Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414203 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: May 25, 2011, 12:21:47 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

SHAGGIE

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #346 on: May 30, 2011, 11:36:18 AM »
Below are just a few from a personal collection of mine over the years to find to my amazement, Avast is missing out on some fun. Now I do have to state I do like Avast and enjoy using the product, however I am sad to see things like this occur. I have submitted several of these files to the lab time and time again to find no new changes in my scans. I hope we can refrain from insulting me for my huge post here and maybe work together as a community and solve this lack of detection. If you care to view the links, Please take note on the Dates on all of them. I think you will be in for a good one.


Until next time,
Shaggie.Rydez
___________________

http://www.virustotal.com/file-scan/report.html?id=07fcc10185ff940d84a6ce10cd9dcb459a9316a472209e27f5bf835ca90abe20-1306744067

http://www.virustotal.com/file-scan/report.html?id=783a565ae5b4facf66622acb2ede3b11dadf655a4ef66bdd02feb0fc2224b770-1305044090

http://www.virustotal.com/file-scan/report.html?id=54c1d5e2059f880f76c361b18f3c5d93ef188e41e82c5ccc4c0b96830ceef7e0-1305296788

Setup-trial.exe: submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=cb9f592aa5dd134775c4c4a2599701c696e102d9f4b647530bcacc3558ae76c9-1306744525

http://www.virustotal.com/file-scan/report.html?id=9f2864435b39e128e0a4b8a81308461d014fbecb67a380ea215c3418ecc3c70d-1305755334

http://www.virustotal.com/file-scan/report.html?id=8281f06cc07dd377ecf78d9f1e435679f4b27f2d3f4f9ea727027e56e0e57b5f-1303293776

https://www.virustotal.com/file-scan/report.html?id=9529d01c9488ca48735610b8fe3a9be3f4749952b68e6e23fd1b0a62b8390250-1300057230

EXEfile.exe: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=1cff9194f37821f0141abab28afb08c36b0e8e795e6f766f400b7acaa95e4d64-1306745273

BE.exe: Sumbit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=ac4be6281d33f22c652083d88488892c0f7260b75b61f0ca519e7970dc9672a8-1306745910

antieta.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=3abce78c97f8a0fe9d4b3df48d91a425bf70eaae8db9a8c1f5b354fd72c67389-1306746581

Cih 14.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=e323f74fbc4c8b4855be2f08c340cbde3c3f5461b1af46bc7581930a568bbf05-1306746160

kompanio.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=3eabaab7a9914299abe3526586f70a038c770add1d4580031036b1fa8a1d60d9-1306746233

No Pasaran.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=433817e21202769645877386b8506b6be907ceb23ae1c7854b7826ef4d6cddd5-1306746829

nukeviruses.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=2d41e0c82f548fc09b972bbcdc19cc39660f548303b8c647788cc96fb1ded201-1306746884

ontario3.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=7deea85ae2d59f4b886a00e89f423833ea218ea16530ee745de0d6329d8dbd51-1306746422

v100.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=b79d7f4a2ff942479d562da6197fa983d953aa1b526e22a4dcbb98db3bb53f41-1306746497

virus.zip: Submit by Shaggie.Rydez
http://www.virustotal.com/file-scan/report.html?id=fba9f3edc6f9931fe9070ebbef0ef0114ff88d91b8f2f645dbd21280921640f4-1306747143

wpart_c.zip
http://www.virustotal.com/file-scan/report.html?id=02519abf272a415583bce7e45b8abe0ae70d7e160351b11b692ab01b7fb32933-1287410138

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #347 on: May 30, 2011, 11:44:17 AM »
send undetected samples to  virus @ avast.com  in a password protected zip.file
Mail subject: undetected sample(s)
Password: infected

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #348 on: May 30, 2011, 12:12:04 PM »
Below are just a few...

Thanks for reporting/helping..!
Btw, interesting: Some of these samples are dedected by old avast, but not by the new one..???
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #349 on: May 30, 2011, 12:21:00 PM »
Below are just a few...

Thanks for reporting/helping..!
Btw, interesting: Some of these samples are dedected by old avast, but not by the new one..???

I am guessing....bc they are malware that only works/will harme older OS.... not supported by latest avast, so why detect

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #350 on: May 30, 2011, 12:23:45 PM »
I am guessing....bc they are malware that only works/will harme older OS.... not supported by latest avast, so why detect

Well, maybe...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #351 on: May 30, 2011, 12:53:59 PM »
googled a bit.... the second last sample...this is just a name search, not MD5

http://www.virustotal.com/file-scan/report.html?id=fba9f3edc6f9931fe9070ebbef0ef0114ff88d91b8f2f645dbd21280921640f4-1306747143

Virus.DOS.PS-MPC.2832Detected   
Oct 02 1998 20:00 GMT
Released   Oct 02 1998 20:00 GMT

http://www.securelist.com/en/descriptions/old16509 
if you scroll down, you find the avast detection name from the VT scan
« Last Edit: May 30, 2011, 12:55:41 PM by Pondus »

Jack 1000

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #352 on: May 30, 2011, 12:58:04 PM »
This thread should be pinned for easy reference!  It is a great resource!  Thanks Avast!

Jack

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: June 11, 2011, 10:22:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #354 on: May 30, 2011, 10:16:10 PM »
I have submitted several of these files to the lab time and time again to find no new changes in my scans.
This worries me... I believe avast team has a good and hard effort to improve detection and probably your samples aren't in the wild... But should we wait that much? Does it worth submitting?
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: June 11, 2011, 10:26:15 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #357 on: June 12, 2011, 02:37:23 AM »
Presumably you have sent these samples to avast, as just sending them to virustotal isn't very effective at all.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

esr30

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #358 on: June 12, 2011, 11:59:35 AM »
From virustotal FAQ

In exchange for providing an antivirus engine you will receive all files submitted to VirusTotal that are not detected by your product and are detected by at least one other antivirus, along with their corresponding VirusTotal reports.

So avast will get the files if I submit them or not.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #359 on: June 12, 2011, 01:47:39 PM »
So avast will get the files if I submit them or not.

Yes, but it could take a while.
It's always better to submit it directly to the avast! av lab.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0