Author Topic: Samples missed by avast  (Read 27047 times)

0 Members and 1 Guest are viewing this topic.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: Samples missed by avast
« Reply #1 on: September 10, 2010, 10:48:55 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

WhiteZero

  • Guest
Re: Samples missed by avast
« Reply #2 on: September 10, 2010, 11:35:04 PM »
FakeAV missed by Avast (and lots of others) that I got off the Malware Domain List today:
http://www.virustotal.com/file-scan/report.html?id=f8d7aaf4b2cf3730ecfac9f8ec0fd6aa9e3d1bccd67fe87429a8a6997e67c004-1284154379

If they don't already, Avast should really check out the samples from http://www.malwaredomainlist.com/mdl.php
Great source for known and 0-day infections.
« Last Edit: September 10, 2010, 11:45:44 PM by WhiteZero »


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
The best things in life are free.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86799
  • No support PMs thanks
Re: Samples missed by avast
« Reply #6 on: September 11, 2010, 11:10:48 PM »
If you haven't already sent the sample to avast:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

iRonzel

  • Guest
« Last Edit: September 12, 2010, 02:31:32 AM by Llanziel »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86799
  • No support PMs thanks
Re: Samples missed by avast
« Reply #8 on: September 12, 2010, 02:41:38 AM »
With only those two (only counts as bitdefender id one of the two GData scanners, avast being the other), it is possible this is a bitdefender false positive. It is also a generic signature, which are more prone to FP.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

iRonzel

  • Guest
Re: Samples missed by avast
« Reply #9 on: September 12, 2010, 06:52:32 PM »
With only those two (only counts as bitdefender id one of the two GData scanners, avast being the other), it is possible this is a bitdefender false positive. It is also a generic signature, which are more prone to FP.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

I downloaded the sample in "Malware Domains List", so is 100% guarantee that the sample is a REAL Threat. Previously I've uploaded samples that none of the engines detect the threat.   

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86799
  • No support PMs thanks
Re: Samples missed by avast
« Reply #10 on: September 12, 2010, 08:04:47 PM »
Well with a 100% guarantee (ridiculous really) I would have expected more than 1 detection on VT and that was generic. So I can't see how they can give that sort of 100% guarantee, as far as security goes nothing is 100% and I guess that goes for this too.

I asked about the file name for a reason, there are other analysis sites for binaries. If this is an .exe file then it can be given a detailed analysis. - Anubis: Analyzing Unknown Binaries, is another scanning tool that is useful, Anubis: Analyzing Unknown Binaries. Post a link to the results page.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security


Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Samples missed by avast
« Reply #12 on: September 12, 2010, 10:22:18 PM »
will be detected on monday generically..

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: Samples missed by avast
« Reply #13 on: September 12, 2010, 10:41:54 PM »
will be detected on monday generically..
Which of them? All? The last ones?
The best things in life are free.

iRonzel

  • Guest
Re: Samples missed by avast
« Reply #14 on: September 12, 2010, 11:44:28 PM »
Well with a 100% guarantee (ridiculous really) I would have expected more than 1 detection on VT and that was generic. So I can't see how they can give that sort of 100% guarantee, as far as security goes nothing is 100% and I guess that goes for this too.

I asked about the file name for a reason, there are other analysis sites for binaries. If this is an .exe file then it can be given a detailed analysis. - Anubis: Analyzing Unknown Binaries, is another scanning tool that is useful, Anubis: Analyzing Unknown Binaries. Post a link to the results page.

Ok Dave! I'm NOT talking about BitDefender. I refer that the samples downloaded from MDL, they are REAL malware. See for yourself with this new check:

http://www.virustotal.com/file-scan/report.html?id=0a7c7206533fcbaac91c0e6c7f8e912932db598783d367ebb8e534118b2b858a-1284284343

Is FP?

edit: Do you saw the ThreatExpert report?

explorer.exe, iexplorer and cmd.exe was modified by the application!!!
« Last Edit: September 12, 2010, 11:50:16 PM by Llanziel »