Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373835 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33531
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #30 on: September 26, 2010, 08:13:24 PM »
Hi DavidR,

But the folks that report missed samples through VT links, should check there again for more recent results, also sometimes results are found to be false positives, see the link Left123 gave above. So do your homework properly.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
« Last Edit: September 27, 2010, 06:23:58 AM by Marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Samples missed by avast (VirusTotal links only!)
« Reply #32 on: September 27, 2010, 05:46:58 AM »
damnit, read the topic name - virustotal links only

Know.Purposely !
Send the samples to Avast! via the interface (trough the chest) or otherwise (don't remember how) NOT POST THEM HERE!


Send a password protected zip file ( Password: virus) to virus@avast.com with the subject "Undetected Malware",  Put the password in the body of the e-mail.
« Last Edit: September 27, 2010, 06:38:20 AM by Marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!


Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
« Last Edit: September 28, 2010, 05:44:57 AM by Marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

chudycebu

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #36 on: September 30, 2010, 11:10:47 AM »
http://www.virustotal.com/file-scan/report.html?id=9fcfe985ff93d493ae8c091566b6524deb114748a5a5018f80d797c658311e14-1285836908
http://www.virustotal.com/file-scan/report.html?id=6a17b1626a22aaaf87bb8b1ad173f91b85f2ab4a863a4b4ec5227e8ba4f02879-1285831256

backdoor: winlogon.exe connected to 74.55.58.173 under weird url like 2-3-v-5-6-l-w-1-q-9-j-n-6-2-n-8-...

avast disabled by: programs will be disabled or shall we say redirect to this winlogon.exe at this registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

programs running: winlogon.exe under windows current user name with svhost.exe child process

version: 206

how to keep your programs running?
put all access to this registry in read only...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

this is the 3rd time same virus variant undetected but every time I've uploaded to avast virus-lab It took a week before avast detects(update config every 5mins).

« Last Edit: September 30, 2010, 11:14:43 AM by chudycebu »

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
« Last Edit: September 30, 2010, 04:54:07 PM by Left123 »
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Samples missed by avast (VirusTotal links only!)
« Reply #38 on: October 01, 2010, 05:36:41 AM »
Thanks for the link Left123.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!




Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #42 on: October 02, 2010, 03:46:29 PM »
I like this thread..!
Thanks, Tech..!! :)
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Samples missed by avast (VirusTotal links only!)
« Reply #43 on: October 02, 2010, 03:49:32 PM »
I like this thread..!
Thanks, Tech..!! :)
asyn
You're welcome.
Although I was alerted that just posting virustotal links without further information about the origin of the file, behavior, etc. is just adding manual work for the virus analysts that are receiving 50.000 samples per day.
They have quite some honeypots and they're not really worried about the links posted here.

You could not agree with that.
They do not post in forum about it (clearly).
The best things in life are free.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #44 on: October 02, 2010, 03:54:21 PM »
I like this thread..!
Thanks, Tech..!! :)
asyn
They have quite some honeypots and they're not really worried about the links posted here.

I don't doubt that..! ;)
Nevertheless it's interesting information for us...!!!
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0