hello,
i started a web scan with BitDefender Online Scanner and it detected trojan in my comp.
But i have avast home 4.7 installed with update :
here’s the log about web scann.

BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Sat, Nov 10, 2007 - 17:12:34
Info d’analyse
Fichiers scannés 473725
Infectés Fichiers 9
Virus Détectés Packer.FSG.A 3
Packer.Krunchy.B 4
Trojan.Generic.59897 1
Trojan.Pakes.GB 1
Are theise trojan added to the avast home virus database ?
I continue to use avast because its the best for me

As you can say just by the name, at least the first 2 are packer detections (i.e. basically false positives, cause FSG is not that rare).
So no, they won’ t be added (the packer detections, I mean).

It may be possible that the actual file is malicious, but that needs to be found out by analysis - if you supply the samples of these files, we can add the detections.

sry online scanner deleted these files, but next time i found them ill send them.
cu soon.
(sry for my bad english)

You’re welcome.
Feel free to come back any time you need help you just to change experiences 8)
Oh, your English is not that bad. But, just a hint, for the most users, abbreviations are more difficult to understand than words with typos 8)

thanks to tech, igor and all.

Packer.Krunchy.B

i also got this during a scan, and i read from the replys above that it is a false positive most likely, so i shouldn’t worry about it, right? ???

you can send the file to www.virustotal.com to be sure

Hi jarbin,

If an av-engine uses heuristic scanning the possibility of false positives increases manifold.

polonus

Hey there Igor,

Thanks to Maxx_Original’s link to Virus Total, I was able to determine another Trojan that was NOT DETECTED or PREVENTED from entering my computer during web browsing!!!
I’m running the latest Avast 4.# for HOME, and ZoneAlarm, and SpyBot S&D

These are the HITS by VirusTotal that did detect it!

AntiVir 7.6.0.40 2007.12.10 HEUR/Malware
eSafe 7.0.15.0 2007.12.10 suspicious Trojan/Worm
Microsoft 1.3007 2007.12.10 TrojanDownloader:Win32/Renos.gen!A
NOD32v2 2714 2007.12.10 probably unknown NewHeur_PE virus
Panda 9.0.0.4 2007.12.10 Suspicious file
Prevx1 V2 2007.12.11 Heuristic: Suspicious File With Outbound Communications
Sophos 4.24.0 2007.12.10 Mal/Emogen-G
Webwasher-Gateway 6.6.2 2007.12.10 Heuristic.Malware

Additional information
File size: 12800 bytes
MD5: ce1de12d7636728899006567b468e98e
SHA1: 55c6587b4f6cd9d781c572ca6af8d69f661cccad
PEiD: UPX 2.90 [LZMA] → Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=4D93F3AB0090B62B329E0025468A5A008AFE064D

I had several instances of this file in my Documents sub folder, see below!

Being put in the Doc&Settings\username\application Data\

info.exe
rariia.exe
sodzuqgtd.exe
qawzqof.exe

They were being loaded and run(I think) thru the following Registry entry
HKey_Current_User\Software\Microsoft\Windows\ShellNoRoam\MUICache…
at least it was the only place I found references to these files!?

What’s scary is that it uses the WINDOWS yellow Caution “!” symbol in the programs running tray with a pop up message about a SpyWare program being found, click on the balloon to have windows to install software to remove it!!! Fortunately, I’m not that gullable!!

Also, got a warning from Zone Alarm about explorer.exe trying to access the Internet!!!

Question I looked on the Avast site for a way to send the offending files? ALL I found was a lame Report Virus Infection, but nothing where I could provide comments, info I found, or sample of offending files?
Where can I send a copy of these files for analysis and possible inclusion into the On Access/web browsing database??
TopCatGr.

Send the sample to virus@avast.com zipped and password protected with the password in email body, possibly a URL link to this topic and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

yes, the symptoms are pointing to the Renos (“fake”) or real Virtumonde like infection… can you send the files to virus[at]avast[dot]com (like David wrote)?

Thankyou,

Okay, I was able to put the files into the CHEST, and then send them to AVAST with comments, hopefully they’ll analyse them and add them to their database/profile!?
TopCatGr.