Author Topic: Still undetected adware!  (Read 8654 times)

0 Members and 1 Guest are viewing this topic.

12-es_csaj

  • Guest
Still undetected adware!
« on: November 27, 2010, 03:36:01 PM »
I sent a sample via chest about three months ago, and it is still undetected.
The site is infected, too (according to NOD32 on one of my friends's PC).
The installer doesn't install Unlocker, but it installs some adwares for example Win32/Adware.ADON
I sent the installer for analysis via chest again. I hope that it will be analysed and added to the VPS.

The unsafe unlocker:
hXXp://download.chip.eu/hu/download_getfile_hu_2177140.html?s=http://dl01.chip.eu&f=/13723/unlocker_1.8.7.hu.exe&t=4cf11308&sign=b19a601f8ec723a310757a9b50e2f87d&dl_type=dl_hs&lang=hu

VirusTotal: (I had to copy the results, because VT didn't create a link):
AhnLab-V3    2010.11.28.00    2010.11.27    -
AntiVir    7.10.14.126    2010.11.27    -
Antiy-AVL    2.0.3.7    2010.11.27    -
Avast    4.8.1351.0    2010.11.27    -
Avast5    5.0.594.0    2010.11.27    -
AVG    9.0.0.851    2010.11.27    -
BitDefender    7.2    2010.11.27    Dropped:Adware.Yabector.B
CAT-QuickHeal    11.00    2010.11.27    TrojanClicker.Yabector
ClamAV    0.96.4.0    2010.11.27    -
Command    5.2.11.5    2010.11.27    -
Comodo    6867    2010.11.27    -
DrWeb    5.0.2.03300    2010.11.27    -
Emsisoft    5.0.0.50    2010.11.27    -
eSafe    7.0.17.0    2010.11.24    -
eTrust-Vet    36.1.8003    2010.11.26    -
F-Prot    4.6.2.117    2010.11.26    -
F-Secure    9.0.16160.0    2010.11.27    Dropped:Adware.Yabector.B
Fortinet    4.2.254.0    2010.11.27    Adware/Adon
GData    21    2010.11.27    Dropped:Adware.Yabector.B
Ikarus    T3.1.1.90.0    2010.11.27    AdWare.Yabector
Jiangmin    13.0.900    2010.11.27    -
K7AntiVirus    9.69.3103    2010.11.27    -
Kaspersky    7.0.0.125    2010.11.27    -
McAfee    5.400.0.1158    2010.11.27    -
McAfee-GW-Edition    2010.1C    2010.11.27    -
Microsoft    1.6402    2010.11.27    TrojanClicker:Win32/Yabector.gen
NOD32    5652    2010.11.26    Win32/Adware.ADON
Norman    6.06.10    2010.11.27    -
nProtect    2010-11-27.01    2010.11.27    -
Panda    10.0.2.7    2010.11.27    -
PCTools    7.0.3.5    2010.11.27    -
Prevx    3.0    2010.11.27    -
Rising    22.75.04.00    2010.11.27    Trojan.Win32.Generic.5207F89D
Sophos    4.60.0    2010.11.27    -
SUPERAntiSpyware    4.40.0.1006    2010.11.27    -
Symantec    20101.2.0.161    2010.11.27    -
TheHacker    6.7.0.1.092    2010.11.27    -
TrendMicro    9.120.0.1004    2010.11.27    -
TrendMicro-HouseCall    9.120.0.1004    2010.11.27    -
VBA32    3.12.14.2    2010.11.26    -
VIPRE    7426    2010.11.27    -
ViRobot    2010.11.19.4158    2010.11.27    -
VirusBuster    13.6.62.0    2010.11.26    TrojanCL.Yabector.Gen

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37478
  • Not a avast user
Re: Still undetected adware!
« Reply #1 on: November 27, 2010, 07:35:35 PM »
Sample sendt avast! and Malwarebytes    ;)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Still undetected adware!
« Reply #2 on: November 27, 2010, 08:02:16 PM »
I sent a sample via chest about three months ago, and it is still undetected.

Does avast get it with PUP enabled..??
Please try. Thanks.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37478
  • Not a avast user
Re: Still undetected adware!
« Reply #3 on: November 27, 2010, 08:14:50 PM »
If so it should have been detected on VT......but it will not say PUP on VT ...... OBS: looks as that have changed

There was a case some weeks back with something detected on VT but not in the comp, until he turned on PUP....
« Last Edit: November 28, 2010, 01:51:15 AM by Pondus »

12-es_csaj

  • Guest
Re: Still undetected adware!
« Reply #4 on: November 27, 2010, 08:16:27 PM »
Does avast get it with PUP enabled..??
Please try. Thanks.

