I sent a file Virus Sample(SICHOST.exe) or suspicious file submitted for analysis to virus@avast.com many times.
Sent time : 2009/12/24

but today 2010/01/21

http://www.virscan.org and http://www.virustotal.com
report scan on web many program can detect it.
Why your product antivirus can not detect it?
A virus not detected by your product.

VirSCAN.org Scanned Report :
Scanned time : 2010/01/21 16:32:23 (ICT)
Scanner results: 65% Scanner(s) (24/37) found malware!
File Name : SICHOST.exe
File Size : 762225 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : cf64069958fa08e72fef09ec52d31743
SHA1 : fcd0dd670a4043551346a6975f8325f3eab87b46
Online report : http://virscan.org/report/5c9a0f36c4cf31f9ea14b0fa1e7b032b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100121063125 2010-01-21 4.22 Worm.Win32.AutoIt!IK
AhnLab V3 2010.01.21.05 2010.01.21 2010-01-21 1.56 Win-Trojan/StartPage.762225
AntiVir 8.2.1.146 7.10.3.31 2010-01-21 0.49 DR/Autoit.RU.1
Antiy 2.0.18 20100120.3726318 2010-01-20 0.02 -
Arcavir 2009 201001210711 2010-01-21 0.10 -
Authentium 5.1.1 201001210013 2010-01-21 1.25 W32/Worm.NLG (Exact)
AVAST! 4.7.4 100121-0 2010-01-21 0.07 -
AVG 8.5.720 271.1.1/2635 2010-01-21 1.46 -
BitDefender 7.81008.4878579 7.29986 2010-01-21 4.23 Gen:Trojan.Heur.AutoIT.Uq3@bqmm3lci
CA (VET) 35.1.0 7249 2010-01-20 7.80 Win32/Yahlover.LV worm.
ClamAV 0.95.2 10319 2010-01-21 0.15 Trojan.Autoit.gen
Comodo 3.13.579 3409 2010-01-21 1.00 Heur.Suspicious
CP Secure 1.3.0.5 2010.01.21 2010-01-21 0.11 -
Dr.Web 4.44.0.9170 0004.00.00 0004-00-00 8.67 Win32.HLLW.Autoruner.12279
F-Prot 4.4.4.56 20100120 2010-01-20 1.25 W32/Worm.NLG (exact)
F-Secure 7.02.73807 2010.01.21.06 2010-01-21 0.19 Worm.Win32.AutoIt.ru [AVP]
Fortinet 11.399- 11.399 2010-01-20 0.20 W32/YahLover.A!worm
GData 19.10062/19.689 20100121 2010-01-21 5.79 -
ViRobot 20100120 2010.01.20 2010-01-20 0.41 -
Ikarus T3.1.01.80 2010.01.21.75009 2010-01-21 4.44 Worm.Win32.AutoIt
JiangMin 13.0.900 2010.01.21 2010-01-21 4.75 -
Kaspersky 5.5.10 2010.01.21 2010-01-21 0.13 Worm.Win32.AutoIt.ru
KingSoft 2009.2.5.15 2010.1.21.13 2010-01-21 0.55 -
McAfee 5.3.00 5867 2010-01-20 3.38 W32/YahLover.worm!a
Microsoft 1.5302 2010.01.21 2010-01-21 6.93 Worm:Win32/Sohanad.AR
Norman 6.01.09 6.01.00 2010-01-16 4.01 Sohanad.CAW
Panda 9.05.01 2010.01.20 2010-01-20 1.94 -
Trend Micro 9.120-1004 6.790.03 2010-01-20 0.14 -
Quick Heal 10.00 2010.01.21 2010-01-21 1.32 Worm.AutoIt.te
Rising 20.0 22.31.03.04 2010-01-21 0.21 Trojan.Win32.Generic.51F48C25
Sophos 3.03.0 4.49 2010-01-21 3.34 Mal/Generic-A
Sunbelt 3.9.2390.2 5629 2010-01-20 3.39 -
Symantec 1.3.0.24 20100112.005 2010-01-12 0.00 -
nProtect 20100121.02 6960083 2010-01-21 4.11 Trojan/W32.Agent.762225
The Hacker 6.5.0.8 v00158 2010-01-21 0.73 W32/AutoIt.qn
VBA32 3.12.12.1 20100119.2151 2010-01-19 2.39 Win32.Sohanad.Gen
VirusBuster 4.5.11.10 10.119.13/2028414 2010-01-21 2.77 Worm.Sohanad.BZ

http://www.virustotal.com/analisis/7eb0d8ad215b3b2385fc09fb063db063c08261fb0a1130164e6f120e0aa21ee9-1264066333
File SICHOST.exe received on 2010.01.21 09:32:13 (UTC)
Current status:finished
Result: 34/41 (82.93%)

No anti virus has 100% detection files. Avast is going to have problems too, but it’s one of the best…

You can’t just say it sucks just because it missed one file. This is why it’s reccommended to have a layered defense, install things like Malwarebytes/SuperAntiSpyware and spyware blaster or anything that won’t conflict with your anti virus

This point is not detection rate, I known anti-virus can’t get 100% detection rate.
but this point is slow response of avast team, This virus is common in Thailand and make many problem to computer user but Avast team not pay attention with this.

Hello I’m just follow this topic in somr forum.
I’m agree that the point of this topic was “the response”
However I’ve send the sample to this address too but there was no response,
I understand that’s avast team working hard to detect malware that’s raised in every minutes.
But It’s not good to let some malware and ignored virus report email.

Every user have right to report malware or PF.
Not for Like some small vendor that’s only paid customer awareness.

Note: Malware are aruond the world not just Europe, Americas and China.

Regards

Hi Ringman,

I have posted about this here: http://forum.avast.com/index.php?topic=43270.0
And have given a free removal tool for it,

polonus

Ok, these is not the unique, avast also not detect a lot of spywares. like this:

https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatId=-2147368587

the trojan was submmitted the same day to both (alwil & microsoft) and microsoft have the final analysis. What happen with Alwil Labs? the file was submmitted since 2 months.

Thanks,
So Will avast detect it in the future ?

I hope it will.

This file is already detected → please update your program. Virustotal uses old build too - it doesn’t support AutoIt unpacking.

Best Regards