Samples missed by avast

[DavidR]

Well I'm talking about the VT results link that you posted in reply #7 as that is effectively showing only bitdefender detecting anything. If that came from MDL then I would say that their 100% claim is dubious.

Your first VT results is entirely different to the second they aren't the same file which I was responding to.

[iRonzel]

Two more:

http://www.virustotal.com/file-scan/report.html?id=15dba6ea3516bc9f9e499c06b3ba9c6e04875029ced8daca5c4065ef4bb1a266-1284324799

http://www.virustotal.com/file-scan/report.html?id=2024f15609323b32206d61c86c2ac56d4f035793979656c8aff4b9deda1f699c-1284330418

[WhiteZero]

http://www.virustotal.com/file-scan/report.html?id=f1e384d3bc63a07b1bdfb4effd170e9745af1ae19dfb568d6984225dd436262f-1284349326
Submitted via Virus Chest.

Llanziel, I see you are a fan of the MalwareDomainList too. 

[RejZoR]

Well, its certainly a good source of FakeAV's. And some exploits, bots and other junk.

[mkis]

If you want, you can add MalwareDomainlist auto-update to yr Hosts file through HostMan Editor

edit - no idea why i have so many hphosts as update Sources, just happened that way.

[Maxx_original]

Tech: Kazy and Zbot variants will be detected generically (we have some samples with a wider context available), other samples will be probably detected with some "regular" detections..

[Lisandro]

http://www.virustotal.com/file-scan/report.html?id=2ed7b857b9a435abe3cf3c324dfccfb1c5f1ddcfea6f27130daaa6f839de4bb2-1284358700

[iRonzel]

Llanziel, I see you are a fan of the MalwareDomainList too.  

That is correct!

edit: also with Malware Patrol, http://www.malware.com.br/

[iRonzel]

What about: Trojan.Win32.Workir.agf

Is avast! detecting it???

http://www.threatexpert.com/report.aspx?md5=93c98cfc407afe3c3b3cd557643a160e

[Burkoff]

Hi, people.

hxxp://rapidshare.com/files/418820320/MONMVR32.7z

http://www.virustotal.com/file-scan/report.html?id=a3e0c19979eae982d6f8e084283423cda036488121d7ffc03024ace41f89e30c-1284313816

Please add in the virus database.
   And

hxxp://rapidshare.com/files/418826287/Trojan-SMS_for_Android_FakePlayer_RUapk.zip

http://www.virustotal.com/file-scan/report.html?id=25ca122c12a44e52a1d1971cd1ef8fe89be66e930e25f16732d273d6be2a7f53-1284134992

[DavidR]

Please modify your post and remove the link to the malware download. The samples should be sent directly to avast and not use the forums as some sudo malware distribution site. These forums are publicly available so you never know who might download it or what use they might put it to. Not to mention if it is an undetected sample then you put avast users at risk.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

[RejZoR]

@Maxx
Any chance to ever expect more of aggressive heuristics? Maybe as Ultra High/Aggressive sensitivity option (disabled by default) and with direct uploading of anything detected to your servers and tagged as [AdvHeur]?
Even though some may like very passive avast! response, i'd like to see a more aggressive approach, at least as optional thing. Wouldn't it be possible to use these aggressive detections to fine tune heuristics for lower levels so everyone can benefit. Casual users with strong but accurate heuristics and those security freaks (us) to have very strong heuristics with few more false positives. But it's easier to deal with false positive than real threat imo.

[Lisandro]

Please modify your post and remove the link to the malware download.

Not necessary. Better change http for hxxp in the link. Then avast team has the information of the source of the file in my opinion.

[Lisandro]

direct uploading

Seems cloud technology... Are they prepared for that? Both on technology and servers side?
Besides this, I fully agree with you

[DavidR]

Please modify your post and remove the link to the malware download.

Not necessary. Better change http for hxxp in the link. Then avast team has the information of the source of the file in my opinion.

It is necessary as just changing the http to hxxp won't stop people downloading it they aren't stupid and we have no idea what they might do with samples that are undetected by avast.

This forum has to act responsibly when other avast users could be put at risk if some idiot decided to download and distribute these samples for malicious purposes.

I'm totally unconcerned with the link being active to rapidshare, I'm concerned with what people might do with the samples. If you want the virus labs team to get the samples then send them directly.