Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414194 times)

0 Members and 1 Guest are viewing this topic.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #360 on: June 12, 2011, 04:14:48 PM »
So avast will get the files if I submit them or not.

Yes they do, but a) it takes time and b) they also get a lot of chaff with the wheat/samples, as has been mentioned in the forums. So it is going to take longer to sort that wheat from the chaff to get the benefit, direct submission to avast is quicker.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: June 13, 2011, 06:14:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #362 on: June 15, 2011, 10:10:57 PM »
Hi folks,

This backdoor,... keys.jpg - ALERT: [PHP/BackDoor.D] keys.jpg
Contains detection pattern of the PHP virus PHP/BackDoor.D,
not detected by avast: VT scan: http://www.virustotal.com/url-scan/report.html?id=c1d19d8a76b2fb50290f6afd3a04b067-1308160512
file detection VT:
http://www.virustotal.com/file-scan/report.html?id=7c55c7b55c745d07ea75c2b944eb6a4ff57447bbc005e7d669851178c48505b6-1308167744  16/ 42 (38.1%)

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: June 18, 2011, 10:34:24 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #366 on: June 18, 2011, 10:39:37 PM »
sure looks like it.....not same MD5


ThreatExpert report on the first sample
http://www.threatexpert.com/report.aspx?md5=2c2d488d727589158f907dd36c04eb9e
« Last Edit: June 18, 2011, 11:21:40 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: June 19, 2011, 04:53:49 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

grantdb

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #370 on: June 21, 2011, 11:13:07 AM »
Hello
This malware was shutting Avast down especially it seemed while Avast was updating or scanning.

http://www.virustotal.com/file-scan/report.html?id=0ed55ae8fc6d7ff2dc4a5175b644f5fc6068c257ceaaf5f2b47e392b786bd1f9-1308641359

emailing sample to virus(at)avast

The file name is system32StopAllWorw.exe but not sure what its classified as (trojan, backdoor etc)

Thanks for great Antivirus software!

Grant

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #371 on: June 21, 2011, 01:28:41 PM »
Thanks for submitting grantdb.
Malware that kill the antivirus must have special attention imho.
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #372 on: June 21, 2011, 03:54:06 PM »
Hi here is the behaviour summary for this: http://xml.ssdsandbox.net/view/334fa2a25a6097143f540b26dd13878b
Can also come as part of downloaders:  
e.g.
Look up at ViCheck.ca and get VT results: http://www.virustotal.com/file-scan/report.html?id=e548a71809e0c66deca4aa92752021c1dfa4db2f8deb95b8ba588c2d2abfc51a-1241488981
avast detects...
.\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 efd496c8e5507f188e47df4edbc91aa9  = MD5hash
 

 .\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 407364a0c3ebd0b544d8689c45383935

\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 3c41382942fb749fd6f1f2144e2e9dca

..\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 1db8c421b4fa7bfcddcc14bd38f5c89c


.\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 12cc1b486051536d9ffa7b3459cb745d

polonus

« Last Edit: June 21, 2011, 04:12:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
Re: Samples missed by avast (VirusTotal links only!)
« Reply #373 on: June 21, 2011, 05:39:17 PM »
Undetected malware

1:http://www.virustotal.com/file-scan/report.html?id=8c16baa04cd8055ffb228cf152a03724cb80fccfbd7f39853af6d08217986ad7-1308667154

Sent to Avast team/lab