Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 373668 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #450 on: October 25, 2011, 11:05:03 PM »
Hi JuninhoSlo,

There are more versions of that possible malware, see: http://f.virscan.org/Freesimser.exe.html
Did you follow up all of the various MD5 hashes to see if avast has detection for this
PE32 executable for MS Windows (GUI) Intel 80386 32 Some were given as VT goodware detetcions?
 87ed1485cd9b0d2ca0c4ff033a16d37f
see: http://reports.antivirus-lab.com/10300/malwarewin32-generic-96/
 459c5b2c63ec309789e3a7d0a0c170e0
 c1406b68d70a59f059fec3d2d21adbb4
 ecb1e6433d78850ade10ad8746f053a8
 see: http://www.threatexpert.com/report.aspx?md5=ecb1e6433d78850ade10ad8746f053a8
 d0375ea1f89f2a60dd4b8c0bd0783af7
http://r.virscan.org/8827b020c49ac0821e458a55d5d8a8b5
http://www.virustotal.com/file-scan/report.html?id=2742e12f906ec5c13bb57cf3feac314bd6deed6deda9a3200eb2df0e38c35851-1306013342
McAfee   5400.1158   6282   2011-03-11   PWS-SpyEye!env.a

polonus
« Last Edit: October 26, 2011, 11:01:34 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
« Last Edit: October 26, 2011, 11:32:52 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #453 on: October 31, 2011, 05:48:50 PM »
Avast misses PHP/IRCBOT.E.29297, see: http://www.virustotal.com/url-scan/report.html?id=690874991353a45b81c54a9898c268f3-1320075080
and http://www.virustotal.com/file-scan/report.html?id=72647d00b6a72a09b90420324bc6fa874d093692bab91200cea982df85c24cde-1320078981
/fighter script - Rema [baby]-IRC-[BOT] Decoded Files
494e/d639826fadb0d1dd6457be70593d9e090a15 from -myheart82 dot waphall dot com/war.txt
Also see: http://urlquery.net/queued.php?id=6653

reported to virus AT abast dot com

polonus
« Last Edit: October 31, 2011, 05:51:16 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
« Last Edit: November 04, 2011, 12:29:28 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

John.A

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #455 on: November 02, 2011, 07:58:43 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
« Last Edit: November 02, 2011, 11:09:37 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #457 on: November 03, 2011, 02:56:43 PM »
See: http://www.virustotal.com/url-scan/report.html?id=e1b3354a989a393c9b59a70f91683e4d-1320323964
FileAnalysis: http://www.virustotal.com/file-scan/report.html?id=b33d05f518f91280b692f0ac9db98042280af301d40ae9226360ec38ff2860a5-1320327855
See: http://urlquery.net/queued.php?id=7141
Checking with DrWeb's online url checker: -http://sydneymoon.com/legal.html
Engine version: 5.0.2.3300
Total virus-finding records: 2734855
File size: 3928 bytes
File MD5: 66a4e5fddbce8e70968e49e5a1ffc84f

-http://sydneymoon.com/legal.html - archive HTML
>-http://sydneymoon.com/legal.html/Script.0 infected with Trojan.DownLoad.3140

reported to virus AT avast dot com by

polonus

P.S. There is also a request for GET /tgpx/ HTTP/1.1
Host: -vsebudetzaebis.org  Threat see: http://wam.dasient.com/wam/infection_library/681b58b5ed26350b6af5d2dbc224cedc/vsebudetzaebis

Damian
« Last Edit: November 03, 2011, 03:03:26 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #458 on: November 05, 2011, 05:31:44 PM »
Not detected by avast, see: http://www.virustotal.com/url-scan/report.html?id=bf3c5387ab299a2637a69bbefe4ad6f2-1320505950
File analysis: http://www.virustotal.com/file-scan/report.html?
id=bca3f956f79168b3fb9d45575a3297fbde77d82fbca42bc0eabc528e0d5f71a6-1320509859
&
http://r.virscan.org/c664fe9cf23bcac71b02f185e11c11dc
Suspicious: http://siteinspector.comodo.com/public/reports/581239 as with BL2, detected distributing of malware, exact find Trojan.Win32.VkHost.bvg (kaspersky)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #460 on: November 06, 2011, 02:19:04 PM »
Not detected by avast, see: http://www.virustotal.com/url-scan/report.html?id=bf3c5387ab299a2637a69bbefe4ad6f2-1320505950
File analysis: http://www.virustotal.com/file-scan/report.html?
id=bca3f956f79168b3fb9d45575a3297fbde77d82fbca42bc0eabc528e0d5f71a6-1320509859
&
http://r.virscan.org/c664fe9cf23bcac71b02f185e11c11dc
Suspicious: http://siteinspector.comodo.com/public/reports/581239 as with BL2, detected distributing of malware, exact find Trojan.Win32.VkHost.bvg (kaspersky)

polonus

Your request has been processed by an automatic system. Sent you the file is located in the base of trusted (clean) files Dr.Web and not a threat.

File:     Darksiders_v1.0___10_Trainer.exe
MD5:      3f5b547fbb2b9f3e835f3db3a779a7c6

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #461 on: November 06, 2011, 04:47:51 PM »
Hi Dim@rik,

Well about the detection. It should rather be flagged as a PUP. Maybe DrWeb and avast have different views on the PUP status of this one than for instance other av solutions that flag it,

polonus
« Last Edit: November 06, 2011, 05:53:21 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33528
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!