Avast don't detect specific VIRUS

Avast don’t detect specific this VIRUS: http://www.datafilehost.com/download-fe81ed87.html password for rar: virus
I don’t know maybe its part of virus.
but its for sure the VIRUS run in background 2 processes of internet explorer for 2 weeks.
I only want just you to know, after this miss I no longer use Avast, now use Avira.

lol
and I not from Afghanistan.
I just pick this, I don’t know its will be on forum.

Downloaded the file, sent it to VirusTotal, here’s the analysis. Virustotal.

This one is real. Don’t run it, unless you are geared up to do that.

The file name is “ctfmon_lr.exe”. Surprisingly, Gdata detects as trojan generic. MBAM detects it as a Trojan Generic.
Not really prepared to run it to see what it does, sorry, but I am about to email it to Avast.

Thanks to the OP for advising of this.
If you are able to say what computer behaviour or symptoms of infection resulted from having this, and where you got it, that would be good.

it’s really worrying that avast doesn’t detect this. even no-name antiviruses detect this, according to virustotal.

I’ll post back here when it does. (Won’t be watching 24/7, though. :wink: Work calls. And sleep. And other stuff…)
What surprises me is that Gdata (apparently) detects it, but Avast (which I thought included the Gdata engine) does not. Yet.

The detection, this time, is due to the other part of GData, i.e., BitDefender :wink:
Hope they improve detection soon.

Thanks for that info, Tech.
Didn’t realise that Gdata also used BD.

Yes very large number of hits on VT, http://www.virustotal.com/analisis/9c001a6d12675d5fdc0c323980da8cc6cadf2b9fd1bef2460a3d06597f3c936a-1245169430, notably not avast. Though many of these are mentioning crypt in the malware name, could be that they are just alerting on a specific encryption method.

Today I check it in VirusTotal
The virus still undetectable? ???
or VirusTotal not updated?

Yes. Avast is still not detecting this one.
Taking a while, isn’t it?
Might try submitting it again, if someone from the Alwil team reads and recommend this.

I have submitted it again.

Am anxiously following this thread, hoping to see a resolution to this problem, as I have installed Avast! on a number of friend’s computers, as well as my own…would sure like to hear that Avast! is now detecting this virus…Lori

Well it could be your updates. Well also i think the avast team should take note ot the process “dllview” that runs in the background. Its descibd as ““dllview controller””. Win32:Sality i think or something but its suspicious.

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

If you can’t get rid of it, then read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Avira
  2. Kaspersky
  3. BitDefender
  4. F-Secure
  5. Dr. Web

Still not detected- I have it sitting on my desktop. (Ubuntu- no worries :wink: )

avast! still sucks on adding submitted viruses- it can take months/years/never happen.

Compare Avira which has a web submission page and automatic reply within 24 hours to tell you if it’s malware or not.

The least avast! could do is check out files submitted to the forum to avoid embarrassing threads like his one!

My submissions always include the forum link (if applicable) and also the VT results when I have checked it against VT. So there is absolutely no excuse for it not being analysed and included in a reasonable time frame. Not to mention I include my email address which by now I would have though would be on some filter.

We always ask for a better submission process. We always ask for a privileged channel for forum users.

Quite disappointing.
Bit of a let down, really.
I’ve just re-submitted it.

LOL even if you reanalyze the file in virus total there are some antivirus that dont detect it anymore like NOD32 and kapersky, it appears they remove the detection accidentally

Its just glitch in Virustotal.
On fully updated NOD32 and Kaspersky trial versions they detect the virus.