Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414215 times)

0 Members and 1 Guest are viewing this topic.

spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #900 on: December 28, 2012, 11:52:06 AM »
they don't come from url  ;D

spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #901 on: December 28, 2012, 01:38:59 PM »
trojan downloader (not from url)
https://www.virustotal.com/file/d95f3016c1aefd77ad80cef058b22c8cdbe88d6776d09f4e8cd352f15fc9bdd6/analysis/
sent to lab.

also, about 60 samples sent to lab.

spywar

  • Guest

spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #903 on: December 28, 2012, 01:41:13 PM »


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #905 on: December 28, 2012, 02:10:05 PM »
1 week old sample
https://www.virustotal.com/file/6d46e93f812f504bba42c027ca380522d9d6359feb68ad553490701bfcee1242/analysis/
Detection ratio:   40 / 46
sent to lab.
the VT scan here is 4 days old....sure it is not detected?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Samples missed by avast (VirusTotal links only!)
« Reply #906 on: December 28, 2012, 02:11:13 PM »
« Last Edit: December 28, 2012, 02:12:54 PM by Pondus »

spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #907 on: December 28, 2012, 02:23:08 PM »
I scan foldr with PUP enable.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #908 on: December 28, 2012, 03:45:36 PM »
There really is no need to make a new post for every sample sent.

The other point, my particular hobby horse, this topic is pointless, these reports do nothing they can't be analysed, only sending the samples to avast does.

So if you have sent to sample, then the post is pointless, even more so if you make the report in this topic then really you should follow it up and modify the post when the sample is detected. Otherwise it is just totally unbalanced only showing missed samples and no follow up to show the sample has been added to the virus definitions.

If you have sent the sample all of this additional stuff is moot, pointless, doesn't achieve anything.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

spywar

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #909 on: December 28, 2012, 03:58:39 PM »
I too think this topic isn't helpfull, I read from 1st page and saw Milos who said it was pointless so I have to agree ;)
Off course I send everything to them using email.
In Comodo's forum, there is a topic like that but that's not the same, you submit with VT links, they grab the SHA-1 values for each links and they locate them throught their cloud based DB.
But as you previously said, this topic should be closed.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #910 on: December 28, 2012, 04:03:49 PM »
Topics generally don't get closed unless they infringe general forum policy, which this doesn't.

But it really is pointless as every now and then I drop my little reminder. For any SHA-1 # to be collected it would require constant monitoring by someone in the virus labs and my guess they have better things to be getting on with.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #911 on: December 28, 2012, 10:55:29 PM »
What could be worth mentioning in this thread is malware that is so-called "long overdue" malware and has not been detected by avast for some time or detection was never added.
Long overdue is a particular malware that has been active for say 1200 hrs and over and for which many av solutions have detection and (only some and) avast has not.
Avast is known to have certain "blind spots", e.g. certain types of malware where it does not reach over average in detection percentages or even less (e.g. in the past certain banking trojans were missed).
Then another particular phenomenon is that for instance DrWeb's and avast detection overlap. I mean to say what avast detects DrWeb's does not and vice versa.
There are a couple of issues we have to consider.
A a large proportion of malcode is blocked and alerted by the avast shields.
Then there is malware that no longer exists and is still listed as active elsewhere, while the malware has been closed or isn't active any longer.
Another thing is checking av detection related to Intrusion Detection alerts (like URLquery gives) could add detections.

Then there is another issue that makes the use of this thread less reliable. That is that VT results do not measure up all of anti-malware detection, because it only gives part of the overall detection.

Another issie is with VirusWatch when we compare the percentage of av solutions' detection of a certain type of malware.
Again here we also have a good parameter to get certain patterns where a certain av solution is so-called "under par" considered to others.
It is a good thing that a lot of sites are not being visited because of Google Safebrowsing alerts in certain browsers.
Or users must ignore these alerts, which is a stupid thing to do.
Some users like Bitdefender's Trafficlight, Trustwave or WOT, and DrWeb's URLChecker to guide them through search engine results pages or Netrcraft's anti-phishing extension. So there are trafficlights: red, yellow and green to consider while surfing or clicking.
Extensions like NoScript and RequestPolicy are always a good option for further added overall in-browser protection if you know how to use and toggle these extension settings. And in certain cases it could be an option to run a browser in a sandbox...

polonus
« Last Edit: December 28, 2012, 11:00:37 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #912 on: December 28, 2012, 11:05:58 PM »
In all honesty that to is pretty pointless, reporting here is going to do nothing, sample submission rules.

People posting here don't go back even a day to their previous reports to confirm they have been added to the virus definitions, what makes you think they are going to go back much further.

As I have said for so long this topic really is pointless when we can't/shouldn't attach samples, reports are not samples and samples sent directly to avast are king.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #913 on: December 28, 2012, 11:22:08 PM »
Hi DavidR,

I do go back to check on detection, hope others do likewise. But in case this will give negative results it should be reported somewhere, else no one or only the in-crowd would know clearly where we stand (detection level). Some like that all would go on "out of sight" and we will have so-called perfect "security through obscurity". I have always been against security through obscurity as far as where this is concerned.
Not everyone will visit e.g. VirusWatch clean mx and will look up a certain malware to see the overall detection range of various av solutions to know where "avast has dropped stitches in their knitting work". Positive criticism always helps a good product to even get better and that is and always has been the aim of this avast user...

polonus,
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #914 on: December 29, 2012, 12:32:23 AM »
You are probably the exception to the rule, but even so it still doesn't get away from the point that posting here doesn't actually get anything done. Only sample submission does, so for me it is just wasted effort when there are other valuable things you could be doing with your time.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security