Backdoor Trojan not detectedn by Avast!

[TrenchFOOT]

I am a big fan of Avast! It's been very efficient ever since I first used it, but recently it failed me.
I noticed my Firewall (Comodo) logging suspicious behavior:
Explorer.exe was constantly trying to connect to the Internet, with an attempt every second. The external port Explorer.exe was trying to connect to was incremented with every attempt. When I first noticed it, the external port was 1346, which incremented after every attempt. The IP remained constant: 38.97.225.166.
Why would Explorer.exe constantly be trying to connect to 38.97.225.166? I thought. It could only be malicious.
I further noticed that every time I plugged a USB drive into my PC (Windows XP SP2), I new autorun.inf was created, together with a hidden folder called "Driver". This "Driver" folder contained a "Files" folder which resembled the Recycle Bin. This folder was empty, yet when I viewed its properties, it listed 2 files. I promptly deleted the autorun.inf and Driver folder, which was promptly recreated 2 seconds later. I scanned the USB drive, to no avail.
I did a complete boot-time scan of my PC, which came up clear. Avast! could find no threat.
I got Kaspersky Internet Security 2009. Needless to say I had to uninstall Avast! when I installed Kaspersky. When I scanned the USB drive with KIS it found a Trojan known as Backdoor.Win32.VB.iqo.
On Threatexpert.com it is described as:
A malicious backdoor Trojan that runs in the background and allows remote access to the compromised system:
http://www.threatexpert.com/report.aspx?md5=2adcaf95e8bda37bbb92e8e5f43e99bd
A malicious Trojan horse or bot that may represent security risk for the compromised system and/or its network environment:
http://www.threatexpert.com/report.aspx?md5=bcbd8ec75e1f60cf73415c4dbf8af1d6

McAfee also has some info:
http://vil.nai.com/vil/content/v_156344.htm

Why did Avast! not detect this Trojan.
I am writing this post just to inform those who can do something about this, so that Avast! users can be safe.

Kapersky Report (Not exhaustive):
C Drive:

• 2009/06/01 03:27:48 PM   Detected: Backdoor.Win32.VB.iqo   File   C:\driver\files\   dt.exe
• 2009/06/01 03:28:01 PM   Deleted: Backdoor.Win32.VB.iqo   File   HKLM\Software\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX5-314CCA322142}\   {67KLN5J0-4OPM-01WE-AAX5-314CCA322142}
• 2009/06/01 03:28:21 PM   Deleted: Backdoor.Win32.VB.iqo   File   C:\driver\files\   dt.exe
• 2009/06/01 05:17:15 PM   Detected: Backdoor.Win32.VB.iqo   File   C:\System Volume Information\_restore{7A9E6E3C-536F-4108-AA0D-0A202ECEBB41}\RP134\   A0157323.exe

USB Drive:

• 2009/06/03 08:02:13 PM   Deleted: Backdoor.Win32.VB.iqo   File   F:\Driver\Files\   DT.exe
• 2009/06/03 08:02:13 PM   Deleted: Backdoor.Win32.VB.iqo   File   F:\Driver\Files\   DT.exe

[DavidR]

No one program is going to catch 100% of all malware, which is why protection in depth as advisable, and your firewall is part of that to block unauthorised outbound connections. I block all connections for explorer.exe even though you can technically type a URL in the windows explorer address bar.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

If you haven't already got this software (freeware), download, install, update and periodically run them.

• 1.  MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware On-Demand only in free version.

[Lisandro]

Nobody likes lack of detection... but as David said, not a software is perfect.
Thanks for helping improving avast detection.

Maybe you could run a full computer on-line scanning:
BitDefender
ESET NOD32
F-Secure

For detection-only, not cleaning:
Kaspersky
Trendmicro housecall

[Dwarden]

always send samples of such malware to Alwil! so they can tear it apart in lab and add detection if it's missing !

[cinchez]

As everybody says, No body or no thing is perfect, unfortunately that includes AVs as well^^

Better send that sample to avast! to prevent future attacks^^

-AnimeLover^^

[.: L' arc :.]

-= A layer of protection will help catch what the first, second, or so, layer missed..

(1) On-Access Antivirus [e.g. avast!]
(2) Firewall
(3) Anti-spyware/anti-malware [e.g. malwarebytes antimalware; SuperAntiSpyware]
(4) Other On-demand scanners & Utilities [e.g. Hijack This]
(5) You are also part of the protection layer since you are the one who controls the computer..

-= God bless..

[YoKenny]

-= A layer of protection will help catch what the first, second, or so, layer missed..

(1) On-Access Antivirus [e.g. avast!]
(2) Firewall
(3) Anti-spyware/anti-malware [e.g. malwarebytes antimalware; SuperAntiSpyware]
(4) Other On-demand scanners & Utilities [e.g. Hijack This]
(5) You are also part of the protection layer since you are the one who controls the computer..

-= God bless..

You forgot one:

Security monitor such as WinPatrol:
http://www.winpatrol.com

[Lisandro]

A layer of protection

I'll call a layer of detection... only the first 2 are resident... (at least, free versions of them).

[.: L' arc :.]

-= ehehe..

-= Is my grammar wrong.. Sorry for bad english.. Layer of detection..