Author Topic: Code emulation not working properly?  (Read 2983 times)

0 Members and 1 Guest are viewing this topic.

Offline xqrzd

  • Jr. Member
  • **
  • Posts: 62
Code emulation not working properly?
« on: May 05, 2011, 05:22:56 PM »
I have an infected file that avast did not appear to detect (I scanned it from context menu), so I added it to the virus chest to send to avast. I decided to scan it from within the virus chest, and avast found it as Sf:Kelihos [Trj]. Why did the context menu scan not find it? I have every option enabled, and the heuristics is set to max. What is most dangerous about this, the file was not picked up by either the web shield or file system shield. I checked settings for FS shield, and code emulation is enabled, so I'm not sure what is going on. I'm using avast IS 6.0.1091 on Windows 7 x64.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Code emulation not working properly?
« Reply #1 on: May 05, 2011, 05:33:49 PM »
Wasn't there a virus definitions update in between, I mean, from the file arrival and the Chest scanning?
The best things in life are free.

Offline xqrzd

  • Jr. Member
  • **
  • Posts: 62
Re: Code emulation not working properly?
« Reply #2 on: May 05, 2011, 05:35:19 PM »
No, all scanning was done with VPS 110505-0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Code emulation not working properly?
« Reply #3 on: May 05, 2011, 05:38:02 PM »
Can you submit the file to avast team within Chest and inform that?
The best things in life are free.

Offline xqrzd

  • Jr. Member
  • **
  • Posts: 62
Re: Code emulation not working properly?
« Reply #4 on: May 05, 2011, 05:42:48 PM »
I have submitted the file through the chest with the info.

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Code emulation not working properly?
« Reply #5 on: May 05, 2011, 05:44:24 PM »
Interesting what "VirusTotal" has to say about it.

Notice that according to their website Avast 5.0 identifies as a virus.

http://www.virustotal.com/file-scan/report.html?id=5f005f5d700f6706b6885efe4b264cd21979eb8b945697101473ceb7c43f53fc-1300965810
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline xqrzd

  • Jr. Member
  • **
  • Posts: 62
Re: Code emulation not working properly?
« Reply #6 on: May 05, 2011, 05:52:37 PM »
Interesting, my file is not detected by avast on VT: http://www.virustotal.com/file-scan/report.html?id=d7aab0238e0a308283f139c81b0c6b6f6d8f9ffd3cbfdc374e9d0bec7bd5c768-1304610216
For some reason, avast only detects it when scanned in virus chest.

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Code emulation not working properly?
« Reply #7 on: May 05, 2011, 06:01:25 PM »
Interesting, my file is not detected by avast on VT: http://www.virustotal.com/file-scan/report.html?id=d7aab0238e0a308283f139c81b0c6b6f6d8f9ffd3cbfdc374e9d0bec7bd5c768-1304610216
For some reason, avast only detects it when scanned in virus chest.

I agree interesting.

In comparing the two VirusTotal scan results it could be that your virus is a variant but then I would think that the Avast heuristics would Id it.
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas