Avast 4.8.1351.0 missing this WINLOG.EXE

[newkid215]

A year ago I encountered a relative new virus and submit scan to VIRUSTOTAL.COM. It was recognized by a few vendors and AVAST wasn't one.  I submitted an inquiry to AVAST and they included it in couple days.

Today I encountered a file name winlog.exe date back to 2009, scan by AVAST 4.8.1351. NOT being detected, submit to VirusTotal.com 33 out of 43 vendors reported as known virus in some names including Avast version 5! (win32:Trojan-gen) But not Avast 4.8 !

Well that is not good; actually it is bad as corporate user normally use the 4.8 Professional with server version not Avast 5!   And the 4.8.1351 missed the boat.

Definitely this lower my confidence toward Avast. If one more incident happens I am afraid I have to reconsider other vendor’s protection.

 

Antivirus results
AhnLab-V3 - 2010.11.25.01 - 2010.11.25 - Win-Trojan/Pher.32256
AntiVir - 7.10.14.104 - 2010.11.25 - TR/Dropper.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - Trojan/Win32.Pher.gen
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Trojan-gen
AVG - 9.0.0.851 - 2010.11.25 - BackDoor.Generic12.BRBS
BitDefender - 7.2 - 2010.11.25 - Gen:Trojan.Heur.RP.kqW@aWywa5li
CAT-QuickHeal - 11.00 - 2010.11.25 - TrojanDownloader.Pher.acl
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Injector.J.gen!Eldorado
Comodo - 6843 - 2010.11.25 - TrojWare.Win32.TrojanDownloader.Pher.ABC
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - Trojan-Downloader.Win32.Pher.abq!A2
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.7999 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.24 - W32/Injector.J.gen!Eldorado
F-Secure - 9.0.16160.0 - 2010.11.25 - Gen:Trojan.Heur.RP.kqW@aWywa5li
Fortinet - 4.2.254.0 - 2010.11.25 - W32/Injector.IA!tr
GData - 21 - 2010.11.25 - Gen:Trojan.Heur.RP.kqW@aWywa5li
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - TrojanDownloader.Pher.fe
K7AntiVirus - 9.69.3083 - 2010.11.25 - Riskware
Kaspersky - 7.0.0.125 - 2010.11.25 - Trojan-Downloader.Win32.Pher.gop
McAfee - 5.400.0.1158 - 2010.11.25 - BackDoor-EBI.gen
McAfee-GW-Edition - 2010.1C - 2010.11.25 - BackDoor-EBI.gen
Microsoft - 1.6402 - 2010.11.25 - VirTool:Win32/Injector.gen!AD
NOD32 - 5648 - 2010.11.25 - a variant of Win32/Injector.CQD
Norman - 6.06.10 - 2010.11.25 - W32/Malware.HYME
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - Generic Malware
PCTools - 7.0.3.5 - 2010.11.25 - Trojan.Gen
Prevx - 3.0 - 2010.11.25 - High Risk Cloaked Malware
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - Mal/EncPk-JU
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - Trojan.Agent/Gen-WinFake
Symantec - 20101.2.0.161 - 2010.11.25 - Trojan.Gen
TheHacker - 6.7.0.1.090 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - Mal_Ircbot-3
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - Mal_Ircbot-3
VBA32 - 3.12.14.2 - 2010.11.25 - BScope.Backdoor.SdBot.ofw
VIPRE - 7407 - 2010.11.25 - Net-Worm.Win32.Kolab.gen (v)
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - Trojan.Ceeinject.Gen.3
File info:
MD5: 2d20b24cbcf4c79862e5202ce6aaabbf
SHA1: 7607dfc62c2ef769dd6ac13f85139f76be61d72f
SHA256: f2ed909ed12c64fa10bc247433d3ff0183ff2b82c9893743c0fdde08f007b158
File size: 179200 bytes
Scan date: 2010-11-25 15:33:07 (UTC)

[DavidR]

Well to start with you aren't even using the latest version of avast 4.8 (unless this a specific build for ADNM), not that that detected this. However avast5 has been out for over 10 months and you might have noticed that it does detect this.

There are detection methods and signatures that aren't available in avast 4.8 as it can't use them. Not to mention support for avast 4.8 is likely to cease at the end of this year.

So the simple solution is if your OS is win 2000 or higher, install avast 5.0.

If you are a corporate user that is using the ADNM function to manage your avast client systems, I think that currently that only supports avast 4.8 client side, but it may also support avast 5.0, that would have to be confirmed.

However, avast 5.1 is getting very close and we are expecting a beta release soon; at that time I believe they are trying to release version 5.x of the ADNM which will support avast 5.x.

[Jack 1000]

I agree,

At this point of the game, you should uninstall Avast 4.8, download a fresh copy of Avast 5.0, than register it through the program.  5.0 is much better than 4.8.  Happy Thanksgiving!

Jack

[DavidR]

That entirely depends on the circumstances I outlined in my reply, OS, if in a corporate system controlled by ADNM, then it may not be possible at the moment.

[Probzzie]

I believe that if Avast's current work in progress was 4.8 this would have been identified however like on all security software indicates when updates of Database or program should be updated.

[newkid215]

Thank you guys for all the valuable inputs.
We have two years licence when we got the 4.8, expire mid of next year.

Not sure how the liciencing works if we upgrade form 4.8 to 5.0 now?
Might have to contact sales.

Have a great day or week-end. 

[DavidR]

You're welcome.

You can upgrade to avast 5 at no cost and the balance of your existing license will be still be current.

Whilst the old licence can't be used directly or input into avast 5.0, if avast 5 pro is installed over avast 4.8 pro, it will retain the license information, uninstall avast 4.8 and install avast 5 all in the one action.

If you choose to do a clean reinstall of avast 5 pro, you can convert your old license.
- avast! 5 Pro license convert from 4.8 Pro license. Try http://www.avast.com/resend-license.php now, fill in the form giving your email and 4.8 Pro License key and they will send the new license file to you (presumably it will check you have a legit 4.8 Pro license first).