Samples missed by avast (VirusTotal links only!)

Andreypro · 2012-06-11T15:23:38.000Z

Detects by Dr.web as Trojan.SMSSend.2917.
https://www.virustotal.com/file/551d2509a5d4769e1212c47116300795f0dc8708fe50ce43683d14c0fe8d3dff/analysis/1339428024/

Left123 · 2012-06-11T18:51:42.000Z

This topic shall be closed,samples can be sent directly to AvastLab.If you want to increase your post count,think of something smarter.No offense but it’s the true.

JuninhoSlo · 2012-07-16T15:39:40.000Z

undetected malware

https://www.virustotal.com/file/8a79715f3e63650f8897a24ffe8b0301f447958b303ecd45ab00ac883ecbaf4f/analysis/1342451827/

system · 2012-09-03T15:06:33.000Z

Was cleaning a computer infected with win8 security system and found that avast does not detect this rootkit that comes bundled along with this rogue.

https://www.virustotal.com/file/3945861e049199662423a539e96b0c49a904501e9aef02faa4da678633cbcc37/analysis/

Reported to avast!

polonus · 2012-09-03T18:00:04.000Z

Hi true indian,

Subject had already been mentioned extensively in an earlier thread here: http://forum.avast.com/index.php?topic=104668.0
Why did not you react there?

polonus

system · 2012-09-11T08:42:23.000Z

Somebody posted this on our avast! FB wall…
https://www.virustotal.com/file/da5e7057fd1bd488c5e9ff8fede941f00d32d58bae8f3ca4b5b8096189d4768f/analysis/1347769210/

Reported to avast!

Pondus · 2012-09-11T08:48:20.000Z

see the sigcheck and first seen by VT

system · 2012-09-11T08:50:58.000Z

Pondus post:827:

see the sigcheck and first seen by VT

Sigcheck
publisher…: Oracle Corporation
product…: Oracle VM VirtualBox
internal name…: VirtualBox.exe
copyright…: Copyright (C) 2009-2011 Oracle Corporation
original name…: VirtualBox.exe
file version…: 4.0.4.70112
description…: Oracle VM VirtualBox Manager

First seen by VirusTotal
2012-09-11 08:39:32 UTC ( 1 minute ago )

I had checked for a digital signature earlier itself when i downloaded it…and it didnt have one so i guess this is 100% Malware.

P.S. I like the name given by SAS on VT: Heur.Agent/Gen-FakeAvast …interesting… ;D

Pondus · 2012-09-11T09:00:41.000Z

you may run it at treathexpert to see what it does

system · 2012-09-11T09:24:36.000Z

Pondus post:829:

you may run it at threatexpert to see what it does

I dont think it does really anything much…i couldnt get into my threat expert account because i forgot my username and password.
http://anubis.iseclab.org/?action=result&task_id=12633cb1584a7e084498422305d2e74d6&format=html

polonus · 2012-09-11T14:04:49.000Z

Hi true indian,

Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632

polonus

system · 2012-09-12T06:37:39.000Z

polonus post:831:

Hi true indian,

Can you confirm you also posted this here: http://forums.malwarebytes.org/index.php?showtopic=115632

polonus

yes that was me who posted this there…

Avast! now has detection… ;D

system · 2012-09-15T11:30:27.000Z

Again some piece of Malware on avast! FB wall…

https://www.virustotal.com/file/13fdec273e3240acbc1ea323a2c4a4c0c64cd6d9da04107b51315a0d28ccc2d4/analysis/

it [rar file] extracts a hidden text file called significant.txt which contain BKDR/symmi

Reported to avast!

system · 2012-09-17T06:58:55.000Z

Trojan-Ransom.Win32.Gpcode.dm
https://www.virustotal.com/file/c0603fcd04d8e2fe78559a1fc07d0d8e569c08225ecb864850edd9511b11a439/analysis/1347881864/

sent to avast!

edit: latest streaming update detects this now after sending.

system · 2012-09-18T10:54:05.000Z

Microsoft IE 0 Day

https://www.virustotal.com/file/75bd9b405fd0239644ab0c6aae6579096a407ddedd3c6139219f8c8e8f5b2db3/analysis/

reported to avast! 8)

system · 2012-09-19T05:01:05.000Z

Again some malware posted on avast facebook wall…

https://www.virustotal.com/file/c25a1c46aa91763bf657fe0d8d89ef7ce6ffa3502a68e7b1bcbbfa36da210600/analysis/
reported to avast!

system · 2012-09-21T06:40:32.000Z

Payload of IE 0-day
https://www.virustotal.com/file/a5a04f661781d48df3cbe81f56ea1daae6ba3301c914723b0bb6369a5d2505d9/analysis/

reported to avast! 8)

polonus · 2012-09-21T07:16:20.000Z

Hi true indian,

As you can see the payload is the infostealer bancos y trojan variant. For Threat Expert awareness of this file and what subfiles it creates, see: http://www.threatexpert.com/files/111.exe.html

polonus

system · 2012-09-21T17:04:42.000Z

Again Malware on avast! facebook wall…

https://www.virustotal.com/file/2d9b9a8860ce97177891ca1bb5e7faba880eb079e2d8025762d6a72518e96a90/analysis/1348247024/

reported to avast!

system · 2012-09-26T11:28:54.000Z

I’m not sure if it’s malware, but i found it and it looks suspicious:

1 file

https://www.virustotal.com/file/fd115514291e2855c204decc03270628e3dbe7c8da0dc797c1ce1389fd2a0ba8/analysis/1348657526/

2 file

https://www.virustotal.com/file/7abc66b037c23f80fbb861e02f894900c9b9590bf70b10852d28a84229109aa4/analysis/1348657408/

3 file

https://www.virustotal.com/file/e3f10f3119da4f4a54c5c99508c5314265f177046898b3b7f811e3febeb6e0d1/analysis/1348657652/

Announcements