Author Topic: Trojan.Agent.Delf.GY  (Read 3257 times)

0 Members and 1 Guest are viewing this topic.

Offline pdafreak

  • Jr. Member
  • **
  • Posts: 27
Trojan.Agent.Delf.GY
« on: April 19, 2009, 02:42:36 PM »
Why avast not detected this as trojan?

its called seabra stealer. basically it steal all ur browser saved password & FireZilla & AIM
it created a history.txt file inside of C:\windows\system32\ that contain all ur password in plain text
and the exe will ftp the information to specified server. and it has anti virtual pc or anti vmware

more information
http://www.opensc.ws/off-topic/5831-seabra-stealer-0-5-a.html

file analysys
http://www.virustotal.com/analisis/09184de305adc11fe86bdedcee7f2ecb

as u see only 4 antivirus can detected it as trojan.

so please make it so avast can detect it. thanks :)

ps: im using avast 4.8 vps 090418-0 compilation date 4.8.1335 and its still not yet detected the file as virus or trojan
« Last Edit: April 19, 2009, 02:45:41 PM by pdafreak »
Windows 7 x64 SP1 - Intel i5 2500K - 12GB RAM
Running Avast Antivirus 6.0.1289 - MBAM - Firefox 12

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32907
  • malware fighter
Re: Trojan.Agent.Delf.GY
« Reply #1 on: April 19, 2009, 04:08:51 PM »
Hi pdafreak,

It can be a malicious password stealer posing as a keygen installer. It has also been found as: C:\WINDOWS\system32\3x-un-14x.exe
Infected: Trojan.Agent.Delf.GY
In the hackworld an app has been released called Seabra Stealer, it makes password stealers that are currently completely undetectable by the majority of  antiviruses. Samples have been sent to KIS and Norton.

They are commonly attached to RS and other file host downloads/bypasses.

Luckily some forums haven't been targeted yet, but on other forums its spreading like wildfire. So watchout!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84458
  • No support PMs thanks
Re: Trojan.Agent.Delf.GY
« Reply #2 on: April 19, 2009, 04:37:51 PM »
What is strange is that so few, read almost none of the major players detect this, bitdefender is one and GData another, but that uses bitdefender as one of its two scanning engines (avast being the other), so that reduces those two to one, so there is still margin for doubt with only three detections.

You could try - Anubis: Analyzing Unknown Binaries, is another scanning tool that is useful, Anubis: Analyzing Unknown Binaries and report the findings (results page URL).

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.10.2442 (build 20.10.5824.618) UI-1.0.591/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security