Author Topic: iTunesHelp.exe (Read 6416 times)

belalessandro · « **on:** October 19, 2008, 09:57:56 PM »

iTunesHelp.exe is a malware not detected by Avast
It uses USB drives to spread itself, using an autorun.inf that points to RECYCLER folder (which is impossible to open because when you click on it, you open the system recycle bin).
Once it has been executed it copies itself in C:\Windows and runs every system boot (with the label: MSN)

Virus total report (Result: 20/36): http://www.virustotal.com/analisis/73d66032cd13afae43ab31ff66020198

PS: I'm a computer technician and I've sent several times this malware (zipped with password "virus") to virus@avast.com but neither Avast team has included it on avast updates yet nor replied to my email.
I understand that there are a lot of emails and avast team can't read all of them, but I'm a bit annoyed because this isn't the first time that I send copies of new viruses not detected by Avast in order to include them in the updates and I don't receive any response; other antiviruses can detect these viruses very quickly (instead with Avast I have to wait at least 1 week). So, is there a faster solution? A direct email address?

Lisandro · « **Reply #1 on:** October 19, 2008, 11:29:01 PM »

Thanks for helping improving detection.

belalessandro · « **Reply #2 on:** October 24, 2008, 07:15:48 PM »

Another 5 days have passed and the virus is still not detected by Avast..

A copy of the virus can be found here:
http://www.fileshost.com/en/file/66215/virus2-zip.html
Zip password: virus

DavidR · « **Reply #3 on:** October 24, 2008, 08:25:35 PM »

Edit - totally misread your post I though it was an FP.

I too will submit it and see if more is better.

polonus · « **Reply #4 on:** October 24, 2008, 10:57:45 PM »

Hi DavidR,

Do not seem to understand, while all the information is there, and it is quite a pile:
http://www.threatexpert.com/report.aspx?uid=4096c4c9-e956-4aee-98a7-e07d02806421
http://www.bleepingcomputer.com/startups/MSN-23631.html
And our favourite deep-dive info source:
http://www.castlecops.com/s17469-iTuneshelp_exe.html
So I think avast should flag this one,

Damian

DavidR · « **Reply #5 on:** October 25, 2008, 12:14:19 AM »

I edited my post because I thought belalessandro was reporting an FP, not that avast still isn't detecting it. It is quite clear that it is malware from the VT results, when I checked it 24/36 detected it.

belalessandro · « **Reply #6 on:** October 25, 2008, 06:36:20 PM »

Thanks, Now Avast detects it: "Thanks Win32:Trojan-gen {Other}"

So, next time, for a faster detection, (if I found a not detected virus) what I have to do?
Can I send it to polonus? or where else?

DavidR · « **Reply #7 on:** October 25, 2008, 06:51:30 PM »

Sending it to avast is the official route, submitting to VT also helps as samples should be sent to those scanners not detecting it, but this might take time also and by all accounts isn't too reliable.

For your general info, polonous, Tech and I are just avast users like yourself.

Author Topic: iTunesHelp.exe (Read 6416 times)

belalessandro

iTunesHelp.exe

Lisandro

Re: iTunesHelp.exe

belalessandro

Re: iTunesHelp.exe

DavidR

Re: iTunesHelp.exe

polonus

Re: iTunesHelp.exe

DavidR

Re: iTunesHelp.exe

belalessandro

Re: iTunesHelp.exe

DavidR

Re: iTunesHelp.exe