Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414149 times)

0 Members and 1 Guest are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #390 on: June 27, 2011, 01:47:50 PM »
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


iRonzel

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #392 on: June 27, 2011, 06:44:27 PM »
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...


True  ;)  Use Hotmail instead. (If you have it)

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

esr30

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #395 on: June 29, 2011, 01:00:59 AM »
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...

It does not matter because I figured out how to load it into the virus chest and submit the files to you guys

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #397 on: June 29, 2011, 11:12:02 PM »
Malware here or not? So report has been sent to virus at avast dot com

VT results:  http://www.virustotal.com/url-scan/report.html?id=c53b9f81a4ea232afa473180c8943a07-1309371901 (4 gave malware site)
Nothing found here here: http://www.virustotal.com/file-scan/report.html?id=97c6bf9b71d07503d784366498bed19dda9a37b1fe332e1cfbba2e4e6a7f3959-1309379521
and at sucuri: site scan gave an all green
Now see this analysis: http://wepawet.cs.ucsb.edu/view.php?hash=c53b9f81a4ea232afa473180c8943a07&t=1309380172&type=js
Particularly see this scan analysis: http://anubis.iseclab.org/?action=result&task_id=1137cec51f97233b49dd9eb35b34f26c9

I.m.h.o. this code has a backdoor trojan mutex! see: DDrawDriverObjectListMutex

polonus

« Last Edit: June 29, 2011, 11:43:26 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #398 on: June 30, 2011, 10:05:54 AM »
Malware here or not?

Report    2011-06-30 09:41:41 (GMT 1)
Website    twistermp3.com
Domain Hash    b20cdc9f7cc85ad25ffbd0540bbe8c38
IP Address    50.22.41.94 [SCAN]
IP Hostname    50.22.41.94-static.reverse.softlayer.com
IP Country    -- (--)
AS Number    36351
AS Name    SOFTLAYER - SoftLayer Technologies Inc.
Detections    5 / 23 (22 %)
Status    DANGEROUS

http://hosts-file.net/?s=twistermp3.com
http://www.mywot.com/en/scorecard/twistermp3.com
http://www.malwareblacklist.com/searchClearingHouse.php?search=twistermp3.com
http://global.sitesafety.trendmicro.com/
http://www.websecurityguard.com/results.aspx?qkw=twistermp3.com
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Samples missed by avast (VirusTotal links only!)
« Reply #399 on: July 01, 2011, 08:47:32 PM »
If the user is making a .zip file, passworded or not, GMail will block.
You need to use .7z file (http://www.7-zip.org/).

Really..??
Well, I never used GMail...

7Z or RAR or every other compress format which encrypt file names ;)
Twitter: OmidFarhangEn - OS: Manjaro KDE


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
« Last Edit: August 13, 2011, 04:07:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #403 on: August 14, 2011, 05:13:38 PM »
Hi forum friends,

This PSW.Generic9.HIA aka Trojan.PWS.SpySweep.52 not detected by avast: http://www.virustotal.com/file-scan/report.html?id=60ddaeb87503bb25977b96bfb44c5a619f200f72db665308f8dbca8acb38e0f2-1313330535

reported to virus AT avast dot com for added detection,

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Meszarosbence

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #404 on: August 15, 2011, 02:05:08 AM »