to be send to the hell of electronic oblivion by you (mostly after a week or two). Probably you understand now that the chest is a kind of malware prison to neutralize malware or a malware detention place on your computer. Every good av does not delete malware right away, because there is no alternative in case of a false positive.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

wetabax

  • Guest
Re: Too much for me!
« Reply #2 on: November 12, 2007, 04:48:32 PM »
Hi wetabax,

The chest is a place where malware can do no harm, and you can safely delete the malware if you do not longer need the files (some malware infect system files your OS cannot do without). The chest is a place like limbo where malware waits to be send to the hell of electronic oblivion by you (mostly after a week or two). Probably you understand now that the chest is a kind of malware prison to neutralize malware or a malware detention place on your computer. Every good av does not delete malware right away, because there is no alternative in case of a false positive.

polonus

Ok, Mr. Polonus, I will try to explain in my bad english. I collected 6 viruses. VirusTotal is a site that check these samples, and each of them are considered virus from almost 15% of the av in that service. I sent the viruses via MAPI to avast. The date I get these viruses are in the image above. I think an av should renew their scanner engines to detect this files as viruses. Well, avast! did not. Today I export all 6 files to a temp folder. Scan the folder, and avast think that none of them are virus. Is it clear now? The first virus I sent is from november 3rd! We are at november 12th!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Too much for me!
« Reply #3 on: November 12, 2007, 06:19:57 PM »
We cannot be on the company side on this matter.
We, the users, will be at the user side.
We aren't fanboys (at least, not I)... how long should we wait for this new submission and detection method?
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Too much for me!
« Reply #4 on: November 12, 2007, 06:34:12 PM »
Hi Tech and wetabax,

If the matter is as explained, this should be a matter of concern for the Avast staff that make up the virus signatures. With an av solution there is no place nor time for being sloppy, the consumers depend on swift reaction. On the other hand it is a good thing to have an additional non-resident scanner like DrWeb's CureIt (self-updating) to get the malware that has stayed under the Avast radar, because we do not live in an ideal world as they say. The days that we could rely on just one AV solution and FW are alas long, long gone.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Too much for me!
« Reply #5 on: November 12, 2007, 06:45:49 PM »
I use VirusTotal when I need to run suspicious files... I've learned in my own sadness...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Too much for me!
« Reply #6 on: November 12, 2007, 08:08:21 PM »
Also by checking files against VirusTotal, samples 'should' be sent to the scanners that haven't detected them. That should be another avenue to get samples to Alwil, but the submission system, simply isn't good enough currently. I really look forward to the planned update to the submissions process.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wetabax

  • Guest
Re: Too much for me!
« Reply #7 on: November 17, 2007, 05:00:06 PM »
I begin to hate all of this. :-X All of them now were sent more as 3 times, IMAP, SMTP, they are at virustotal, everywhere.... but by avast!

wetabax

  • Guest
Re: Too much for me!
« Reply #8 on: November 18, 2007, 04:03:25 PM »
no comments:


Escaneando os arquivos selecionados
------------------------------------------------------------------------------------------
O programa irá tentar escanear o(s) arquivo(s) 10 selecionado(s) da Quarentena

Mover os arquivos para a pasta temporária: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp
ID do arquivo: 0000000013 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\DSC00129.scr Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\13.scr
ID do arquivo: 0000000017 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\FlashPlayer09.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\17.exe
ID do arquivo: 0000000014 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\FotosZip.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\14.exe
ID do arquivo: 0000000015 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\humor.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\15.exe
ID do arquivo: 0000000023 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\Projeto_vivo.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\23.exe
ID do arquivo: 0000000021 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\Projeto_vivo_report1.jpg Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\21.jpg
ID do arquivo: 0000000022 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\systray.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\22.exe
ID do arquivo: 0000000020 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\systray_report1.jpg Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\20.jpg
ID do arquivo: 0000000019 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\systray_report2.jpg Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\19.jpg
ID do arquivo: 0000000016 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\VivoCupidoMSG.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\16.exe

Escanear os arquivos na pasta temporária: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\13.scr  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\14.exe  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\15.exe\[PECompact]  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\15.exe  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\16.exe  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\17.exe\[PECompact]  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\17.exe  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\19.jpg  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\20.jpg  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\21.jpg  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\22.exe  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\23.exe\[PECompact]  -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\23.exe  -- sem vírus --
------------------------------------------------------------------------------------------
A ação foi completada com sucesso!

wetabax

  • Guest
Re: Too much for me!
« Reply #9 on: November 18, 2007, 04:13:45 PM »
If any doubt is pending about sent or not sent the samples:
(only a few of the send-receipts)

