Author Topic: un-found virus CAUTION W/ATTACHMENT  (Read 6944 times)

0 Members and 1 Guest are viewing this topic.

tweed

  • Guest
un-found virus CAUTION W/ATTACHMENT
« on: August 31, 2004, 11:30:22 PM »
Good day all!

CAUTION!! POSSIBLE INFECTION ATTACHED!!!

A suspicius email arrived this morning with an attachment.  I viewed the source on the email and saw it had attachment "fotos.zip".  Saved the zip file to desktop and scanned it with Avast.  Avast found it to be clean.

So in the interest of testing, I copied the file to two other machine to scan.  One other has AVG, and the last is running Sophos.  AVG and Sophos BOTH see this zip file to be infected with
"Results of Complete Test, date and time 8/31/2004 14:24:58 :
Testing C:\Documents and Settings\Administrator\Desktop serial 5064-E5BA  C:\Documents and Settings\Administrator\DESKTOP\INFECTED.ZIP:\foto\foto.htm Virus found JS/IllWill

Test finished, duration 00:00:00.8 s
21 objects tested, 1 found infected

This is a 3 week old virus...why is Avast not reporting it?  My Avast version/update info follows:
ver 4.1home(4.1.418),  with def file from today (8-31-04)(0436-0)

I can point Avast RIGHT AT THE FILE, and it reports clean.

I have attached file for inspection.

Any thoughts???

Thanks!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #1 on: August 31, 2004, 11:47:21 PM »
Please send the file in a password protected zip file to virus@avast.com
Mention in the mail what you told us here (link to this thread may be usefull) and don't forget to mention the password ofcourse. I'm sure they will investigate it and if release a update of the vps if needed asap.

If you like, please run a online scan HERE and tell us the result(s)

Thank you for letting us know this. Information like this really can help make Avast only better. [Is that possible :D]
« Last Edit: August 31, 2004, 11:48:38 PM by Eddy »

softwareguy

  • Guest
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #2 on: September 01, 2004, 01:28:19 AM »
Is Alwil working with virusscan.jotti.dhs.org into getting samples and new detections?

tweed

  • Guest
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #3 on: September 01, 2004, 07:13:07 AM »


If you like, please run a online scan HERE and tell us the result(s)

Thank you for letting us know this. Information like this really can help make Avast only better. [Is that possible :D]

That scan yielded these results on zip file in question...zip file extracts into foto.html and foto1.exe.
 AntiVir    
TR/Bagle.AK.HTML, TR/Bagle.AL (2.48 seconds taken)
BitDefender    
JS.Dword.dropper, Trojan.Dropper.Small.KU (5.76 seconds taken)
ClamAV    
Trojan.JS.RunMe (11.33 seconds taken)
Dr.Web    
Exploit.CodeBase, Win32.HLLM.Beagle.9728 (11.92 seconds taken)
F-Prot Antivirus    
HTML/ObjData@exp, dropper for W32/Mitglieder.AA (1.70 seconds taken)
F-Secure Anti-Virus    
HTML/ObjData@exp, Exploit.CodeBaseExec, W32/Bagle.AK@mm, TrojanDropper.Win32.Small.kv (7.47 seconds taken)
Kaspersky Anti-Virus    
Exploit.CodeBaseExec, TrojanDropper.Win32.Small.kv (6.85 seconds taken)
Norman Virus Control    
JS/IllWill.A, W32/Bagle.AK (1.26 seconds taken

All engines found infection.  Avast still says this file is clean.  Have set max everthing in scan parameters.

Here is text from log file on Avast scan (thorough scan with archives) (I have extracted the infected file to a folder and then scanned the folder)

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Tuesday, August 31, 2004 11:16:45 PM
* VPS: 0436-0, 08/31/2004
*

Infected files: 0
Total files: 2
Total folders: 1
Total size: 13.6 k

*
* Task stopped: Tuesday, August 31, 2004 11:16:45 PM
* Run-time was 0 second(s)
*

« Last Edit: September 01, 2004, 07:18:02 AM by tweed »

Jlo

  • Guest
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #4 on: September 01, 2004, 09:03:23 AM »
Hi,

I think the file you received is a new one. It was spammed on the 31st August. I guess Avasgt have not updated there VPS yet but I am sure they will in the next few hours.

Just  check ourt http://www.f-secure.com/v-descs/bagle_ak.shtml

for more info.

Please also make sure you post the file to virus@avast.com (just in case they have not received it yet)

Cheers
Jlo


Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #5 on: September 01, 2004, 09:41:25 AM »
The update is already out... :)
If at first you don't succeed, then skydiving's not for you.

clanky

  • Guest
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #6 on: September 01, 2004, 03:15:26 PM »
I've been sent this twice, the 1st time it contained foto1.exe & the 2nd time calc.exe.   Fsecure & Symantec are not reporting the calc.exe file

Pavel Baudis

  • Guest
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #7 on: September 01, 2004, 03:57:09 PM »
Yes, the CALC.EXE is another variant. It is detected by avast! with today's update.

BTW: Another two variants were discovered several minutes ago, so please expect another update soon  ;) .

Pavel

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #8 on: September 01, 2004, 05:23:26 PM »
BTW: Another two variants were discovered several minutes ago, so please expect another update soon  ;) .
Pavel
If you mean 0436-2, it came in while I was reading this.  Nice timing.  ;)
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Jlo

  • Guest
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #9 on: September 01, 2004, 05:49:23 PM »
Hi Avast!

Thanks for the quick updates again!

Best wishes

Jlo

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:un-found virus CAUTION W/ATTACHMENT
« Reply #10 on: September 01, 2004, 07:14:54 PM »
MikeBCda
Quote
If you mean 0436-2, it came in while I was reading this.  Nice timing.
That's funny same here. I was actually reading your post when the Pop Up occurred. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet