70% of other AV's say file is dirty, not Avast?

Anywhere one searches for reviews about this product, SUPER (or those mirror sites) has/have the worst reputation for including Trojans, malware and the like. The product originates from eRightSoft and apparently while a good product, mirror sites are adulterating it like crazy.

Anyway I’m surprised to find Avast’s latest free AV failing to identify what is clearly a very old and well known dirty file.

In that I’m using free Avast again, and I don’t have that much confidence in anything free, etc., I still think the community should know Avast isn’t all that great (not poor, just not that great).

Anyway, readers should be aware that there is a top notch file scanning website, which scans any given submitted file immediately.

Just pop on over to their site and in two clicks and 10 seconds later, a list is produced showing scan results from all AV providers, Avast included.

The website is…

https://www.virustotal.com/#/home/upload

Luckily I remembered TotalAV (after scanning first with Avast Free and was prompted ‘success’ and when I drilled the breadboard for history, there it indicated nothing found, ref. SUPERsetup.exe

Here’s the TotalAV’s list of AV’s that caught the bugger…

Ad-Aware
Gen:Variant.Application.Bundler.182

AegisLab
Gen.Variant.Application!c

Arcabit
Trojan.Application.Bundler.182

BitDefender
Gen:Variant.Application.Bundler.182

eGambit
Unsafe.AI_Score_92%

eScan
Gen:Variant.Application.Bundler.182

F-Secure
Gen:Variant.Application.Bundler

GData
Gen:Variant.Application.Bundler.182

Yet Avast and the rest of the others say it’s clean (roughly 70% say its dirty).

I’d submit the file to Avast, but I don’t think they’ll afford Free users that courtesy. Nor likely they’d update the knowledge Data base anytime soon.

Best regards and ‘happ-ier-e-trails’ to all,

uuguru

Anyway I'm surprised to find Avast's latest free AV failing to identify what is clearly a very old and well known dirty file.
Very old may be the key word here ....

Anyway detected as “bundler” mean it comes bundled with some extra crapware like ads, toolbar …

Here's the [b]TotalAV's[/b] list of AV's that caught the bugger...
The name is VirusTotal ...

Always post link to scan result, lots of vital info is missing if you don’t

Is PUP detection enabled in Avast…!?

Yes it was as I assure every scan always includes PUPs as I care less about how long a scan takes, the longer the better in my book. But thanks for asking, never hurts to remind Users 'if they expect full results, go the full route. of new notes, I ran across yet another dirty GOM Playayer file, again same Avast results (supposedly clean).

Please kindly consider the following request regarding my initial post, for it really needs re-titled and moreover the post’s body totally replaced.

My post’s body should/might well have been seen as…

Out of 58 AV companies, as few as one or even none may correctly scan an .exe.

Hi everybody,

Here’s a tip we all need to share, maybe even pin it somewhere.

1/23/2018, ref. continued uuguru ‘house cleaning’, note following cut-pasted virustotal.com scan results for submitted (GOMPLAYERGLOBALSETUP.EXE v1.0.3751 w-my approx. download date being 2011), Avast’s Community Forum posted results include submitted scr-shot of virustotal.com’s webpage regarding the scan completion, ref. URL…

https://www.virustotal.com/#/file/a5a4ea2b1b8c83ddbebcf601aa2da84c5bedeb16a1495b9ecbd125bdd62da85a/detection

This listed, just now scanned, detected Virus listed below. and while it dates back to Jul 6, 2011, reportedly then firstin the wild.

Note, in as much as back then, I was in the habit of checking various websites like CNET, etc, for updated freeware version of GOM Player, usually only updating them when my then current one went ‘south’ or began showing signs of corruption and fortunately never used this executable, but only now ran across it when 'house cleaning the EHD.

My today’s Web search on Virustotal’s dirty detected file, finds…

Bloodhound.MalPE was/is the latest Trojan infection to be causing all sorts of chaos on the net. Specifically, Bloodhound.MalPE is a detection which may be triggered when malware is packed in a particular way to avoid detection. The majority of the malware seen obfuscated in this way have been Trojan password stealers.

Some Trojan password stealers may be capable of modifying registry data to execute a dropped copy of the Trojan at each Windows start.

