system
March 15, 2014, 7:34pm
1
I noticed that in 2014 avast this old threat is not detected
i send sample 2 times through avast
md5:
ec71b979f8e2283c1f045eea422c44df
it seems that the signatures are not being verified in both signatures packages to make sure there all working correctly i have noticed this problem in 2014 avast signatures with other samples
i am very concerned that there is many more known threats that have this detection issue
if you need sample let me know
thank you
Eddy
March 15, 2014, 8:18pm
2
A MD5 is not a signature.
It is a checksum.
If something is detected or not depends more on the vps than on the avast version.
2014? What exact version?
Pondus
March 15, 2014, 8:55pm
3
Virustotal
https://www.virustotal.com/en/file/628f3906ccfa4ede0ac6466bdef8e8a79f53ae9e26b165ab2f0c1569c5ede2c9/analysis/
Maybe it is not seen in the wild anymore and removed First submission 2008-08-11 15:13:05 UTC ( 5 years, 7 months ago )
system
March 15, 2014, 11:16pm
4
using version 2014.9.0.2008
it detected in virustotal that uses older signature package and version but not in 2014.9.0.2008 signature package
both signature packages should have same threat signatures
By the way, Virustotal is running Avast 8.0.1489.
Eddy
March 16, 2014, 9:56am
6
Latest avast version is 2014.9.0.2015 (beta)
Pondus
March 16, 2014, 10:23am
7
both signature packages should have same threat signatures
Why?
http://www.avast.com/download-update
Hi Pondus,
Is this it? htxp://vxheaven.org/vl.php?dir=Trojan-Ransom.Win32.Gpcode
polonus
system
March 16, 2014, 7:53pm
9
can you check if detection has been removed or is messed up
if a threat is not in the wild then a generic signatures should be made to cover it and variants
it should never be removed
hope you understand
Pondus
March 16, 2014, 7:57pm
10
can you check if detection has been removed or is messed up
if a threat is not in the wild then a generic signatures should be made to cover it and variants
[b]it should never be removed
hope you understand[/b]
There is nothing we can do exept trust that the guys working in avast lab know what they are doing…they play with malware 24/7
system
March 16, 2014, 8:02pm
11
dear Pondus
i need you guys to contact avast lab and let them check this out
and reply
thank you
Eddy
March 16, 2014, 8:12pm
12
Hmm, why should we do that?
Contact them yourself.
It is not hard to do.
Mail: virus@avast.com
Milos
March 17, 2014, 8:29am
14
Hello,
it’s detected. Some old detection were in v9 moved to cloud and are tested only when the file is executed.
Milos