« previous next »
Pages: 1 ... 62 63 [64] 65 66   Go Down

Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 415689 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #945 on: May 18, 2013, 02:03:49 PM »
Hi mrapi,

Normally avast! should detect this as Win32:FakeAV-EAI.
Did you check for avast! shield detection?
It is a detection for a rogue/fake security tool (trojan)

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mrapi

  • Full Member
  • ***
  • Posts: 137
Re: Samples missed by avast (VirusTotal links only!)
« Reply #946 on: May 18, 2013, 07:35:03 PM »
Hi polonus,thanks for the answer,I couldn't find any setting for shield to add rogue/fake
That trojan should be detected by default,it acts as an antivirus and stops any  application execution and asks for money to disinfect...
Logged

Offline mrapi

  • Full Member
  • ***
  • Posts: 137
Re: Samples missed by avast (VirusTotal links only!)
« Reply #947 on: May 23, 2013, 07:20:13 AM »
it is solved,thanks !
Quote from: mrapi on May 18, 2013, 07:35:03 PM
Hi polonus,thanks for the answer,I couldn't find any setting for shield to add rogue/fake
That trojan should be detected by default,it acts as an antivirus and stops any  application execution and asks for money to disinfect...
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #948 on: May 24, 2013, 01:24:42 AM »
Thanks for that feedback. I always enjoy we have added protection.
That is the main reason why I keep frequenting the avast webforums
well to aid/add to making avast! av even better than it already is...

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mrapi

  • Full Member
  • ***
  • Posts: 137
Re: Samples missed by avast (VirusTotal links only!)
« Reply #949 on: May 25, 2013, 08:47:04 AM »
you're welcome... :)
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #950 on: May 26, 2013, 03:01:04 PM »
Chinese fake av not detected via VT file result scan: https://www.virustotal.com/nl/url/39a56bcdeaed17cf338f9ede28bd55e4809682bc1e5adf34e339873e19594a89/analysis/1369572621/
and
https://www.virustotal.com/nl/file/9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a/analysis/1365605849/
URL vip.dns-vip.net failed to be located in database...
What should be detected: http://urlquery.net/report.php?id=2637824
The recent detection pattern for the dropper: http://support.clean-mx.de/clean-mx/viruses.php?domain=dns-vip.net&sort=id%20DESC
Avast does not detect: https://www.virustotal.com/nl/file/a5eb9b868da9adebe0f23b0623f27072118431c315261bdd327ec1a6eee6364d/analysis/
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem,
not necessarily malicious, may provide a threat!

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #951 on: May 26, 2013, 03:58:18 PM »
What about this one: https://www.virustotal.com/nl/url/f94533b9150663a3727ff4c7101b47715f7c94ea31edc0eb1939b0dd2842996f/analysis/1369576163/
and https://www.virustotal.com/nl/file/d28a53b05b30ab450d856d85d1ba9bffc5f40ebdf899c8c31a074b372353f0a3/analysis/1369327457/
TR/Rogue.kdv.866075.20 not detected

Moreover hxtp://fsua-01.gamenet.ru/installers/qgna/bs/live/bs.exe is in Dr.Web malicious sites list!

polonus
« Last Edit: May 26, 2013, 04:01:06 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #952 on: May 29, 2013, 06:04:46 PM »
This thing is all over our forum...JS autorun malware via USB.

https://www.virustotal.com/en/file/abb9839405654d2f44e85e4e36d6da429513a34322ce5b181807b30c56b96c73/analysis/
sent to avast.
« Last Edit: June 10, 2013, 02:01:23 PM by true indian »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #953 on: May 29, 2013, 11:24:20 PM »
How is detection for File names:   - c3b5bc549e274296..., 3453e448961cf479..., be227e817c7ea7e1..., defa9f7681c9969a...,
Fingerprints:    f252ef92144d60b4..., 2a3a8ea7b8d2d032..., a7d0a0fb7cc0e091..., d0dcb66b8217343d..., d291a94334e46a1c..., e8b1aef6eece8f85..., 5683c3a9f2529ece...
See: http://r.virscan.org/ca892b3b26798e0672cc8803c15808c8  &  http://v.virscan.org/Trojan.JS.Autorun.A%20[Aquarius].html

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #954 on: May 30, 2013, 09:13:06 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #955 on: June 10, 2013, 01:50:03 PM »
Why Not detected!? Win64/Olmarik.AW   
https://www.virustotal.com/en/file/153b6508da404e0ef02bd0ef074f97607ffddabf4be90cfc4e9e308489c02034/analysis/

No shield detection...no nothing.

Reported to virus AT avast DOT com.
Logged

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Samples missed by avast (VirusTotal links only!)
« Reply #956 on: June 10, 2013, 06:32:04 PM »
No Clue. https://www.virustotal.com/en/url/b858a9e79fc77d11ac2c6bde20f3030b159e86196cd8a4dcf795bbab90aeb480/analysis/1370881787/

HTML Document. Chrome blocks, Avast will not. There is said to be a file download, I didn't get it
Logged
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #957 on: June 10, 2013, 06:49:56 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

true indian

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #958 on: June 11, 2013, 01:45:15 PM »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Samples missed by avast (VirusTotal links only!)
« Reply #959 on: June 11, 2013, 02:19:38 PM »
Someone is not following the threads here, see: http://forum.avast.com/index.php?topic=124252.0
Not so safe as was reported here: http://www.isthisfilesafe.com/sha1/F4991FB4740AB85B45EEBB5DD33D39DD88AAEB11_details.aspx
Side effects:
   • Registry modification

 Files It copies itself to the following location:
   • %temp%\Updatea.vbs

Threat considered low damage, avast could detect this as PUP/riskware...

polonus

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: 1 ... 62 63 [64] 65 66   Go Up
« previous next »