Found this file in my email; I obviously knew it was a virus, but wanted to know if 1) Norton AV for Yahoo email would detect it and 2) if Avast had it in the VPS file yet. Both were negative. It is in my virus chest right now; it was never detected by Avast after downloading or by the web shield. I sent it from the virus chest to you guys and I am also sending it in an email as a zip with password of “virus”. Please get this into the VPS ASAP, as I know these emails are flying across the web right now; I am getting 5-8 a day in my inbox.
Pasting the results from VirusTotal:
Antivirus Version Update Result
AntiVir 7.3.1.34 02.04.2007 TR/Small.DBY.Y
Authentium 4.93.8 02.03.2007 Possibly a new variant of W32/CodeCru-based!Maximus
Avast 4.7.936.0 02.04.2007 no virus found
AVG 386 02.04.2007 Downloader.Tibs
BitDefender 7.2 02.05.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 02.03.2007 no virus found
ClamAV devel-20060426 02.04.2007 Trojan.Downloader.Tibs.Gen
DrWeb 4.33 02.04.2007 Trojan.Packed.10
eSafe 7.0.14.0 02.03.2007 suspicious Trojan/Worm
eTrust-InoculateIT 30.4.3369 02.05.2007 no virus found
eTrust-Vet 30.4.3369 02.05.2007 no virus found
Ewido 4.0 02.04.2007 no virus found
Fortinet 2.85.0.0 02.04.2007 no virus found
F-Prot 4.2.1.29 02.03.2007 W32/CodeCru-based!Maximus
Ikarus T3.1.0.31 02.04.2007 Trojan-Downloader.Win32.Tibs.jr
Kaspersky 4.0.2.24 02.05.2007 Trojan-Downloader.Win32.Tibs.jr
McAfee 4955 02.02.2007 no virus found
Microsoft 1.2101 02.05.2007 Win32/Vxidl.gen!B
NOD32v2 2036 02.04.2007 Win32/Nuwar.gen
Norman 5.80.02 02.02.2007 no virus found
Panda 9.0.0.4 02.04.2007 Suspicious file
Prevx1 V2 02.05.2007 no virus found
Sophos 4.13.0 02.05.2007 Mal/HckPk-A
Sunbelt 2.2.907.0 02.02.2007 no virus found
Symantec 10 02.05.2007 no virus found
TheHacker 6.0.3.163 02.05.2007 no virus found
UNA 1.83 02.03.2007 no virus found
VBA32 3.11.2 02.04.2007 no virus found
VirusBuster 4.3.19:9 02.04.2007 Trojan.DL.Tibs.Gen!Pac33
It appears form your post that you downloaded this virus in an email from Yahoo. Since you are in the US where there is no free POP access to Yahoo accounts may I ask how you downloaded this?
If you are using a third party function (YPops, FreePops, MrPostman or Thunderbird Webmail extension) then avast will not, by default, scan at all any of the mail you download from Yahoo. Also by using such a third party solution you are avoiding the virus scanning performed by Yahoo when you access your mail via the Web interface.
Possibly you know this already - but it bears repeating once in a while for newer members of the forum.
No, the virus was not detected by Yahoo’s built in virus scanner either, allowing me to download it…they use Norton, which I have found to be quite behind in updates more than once. I knew it was a virus, I just wanted to know if Avast or Yahoo would detect it; neither gave any sign that they did. I know how to avoid activating the virus, even once it is downloaded; other casual users may not and think because Avast didn’t say anything, it must be a clean file. I am trying to help by giving a known virus sample to the Avast team so they can add it to the next VPS update and keep people clean of viruses. I’m not worried about myself getting infected
You avoided my question, by what means did you download your Yahoo mail?
You also missed the point I was making. That the method I believe you used completely bypasses the antivirus scanning by Yahoo. Yahoo does not scan mail on arrival in the message store of Yahoo; it is scanned only when Yahoo retrieves the mail from the message store either to be displayed in the Web interface or delivered via their POP servers. You did not use, I think, either of those methods.
What you also may not know is how to have avast scan your Yahoo email as it is being downloaded to your mail client. avast is giving me a lot of alerts these days due to all those nasty attachments showing up as it scans my Yahoo mail while it is being downloaded … yes, I use the Thunderbird Webmail extensions to download Yahoo mail. I have already explained above why antivirus scanning of such mail is essential.