I recently got a file called Wippo-Postal.exe from a web site, which after submitting it to VirusTotal, produced the following result:
----------------------------------------------------------
File Wippo-Postal.exe received on 05.07.2008 23:13:20 (CET)
Result: 5/31 (16.13%)
Antivirus Version Last Update Result
AhnLab-V3 2008.5.3.0 2008.05.07 -
AntiVir 7.8.0.11 2008.05.07 -
Authentium 4.93.8 2008.05.07 -
Avast 4.8.1169.0 2008.05.06 -
AVG 7.5.0.516 2008.05.07 -
BitDefender 7.2 2008.05.07 -
CAT-QuickHeal 9.50 2008.05.06 -
ClamAV 0.92.1 2008.05.07 Trojan.Qhost-49
DrWeb 4.44.0.09170 2008.05.07 -
eSafe 7.0.15.0 2008.05.06 -
eTrust-Vet 31.4.5766 2008.05.07 -
Ewido 4.0 2008.05.06 -
F-Prot 4.4.2.54 2008.05.06 -
F-Secure 6.70.13260.0 2008.05.07 -
Fortinet 3.14.0.0 2008.05.07 -
Ikarus T3.1.1.26.0 2008.05.07 Trojan.Win32.Qhost.IW
Kaspersky 7.0.0.125 2008.05.07 -
McAfee 5289 2008.05.06 Generic VB.b
Microsoft 1.3408 2008.05.07 Trojan:Win32/Qhost.IW
NOD32v2 3082 2008.05.07 -
Norman 5.80.02 2008.05.06 -
Panda 9.0.0.4 2008.05.06 -
Prevx1 V2 2008.05.08 -
Rising 20.43.12.00 2008.05.07 -
Sophos 4.29.0 2008.05.07 Troj/Banhos-Gen
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.07 -
TheHacker 6.2.92.302 2008.05.07 -
VBA32 3.12.6.5 2008.05.06 -
VirusBuster 4.3.26:9 2008.05.06 -
Webwasher-Gateway 6.6.2 2008.05.07 -
--------------------------------------------------------------
As you can see, only 5 out 31 AVs detected it as a Trojan, including Microsoft and McAfee. I submitted the file to Avast via the Chest with some comments and hope to see the reason it is not detected since that Trojan seems to be rather old.
I have been using Avast Home for a few months only and I am a bit worried about its effectiveness compared to other AVs. I was recommended this software by some IT guys so I expected it to be one of the best ones... Well, I hope this is just a very exceptional case... I really like the fast engine of Avast and swift updates, and I wouldn't like to have to pay McAfee their yearly subscriptions...
Peter