http://www.virustotal.com/file-scan/report.html?id=7d6ee800c86e3a5fdda89412cf77c7d804847d3fe329ea719bf3734c8c9d5ebf-1285954899

http://www.virustotal.com/file-scan/report.html?id=6f83d51a7eaf9b80ca435fc569e88a99b2ddfede9f6538c2615abb1e9f1b5283-1285939272

http://www.virustotal.com/file-scan/report.html?id=51811522f2f121e40eae7c7a039cf07a002b1abba486639121a60150e2fef691-1285860246

http://www.virustotal.com/file-scan/report.html?id=2182a74eb586381e6f119d9ada42743e306ee5b185ae04ae6b216ae95d676147-1286026600

I like this thread…!
Thanks, Tech…!!
asyn

You’re welcome.
Although I was alerted that just posting virustotal links without further information about the origin of the file, behavior, etc. is just adding manual work for the virus analysts that are receiving 50.000 samples per day.
They have quite some honeypots and they’re not really worried about the links posted here.

You could not agree with that.
They do not post in forum about it (clearly).

I don’t doubt that…!
Nevertheless it’s interesting information for us…!!!
asyn

If you want to get frightened, here we goes…

http://www.virustotal.com/file-scan/report.html?id=377f8601a5f3868a5290193844abafa24d54aca366a3f6b51ce33c9627ec1545-1285835021
http://www.virustotal.com/file-scan/report.html?id=3ec7149c46e54e81eea95cb0ca8cb20eaff21d785967c4de1305204f76fe6290-1285847507
http://www.virustotal.com/file-scan/report.html?id=962c7856d2d6b4c5ce2921dc5cc5bad516623361541a677f1f5349be474eecc3-1285835130
http://www.virustotal.com/file-scan/report.html?id=35c51fbfd9a713ceaf1a792f8aeba95cd47fe88bc3dc781a99f1d208c63928cc-1286026435
http://www.virustotal.com/file-scan/report.html?id=8ad3165eba03c2bd92dedbc89a5c13700cc289e2d636e7a4f2adb4cb90cce948-1286022745
http://www.virustotal.com/file-scan/report.html?id=b61fd3beea501c83ae6f0b1a2a5fd00366dbb2744ab480c814dbe4e3578cdfd0-1286017983
http://www.virustotal.com/file-scan/report.html?id=12e5efddd690c52fcc751a93aa16c2216d2107cc2b164eaa9984b312a3ab0f43-1286017451
http://www.virustotal.com/file-scan/report.html?id=18b1ac1ce2bbc3214004a9edcd64a1383ffdc5ea364b6e64d82802ff54e84566-1286017643
http://www.virustotal.com/file-scan/report.html?id=31095bd923240423b3234e8d874ef95b518f53da5792bbd081b4d001fbcd6094-1286005492
http://www.virustotal.com/file-scan/report.html?id=31137bcdf67b3b70c864058af25aba5c97ea54ce55825bb258d56d5a1cdc99a5-1286005652
http://www.virustotal.com/file-scan/report.html?id=63a9b83764282c748a2621c10948c766f5617146dd988c97691541db6c4730f3-1286005660
http://www.virustotal.com/file-scan/report.html?id=174f53b2f6615b0f2cfd1b1fd27456009c3f5015f6789e67b53e89cff677d506-1286005676

… and so on…

I honestly don’t see the purpose of this topic as it achieves little (or the other one that got closed).

I also don’t see how the average user would be coming into regular normal browsing contact with these, which you are obviously seeking out. Most regular users aren’t seeking out malware in this way.

Yes, they could get tricked into downloading something from a search result, but how would this topic help them in any case, it doesn’t.

As you have already said the VT links are of little use to the virus labs team, they need the samples to analyse.

So it is clear that the sample and information needs to be sent to avast, rather than posting VT links and you can’t go posting links to file sharing sites or the origin of the sample, for the very reason the other topic was closed.

That is why I feel this is pointless in this context, not to forget as polonus mentioned, it shouldn’t be post and forget, but go back and confirm if the original post is now detected or a false positive.

Over time (now on 4 pages) all you see are missed samples and zero input on samples now added to the database or considered to have been false positives, or all you see is an unbalanced/one sided view.

As you say “If you want to get frightened, here we goes…” the object surely is not to frighten users ???

If it is to improve detections, then you need to send the samples and information to avast as the VT results in isolation are pretty worthless. Especially if those who post them don’t follow up to see if they are added or are FPs.

I honestly don't see the purpose of this topic as it achieves little (or the other one that got closed).

