As my first thread get hijacked and closed without even warning me :P, I’m starting a new one trying to help avast improving detection if possible.
Please, post only VirusTotal links and do not post links to malware!
You can always submit a sample through Chest or zip it and send to virus(at)avast(dot)com.
Watching this thread means an out of bound work for our analysts, therefore the links should provide an additional information… you should always know why exactly the link posted by you has a bigger priority than samples sorted out by our internal systems, otherwise it’s a waste of time on both sides… you can write a script for browsing virustotal results and posting them here, but what will be their benefit for us? we’ll receive the files and metadata anyway from virustotal (on a regular basis of sample submission) so it means an extra manual work that duplicates what a machine does for us.
Guideline for posting links which make some sense:
you know the origin/behavior/way of spreading of the sample (it comes from a machine that you recently disinfected e.g.)
the sample is not an adware, toolbar or such low-risk malware/PUP
you’re able to write related metadata either to VT comments or here
system
September 21, 2010, 10:03am
7
s.jurij
September 21, 2010, 5:18pm
9
New nagware / rogue, NavaShield ( navashield.com ) see video http://www.youtube.com/watch?v=0hxFyDpfcg0
Malwarebytes / Ad-Aware / F-Secure have added detection, 53mb installer
system
September 22, 2010, 10:59pm
11
system
September 25, 2010, 10:29am
16
damnit, read the topic name - virustotal links only
@Burkoff
as you see in the topic name VIRUS TOTAL LINK ONLY
this is what happend the last time http://forum.avast.com/index.php?topic=63749.0 see the two the last post`s
so edit the post and remove the download link`s
system
September 25, 2010, 10:58am
19
yeah and Burkoff was already responsible last time, since he’s doing that again I suggest a ban.
system
September 25, 2010, 10:59am
20
Send the samples to Avast! via the interface (trough the chest) or otherwise (don’t remember how) NOT POST THEM HERE!