Nasty sample submission bug

I was just filling a false positive/suspicious sample report when i came across this quite annoying bug. If you want to fill in the e-mail address for false positive submission, you can’t because as soon as you try to use @ symbol in the “Your e-mail address” field, the typing cursor jumps into the “Program version” field. I’ve tried this several times now and it does it every single time.

Click into the “Your e-mail address” and press “AltGr+V” to create @ and it will jump into the “Program version” field by itself. Only way to do it is to type down @ somewhere else and then copy&paste it into that field. Which is very annoying.

I haven’t checked avast! 2015 Beta2 because i’m currently not using it anymore on my systems, but it would be worth checking this there as well, because i don’t think it got fixed…

I’m using Win8.1 Update 1 64bit and avast! 9.0.2021.

Oh… very interesting!!! I haven’t come across this and I haven’t sent any virus samples via the GUI only via emails. Anyways, thanks for sharing this to us all. I hope Avast 2015 doesn’t have this issue and hope Avast team are aware of this.

So it also happens on your system?

I was trying to download a PUP software known as OpenFreely that Avast Free detects it as a PUP software. Downloaded it but avast says it’s clean. Do u know any legitimate software that Avasts detect it as PUP so i can download it and avast can show that it detected a PUP file and I report it as false positive to see if the “@” bug appears on my avast.

I was trying to download a PUP software known as [b]OpenFreely that Avast Free detects [/b]it as a PUP software.
You say here avast detect ..... and then you say avast does not detect?

Do you have PUP detection on?
Have you tested the sample at VT?

I meant that long time back I was able to download OpenFreely via Google Chrome and automatically Avast detects it as PUP (I had Avast version seven or eight) and I was able to submit it via email and GUI. Now when the download finishes via Google Chrome and automatically Chrome blocks it. At present IE11 is able to download Openfreely without blocking it.

Via Virustotal avast says it’s clean https://www.virustotal.com/en/file/c3a17b682633c9d33df51666a8d2d50ec11bc9d5ed1888690a6142c0d82db5a3/analysis/1411821881/

Also I meant to say that if I could find a good software that Avast can detect it as PUP i could be able to test if the bug that rejzor mentioned it would it happen to my avast as well?

@ ‘excuse the pun’ RejZoR

I don’t know if you tried this (but you shouldn’t have to do this).
If you copy and paste your email address into the field does it react in the same way or just accept the email ?

No, that field only reacts to a key combo of “AltGr+V” which is for @ symbol. If you get the @ symbol inside in any other way it works ok.

Can’t say I’ve ever used that combo.

The shortcut key i use to type @ is just hold shift and press 2

I have no idea what keyboard you are using, as you get different layouts ?
For me Shift 2 just gets the speech quote "

@RejZor: Did you submit a support ticket to Avast via Avast Support and explain your experience about this nasty submission bug? Perhaps they will come across the same thing on their test machine and check to see if it appears on Avast 2015 so they can come up with a fix.

I’m imagining that the Alt and V keys trigger a keyboard accessibility operation that places your cursor in a field identified by ‘v’ (for version, perhaps).

What keyboard do you have, in the Internet age, that cannot type an @ symbol directly? Is such a thing common in your language / your country?

-Noel

@ RejZoR
I know see why this is jumping as mentioned by NoelC, the AltGr key also triggers the keyboard navigation shortcuts in the same way as pressing the Alt key, it assigns a letter to form/input fields.

So we can see why it jumps fields, but why it would place the @ in the program version field is strange. Unless you didn’t notice it in that field - but if you didn’t type a @ when in the program version field the AltGr+V shouldn’t.