Re: Bit worried about avast

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
On Wed, 29 Jul 2009 23:45:33 -0700 (PDT), Greegor

Quoted text here. Click to load it
    I also scan from linux using f-prot. Wow.
    I also have superantispyware, spybot and ad-aware, (which I
consider a useless piece of S&^%&^% but can't be bothered to uninstall
:) .
     All as on-demand. So call me a nutcase.
Quoted text here. Click to load it
    Yes, sure. The virus was sent via the avast "send suspected
virus" option. I sent it twice, since the first time nothing happened
vs the virus detection. I also wrote a little note on how the malware
propagated.
     Here is how, in the avast help file :
quote
//
    Email to ALWIL Software. The selected file will be sent (by
e-mail) to ALWIL Software. You should use this option in special cases
only - e.g. if you suspect avast! of a false alarm. Do not forget to
attach as much information as possible - the reason you are sending
the file, the version of your virus database, etc. Doing so will
improve the service to you - the customers.
Any operation can be performed in three ways: select the file and
choose the operation from the toolbar by clicking the corresponding
icon, or select the object and choose the action from the main menu,
or right click the file and select the action from the popup menu.
//
endquote

    Proof ? Here is the logfile: (an xml from the chest folder)
    <ChestEntry>
        <ChestId>00000010</ChestId>
        <FileTime>1246662994</FileTime>
        <OrigFileName>qpqdcj.exe.zip</OrigFileName>
        <OrigFolder>C:\Documents and
Settings\nemesis\Desktop</OrigFolder>
        <Comment>As qpqdcj.exe on pendrives. Your antivirus
did not detect it. The whole town here is full of it.</Comment>
        <Category>User</Category>
        <TransferTime>1246663232</TransferTime>
        <FileSize>434478</FileSize>
    </ChestEntry>

    A Screenshot of avast detecting clamav on-demand scanner
update as a trojan was sent to virus@asw.cz, since I suspected no-one
was paying much attention to the standard virus sender.
    I did not get a reply.

    I ALSO sent the sample to AVG, virus@avg.com,on 5th July and
promptly got a reply:
Subject: Re: G#0904025411 - Pendrive virus. You don't detect by
virustotal (this morning)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding
X-Mailer: Genesys E-Mail 7.5.000.15

Dear Sir/Madam,

thank you for your email.

Please let us inform you that the file attached to your previous
e-mail was really infected. The detection will be available within one
of the next AVG virus definitions updates.

Thank you for your cooperation.

     Best regards,

     Tomas Roubal
     AVG Technical Support
.........................

    BTW, I know that grisoft is not avast. AVG came out with the
update two days after. I'm still waiting for avast.
http://www.virustotal.com/analisis/113d583ebd75564c12117ccf0e2b0f20273e6610f26b0c274e7117f8c7a1e8cf-1247281853
http://www.virustotal.com/analisis/af13e8a6b2aacea266e1c6899ada6fdd318e0259b63be4e9d4287200797f6f7e-1248630299
(same virus, different names depending on where it is).    
    Lets just consider the thread closed.
    []'s



    

Re: Bit worried about avast


| On Wed, 29 Jul 2009 23:45:33 -0700 (PDT), Greegor

Quoted text here. Click to load it

| I also scan from linux using f-prot. Wow.
| I also have superantispyware, spybot and ad-aware, (which I
| consider a useless piece of S&^%&^% but can't be bothered to uninstall
::) .
| All as on-demand. So call me a nutcase.

Quoted text here. Click to load it

| Yes, sure. The virus was sent via the avast "send suspected
| virus" option. I sent it twice, since the first time nothing happened
| vs the virus detection. I also wrote a little note on how the malware
| propagated.
| Here is how, in the avast help file :
| quote
| //
| Email to ALWIL Software. The selected file will be sent (by
| e-mail) to ALWIL Software. You should use this option in special cases
| only - e.g. if you suspect avast! of a false alarm. Do not forget to
| attach as much information as possible - the reason you are sending
| the file, the version of your virus database, etc. Doing so will
| improve the service to you - the customers.
| Any operation can be performed in three ways: select the file and
| choose the operation from the toolbar by clicking the corresponding
| icon, or select the object and choose the action from the main menu,
| or right click the file and select the action from the popup menu.
| //
| endquote

| Proof ? Here is the logfile: (an xml from the chest folder)
| <ChestEntry>
| <ChestId>00000010</ChestId>
| <FileTime>1246662994</FileTime>
| <OrigFileName>qpqdcj.exe.zip</OrigFileName>
| <OrigFolder>C:\Documents and
| Settings\nemesis\Desktop</OrigFolder>
| <Comment>As qpqdcj.exe on pendrives. Your antivirus
| did not detect it. The whole town here is full of it.</Comment>
| <Category>User</Category>
| <TransferTime>1246663232</TransferTime>
| <FileSize>434478</FileSize>
| </ChestEntry>

| A Screenshot of avast detecting clamav on-demand scanner
| update as a trojan was sent to virus@asw.cz, since I suspected no-one
| was paying much attention to the standard virus sender.
| I did not get a reply.

| I ALSO sent the sample to AVG, virus@avg.com,on 5th July and
| promptly got a reply:
| Subject: Re: G#0904025411 - Pendrive virus. You don't detect by
| virustotal (this morning)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=utf-8
| Content-Transfer-Encoding
| X-Mailer: Genesys E-Mail 7.5.000.15

| Dear Sir/Madam,

| thank you for your email.

| Please let us inform you that the file attached to your previous
| e-mail was really infected. The detection will be available within one
| of the next AVG virus definitions updates.

| Thank you for your cooperation.

|      Best regards,

|      Tomas Roubal
|      AVG Technical Support
| .........................

| BTW, I know that grisoft is not avast. AVG came out with the
| update two days after. I'm still waiting for avast.
| http://www.virustotal.com/analisis /
| 113d583ebd75564c12117ccf0e2b0f20273e6610f26b0c274e7117f8c7a1e8cf-1247281853
| http://www.virustotal.com/analisis /
| af13e8a6b2aacea266e1c6899ada6fdd318e0259b63be4e9d4287200797f6f7e-1248630299
| (same virus, different names depending on where it is).
| Lets just consider the thread closed.
| []'s


Avast had a False Positive declaraion of VBS:Zulu on some Microsoft web pages.
It took 2 months for Avast to correct that False Positive declaration which is
one reason
I am not an advocate of Alwil Avast.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline