Avast! missed too many Viruses and PUPS

BeSecure · 2015-09-21T11:38:26.000Z

I am send some unblocked virus and PUPS on 14 september and avast! still not blocked any of this.All files are 100% infected.What you do avast? >:( here some Vt links of files that i submitted to avast!. https://www.virustotal.com/en/file/e8286c7e7ac83fcd20370712c69c64d0bd677065e9044fb78ac466a71480af83/analysis/1442834216/
https://www.virustotal.com/en/file/1cb50a2cff916a8ab4973c00bcef4cac546147a0026e8931fed395584ef23583/analysis/1442835226/
https://www.virustotal.com/en/file/4cd7987e347375d8c9dfee9ae0c556206c0fd2eff2fd814874e61d10287882bf/analysis/1442835303/
https://www.virustotal.com/en/file/15c8703922a26db99b7a23a89678f5b941ee6b742ff8d353b923ee6ec7d90fd9/analysis/1442835353/
https://www.virustotal.com/en/file/66866fda2508bee1d5636f0d63a55804f74bf59745da72a7b0aa03b4383f929a/analysis/1442835414/
Note:It should blocked threats in 1 to 7 day(Max).

polonus · 2015-09-21T11:51:28.000Z

Could well be they are not listed (t)here, because Avast detects these only when in PUP-mode.
Did you scan with Avast and PUP-mode enabled?
This distinction should be made by common users to not miss detection for potential unwanted programs.
Quite some users with residential Avast-AV also have MBAM installed just for such additional detections.
PUP.Optional.BundleInstaller.A is just an example here.
Also the IPs should be alerted, like https://cymon.io/23.62.236.153 in the case of http://webcache.googleusercontent.com/search?q=cache:1Q73hW7fpqQJ:urlquery.net/report.php%3Fid%3D1441920346652+&cd=1&hl=nl&ct=clnk&gl=pl
see: https://www.virustotal.com/nl/url/2d7c2f39bb2b6474573b7ad405ac2bbbba67255a9380fc94220ff281e812f5f2/analysis/1442836132/

polonus

P.S.

Malware more often changed themselves. perpetrators changes the code with little variance and redistribute… Even new malware are generated day by day … There are no boundaries or limitation for modern malwares and virus… There are no perfect antivirus solutions… each and every antivirus/malware solution is having its own limitations and possible loopholes

(above quote with thanks to quote author = H.A.V. Aravinda on answers from microsoft)

Damian

BeSecure · 2015-09-21T11:54:46.000Z

polonus post:2:

Could well be they are not listed (t)here, because Avast detects these only when in PUP-mode.
Did you scan with Avast and PUP-mode enabled?
This distinction should be made by common users to not miss detection for potential unwanted programs.
Quite some users with residential Avast-AV also have MBAM installed just for such additional detections.
PUP.Optional.BundleInstaller.A is just an example here.
Also the IPs should be alerted, like https://cymon.io/23.62.236.153 in the case of http://webcache.googleusercontent.com/search?q=cache:1Q73hW7fpqQJ:urlquery.net/report.php%3Fid%3D1441920346652+&cd=1&hl=nl&ct=clnk&gl=pl
see: https://www.virustotal.com/nl/url/2d7c2f39bb2b6474573b7ad405ac2bbbba67255a9380fc94220ff281e812f5f2/analysis/1442836132/

polonus

Yes i test it in PUP-mode enabled.But i don’t use malwarebytes anymore. and avast! should not missed those.

polonus · 2015-09-21T12:09:43.000Z

Hi Be Secure,

Agree with you, but read my PS. Good you gave these VT scan results and be asured that Avast Team Members follow these threads.
Adding to Avast detection as a volunteer and general forum member is an honourable task and I hope Avast Team Members will take due notice.
The PUP-circus is a vast terrain to cover as the majority of so-called free programs comes at the cost of bundled PUPs, crap, adware, nagware etc. and some of these PUPs can be not only annoying but also detrimental to the health of the computer OS. We the users are the product here. Sometimes these malcreations can only be cleansed through the help of a qualified remover as we have several here.
It is part of the sorry state the Interwebs are in to-day, an almost exclusively adlaunching, tracking and monitoring marketing platform with users as “click-cattle” to generate grand revenues.

