Christmas trojan NOT detected by avast!

Christmas trojan NOT detected by avast! :‘( :’(
www(dot)codecsnet(dot)biz / setup.exe

http://img205.imageshack.us/img205/1162/christmasmalwaread6.png

http://img204.imageshack.us/img204/5740/christmasmalware2jo4.png

Did you sent a sample to virus@avast.com ? Zip it with a pass word, include the password in the body of the email, along with any other info you can think of. You can also send it from the chest.

Hello avast team,

please make a sticky thread how to send a sample virus like oldmans post.
Every day the same answer is posted here.

thanks

Good suggestion!

Also how you handle a false positive would be nice to have in a sticky.

Just for your information:

# 31.12.2006 - 0666-1

Win32:Agent-EAK [Trj]

Sample was added yesterday.

yesterday morning i had the same file in my pc,i submitted it to http://virusscan.jotti.org/ and when i saw that its a trojan and avast didn’t detect it,i sent it to virus@avast.com for investigation…they are really fast…yesterday night they released the update with this trojan…good work ALWIL!!! :smiley:

no they’re not fast because this trojan is well known since before christmas (december 25) but avast added it on december 31 :cry:
Too late!

Better late then never! :wink:

One thing to note when using VirusTotal they don’t seem to have the latest VPS loaded.

This is becoming more and more common when a user detects a virus and uses VT to confirm only to find that avast doesn’t detect it. This would appear to be because of auto updates the users VPS is fully up to date, however, with a live on-line system VT can’t update as frequently.

How often they do update signature files isn’t available to us mortals, nor is the signature file version they are using displayed, just the AV version.

Plus, these scan services are using specially modified versions of scanners which tend to miss stuff that end user products actually detect (like Home Edition). That especially applies to Jotti and sometimes also to VT.

wrote a mail to virustotal:

Hello virustotal-team,

i notice, that there are a big difference between the update cycle
of every Antivirus scanner.

I scanned a file on 01.01.2007, 15:55:57 (CET) and I see
the scan engine last updated from 12.18.2006 (Sunbelt) till 01.01.2007

The Avast Team (antivirus producer) suggested to a more detailed output
(exactly version of the signature file like in avast 0666-1), because
some virus scanner update more than once a day):
http://forum.avast.com/index.php?topic=25722.0 (posting from “DavidR”)

I hope you can improve your service.

Thanks

Answer:

All scanners are checked for updates each 5 minutes. The Sunbelt case is
a problem we’re discussing with them. The Avast one is another problem
we’re trying to solve as soon as possible, and it is due some special
configuration of the update resources we use.

good work… :slight_smile: this suggestion isn’t maden by avast team though but by an advanced user of avast :wink: this is a forum for users of avast…

It is good that you have taken the time to contact VirusTotal and the fact that they confirm that effectively they don’t always have the latest version of the VPS, at least clears up what I suspected.

However, I would like to point out that I am just an avast user like yourself and not a member of the avast Team.