>> :_CHEST_ANALYZE_:<<

Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\DSC00129.scr
Computer name: DELL-DIMC521
Transfer time: 03.11.2007 18:37:03
Modification time: 03.11.2007 18:32:52
Total size: 162598
Comment:
File ID: 13
Category: 2

>> :_CHEST_ANALYZE_:<<

Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\FotosZip.exe
Computer name: DELL-DIMC521
Transfer time: 05.11.2007 11:37:33
Modification time: 05.11.2007 11:22:08
Total size: 537088
Comment: comes with a first *.pdf extension that opens Acrobat Reader, but doesn't work - if I delete the pdf extension, it originates the attached exe file

File ID: 14
Category: 2

OS:
Microsoft Windows XP Professional (Build 2600) Service Pack 2
The original name when downloaded is FotosZip.exe.pdf - that claims for Acrobat Reader to open. In my Acrobat Reader it doesn't run neither open - nothing happens. So, I renamed the file, deleting the extension and creating it as FotosZip.exe - and after that, it is a virus. Link to download the file is:
http://www.d1048438.domain.com/photosgallery/

>> :_CHEST_ANALYZE_:<<

Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\humor.exe
Computer name: DELL-DIMC521
Transfer time: 07.11.2007 14:47:25
Modification time: 07.11.2007 14:46:40
Total size: 2038272
Comment:
File ID: 15
Category: 2

OS:
Microsoft Windows XP Professional (Build 2600) Service Pack 2

>> :_CHEST_ANALYZE_:<<

Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\VivoCupidoMSG.exe
Computer name: DELL-DIMC521
Transfer time: 08.11.2007 20:32:23
Modification time: 08.11.2007 20:31:16
Total size: 392704
Comment:
File ID: 16
Category: 2

OS:
Microsoft Windows XP Professional (Build 2600) Service Pack 2
one more!!! and to inform the first one, from 3/11/2007 isn't still recognized from avast! - 5 days!!! - now, my colection is populated with 4 samples, none of them recognized as virus from avast! - and I paid for this program!!!!

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Too much for me!
« Reply #10 on: November 18, 2007, 04:19:38 PM »
i'll suggest this thread to misak, he will take care.. ;)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Too much for me!
« Reply #11 on: November 19, 2007, 06:59:40 PM »
i'll suggest this thread to misak, he will take care.. ;)
Thanks. Please, post back when it's solved, you or misak.
I'm receiving quite some IM from Brazilian users complaining about misdetections but more from bad (missed) detections of viruses/malware in your country.
The best things in life are free.

Offline misak

  • Avast team
  • Sr. Member
  • *
  • Posts: 234
    • Personal page (CZE)
Re: Too much for me!
« Reply #12 on: November 20, 2007, 01:59:51 PM »
In virus@avast.com was 4 emails from you. Without duplicity 4 files only. Now are 3 of them detected (see scan report bellow). The last one is HTML page tim_foto2007.com without suspicious scripts.

If you have some other samples, that are not detected, please send it to virus@avast.com

*
* avast! Report
* This file is generated automatically
*
* Task 'aswcmd.exe' used
* Started on 20. listopad 2007 12:42:36
* VPS: 071119-1, 20.11.2007
*

CardMsN.exe\[ASPack] [L] Win32:Banload-CVQ [trj] (0)
foto07_euevc.jpg_-_Tipo_-_Imagem_JPEG_.sCR\[PECompact] [L] Win32:Agent-MLS [trj] (0)
vivo.exe [L] Win32:Trojan-gen {Other} (0)
Infected files: 3
Total files: 7
Total folders: 1
Total size: 915,8 KB

*
* Task stopped: 20. listopad 2007 12:42:36
* Run-time was 0 second(s)
*

wetabax

  • Guest
Re: Too much for me!
« Reply #13 on: November 20, 2007, 05:39:13 PM »
[...]

If you have some other samples, that are not detected, please send it to virus@avast.com

[...]

Well, now the doubt persists. What is better? Send the emails by chest IMAP? Send virus by chest SMTP? Send virus to virus@avast.com? Can anybody give the final word?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Too much for me!
« Reply #14 on: November 20, 2007, 06:35:24 PM »
Well, now the doubt persists. What is better? Send the emails by chest IMAP? Send virus by chest SMTP? Send virus to virus@avast.com? Can anybody give the final word?
Send the emails by chest IMAP or chest SMTP are the same.
Both are better than sending to virus (at) avast.com.
At least, this is what I've read in forums, due to many 'trash' sent directly by email.
The best things in life are free.