I set my avast! File System Shield to 'paranoid' mode: heuristics is on high and PUP-checking is enabled.
I set the Web-Shield heuristics high, but PUP-checking is disabled because I fear of false site-blocking.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Still undetected adware!
« Reply #5 on: November 27, 2010, 08:23:20 PM »
I set my avast! File System Shield to 'paranoid' mode: heuristics is on high and PUP-checking is enabled.
I set the Web-Shield heuristics high, but PUP-checking is disabled because I fear of false site-blocking.

Usually the chip-sites are safe and most of the VT results are Adware related...
So what should we do about it, folks..??
asyn
« Last Edit: November 27, 2010, 08:26:33 PM by Asyn »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

12-es_csaj

  • Guest
Re: Still undetected adware!
« Reply #6 on: November 27, 2010, 08:35:44 PM »
I set my avast! File System Shield to 'paranoid' mode: heuristics is on high and PUP-checking is enabled.
I set the Web-Shield heuristics high, but PUP-checking is disabled because I fear of false site-blocking.

Usually the chip-sites are safe and most of the VT results are Adware related...
So what should we do about it, folks..??
asyn


I read on a forum that Win32/Adware.ADON is not only a bit harmful!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Still undetected adware!
« Reply #7 on: November 27, 2010, 08:43:34 PM »
...is not only a bit harmful!

Sorry, what do you mean by this..?
That it is harmful or not..??
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

12-es_csaj

  • Guest
Re: Still undetected adware!
« Reply #8 on: November 27, 2010, 08:51:56 PM »
Sorry, what do you mean by this..?
That it is harmful or not..??
asyn


Not the most dangerous, but harmful.  ;D
(Sorry, my English is horrible, so I can't say it in a better way)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Still undetected adware!
« Reply #9 on: November 27, 2010, 09:02:41 PM »
1. Not the most dangerous, but harmful.  ;D
2. (Sorry, my English is horrible, so I can't say it in a better way)

1. I see. As it seems to be Adware, it's up to you, if you install it or not. I wouldn't. ;)
2. No problem, I ask if I don't understand you... Btw, we can also talk German, if you feel better with it, my Hungarian isn't that good, though. ;D
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

12-es_csaj

  • Guest
Re: Still undetected adware!
« Reply #10 on: November 27, 2010, 09:14:18 PM »
1. I see. As it seems to be Adware, it's up to you, if you install it or not. I wouldn't. ;)

2. No problem, I ask if I don't understand you... Btw, we can also talk German, if you feel better with it, my Hungarian isn't that good, though. ;D
asyn


1. But... I sent it to avast! few months ago... When I say that it tooks a long time to detect a new sample, and if somebody sent a trojan/adware/whatever it will be on the VPS " in 100 years", I refer to situations like this. And the problem is: I see lots of situations like this!

2. Thank you, but my German is horrible! I've learnt German for 4 years, but I know NOTHING. I'm not so good at it.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37478
  • Not a avast user
Re: Still undetected adware!
« Reply #11 on: November 28, 2010, 02:04:49 PM »
Norman analysis say unlocker_1.8.7.hu.exe : Clean!

Malwarebytes have not added detection



Avira

Quote
File ID    Filename   Size (Byte)   Result
4177851    unlocker_1.8.7.hu.exe    237.5 KB    KNOWN CLEAN

Please find a detailed report concerning each individual sample below: Filename   Result
 unlocker_1.8.7.hu.exe    KNOWN CLEAN

The file 'unlocker_1.8.7.hu.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Unlocker 1.8.7 '.
« Last Edit: November 28, 2010, 02:09:33 PM by Pondus »

bong2x

  • Guest
Re: Still undetected adware!
« Reply #12 on: November 28, 2010, 02:26:50 PM »
Quote
1. But... I sent it to avast! few months ago... When I say that it tooks a long time to detect a new sample, and if somebody sent a trojan/adware/whatever it will be on the VPS " in 100 years", I refer to situations like this. And the problem is: I see lots of situations like this!

every sample you send to virus is under investigation, you cannot just add detection in security software, need a lot of experimentation. because in a single mistakes a lot of user out there in the wild will suffer. Why when you send Sample, what percentage you are sure that it is malware/trojan? what machine you use to identify it??

OR maybe you saw only an incomplete download, and this is dangerous when it is added to detection.

Regards!!!