FAKE AV not detected by avast!

rogue FAKE av not detected by avast

hxxp://macrovirus.com/

http://www.virustotal.com/analisis/d3771cf1c678e6f26003acc46eac488f779f0b80934be85aafa878d7a9ecb9b7-1257347546

Hello harman123,

can you send the setup file to virus@avast.com ? or you already did that?

thanks for helping avast improve detection.

nmb

already sent to avast and microsoft ;D

already sent to avast and microsoft
don't forget MalwareBytes.......... ;)

I think mbam detects it.

nmb

So does hpHosts:
http://hosts-file.net/?s=macrovirus.com&view=matches

Hi harman123,

Norton Safe Web detects this threat:
Virus
Threats found: 1

Name of threat: 19446
Location: hXtp://download.macrovirus.com/setup.exe

Google has not detected it yet, but DrWeb av link checkers alertsit as
infected with Trojan.Fakealert.5101 (see attached scan log)

polonus

still not detected by avast :cry:

http://virusscan.jotti.org/en/scanresult/6d7c36d81075f743966685ce5c2cc3246799cdec

http://www.virustotal.com/analisis/66747cb60b4f3587761fe27d6015220324c74d7c732b9427acb985ee00799970-1257455546

still not detected by avast

http://www.virustotal.com/analisis/d3771cf1c678e6f26003acc46eac488f779f0b80934be85aafa878d7a9ecb9b7-1257891052

I think you got a previous version of avast!, please update.

The current version is 4.8.1356.

HI Harman,

Based on this website analyzed :

http://www.mywot.com/en/scorecard/macrovirus.com

And you also could use Remove Fake AV tool which i just got referenced from nmb (avast evangelist)

Hi,
it is detected in version 5 as PUP.

Milos

Then what will be the conclusion??
In virustotal 8 out of 40 detected it!
8 detected it and 32 not detected it!
Is it a false positive then?

No, if as has been said in version 5.0 this will be detected as a PUP (potentially unwanted program), something which could be installed by the user for a purpose, it could also be installed without their knowledge (unwanted in this case). So it is down to the user who know if it is installed for a purpose or unwanted.

So since this functionality isn’t available in 4.8 my guess is it isn’t reported as infected.

Fake alerts are a bit of an anomaly in that they are;t malicious in the same way as malware as all they do is display messages, like many other programs. The message is intended to scare the user into taking an action that could well leave them properly infected. So whilst it isn’t malicious its intent is and deciding the intent is difficult when you use conventional signatures for detection. So most of these are detected by generic signature or heuristic methods.