Author Topic: Why is Avast not blocking XP Antivirus 2010 trojan?  (Read 29738 times)

0 Members and 1 Guest are viewing this topic.

Riverviewfan

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #30 on: March 13, 2010, 05:34:57 PM »
Yes MSE is detecting this FOR NOW. From My experience, as soon as this is detected be an A/V the creators change the code. So soon it will be back to square one.

You missed my point.  My point was that even those lame-o's at Microsoft were able to detect and remove it.  Avast was unable to until yesterday.

Riverviewfan

Riverviewfan

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #31 on: March 13, 2010, 05:41:50 PM »
A little like blaming the pharmaceutical companies or health authorities for having not come up with an effective cure for the common cold. Or HIV. Or Ebola.
These things keep mutating.

It's not at all like that!  There are no cures for the common cold.  In the case of this particular Trojan, there was a cure available - MBAM!

I can understand that not all AV programs can catch zero day malware before they infect your machine.  What I have a problem with is the slow response time of AV community (all except MBAM) in being able to remove it.  This particular trojan has been around for over a month and a half.  MBAM was apparently able to remove it from the get-go.

Derek

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #32 on: March 13, 2010, 06:05:45 PM »
Mbam as of yesterday was unable to kill the latest variant - I don't know how I can get you to understand this, Avast can kill some variants - the update the day before yesterday got a few more.  But, and this is the crippler the malware creators can and will change the coding as soon as one AV/AM kills it, then we are playing catch up again. 

They do not need to anlayse the AV's all they need to do is change a few lines of code, tweak the file names, upload to the server and they are done - half an hours work at the most.  AV and AW companies must get a sample and analyse it thoroughly - 24 hours maybe - then create the fix and ensure that they get all the files, all the registry changes that the malware creates, without affecting the rest of the operating system   

CharleyO

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #33 on: March 13, 2010, 06:13:48 PM »
***

There is an old saying that goes ...

"You can lead a horse to water but you can't make it drink."


***

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #34 on: March 13, 2010, 08:40:41 PM »
Riverfan: you don't have to believe, but it was really difficult to collect enough of samples (they're quite polymorphic) with their contexts (whether they get inside through phishy e-mails or hacked websites, poisoned ad-rotators).. read our blog and you'll see that it is a really complex task to track modern rogue antiviruses and it must be done for each particular variant... a general rule is - the more samples you have the better (more generic) detection you can make, so there's really a need to collect at least tens of samples if you want to be effective enough.. but this is nothing against a fact that fake antiviruses are a pain of all common antiviruses..

YoKenny

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #35 on: March 13, 2010, 08:50:15 PM »
***

There is an old saying that goes ...

"You can lead a horse to water but you can't make it drink."
Its really:
"You can lead a horse to water but you can't make it think."

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37639
  • F-Secure user
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #36 on: March 13, 2010, 09:00:11 PM »
Polymorphic code
http://en.wikipedia.org/wiki/Polymorphic_code

In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.[1]

Encryption is the most common method to hide code. With encryption, the main body of the code (also called its payload) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is executed this function reads the payload and decrypts it before executing it in turn.

Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair are mutated with each copy of the code. This allows different versions of some code while all function the same.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #37 on: March 14, 2010, 02:12:01 AM »
A little like blaming the pharmaceutical companies or health authorities for having not come up with an effective cure for the common cold. Or HIV. Or Ebola.
These things keep mutating.

It's not at all like that!  There are no cures for the common cold.  In the case of this particular Trojan, there was a cure available - MBAM!


Apart from the minor detail of "there being no cure for the common cold" (partly because it keeps mutating), it is exactly like that. Maybe the examples chosen could have been better. But in the case of a polymorphic file infector, like some vitro variants, for which there is no cure, it's pretty much a spot on analogy to, say, HIV.

Details of the analogy may be a bit out; the principle is good.
Windows 10,Windows Firewall,Firefox w/Adblock.

pallison

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #38 on: March 31, 2010, 12:33:25 PM »
Ok....today I was infected with this stinking thing....my OS is Windows 7.....can't open anything, just get messages that lead to purchase of Antivirus Suite.....I followed the directions given in the thread to remove using FixExe and Mbam....it did what it was supposed to, it downloaded onto the infected computer and ran a full scan with one virus detected and removed....but my computer is still infected....nothing has changed, absolutely nothing will open....what can I do now....????? HELP...!!!

And by the way, when it was still infected, I tried running the FixExe and Mbam again and it would not do...just got the virus message I get on everything else.....

akama1

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #39 on: March 31, 2010, 12:38:46 PM »
believe me or not avast too has major problems dealing with internet security 2010 found it as a suspicious file 1 hour it is in the vm i choosed delete option nothing happened

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37639
  • F-Secure user
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #40 on: March 31, 2010, 12:44:56 PM »
Ok....today I was infected with this stinking thing....my OS is Windows 7.....can't open anything, just get messages that lead to purchase of Antivirus Suite.....I followed the directions given in the thread to remove using FixExe and Mbam....it did what it was supposed to, it downloaded onto the infected computer and ran a full scan with one virus detected and removed....but my computer is still infected....nothing has changed, absolutely nothing will open....what can I do now....????? HELP...!!!

And by the way, when it was still infected, I tried running the FixExe and Mbam again and it would not do...just got the virus message I get on everything else.....
Follow this guide from Essexboy. http://forum.avast.com/index.php?topic=53253.0
Then start a new Topic where you post the log`s. (if you continue inside this old tread it will just make it difficult to follow)
Then Essexboy will help you

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #41 on: March 31, 2010, 12:58:53 PM »
pallison: you probably have to fix exe associatoin that has been redirected to the fake av binary..

DandyDonTX

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #42 on: April 02, 2010, 05:33:09 AM »
Its really:
"You can lead a horse to water but you can't make it think."
I hope you know more about computers than you do horses.  ???

This pissing match is too much. I'm going to start a new thread...

photoizbk

  • Guest
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #43 on: April 03, 2010, 01:45:39 AM »
On March 22, 2010 I purchased AVAST 5 so that my pc wouldn't be unprotected when my AVAST 4 license expired. So, that went ok, didn't have a problem at all, everything working fine. Ok, so today I was on nbc.com and tried to download the HD viewer to watch some shows. The computer started acting weird, slow, wouldn't download the viewer, after a few attempts I gave up. The computer still acted as if there was something wrong...no messages or errors reported. So, I decided to do a system restore, bad idea. The system shut down AVAST and now I cannot get it to enable. It looks like some of the files might be missing too.
Can someone please help me? If you decide to take me on, please be patient and talk in layman's terms as I am not completely computer illiterate, but don't know much either.

Thank you.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Why is Avast not blocking XP Antivirus 2010 trojan?
« Reply #44 on: April 03, 2010, 02:30:31 AM »
re post by photoizbk , reposted here, no further action needed in this thread.
Windows 10,Windows Firewall,Firefox w/Adblock.