avast! miss(ed) some malware. VPS updated.

Some malware detected by AVG (Free, 7.10.321, 267.9.0/50) and Ewido Security Suite (Free, 3.5, #1333) but missed by avast! (Professional, 4.6.691, 0528-6)

Registry key: HKLM\SOFTWARE\Classes\CLSID{FF8DA190-3574-11D4-8068-0060082AE372}
Malware: Spyware.BingoFun

Registry key: HKU\S-1-5-21-1417001333-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}
Malware: Spyware.NavExcel

File: \ToolbarCop 2.5.exe
Malware: Heuristic.Win32.Hijacker1

File: \MyCorkboard Screen Saver 1.00.99.exe/F0000014.DAT
Malware: TrojanDownloader.Small.Go

File: C:\WINDOWS\system32\Kaccjdmp.exe
Malware: Backdoor.Padodor.az

File: C:\WINDOWS\system32\Kaccjdmp.exe
Malware: Backdoor.Padodor.az

File: C:\WINDOWS\system32\Kaccjdmp.exe
Malware: Trojan horse BackDoor.Generic.GAX

File: C:\WINDOWS\system32\Noflpjbp.dll
Malware: Trojan horse BackDoor.Generic.GGC

File: TrojanDownloader.Agent.ho
Malware: C:\WINDOWS\system32\taras.exe

File: C:\WINDOWS\system32\sysinst54.exe
Malware: TrojanDownloader.Small.bcu

File: C:\WINDOWS\system32\sysinit32z.exe
Malware: TrojanDownloader.Small.bcv

File: C:\WINDOWS\system32\sys5622.exe
Malware: TrojanDownloader.Small.bct

File: C:\WINDOWS\system32\sys5620.exe
Malware: TrojanDownloader.Small.bct

File: C:\WINDOWS\system32\sys5350.exe
Malware: TrojanDownloader.Small.bcu

Other infected files created into C:\Documents and Settings\ … \Local Configurations\Temp
bszd5358.tmp; bszd5631.tmp; bszd7764.tmp

Samples sent to Alwil :-\

Otherwise:
False positive of Ewido: \RejZoR’s AdBlock Filter.zip/RejZoR’s AdBlock Filter/RejZoR’s AdBlock Filter.zip/RejZoR’s AdBlock Filter.txt

Sorry RejZor :cry:

Malware creates tons of infected files… avast! did not detect them (on-demand scanning did not detect too) :cry:
Files are replicant (about 2000 on different folders). In fact a terrible infection :stuck_out_tongue:
List on the attached file because it’s too big for here.

Thx for the warning Tech, notified Ewido guys and i’m now waiting for them to fix the stuff.

Tech,can you tell me the detection name of Ewido on my AdBlock filterlist?

Ewido guys said that my latest filterlist isn’t detected. Are you using the latest list or not?

For sure… Ill try again, but not know because Im leaving on a work trip.
Just to note here:

Worst of all: avast! detect nothing!
Cleaning was only possible with AVG at Safe Mode! :stuck_out_tongue:
AVG did not miss any sample and AVG did not have any false positive. Perfect in this case.

Yeah i’m also worried about avast! a bit :-\ They add submitted samples way too slow unless they are really urgent.

You’re worried? I’m terrified :o :o
After one week and nothing changed, all files (samples) sent to Alwil were not added to the VPS database! :cry: :-\ :frowning:
What’s that? Is this the normal answer time? I’m terrified, really, the samples are detected by NAV, AVG and Trojan Hunter among others…

By the way, the secure Microsoft Antispyware did not detect them at the first time… So, why losing system resources with residents that does not detect anything? :frowning:

Scanning of selected files

Program will try to scan 13 selected file(s) in the Chest

No viruses found! :stuck_out_tongue: :cry:

Just curious Tech – did you first suspect something was wrong with your computer (suspected malware) so you first scanned it with avast!, it found nothing, so then you uninstalled it and then installed AVG to see if it could detect problems?

