A year ago I encountered a relative new virus and submit scan to VIRUSTOTAL.COM. It was recognized by a few vendors and AVAST wasn't one. I submitted an inquiry to AVAST and they included it in couple days.
Today I encountered a file name winlog.exe date back to 2009, scan by AVAST 4.8.1351. NOT being detected, submit to VirusTotal.com 33 out of 43 vendors reported as known virus in some names including Avast version 5! (win32:Trojan-gen) But not Avast 4.8 !
Well that is not good; actually it is bad as corporate user normally use the 4.8 Professional with server version not Avast 5! And the 4.8.1351 missed the boat.
Definitely this lower my confidence toward Avast. If one more incident happens I am afraid I have to reconsider other vendor’s protection.
Antivirus results AhnLab-V3 - 2010.11.25.01 - 2010.11.25 -
Win-Trojan/Pher.32256 AntiVir - 7.10.14.104 - 2010.11.25 -
TR/Dropper.Gen Antiy-AVL - 2.0.3.7 - 2010.11.25 -
Trojan/Win32.Pher.gen Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 -
Win32:Trojan-gen AVG - 9.0.0.851 - 2010.11.25 -
BackDoor.Generic12.BRBS BitDefender - 7.2 - 2010.11.25 -
Gen:Trojan.Heur.RP.kqW@aWywa5li CAT-QuickHeal - 11.00 - 2010.11.25 -
TrojanDownloader.Pher.acl ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 -
W32/Injector.J.gen!Eldorado Comodo - 6843 - 2010.11.25 -
TrojWare.Win32.TrojanDownloader.Pher.ABC DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 -
Trojan-Downloader.Win32.Pher.abq!A2 eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.7999 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.24 -
W32/Injector.J.gen!Eldorado F-Secure - 9.0.16160.0 - 2010.11.25 -
Gen:Trojan.Heur.RP.kqW@aWywa5li Fortinet - 4.2.254.0 - 2010.11.25 -
W32/Injector.IA!tr GData - 21 - 2010.11.25 -
Gen:Trojan.Heur.RP.kqW@aWywa5li Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 -
TrojanDownloader.Pher.fe K7AntiVirus - 9.69.3083 - 2010.11.25 -
Riskware Kaspersky - 7.0.0.125 - 2010.11.25 -
Trojan-Downloader.Win32.Pher.gop McAfee - 5.400.0.1158 - 2010.11.25 -
BackDoor-EBI.gen McAfee-GW-Edition - 2010.1C - 2010.11.25 -
BackDoor-EBI.gen Microsoft - 1.6402 - 2010.11.25 -
VirTool:Win32/Injector.gen!AD NOD32 - 5648 - 2010.11.25 -
a variant of Win32/Injector.CQD Norman - 6.06.10 - 2010.11.25 -
W32/Malware.HYME nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 -
Generic Malware PCTools - 7.0.3.5 - 2010.11.25 -
Trojan.Gen Prevx - 3.0 - 2010.11.25 -
High Risk Cloaked Malware Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 -
Mal/EncPk-JU SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 -
Trojan.Agent/Gen-WinFake Symantec - 20101.2.0.161 - 2010.11.25 -
Trojan.Gen TheHacker - 6.7.0.1.090 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 -
Mal_Ircbot-3 TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 -
Mal_Ircbot-3 VBA32 - 3.12.14.2 - 2010.11.25 -
BScope.Backdoor.SdBot.ofw VIPRE - 7407 - 2010.11.25 -
Net-Worm.Win32.Kolab.gen (v) ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 -
Trojan.Ceeinject.Gen.3 File info: MD5: 2d20b24cbcf4c79862e5202ce6aaabbf
SHA1: 7607dfc62c2ef769dd6ac13f85139f76be61d72f
SHA256: f2ed909ed12c64fa10bc247433d3ff0183ff2b82c9893743c0fdde08f007b158
File size: 179200 bytes
Scan date: 2010-11-25 15:33:07 (UTC)