« previous next »
Pages: [1]   Go Down

Author Topic: Another Trojan not detected by Avast  (Read 3171 times)

0 Members and 1 Guest are viewing this topic.

petsin

  • Guest
Another Trojan not detected by Avast
« on: May 08, 2008, 12:58:46 AM »
I recently got a file called Wippo-Postal.exe from a web site, which after submitting it to VirusTotal, produced the following result:

----------------------------------------------------------
File Wippo-Postal.exe received on 05.07.2008 23:13:20 (CET)
Result: 5/31 (16.13%)

Antivirus Version Last Update Result
AhnLab-V3 2008.5.3.0 2008.05.07 -
AntiVir 7.8.0.11 2008.05.07 -
Authentium 4.93.8 2008.05.07 -
Avast 4.8.1169.0 2008.05.06 -
AVG 7.5.0.516 2008.05.07 -
BitDefender 7.2 2008.05.07 -
CAT-QuickHeal 9.50 2008.05.06 -
ClamAV 0.92.1 2008.05.07                      Trojan.Qhost-49
DrWeb 4.44.0.09170 2008.05.07 -
eSafe 7.0.15.0 2008.05.06 -
eTrust-Vet 31.4.5766 2008.05.07 -
Ewido 4.0 2008.05.06 -
F-Prot 4.4.2.54 2008.05.06 -
F-Secure 6.70.13260.0 2008.05.07 -
Fortinet 3.14.0.0 2008.05.07 -
Ikarus T3.1.1.26.0 2008.05.07                Trojan.Win32.Qhost.IW
Kaspersky 7.0.0.125 2008.05.07 -
McAfee 5289 2008.05.06                       Generic VB.b
Microsoft 1.3408 2008.05.07                  Trojan:Win32/Qhost.IW
NOD32v2 3082 2008.05.07 -
Norman 5.80.02 2008.05.06 -
Panda 9.0.0.4 2008.05.06 -
Prevx1 V2 2008.05.08 -
Rising 20.43.12.00 2008.05.07 -
Sophos 4.29.0 2008.05.07                     Troj/Banhos-Gen
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.07 -
TheHacker 6.2.92.302 2008.05.07 -
VBA32 3.12.6.5 2008.05.06 -
VirusBuster 4.3.26:9 2008.05.06 -
Webwasher-Gateway 6.6.2 2008.05.07 -

--------------------------------------------------------------

As you can see, only 5 out 31 AVs detected it as a Trojan, including Microsoft and McAfee. I submitted the file to Avast via the Chest with some comments and hope to see the reason it is not detected since that Trojan seems to be rather old.

I have been using Avast Home for a few months only and I am a bit worried about its effectiveness compared to other AVs. I was recommended this software by some IT guys so I expected it to be one of the best ones... Well, I hope this is just a very exceptional case... I really like the fast engine of Avast and swift updates, and  I wouldn't like to have to pay McAfee their yearly subscriptions...

Peter
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Another Trojan not detected by Avast
« Reply #1 on: May 08, 2008, 03:23:02 AM »
Not a software is perfect.
avast is improving itself.
But it's not as fast with all infections.
But McAfee, from time to time, will lose the battle too.
So, you need to be self-confident with your antivirus from a serious company.
But you did the right thing, complain ;)

Welcome to avast forums.
Logged
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Another Trojan not detected by Avast
« Reply #2 on: May 08, 2008, 06:09:20 PM »
Hi malware fighters,

Here is what the virus does, description from another av-vendor, translated into English for those that cannot read Spanish: http://www.vsantivirus.com/qhost-nca.htm

http://209.85.135.104/translate_c?hl=en&langpair=es|en&u=

polonus
« Last Edit: May 08, 2008, 06:11:30 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

petsin

  • Guest
Re: Another Trojan not detected by Avast
« Reply #3 on: June 10, 2008, 10:22:15 PM »
Well, though the trojan is different this time, another one is circulating as a "gusanito.com" postcard that again is not detected by Avast. Just received this one today:

File Wippo-Chat.exe received on 06.10.2008 21:35:56 (CET)

Result: 15/32 (46.88%)

Antivirus Version Last Update Result
AhnLab-V3 2008.6.11.0 2008.06.10 -
AntiVir 7.8.0.55 2008.06.10 HEUR/Malware
Authentium 5.1.0.4 2008.06.10 -
Avast 4.8.1195.0 2008.06.10 -
AVG 7.5.0.516 2008.06.10 BackDoor.VB.CBL
BitDefender 7.2 2008.06.10 -
CAT-QuickHeal 9.50 2008.06.10 Backdoor.VB.ceh
ClamAV 0.92.1 2008.06.10 -
DrWeb 4.44.0.09170 2008.06.10 -
eSafe 7.0.15.0 2008.06.10 -
eTrust-Vet 31.6.5862 2008.06.10 -
Ewido 4.0 2008.06.10 Heuristic.Win32.Backdoor.IrcBot
F-Prot 4.4.4.56 2008.06.10 -
F-Secure 6.70.13260.0 2008.06.10 Backdoor.Win32.VB.ceh
Fortinet 3.14.0.0 2008.06.10 -
GData 2.0.7306.1023 2008.06.10 Backdoor.Win32.VB.ceh
Ikarus T3.1.1.26.0 2008.06.10 Backdoor.Win32.VB.ceh
Kaspersky 7.0.0.125 2008.06.10 Backdoor.Win32.VB.ceh
McAfee 5314 2008.06.10 New Malware.d
Microsoft 1.3604 2008.06.10 -
NOD32v2 3174 2008.06.10 a variant of Win32/IRCBot.AGK
Norman 5.80.02 2008.06.10 -
Panda 9.0.0.4 2008.06.10 Suspicious file
Prevx1 V2 2008.06.10 -
Rising 20.48.12.00 2008.06.10 -
Sophos 4.30.0 2008.06.10 Mal/Emogen-K
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.10 W32.IRCbot
TheHacker 6.2.92.341 2008.06.10 -
VBA32 3.12.6.7 2008.06.10 Backdoor.Win32.VB.ceh
VirusBuster 4.3.26:9 2008.06.10 -
Webwasher-Gateway 6.6.2 2008.06.10 Heuristic.Malware

Same as before, I submitted the file using the Chest service, and I will keep the file to test when Avast becomes aware of it... The last one I submiited in May still goes undetected by the latest version of Avast, but now 50% of the AV software detects it according to Virustotal.com (in May was only 16%).

These results do not talk well about Avast since they can not say they don't know about the particular trojan... and still a month can go by without an antidote. Now I am thinking that this is not an exceptional case as I supposed...

Peter
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Another Trojan not detected by Avast
« Reply #4 on: June 10, 2008, 11:35:14 PM »
Man... what's going on with avast an such low detection rate... specially new malware on-the-wild? ??? ???
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »