Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414204 times)

0 Members and 1 Guest are viewing this topic.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #436 on: October 23, 2011, 11:30:23 AM »
Posting VT results here will not help unless you also upload the samples to avast.....did you?

mmmm

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #437 on: October 23, 2011, 11:32:35 AM »
sorry guys :'(

if i am doing things wrong....i dont know much just want to help!

I am just a compulsive tinkerer who has been watching this forum from past 1 week...i am a avast! user no doubt...i just love avast!  8)
« Last Edit: October 23, 2011, 11:37:08 AM by mmmm »

mmmm

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #438 on: October 23, 2011, 11:38:42 AM »
I will try and get some samples from Malc0de...

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Samples missed by avast (VirusTotal links only!)
« Reply #439 on: October 23, 2011, 11:51:05 AM »
I will try and get some samples from Malc0de...

First, thanks for trying to help..! :)
But be very careful, if you are not sure how to do this, it's better to stay away. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #442 on: October 23, 2011, 07:11:54 PM »
Hi Dim@rik,

Certainly a malware site: http://www.virustotal.com/url-scan/report.html?id=eff2622252021746e44c3e64802486a6-1319381223
Thanks for your further evaluation.
But avast does not detect: http://www.virustotal.com/file-scan/report.html?id=92200560416ccbd1f9f4ac23a9ab3df4ce31fbb6587ca410ba49a159869ee428-1319154103
But I hit at these results: http://www.virustotal.com/file-scan/report.html?id=67054abbff844da60f546064d484f09aacf658cc9a78b13b1e6b7bc70301476e-1319134424
Not found by DrWeb as it does not unpack the ASPACK packer: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2F
else it does find it as you have shown: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2Ftroy.exe
also: http://vscan.urlvoid.com/file/07694f50e98c1d8406e70a8002d9f7b0/dHJveS1leGU=/
http://urlquery.net/queued.php?id=5867
= virusname:   Trojan-PSW.Win32.Kykymber.ajbc found at ip:   46.45.136.234
from Istanbul - previous at -http://privategoldtrader.com/templates/beez/
and before that at =http://privategoldtrader.com/templates

MD5 hashes resp.: md5:   0209aa4baab3df392e487bb7d5f538a6 (the one I reported)
md5:   0209aa4baab3df392e487bb7d5f538a & md5:   3dd46205274955be03c2e8e4674011ea

Normally avast should have a good score for this malware with 34.02%

polonus
« Last Edit: October 23, 2011, 07:19:56 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #443 on: October 23, 2011, 09:27:43 PM »
Hi Dim@rik,

Not found by DrWeb as it does not unpack the ASPACK packer: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2F
else it does find it as you have shown: http://online.us.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fzerbilisim.com%2Fpatch%2F%2Fpack%2Ftroy.exe

polonus

That's right ... this path directory where there are viruses.

hХХp://zerbilisim.com/patch//pack/troy.exe
hХХp://zerbilisim.com/patch//patch.exe

Send to Avast.
« Last Edit: October 23, 2011, 09:35:47 PM by Dim@rik »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #444 on: October 23, 2011, 11:43:30 PM »
Hi Dim@rik,

Site Inspector's cloud detection has it also: http://siteinspector.comodo.com/public/reports/463988
& while this one is missed by it: http://siteinspector.comodo.com/public/reports/464884
I reported there,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #446 on: October 25, 2011, 01:49:55 AM »
JuninhoSlo, did you send the samples to avast? Otherwise they cannot improve detection of those ones.
The best things in life are free.

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
Re: Samples missed by avast (VirusTotal links only!)
« Reply #447 on: October 25, 2011, 12:46:58 PM »
JuninhoSlo, did you send the samples to avast? Otherwise they cannot improve detection of those ones.

Of course ;)

Via:

- Email
- Chest
- http://www.avast.com/en-eu/contacts

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #448 on: October 25, 2011, 12:58:34 PM »
Sorry to have asked. Thanks for improving detection.
The best things in life are free.

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
Re: Samples missed by avast (VirusTotal links only!)
« Reply #449 on: October 25, 2011, 01:04:04 PM »
Sorry to have asked. Thanks for improving detection.

It,s OK  ;) Thank you  :D