The following symptoms are commonly known to be related to this parasite, Bloodhound.MalPE:

  • Browser and search engine hijacked by malicious web sites
  • Incapability to alter desktop wallpaper, unable to delete strange desktop icons
  • Bloodhound.MalPE re-creates itself after been eliminated manually, exceptionally complicated to get rid of
  • Corrupt or missing registry keys, dlls and system files produce "Blue Screen"
  • Slow pc, long startup and re boot with windows screen freeze
  • Pop-up blocker unable close pop-up windows, overflowed Computer with disturbing porn pop-up messages

Characteristics of Bloodhound.MalPE are as follows:

  • Monitors registry records, captures surfing history and Windows activity to create matching pop ups
  • Logs active security software, deactivates antivirus and firewall programs and forwards private information to outlying sites
  • Bloodhound.MalPE installs itself into system and downloads malicious Trojan and adware bundles via security leaks.
  • Enables an In Process Object/Server - Common with DLL Injections
  • The Process is packed and/or encrypted using a software packing process
  • Creation and Registration of a Browser Helper Object in Internet Explorer
  • Registers a Dynamic Link Library (DLL) File
  • The Process is polymorphic and can change its structure
  • Found on infected systems and resists interrogation by security products

That as still posted (from July 2011) at…

http://www.pcthreat.com/parasitebyid-9485en.html

<cut-pasted virustotal’s scan results>

1 / 58 <one of 58 AV companies>
One engine detected this file

SHA-256
a5a4ea2b1b8c83ddbebcf601aa2da84c5bedeb16a1495b9ecbd125bdd62da85a

File name
GOMPLAYERGLOBALSETUP.EXE

File size
27.73 MB

Last analysis
2018-01-23 13:23:35 UTC

Detection Details Community

Symantec
Bloodhound.MalPE

Ad-Aware
Clean

AegisLab
Clean

AhnLab-V3
Clean

ALYac
Clean

Antiy-AVL
Clean

Arcabit
Clean

Avast
Clean

Avast Mobile Security
Clean

AVG
Clean

Avira
Clean

AVware
Clean

Baidu
Clean

BitDefender
Clean

Bkav
Clean

CAT-QuickHeal
Clean

ClamAV
Clean

CMC
Clean

Comodo
Clean

Cyren
Clean

DrWeb
Clean

Emsisoft
Clean

eScan
May differ from commercial off-the-shelf product. The company decides the particular settings with which the engine should run in VirusTotal.
Clean

ESET-NOD32
Clean

F-Prot
Clean

F-Secure
Clean

Fortinet
Clean

GData
Clean

Ikarus
Clean

Jiangmin
Clean

K7AntiVirus
Clean

K7GW
Clean

Kaspersky
Clean

Kingsoft
Clean

Malwarebytes
Clean

MAX
Clean

McAfee
Clean

McAfee-GW-Edition
Clean

Microsoft
Clean

NANO-Antivirus
Clean

nProtect
Clean

Panda
Clean

Qihoo-360
Clean

Rising
Clean

Sophos AV
Clean

SUPERAntiSpyware
Clean

Tencent
Clean

TheHacker
Clean

TrendMicro
Clean

TrendMicro-HouseCall
Clean

VBA32
Clean

VIPRE
Clean

ViRobot
Clean

Webroot
Clean

Yandex
Clean

Zillya
Clean

ZoneAlarm
Clean

Zoner
Clean

Alibaba
Unable to process file type

CrowdStrike Falcon
Unable to process file type

Cybereason
Unable to process file type

Cylance
Unable to process file type

eGambit
Unable to process file type

Endgame
Unable to process file type

Palo Alto Networks
Unable to process file type

SentinelOne
Unable to process file type

Sophos ML
Unable to process file type

Symantec Mobile Insight
Unable to process file type

Trustlook
Unable to process file type

Correct Bloodhound info is found at AV vendors website, in this case Symantec

Bloodhound.MalPE >> https://www.symantec.com/security_response/writeup.jsp?docid=2010-061410-5559-99

The site you got the info from is a ad site for Spyhunter. Whatever malware search you do there will always be at least one with link to Spyhunter download

You can report a suspicious/malicious sample (File/Website) here: https://www.avast.com/report-malicious-file.php

Thank you for the replies. Kudo’s for jumping on me for what the posts may impart.

‘Spyhunter’, huh. Figures. Thanks for that intel.

I did poke around before posting here (as now days, you better not trust everything you see or hear) and I had/have taken that with a grain of salt, but if website advertises or claims incorrectly that any particular software’s ‘dirty’, I’m fairly certain they’ll be called on it.

Anyway, I see “virustotal.com” as legitimately and/or correctly posting reports by ‘all’ AV companies, and I’m learning that if only one of the dozens of companies reports malware or worse, I’ll check elsewhere, even submit the file to a lab in necessary.

Thanks again, I hope I didn’t ruffle anyone’s feathers, but I’m fairly sure most reader’s or User’s don’t know at ‘second opinion’ company that I find a saving grace.

Best regards and happ-e-trails to all,

uuguru