I am just posting things that i feel to be posted…Actually i sent over 50 samples to avast today…i didnt post all here…so it’s more than what u see i am reporting here :-[
In all honesty, posting here (not just for you) achieves nothing, especially when those posting here don’t go back and edit their posts as and when they are added to the virus definitions.
Even if they did monitor the topic (which I rather doubt, they have more to do than monitor this topic) the virus analysts can do nothing with reports, they need samples.
So the reports are essentially worthless in terms of getting it added to the definitions. All that is achieved is a report in this topic when there is no follow up (modify post) when added to the database then it is just an unbalanced topic, lots of reports and no reports of addition to the database.
I can’t explain why post here, as I feel it doesn’t get it added to the database, that will only come on receipt of the sample and analysis.
Report a few days upon a sample of the actual malware has been sent to virus AT avast dot com.
You should at least extensively check and counter-check and re-check after some time has elapsed.
For instance you report as undetected a downloader that avast has detection for as Win32:Ivelog-D PUP
The malware that is missed could have been found up when run as a riskware toolbar download aka TR/Dldr.Agent.apg.
Now avast team analysts has decided to treat this as a PUP detection.
You miss a detection with URLVoid, but the Networkshield flags it. Avast has protection for it.
You scan a so-called missed detection just before avast detection is being added. Sometimes detection cannot be made
because the malware is no longer active, closed etc., Some malware only survises for a minimal time online (generally 3 1/2 hrs).
As you do not know what the avast detection brew is made up with, do not comment the contents!
here I give you an example for which the greens (active) and reds (closed, taken down) are not showing the real-time situation results:
htxp://www.mwis.ru/ (a lot of greens are actually to be interpreted as reds),
Avast already detected a previous version: https://www.virustotal.com/file/d0a5cfec8e80622b3e194b5ee03e93d78c7ef3478bead6a039d213caaaa58523/analysis/
as Win32:Malware-gen. See: htxp://www.threatexpert.com/report.aspx?md5=c4c129fa72b3c0a6364635e33ee3d9b7
Tested your submission with avast Networkshield: URL:Mal detected with webBug get…
So my question is - did you check the url with the microsoft: Trojan:Win32/Weelsof.A against avast Networkshield?
I guess you did not, for we have detection there,
There was only an image from an image sharing site on VT, from : http://i.imgur.com
That image is not from malwares.pl !
As we can see from the image url.
The original forwarder was: htxps://www.virustotal.com/user/tommyklab/
and this one: hxtps://www.virustotal.com/user/24tachion/
As these finds for https://www.virustotal.com/file/3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458/analysis/
are also landing on the avast desks, so detection will be added sooner or later anyway.
This time I think I have to agree with a couple of DavidR’s remarks,
Pol,i didnt say the image is from malwares.pl i said the sample is from malwares.pl yes the image is from VT comments but sample from malwares.pl…I thought u understood my previous post…Please ask me before blindely accusing…U misunderstood my previous statement :-\ …Thats all i want to say.
Regardles of this I see no need for an image it adds nothing to help detections, samples are king, just send the samples, the rest is just wasted time.
As I initially misinterpreted that I have changed my initial posting accordingly.
Thanks for that explanation and the link to malwares.pl.
Well I misunderstood that because when users are going to visit the VT results, they can see that image anyway.
So like DavidR says this only takes forum disk space…as the image is availanle anyway to those that are interested.
For malwares.pl I do not know whether you provided the malware sample there, but that could be.
I think avast will add detection for it anyways within the next day or so,
This software is bordering on being suspicious/malcious. They try to prove their software comes without malware: htxp://www.softwaredownloads.org/windows/system-utilities/system-maintenance/virus-report/system-boost-elite/
When it is being flagged it is via WOT rep reports, because it comes with additional adware.
This rather should be reported then to MBAM and SAS etc. to be added to detection there,
see: http://v.virscan.org/Adware.Win32.RealRegistryCleaner.AMN!A2.html
