Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373250 times)

0 Members and 1 Guest are viewing this topic.


Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Samples missed by avast (VirusTotal links only!)
« Reply #199 on: November 28, 2010, 06:41:50 PM »
Malwares and PUPs not detected by avast (but from ESET on line):

Nero Burning Rom installers as Win32/Toolbar.AskSBar application
Format Factory 2.10 as a variant of Win32/Adware.ADON application (file >20Mb).
Keygen (http://www.virustotal.com/file-scan/report.html?id=2988cd576f121a7ec4a6465c0b7c34e54693534fe17fc420c8f82e04d19eba21-1290964254) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=351b67dc73b4b42b90160ed2363d99dc40b39ea07be1788c034767a088ced236-1290964252) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=5dc9c2613e0fcbe975aa8eb644b8c331a29b94221313f175db1e5c29b4065f64-1290964594) submitted from Chest.
Asterisk Password Reveal (PUP?) (http://www.virustotal.com/file-scan/report.html?id=84e280f5ec0c7c5a79b2f885d4a3672dde199a27a22dd6c01e62657fcced2f4c-1290964888) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=20f1df38534b05fb80b6ebbe43ec909aa8b5e4980a0bcdf7a117737d307e4fa5-1290965268) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1290965252) submitted from Chest.
KillProcess 2.44 (PUP? a variant of Win32/KillProcess.A application?) (http://www.virustotal.com/file-scan/report.html?id=014d58b0ba45495ba72c07f68afb8d74cd7d818e5c740f3b3be97d908166988e-1290965661) submitted from Chest.

Is Unlocker 1.9.0 setup a Win32/Adware.ADON application? (http://www.virustotal.com/file-scan/report.html?id=1ad20b852885783d90567d61089f369c9fdcaaa52116a0377663bac4b1c30572-1290965148).

In my tests, only one false positive of NOD32 (ESET): http://www.virustotal.com/file-scan/report.html?id=d5c67fea9f9d0de88f10a4acb728e6d4f1807f43ecc348cb2523e332bfae61b7-1290965863

At least after 1 hour of work, can I have an answer from the virus analysts to this particular post?
The best things in life are free.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2267
Re: Samples missed by avast (VirusTotal links only!)
« Reply #200 on: November 29, 2010, 01:37:24 PM »
Malwares and PUPs not detected by avast (but from ESET on line):

Nero Burning Rom installers as Win32/Toolbar.AskSBar application
Format Factory 2.10 as a variant of Win32/Adware.ADON application (file >20Mb).
Keygen (http://www.virustotal.com/file-scan/report.html?id=2988cd576f121a7ec4a6465c0b7c34e54693534fe17fc420c8f82e04d19eba21-1290964254) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=351b67dc73b4b42b90160ed2363d99dc40b39ea07be1788c034767a088ced236-1290964252) submitted from Chest.
Keygen (http://www.virustotal.com/file-scan/report.html?id=5dc9c2613e0fcbe975aa8eb644b8c331a29b94221313f175db1e5c29b4065f64-1290964594) submitted from Chest.
Asterisk Password Reveal (PUP?) (http://www.virustotal.com/file-scan/report.html?id=84e280f5ec0c7c5a79b2f885d4a3672dde199a27a22dd6c01e62657fcced2f4c-1290964888) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=20f1df38534b05fb80b6ebbe43ec909aa8b5e4980a0bcdf7a117737d307e4fa5-1290965268) submitted from Chest.
Patch missed by avast (http://www.virustotal.com/file-scan/report.html?id=913d463352eee7bd9f8c4d2e341aeaf1396d22f2e6b90d47c3b8f110c0efdeb7-1290965252) submitted from Chest.
KillProcess 2.44 (PUP? a variant of Win32/KillProcess.A application?) (http://www.virustotal.com/file-scan/report.html?id=014d58b0ba45495ba72c07f68afb8d74cd7d818e5c740f3b3be97d908166988e-1290965661) submitted from Chest.

Is Unlocker 1.9.0 setup a Win32/Adware.ADON application? (http://www.virustotal.com/file-scan/report.html?id=1ad20b852885783d90567d61089f369c9fdcaaa52116a0377663bac4b1c30572-1290965148).

In my tests, only one false positive of NOD32 (ESET): http://www.virustotal.com/file-scan/report.html?id=d5c67fea9f9d0de88f10a4acb728e6d4f1807f43ecc348cb2523e332bfae61b7-1290965863

At least after 1 hour of work, can I have an answer from the virus analysts to this particular post?

Hello,
we will not add detection for keygens.

Milos

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76118
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #201 on: November 29, 2010, 01:40:48 PM »
Hello,
we will not add detection for keygens.
Milos

Are these all keygens...:o
Tech, what's up...???
asyn
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Samples missed by avast (VirusTotal links only!)
« Reply #202 on: November 29, 2010, 01:52:27 PM »
We will not add detection for keygens.
I suppose that for "keygens" only and not for infected ones (clearly malware). Right?
And second, what about the PUPs? And Unlocker?
The best things in life are free.

bong2x

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #203 on: November 29, 2010, 01:55:12 PM »
Keygen  ??? ??? ???

But Keygen is a Source of Hacking Software  ??? ??? ???


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Samples missed by avast (VirusTotal links only!)
« Reply #204 on: November 29, 2010, 02:01:52 PM »
But Keygen is a Source of Hacking Software  ??? ??? ???
But avast should protect only against infections and malware.
It's not intended to protect intellectual property of 3rd party softwares.
So, if it is an inoffensive keygen (i.e., only generates keys), it won't be detected.
The best things in life are free.

bong2x

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #205 on: November 29, 2010, 02:12:43 PM »
But Keygen is a Source of Hacking Software  ??? ??? ???
But avast should protect only against infections and malware.
It's not intended to protect intellectual property of 3rd party softwares.
So, if it is an inoffensive keygen (i.e., only generates keys), it won't be detected.

okay i got your point tech. if the third party software is hack, then avast is not responsible to clean up the mess


Regards!!!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2267
Re: Samples missed by avast (VirusTotal links only!)
« Reply #206 on: November 29, 2010, 02:14:51 PM »
We will not add detection for keygens.
I suppose that for "keygens" only and not for infected ones (clearly malware). Right?
And second, what about the PUPs? And Unlocker?

Yes,
of course ;-), you are right.

Milos

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Samples missed by avast (VirusTotal links only!)
« Reply #207 on: November 29, 2010, 03:50:16 PM »
Hello,
we will not add detection for keygens.

Milos
way to prevent FPs, glad to hear that!
Twitter: https://twitter.com/OmidFarhangEn - OS: Arch Linux

bong2x

  • Guest