What a nightmare! I trust it’s all sorted out for you now. 8)

@ Tech
Are you still browsing using an account with administrator privileges. If so this also gives admin privileges to the virus and allows virtually unrestricted functionality, creation/editing/deletion of files in the system folders, creating registry keys, etc.

Browsing (email, etc.) with a restricted permissions should reduce the impact of this first day/undetected virus scenario.

Security Tips & Tricks - DropMyRights

Layered defense,limited user accounts and other crap is not something that i would take as an excuse for slow adding of samples…

I was browsing. I stupid click and a Trojan was downloaded and installed. avast! can’t recognize it, does not have signatures for it. So, no provider did anything to protect me. Microsoft Antispyware failed miserably too. Firewall did not alarmed me until next boot but virus use some kind of ‘workaround’ to get access to Internet. I think the same procedure that some anti-piracy features use: they use a HTTP protocol of the browser and by-pass the firewall. I can’t understand as the firewall should alarmed me that a program was being called by other one. But, you know, this is a virus and they make it.

Less than one minute after a ‘freeze’, I’ve got a BSOD. I think this was the virus strategy to not being detected and force the user to boot.
Next boot, infection, nightmares and so on.
I’ve booted in Safe Mode and used on-line scanning. All scannings confirmed the infection, except avast!
Run AVG to send the infected files to an USB drive. Get clean. Confirmed on-line scanning
Boot. Tested the USB drive with avast! on-demand scanning. Nothing was detected. :cry:

I’m now using DropMyRights with easy… (well, right now, I’m on Linux ;D).
I hope I’ve listen your advice before… It’s doing perfectly its job: Browsing (email, etc.) with a restricted permissions should reduce the impact of this first day/undetected virus scenario..

It’s what I’m trying to say… :cry:

It is not an excuse, for slow adding of samples, rather a means of protecting people from the damage that can be done before you even get a sample to send.

There is no where in my post that I offered this up as some form of excuse, more to reduce what happened to Tech “Files are replicant (about 2000 on different folders). In fact a terrible infection” happening to others. An ounce of prevention is better than a pound of treatment.

Hi Tech,

If you have so-called “Host Intrusion Prevention System/Behavior Blocking” installed on your computer, this nightmare infection should not be happend, I think.

Behavior Blocking doesn’t rely on signature in order to stop malware but contrary, it analyzes/stops general behavior of all applications (including malware). I’ve used Behavior Blocking featured in Kerio Personal Firewall and it has saved me several time when avast! and others security apps failed to do their job.

When malware downloaded into a disk and it wants to run, Kerio blocks it and asks me. When malware wants to start or launch other apps (e.g. IE) to do something, Kerio blocks it and asks me. You have the full control over any apps (including malware) installed on you computer.

Kerio has no advaned Host Intrusion Prevention System/Behavior Blocking as Prevx but it can be last line of layered defence for you.

ZAPro now has a similar system in V6 whereby a programme has to be allowed rights to change or add to the registry, add to startup, run other programmes or change other programmes. At first run a popup appears asking to allow or deny the action. A bit annoying when you update videos drivers, install programmes or update programmes which you have restricted to running only, but a good level of protection that should stop spawning trojans - unless you have given it permission first which hopefully you wouldn’t. Any ? just ask…

Yes, I know… But PrevX cannot be used in a system with a local proxy (it is not prepared to update through a proxy, etc.)
PrevX brought a lot of problems in some systems of mine. I need a less intrusive protection software.

But what I want is that avast! has better detection… and I’m not being listened by Alwil team :cry:

ZAPro6 takes over from prevxx and as far as I know it will work through a proxy

Sure… ZA (pro and free) works very well through a proxy.
PrevX works but does not update through a local proxy :stuck_out_tongue:

Bump! :frowning:
I won’t just give up to have a better avast! I’m not complaning but I’m not joking too :cry: