old virus samples are not detected in my vmware system

i am in vmware workstation 11 using windows 7 64 bit

using latest avast version

i noticed the issue after i was testing avast with zoo samples
but there still not detected when i scan them there is 958 files undetected but i know there allready detected

but the main issue is there not detected at scan

i do not know if this is a vmware issue or what but seems so or avast issue i installed some windows updates but issue is still here

please help me find a fix for this issue

but i know there allready detected
Post some virustotal scan links of those samples .... then maybe somone from avast team have a answer?

Hello,
because of reducing VPS size, there (avast v9+) were removed old detections which were not seen in our userbase for long time.

Milos

i will check later for sample detection on virustotal and check samples if there working or not

there so many that i cant do them all so tomorrow i will try to make my report

i tested some of the samples and some ran with out deep screen blocking them and some were blocked from deep screen and some were detected from background scanner somehow

the weirdest was 1 was detected then next one was not from deep screen but sample was in same family just a different variant

it something that has to do with vmware system and avast

i posted a ticket to support for help

Don’t forget that some things are only detected on-access and/or when PUP scanning is enabled.
Have you checked that within the VM ?

i had pup enabled iv tried everything same issue

See Reply #2.

i saw reply 2 but does not explain my problem it more complicated it some kind of detection issue

See reply Nr#1

i made a list of the files md5 hashes

https://www.virustotal.com/en/file/ee8d8b99e959d725f2183934143fb3d680352d548f440f6d25f3b56a1db5ab8f/analysis/
MS-DOS executable, NE for MS Windows 3.x First submission 2009-06-11 13:59:07 UTC ( 6 years, 6 months ago )

https://www.virustotal.com/en/file/883d90329559658962f209f3c4548667cd5f60f465c2f734f22805cfbe6a2902/analysis/
File type Text First submission 2009-02-03 16:40:59 UTC ( 6 years, 10 months ago )

https://www.virustotal.com/en/file/ea1f86ceae4698e6acd45920110e385f7833b799b8e2dbda7aeb9c8c05f405a5/analysis/
First submission 2006-06-14 08:04:04 UTC ( 9 years, 6 months ago )

i made you a list of the hashes so it would be easier on me
it would take me forever to rescan all files on virus total

i hope it helped because i can not figure out the problem

my support ticket is /tickets/63917
it been 10 days

As Milos explained earlier:

That’s it :slight_smile:

the thing i do not understand is why deep screen does not have a generic detections for there behavior example file infection behavior and other malicious behavior

please replay for previous post

the thing i do not understand is why deep screen does not have a generic detections for there behavior example file infection behavior and other malicious behavior

Avast Deepscreen does not have generic detections for every piece of malware. If it did, we wouldn’t need any conventional detections :).

about deep screen

i know it analyzes file behavior then creates a the feature vector and submits it to cloud

can you explain to me in detail what is feature vector like what details does it extracts from executable

yesterday i notice a sample that i ran first time and it ran without autosand box even popping up and running but then ran it 2 time and it flagged it as
FileRepMalware have no idea why it did not run in autosandbox first time i ran it

right now i am analyzing file infectors

and noticed autosand box is not even stopping very malicious behavior

how long does it take for cloud to analyze new behavior and classify it as malicious

No, I can’t. One, I am not sure if some (all?) of the information is public, and two, the information we extract is changing constantly.

Sometimes it can be done automatically, and then it is fast, sometimes it needs manual resolution, and then it can be a bit slower.

I am sorry I cannot provide you with anything truly specific :-[

if autosand box has analyzed sample many times and not blocked it does it mean i have to send it to lab for it to get analyzed and blocked

i waited a day or more for cloud to classify it but it has not