Hi to everyone.
I’ve found a trojan that is not detected by avast.
(tbh, in the last 2 days I’ve found 4 or 5 of them)
I know that they are trojans because they try to modify some files in the windows folder and in the system32 folder (adding some .exe too) and they try to modify the registry entries in the “Current Version/Services”, “Current Version/Run” and “Shell”.
(It shouldn’t do anything of that, it is supposed to be a freeware MP3 player that may run on a flashpen without any installation).
I’ve been able to avoid them because I use a good firewall with an addition that monitors all attempts at modifying the register and the system folders (and I keep it running in “Paranoid Mode”).
I’ve deleted the first 3 or 4, but kept the last one since I tought maybe I could send it to your devs, so that maybe they can add it to the virus database so that it can be recognized by avast.
I’m not posting it on the forums to avoid spreading it, but if you point me a way to submit the file to the avast developers and they want to receive it for antivirus improvement, I’ll be willing to send it to them.
Thanks.
(Sorry for any mistake, English is not my main language).
EDIT:
I’ve just tried an online checker, called “Virus Total” (It was suggested in another thread on this forum).
The result is here: http://www.virustotal.com/it/analisis/c03b5e51898a43616cf8ab598abd1921
It is recognized as a backdoor, because it is packed with the “Armadillo packer” (the most used packer, favored by the lamest trojan developers to make their stupid files undetectable from antiviruses)