doesn't Avast detect win32/mebroot.h trojan?

[meck]

Can anybody explain if this is a false alarm?

http://www.virustotal.com/en/analisis/223a5f1a6ff39449f1095aebb695c0b7

That file i have had to copy from mbr:

---- Disk sectors - GMER 1.0.14 ----

Disk            \Device\Harddisk0\DR0        sector 61: malicious code @ sector 0x12a14c00 size 0x194

Thanks \o


I opened a Post in: http://forum.avast.com/index.php?topic=36981.0 where i have tried also to get a solution.

[sopadeajo]

With a 30% detection rate i would consider the possibility of not a false positive.

http://www.daboweb.com/foros/index.php?topic=31030.0

and here is an online translation to english (hope it is good enough), in case it is necessary (hope it is not).

http://209.85.171.104/translate_c?hl=es&langpair=es|en&u=http://www.daboweb.com/foros/index.php%3Ftopic%3D31030.0&usg=ALkJrhixQ8jaTKyPVZUBLoGRvVHzzKIT1Q

[DavidR]

I certainly wouldn't base a decision on if it is an FP on only 30% detected something, it is a little more complex than that.

With 4 of the 10 detections being heuristic or generic, leaving 6 detected by signature so it is certainly suspect and I would suggest it should be sent to avast for analysis, see below.

Are you getting any strange symptoms , e.g. what made you do an anti-rootkit scan ?

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

[wyrmrider]

meck- did you post a link to your other thread in the Avast home/pro forum
do follow up on this

[meck]

meck- did you post a link to your other thread in the Avast home/pro forum
do follow up on this

i just do it. \o

[meck]

I certainly wouldn't base a decision on if it is an FP on only 30% detected something, it is a little more complex than that.

With 4 of the 10 detections being heuristic or generic, leaving 6 detected by signature so it is certainly suspect and I would suggest it should be sent to avast for analysis, see below.

Are you getting any strange symptoms , e.g. what made you do an anti-rootkit scan ?

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and possible undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Hi, I did it but i haven't received notification.

thanks \o

[Lisandro]

Hi, I did it but i haven't received notification.

They usually do not send it, I mean, there isn't an automated system (robot) to answer.
They usually answer by correcting the detection in the virus database.