slowly updating virus definition

Avast Free Antivirus / Premium Security
21

Let’s be fair people…
I can SEE there is a difference in detection… really… my other scanners are not being able to detect anything nowadays…
They’re feeling rejected as avast is doing a very good first defense line 8)

22

Yeah… very annoying to sample submition…
Good if we think that we’re not receiving that mails. :slight_smile:

23

[message deleted after I have received an email from avast team asking for apologises.]

24

Wetabax, thanks for posting…
Alwil, thanks for improving detection 8)

25

GOOD NEWS!!!
message received from one of the avast virus team: :smiley:

[ref delay to add virus signatures in a VPS file]
“I’m so sorry. All this delay is due to our testing system that have to
be reorganized. It is not so easy to make it more flexible, but it is
necesary. I hope that in some time we will be able to add signatures to
VPS in hours not in days. Hope all this will be better everytime you and
other users send us a suspicious files.”

let’s wait.

26

Does Alwil want to ‘share’ this info or open for suggestions and discussion? Or not, this is an internal stuff that won’t be posted by you here…
Just want to know to avoid loosing of time of making questions and waiting for answers that won’t exist… :-\

27

well Vlk already mentioned in past they working on these improvements …

so take it as public secret :slight_smile:

28

just to continue on similar subject and avoid create new thread …

worst time to submit trojans/viruses to Alwil seems to be late friday GMT and weekend …

example there is / was Steam targeted scam caimpaing with trojan (that mean detection delayed by 3 days is useless as that threat is worst when sources are online)

submitted on friday midnight to Alwil, Kasperky, Microsoft, ESET, Grisoft …

over Saturday day it was added by Kaspersky bit later followed by ESET …
after uploading to VirusTotal and Jotti it was added over Sunday morning by Symantec and Antivir

clearly shows these companies got advantage in staff working 24/7 on trojan detections …

lets hope Alwil cleans up backlog soon :slight_smile: and speed up

29

Thanks Dwarden.
I’ve asked in another thread about the Kaspersky engine into Active Virus Shield. I can’t install it if it is not the only resident.
Does anybody knows if there is a solution for this?
I’ve posted in Wilders forum as well… but, as usual for me, everybody drops a comment in Wilders but nobody answers my questions there… :cry:

30

no idea, as far i heard it’s dumbed down old version of KAV so i not messed with it yet … plus AOL tag … eww

in meantime VBA32 added detetion of that trojan too …

31

AVG, Fortinet, Norman added now detection too …

still waiting for Avast! and MS … and they were first informed

32

as from today’s VPS update, detection was added …


AntiVir 6.35.1.11 08.30.2006 Worm/Rbot.1247232 
Authentium 4.93.8 08.30.2006 W32/Sdbot.UIV 
Avast 4.7.844.0 08.30.2006 Win32:Rbot-CCK 
AVG 386 08.30.2006 IRC/BackDoor.SdBot2.GJR 
BitDefender 7.2 08.30.2006  no virus found 
CAT-QuickHeal 8.00 08.30.2006 Backdoor.Rbot.bho 
ClamAV devel-20060426 08.30.2006  no virus found 
DrWeb 4.33 08.30.2006 Win32.HLLW.MyBot 
eTrust-InoculateIT 23.72.110 08.30.2006 Win32/SpyBot.7bi!Worm 
eTrust-Vet 30.3.3051 08.30.2006 Win32/Rbot.FOA 
Ewido 4.0 08.25.2006  no virus found 
Fortinet 2.77.0.0 08.30.2006 W32/RBot.BHO!tr.bdr 
F-Prot 3.16f 08.29.2006 security risk named W32/Sdbot.UIV 
F-Prot4 4.2.1.29 08.30.2006 W32/Sdbot.UIV 
Ikarus 0.2.65.0 08.30.2006  no virus found 
Kaspersky 4.0.2.24 08.30.2006 Backdoor.Win32.Rbot.bho 
McAfee 4841 08.30.2006 W32/Sdbot.worm.gen.ca 
Microsoft 1.1560 08.30.2006  no virus found 
NOD32v2 1.1732 08.30.2006 Win32/Rbot 
Norman 5.90.23 08.30.2006 W32/Spybot.AXEH 
Panda 9.0.0.4 08.30.2006 W32/Gaobot.NZG.worm 
Sophos 4.09.0 08.30.2006  no virus found 
Symantec 8.0 08.30.2006 W32.Spybot.Worm 
TheHacker 5.9.8.201 08.28.2006  no virus found 
UNA 1.83 08.30.2006  no virus found 
VBA32 3.11.1 08.30.2006 Backdoor.Win32.Rbot.bho 
VirusBuster 4.3.7:9 08.30.2006 no virus found

As You can see Microsoft and BitDefende are still slower than Alwil :)))

33

:o
Unfortunately avast! did not detect W32.Spybot.Worm even on the 1st September 06 on my system, after the supposed VPS update. Norman cleanup tool removed it.

34

  1. Did you confirm the detection was correct, by using either VirusTotal or Jotti, multi-engine AV scanners ?

  2. If it is a correct detection by Norman cleanup, did you send a sample to avast so they can update the VPS ?

  3. W32.Spybot.worm is different to what you quoted, there are many different aliases as there is no standard naming convention. So you would also need to confirm that although the names are different it is the same virus/malware.
    Not only that but the worm detected by Norman cleanup is also different to that listed by Dwarden, so that would also indicate it is a different malware sample.

Norman 5.90.23 08.30.2006 W32/Spybot.AXEH
35

This W32/Spybot.worm virus had affected my netconf32.exe and my installed Norton AV detected and was giving alerts for about a month. But it was not able to clean it, only denied access.

So I junked Norton AV and installed Avast!, which did not even detect it. Then I downloaded Norman tool and it detected and cleaned the virus from netconf32.exe.

But the silver-lining is that Avast! detected and cleared another W32(?) virus in some screensaversinst.dll, that Norton didn’t even detect.

I like the features, the 7 providers and the look & spin of Avast!; hoping the detection is perfect!

No, I didn’t send the sample to to avast!; will do henceforth.

36

It will be never perfect… but it could be better…
Summer time in Europe means worse detection, in my experience. It’s sad, but true :stuck_out_tongue:

37

lets hope for more generic sigs … something for zlob family will be nice (like Antivir can do with heuristic)

38

There is a Win32:Zlob [Trj] without any -xx suffix, e.g. Win32:Zlob-AA [Trj], perhaps that is come form of generic signature to go with the other 319 Zlob variants listed in the virus database.

39

well i was refering to discussion(s) like this http://www.wilderssecurity.com/showthread.php?t=145483

40

Info on Zlob here:

http://www.lavasoft.com/lavasoftnews/2006/09/hijacks.html

Technically, how are the virus writers able to alter the virus every few hours so that it evades detection, yet with the virus still retaining its unique ‘Zlobiness’? Why have so few AV’s got a generic detection for Zlob, and how has Avira managed to do it, I wonder?