Author Topic: Viruses not detected by avast pro and home  (Read 2174 times)

0 Members and 1 Guest are viewing this topic.

danny2001s

  • Guest
Viruses not detected by avast pro and home
« on: May 15, 2008, 03:32:19 PM »
I sent several requests and virus samples inside a .zip file with password to virus at avast dot com, few weeks ago, but avast pro and home seems uncapable to detect the "W32.Besso" and some viruses named "kavo" but looks like a Besso's variant.

I'm really concerned about this because I can't understand why a great antivirus like avast is still unable to detect and block infections from these virus and variants, since several months ago.

I don't know if this is a configuration problem, but now I need help with this... I had several customers infected with those virus and avast, which I recommended a lot, is just fully updated but the virus and variants are affecting many systems, infecting even iPods disks.

I hope posting to this forum will help to solve this issue, and really want to trust 110% in avast, as always.

I'm unable to attach here a virus sample.

Another virus not detected is the Trojan.PWS.Wsgame.3605
 
Daniel

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Viruses not detected by avast pro and home
« Reply #1 on: May 15, 2008, 04:39:57 PM »
kavo belongs to OnLineGames trojan afaik.. it would be great to have the files marked as potential OnLineGames... are you able to locate them and send in a password protected archive to virus[at]avast[dot]com? don't forget to mention the password in message body and you can attach the virustotal analysis or a short description... thx

danny2001s

  • Guest
Re: Viruses not detected by avast pro and home
« Reply #2 on: May 15, 2008, 09:14:31 PM »
kavo belongs to OnLineGames trojan afaik.. it would be great to have the files marked as potential OnLineGames... are you able to locate them and send in a password protected archive to virus[at]avast[dot]com? don't forget to mention the password in message body and you can attach the virustotal analysis or a short description... thx

I already send (again) email to specified email address (I have delivery receipts ok), with .zip attachments containing the viruses and variants from my email address at tecno-soft.com

Finally, I'm glad avast now detects the viruses and trojans described, but is still allowing infected processes to run, specially the "kavoX.dll" if another program can program it to autostart using HKLM\Run. I tested this infection on a XP virtual machine with avast home updated. After reboot, the virus is loaded and try to infect the C:\ using the autorun.inf containing instructions to run "mka.bat"... FINALLY !! avast now detects this and blocks the program, but because the virus is in memory, it tries continually to infect the C:\, and avast is catching all tose attempts.

I tested "Start Avast" and I'm glad it nows recognizes the infection in memory, suggesting a boot scan. At boot scan, avast now detects the viruses and variants. All were removed. But the autorun.inf and registry key (HKLM\Run) remains, this could facilitate future infections.