Author Topic: FP in CF  (Read 11558 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: FP in CF
« Reply #15 on: February 01, 2009, 06:11:11 PM »
Hi "oldman",

The malcreants have many more devious things up their sleeves. Did anyone see the number of  daily vundo detection updates when checking their SAS update oversight? - mind dazzling, really. I do not know how detection can keep up with this rate of metamorphosis, and this just for one type of nasty, so....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

YoKenny

  • Guest
Re: FP in CF
« Reply #16 on: February 01, 2009, 08:55:48 PM »
Hi "oldman",

The malcreants have many more devious things up their sleeves. Did anyone see the number of  daily vundo detection updates when checking their SAS update oversight? - mind dazzling, really. I do not know how detection can keep up with this rate of metamorphosis, and this just for one type of nasty, so....

polonus

Look at this from Malwarebytes MBAM:
Newest Rogue Threats
http://www.malwarebytes.org/forums/index.php?showforum=30

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: FP in CF
« Reply #17 on: February 01, 2009, 11:10:39 PM »
I just tried it again. No detection for prep.com on download. tail.com is still being detected.

@DavidR
Did you happen to test prep.com at virusTotal? If you did do you have a link? Interested if  AVG is also detecting it.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: FP in CF
« Reply #18 on: February 01, 2009, 11:49:32 PM »
No I didn't because I would have had to extract it from the combofix.exe file.

I have an extractor somewhere, if I can find it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: FP in CF
« Reply #19 on: February 01, 2009, 11:57:59 PM »
OK, I found I can extract the file using 7zip.

Prep.com (no alert when I extracted it) http://www.virustotal.com/analisis/054c873a118934903a83e4980547a1c8 12/39 detections.

Tail.com (avast alerted when I extracted it, so that hasn't been resolved yet) http://www.virustotal.com/analisis/4962d871439748ff7417cdd0f677fb7a 13/39 detections.

No detection by AVG on either.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: FP in CF
« Reply #20 on: February 02, 2009, 12:25:06 AM »
Thanks David. I tested tail.com earlier. same results as you. Webshield didn't detect prep.com on the d/l. So half way there.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: FP in CF
« Reply #21 on: February 02, 2009, 01:29:51 AM »
No problem, didn't take long for prep.com, hopefully it won't be long for tail.com.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: FP in CF
« Reply #22 on: February 02, 2009, 11:32:56 AM »
i've made some small changes to the detection, which should prevent future false positives on these files..

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: FP in CF
« Reply #23 on: February 02, 2009, 03:40:06 PM »
Thanks Maxx.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: FP in CF
« Reply #24 on: February 03, 2009, 04:03:01 AM »
Thanks guys. I just scanned my sample of tail.com. No detection.  :D

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: FP in CF
« Reply #25 on: February 03, 2009, 03:13:50 PM »
Snap, nice when a plan comes together ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: FP in CF
« Reply #26 on: February 03, 2009, 03:18:49 PM »
Hi folks,

Fully agree, DavidR, this forum in optima forma,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

CharleyO

  • Guest
Re: FP in CF
« Reply #27 on: February 03, 2009, 07:53:11 PM »
***

Nice job getting this fixed, avast team!   :)


***