Some PUP and adware that are considered so-called acceptable are only detected by the specialized scanners, "normal"AV vendors exclude the so-called “non-malicious per se”, as I doubt sincerely whether “such an animal” really exists, that is also why I advise every user online to use a decent adblocker like uBlock origin for instance and a decent script and content blocker like uMatrix next to their residential AV solution.

Users of firefox that know how to handle NoScript and RequestPolicy add-ons are also far better protected.

polonus

BeSecure · 2015-09-21T14:22:04.000Z

Now days i use emsisoft emergency kit & bitdefender Anti-Ransomware Tool as a 2nd opinion security and uBlock origin.I am going to test uMatrix.Avast! is slow to add recent threats in avast detection.

Pondus · 2015-09-21T14:48:26.000Z

First submission 2015-09-10 21:24:29 UTC ( 1 week, 3 days ago )
https://www.virustotal.com/en/file/4cd7987e347375d8c9dfee9ae0c556206c0fd2eff2fd814874e61d10287882bf/analysis/1442835303/

CopyrightWildTangent, Inc. All rights reserved. Publisher WildTangent Inc File version 1.0.1.7 Description WTDownloader SFXStub Signature verification [b] Signed file, verified signature[/b] Signing date 8:39 PM 9/3/2015 Signers [+] WildTangent Inc [+] Thawte Code Signing CA - G2 [+] thawte Counter signers [+] Symantec Time Stamping Services Signer - G4 [+] Symantec Time Stamping Services CA - G2 [+] Thawte Timestamping CA

probably a False Positive

First submission 2009-09-02 10:37:43 UTC ( 6 years ago )
https://www.virustotal.com/en/file/15c8703922a26db99b7a23a89678f5b941ee6b742ff8d353b923ee6ec7d90fd9/analysis/1442835353/
when you scan a zip file the info will not be correct

the file inside the zip (one of 36)
First submission 2015-09-13 17:12:43 UTC ( 1 week ago )
https://www.virustotal.com/en/file/d16aec589c1b508a6d33b0e023ce8d617f74a5b7001af539a298cac3c2818042/analysis/

BeSecure · 2015-09-21T14:53:50.000Z

Pondus post:6:

First submission 2015-09-10 21:24:29 UTC ( 1 week, 3 days ago )
https://www.virustotal.com/en/file/4cd7987e347375d8c9dfee9ae0c556206c0fd2eff2fd814874e61d10287882bf/analysis/1442835303/

CopyrightWildTangent, Inc. All rights reserved. Publisher WildTangent Inc File version 1.0.1.7 Description WTDownloader SFXStub Signature verification [b] Signed file, verified signature[/b] Signing date 8:39 PM 9/3/2015 Signers [+] WildTangent Inc [+] Thawte Code Signing CA - G2 [+] thawte Counter signers [+] Symantec Time Stamping Services Signer - G4 [+] Symantec Time Stamping Services CA - G2 [+] Thawte Timestamping CA
probably a False Positive
First submission 2009-09-02 10:37:43 UTC ( 6 years ago )
https://www.virustotal.com/en/file/15c8703922a26db99b7a23a89678f5b941ee6b742ff8d353b923ee6ec7d90fd9/analysis/1442835353/
when you scan a zip file the info will not be correct

the file inside the zip (one of 36)
First submission 2015-09-13 17:12:43 UTC ( 1 week ago )
https://www.virustotal.com/en/file/d16aec589c1b508a6d33b0e023ce8d617f74a5b7001af539a298cac3c2818042/analysis/

Yes it might be a False Positive.But rest of those?

Announcements