Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 413644 times)

0 Members and 1 Guest are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #570 on: December 24, 2011, 12:52:26 AM »
Polonus: we'll never thank you enough for helping improving deteccion. Merry Christmas.

+1 :)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #571 on: December 24, 2011, 05:00:34 AM »
Polonus should be a virus analyst in this case  ::) ;D

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #573 on: December 26, 2011, 12:37:08 AM »
Good catch. - Defintely malware..!!! ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #574 on: December 26, 2011, 12:49:24 AM »
Hi Asyn,

Hope this will help avast detection. Especially users with older Adobe Reader and Acrobat versions are vulnerable to the exploits used here:  Collab.collectEmailInfo() JavaScript Overflow (CVE-2007-5659) and Util.printf() JavaScript Overflow (CVE-2008-2992).
This malware takes advantage of a vulnerability to remotely access or attack a program, computer or server,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Burkoff

  • Guest

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #577 on: December 29, 2011, 07:28:19 PM »
Nice the new https VT now has a 32MB upload limit.

Just hope they beef up the server as the load gets horrendous at times and this page took some time just to load, haven't tried submitting anything yet.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #578 on: December 30, 2011, 12:51:42 AM »
Hi DavidR,

Did they also fix the problem with loading newer VT result links?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #579 on: December 30, 2011, 01:09:20 AM »
I have no idea, as I said I haven't submitted anything so I didn't have a results link to test. But I honestly don't know what is going on with the links as I had never experienced the problem.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Burkoff

  • Guest

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #581 on: December 30, 2011, 01:41:12 PM »
Well the link works, which is a good first step on the new.vt, the server is still slow. Don't particularly like the new layout too big and expanded, too much white space.

I like the additional information at the bottom is nice, this one is a bit of a strange beast as it give information on the "Sigcheck digital signature information" and this is saying it has a digital signature.

Quote from: VT sig Info
publisher................: Sun Microsystems, Inc.
product..................: Java(TM) Platform SE 6 U26
internal name............: javaw
copyright................: Copyright (c) 2011
original name............: javaw.exe
file version.............: 6.0.260.3
description..............: Java(TM) Platform SE binary

All the other info pulled from the file also indicates it is a Sun File, if it is a fake, they have gone to extraordinary lengths. But given its file size it is very large 888KB for javaw.exe (so suspect). I have an old copy for javaw.exe jre6 update 27 and that is only 141KB and that comes up clean on VT.

Since virtually all of the detections are generic/heuristic/crypt/packer. I would certainly send it to http://anubis.iseclab.org/?action=home for further detailed analysis.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YoKenny

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #582 on: December 30, 2011, 02:49:33 PM »
Does anyone wonder why Burkoff has the avast! revolving icon in his signature: ???
http://images.backata.com/image-62A6_4D301DF5.gif

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Samples missed by avast (VirusTotal links only!)
« Reply #583 on: December 30, 2011, 02:52:56 PM »
Does anyone wonder why Burkoff has the avast! revolving icon in his signature: ???
http://images.backata.com/image-62A6_4D301DF5.gif
Thats not a VT link! ::)

Well the link works, which is a good first step on the new.vt, the server is still slow. Don't particularly like the new layout too big and expanded, too much white space.
+1
« Last Edit: December 30, 2011, 03:47:51 PM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #584 on: December 30, 2011, 06:37:29 PM »
Hi folks,

And as yet not fully functional for searching on a URL for file scan results. Asked jotti in a mail  to come up with a url scan link function as well, but the man there said as for now they cannot find the time to do it. Only alternative I have is Garyshood Online Virus Scanner with URL scan (hampered now because depending on VT reults?). This scanner - http://urlscan.chanret.com/ seems only to have DrWeb URL scanner results implemented, and I advise against the use of it because avast Web shield may alert the search results it delivers, for instance JS:Redirector-MX[Trj] was found when scanning for results on scanning  JS/Agent.aln   ARIN   AR   ivitor at -towebs.com   200.62.54.127    to 200.62.54.127   -dentalflores.com.ar   -http://dentalflores.com.ar (also blocked by Google Safebrowsing by the way - and WOT, see: http://www.webutation.net/go/review/dentalflores.com.ar )

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!