F-Secure appears to decrypt avast! Chest files

D:\anze\programi\avast\DATA\chest\00000004 IM-Worm.Win32.Bropia.g

D:\anze\programi\avast\DATA\chest\00000005 Trojan-Dropper.Win32.180Solutions.a

D:\anze\programi\avast\DATA\chest\00000006 Trojan-Downloader.Win32.Dyfuca.gen

D:\anze\programi\avast\DATA\chest\00000009 Trojan-Downloader.Win32.Dyfuca.gen

D:\anze\programi\avast\DATA\chest\0000000A Trojan-Dropper.Win32.180Solutions.a

D:\anze\programi\avast\DATA\chest\0000000E Trojan-Downloader.Win32.IstBar.gn

D:\anze\programi\avast\DATA\chest\0000000F Trojan-Downloader.Win32.IstBar.gn

D:\anze\programi\avast\DATA\chest\00000010 Trojan-Dropper.Win32.180Solutions.a

D:\anze\programi\avast\DATA\chest\00000011 Trojan-Downloader.Win32.IstBar.gn

D:\anze\programi\avast\DATA\chest\00000012 Trojan-Downloader.Win32.IstBar.gn

This is the part of some message submited by some user from my local forum.
After investigating a bit he said these were detected by F-Secure.
I’m not exactly sure if it was a standalone AV or online scanner,but i can check that.
Just to notify you about this somehow critical issue.

EDIT:
After some checking F-Prot and Kaspersky appear to do the same thing.
Here is the proof:

http://img119.exs.cx/img119/3229/cryptissue3su.png

The sample used on Jotti is the same as marked above in quote.

These files were moved to Chest by avast! 4.5, right?
avast! 4.6 uses better scrambling, so it shouldn’t happen.

To me it seems that F-secure and Kaspersky only see the ‘virus string’ in that file.
Has nothing to do with ‘decrypting’

Hm,i’ll check that (version info).

He is using version 4.6 for a long time. Hm ???

I guess it cannot be for that long :wink:
The question is, when was the file moved to chest?

So avast! doesn’t “re-crypt” the files on such update?

No, it’s not re-scrambled.
Well, until today, there was only one such update (4.5->4.6), so hopefully it’ll last some time :wink: