« previous next »
Pages: 1 ... 23 24 [25] 26 27 ... 66   Go Down

Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 405713 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88446
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #360 on: June 12, 2011, 04:14:48 PM »
Quote from: esr30 on June 12, 2011, 11:59:35 AM
So avast will get the files if I submit them or not.

Yes they do, but a) it takes time and b) they also get a lot of chaff with the wheat/samples, as has been mentioned in the forums. So it is going to take longer to sort that wheat from the chaff to get the benefit, direct submission to avast is quicker.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #361 on: June 13, 2011, 05:55:22 PM »
« Last Edit: June 13, 2011, 06:14:29 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #362 on: June 15, 2011, 10:10:57 PM »
Hi folks,

This backdoor,... keys.jpg - ALERT: [PHP/BackDoor.D] keys.jpg
Contains detection pattern of the PHP virus PHP/BackDoor.D,
not detected by avast: VT scan: http://www.virustotal.com/url-scan/report.html?id=c1d19d8a76b2fb50290f6afd3a04b067-1308160512
file detection VT:
http://www.virustotal.com/file-scan/report.html?id=7c55c7b55c745d07ea75c2b944eb6a4ff57447bbc005e7d669851178c48505b6-1308167744  16/ 42 (38.1%)

polonus

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #363 on: June 18, 2011, 05:10:46 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37332
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #364 on: June 18, 2011, 10:01:04 PM »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #365 on: June 18, 2011, 10:30:05 PM »
« Last Edit: June 18, 2011, 10:34:24 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37332
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #366 on: June 18, 2011, 10:39:37 PM »
sure looks like it.....not same MD5


ThreatExpert report on the first sample
http://www.threatexpert.com/report.aspx?md5=2c2d488d727589158f907dd36c04eb9e
« Last Edit: June 18, 2011, 11:21:40 PM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #367 on: June 19, 2011, 04:50:55 PM »
« Last Edit: June 19, 2011, 04:53:49 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #368 on: June 19, 2011, 07:35:28 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #369 on: June 20, 2011, 09:12:25 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

grantdb

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #370 on: June 21, 2011, 11:13:07 AM »
Hello
This malware was shutting Avast down especially it seemed while Avast was updating or scanning.

http://www.virustotal.com/file-scan/report.html?id=0ed55ae8fc6d7ff2dc4a5175b644f5fc6068c257ceaaf5f2b47e392b786bd1f9-1308641359

emailing sample to virus(at)avast

The file name is system32StopAllWorw.exe but not sure what its classified as (trojan, backdoor etc)

Thanks for great Antivirus software!

Grant
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Samples missed by avast (VirusTotal links only!)
« Reply #371 on: June 21, 2011, 01:28:41 PM »
Thanks for submitting grantdb.
Malware that kill the antivirus must have special attention imho.
Logged
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #372 on: June 21, 2011, 03:54:06 PM »
Hi here is the behaviour summary for this: http://xml.ssdsandbox.net/view/334fa2a25a6097143f540b26dd13878b
Can also come as part of downloaders:  
e.g.
Look up at ViCheck.ca and get VT results: http://www.virustotal.com/file-scan/report.html?id=e548a71809e0c66deca4aa92752021c1dfa4db2f8deb95b8ba588c2d2abfc51a-1241488981
avast detects...
.\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 efd496c8e5507f188e47df4edbc91aa9  = MD5hash
 

 .\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 407364a0c3ebd0b544d8689c45383935

\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 3c41382942fb749fd6f1f2144e2e9dca

..\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 1db8c421b4fa7bfcddcc14bd38f5c89c


.\system32stopallworw.exe
  6.0.2900.3156
 Microsoft Corporation
 12cc1b486051536d9ffa7b3459cb745d

polonus

« Last Edit: June 21, 2011, 04:12:04 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
Re: Samples missed by avast (VirusTotal links only!)
« Reply #373 on: June 21, 2011, 05:39:17 PM »
Undetected malware

1:http://www.virustotal.com/file-scan/report.html?id=8c16baa04cd8055ffb228cf152a03724cb80fccfbd7f39853af6d08217986ad7-1308667154

Sent to Avast team/lab

Logged

Offline Banankage

  • Newbie
  • *
  • Posts: 5
Re: Samples missed by avast (VirusTotal links only!)
« Reply #374 on: June 24, 2011, 05:40:39 PM »
« Last Edit: June 24, 2011, 05:45:29 PM by Banankage »
Logged
Pages: 1 ... 23 24 [25] 26 27 ... 66   Go Up
« previous next »