Have been thinking the same.....how will this improve detection if you don`t send the samples ? or does Tech know something we don`t

The other one was closed because people post open links to malware I think.

Sure. But not all the avast users are “regular normal browsing”…

They could get them from virustotal as they have the MD5 of the file.

I’m not posting links quite some weeks ago as the avast team just said they won’t stop their analysis to manual check the links here. It was becoming useless without the avast team being able to add the definitions.

At least, posting here can show:

1. avast protection needs to be increased. And there are users that can’t even talk about that.
2. avast team could post or react to threads about security and drop some light and knowledge on how to get protected.

I always check more recent results.
Did you try my links just after they were posted?

So, which should improve here? Our posting about missdetections or acknowledgment from avast team?
If we’re posting false positives, could it take a while to say that for us? Why not?

Ok, I was thinking that people need to discuss these issues, nothing more.

Pondus has showed me a link to http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats
Seems a good source for what I’m trying to talk about.

some weeks ago i made a topic about some trojan.ransoms and i only posted VT links,and after about 1 day an avast techinical said:samples should be detected now,i only posted vt links and the samples were in the next virus database update

Lucky you… Our samples did not have that luck

Loss of time and labor …

The avast team will not improve the service of automatic analysis.

guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? // don’t try to tell me, there are no such links :-X

as Tech already mentioned: watching this thread means an out of bound work for our analysts, therefore the links should provide an additional information… you should always know why exactly the link posted by you has a bigger priority than samples sorted out by our internal systems, otherwise it’s a waste of time on both sides… you can write a script for browsing virustotal results and posting them here, but what will be their benefit for us? we’ll receive the files and metadata anyway from virustotal (on a regular basis of sample submission) so it means an extra manual work that duplicates what a machine does for us… here’s a guideline for posting links which make some sense:

1. you know the origin/behavior/way of spreading of the sample (it comes from a machine that you recently disinfected e.g.)
2. the sample is not an adware, toolbar or such low-risk malware/PUP
3. you’re able to write related metadata either to VT comments or here

Henrique - Bankers is what bothers you, right? we’re receiving samples from Bank of Brasil (and maybe other institutes in Brasil), but it’s probably not enough to cover this regional issue… if you have better samples, we can talk about a processing of your submission through our ftp (a daily uploaded batch with a predefined name), if you prove the quality of your feed, we can dedicate someone to its processing maybe…

+1

Maxx

What do you attribute the better performance of the Avira in the proactive tests of AV-Comparatives?

bigger viruslab, PCK/Anything detections etc… but i haven’t seen the diff between our and their misses, actually noone except the testers did, afaik…

guys, what about posting VT links where avast kicks ass (to keep the balance in our universe)? // don't try to tell me, there are no such links

here is 10 ;) http://www.virustotal.com/file-scan/report.html?id=d86a657eb61fdeb35c860195ba63dd46232879b8149d67ed19d6e968b6f42b2c-1284988129 http://www.virustotal.com/file-scan/report.html?id=edbae8d422bb214fe8ed32508014049c63313d99d0799d715db296ff250dbf50-1286200623 http://www.virustotal.com/file-scan/report.html?id=4126238d30c0ccf5b728f45cec2562211ff32134690d92e284c0a42fc654c49b-1286041890 http://www.virustotal.com/file-scan/report.html?id=ae5a41f85c5596b04a42192cd312f62e8bc28d004bb06a75caddb74a32fc2b66-1286098541 http://www.virustotal.com/file-scan/report.html?id=b6c7eb42f334152f9639afb2e94047a4589f9ddb2e35e107071acceae63549fe-1286208222 http://www.virustotal.com/file-scan/report.html?id=173ebcfb864c0696a27f1af39f507ae3f4b2b2f4ac3cad114399afefc91f13b3-1286224245 http://www.virustotal.com/file-scan/report.html?id=b766c608b633565c5731efe3072f79136c80f9bd80c7c964121aec8d92795d9c-1286059454 http://www.virustotal.com/file-scan/report.html?id=8a02368d89838c95440a6e55ac6df080346fbbe250a0ac0bedd11de377cd7c68-1286128000 http://www.virustotal.com/file-scan/report.html?id=8b28241a9a20b7b4239c99da510f8e8c57eabe394c3842e019c294d22b52f933-1282671548 http://www.virustotal.com/file-scan/report.html?id=c0aff3d4af9fbafd51faeb4ce61d4a3991823d598831a0f211a2cf3fc252bceb-1285234188

Maxx, I’ve changed the original post accordingly.
New posters, please, read the first post.

Sorry.

http://migre.me/1txW0

Attention ! Only experienced users to try!