Still undetected adware!

system · November 27, 2010, 2:36pm

I sent a sample via chest about three months ago, and it is still undetected.
The site is infected, too (according to NOD32 on one of my friends’s PC).
The installer doesn’t install Unlocker, but it installs some adwares for example Win32/Adware.ADON
I sent the installer for analysis via chest again. I hope that it will be analysed and added to the VPS.

The unsafe unlocker:
hXXp://download.chip.eu/hu/download_getfile_hu_2177140.html?s=http://dl01.chip.eu&f=/13723/unlocker_1.8.7.hu.exe&t=4cf11308&sign=b19a601f8ec723a310757a9b50e2f87d&dl_type=dl_hs&lang=hu

VirusTotal: (I had to copy the results, because VT didn’t create a link):
AhnLab-V3 2010.11.28.00 2010.11.27 -
AntiVir 7.10.14.126 2010.11.27 -
Antiy-AVL 2.0.3.7 2010.11.27 -
Avast 4.8.1351.0 2010.11.27 -
Avast5 5.0.594.0 2010.11.27 -
AVG 9.0.0.851 2010.11.27 -
BitDefender 7.2 2010.11.27 Dropped:Adware.Yabector.B
CAT-QuickHeal 11.00 2010.11.27 TrojanClicker.Yabector
ClamAV 0.96.4.0 2010.11.27 -
Command 5.2.11.5 2010.11.27 -
Comodo 6867 2010.11.27 -
DrWeb 5.0.2.03300 2010.11.27 -
Emsisoft 5.0.0.50 2010.11.27 -
eSafe 7.0.17.0 2010.11.24 -
eTrust-Vet 36.1.8003 2010.11.26 -
F-Prot 4.6.2.117 2010.11.26 -
F-Secure 9.0.16160.0 2010.11.27 Dropped:Adware.Yabector.B
Fortinet 4.2.254.0 2010.11.27 Adware/Adon
GData 21 2010.11.27 Dropped:Adware.Yabector.B
Ikarus T3.1.1.90.0 2010.11.27 AdWare.Yabector
Jiangmin 13.0.900 2010.11.27 -
K7AntiVirus 9.69.3103 2010.11.27 -
Kaspersky 7.0.0.125 2010.11.27 -
McAfee 5.400.0.1158 2010.11.27 -
McAfee-GW-Edition 2010.1C 2010.11.27 -
Microsoft 1.6402 2010.11.27 TrojanClicker:Win32/Yabector.gen
NOD32 5652 2010.11.26 Win32/Adware.ADON
Norman 6.06.10 2010.11.27 -
nProtect 2010-11-27.01 2010.11.27 -
Panda 10.0.2.7 2010.11.27 -
PCTools 7.0.3.5 2010.11.27 -
Prevx 3.0 2010.11.27 -
Rising 22.75.04.00 2010.11.27 Trojan.Win32.Generic.5207F89D
Sophos 4.60.0 2010.11.27 -
SUPERAntiSpyware 4.40.0.1006 2010.11.27 -
Symantec 20101.2.0.161 2010.11.27 -
TheHacker 6.7.0.1.092 2010.11.27 -
TrendMicro 9.120.0.1004 2010.11.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.27 -
VBA32 3.12.14.2 2010.11.26 -
VIPRE 7426 2010.11.27 -
ViRobot 2010.11.19.4158 2010.11.27 -
VirusBuster 13.6.62.0 2010.11.26 TrojanCL.Yabector.Gen

Pondus · November 27, 2010, 6:35pm

Sample sendt avast! and Malwarebytes

Asyn · November 27, 2010, 7:02pm

Does avast get it with PUP enabled…??
Please try. Thanks.
asyn

Pondus · November 27, 2010, 7:14pm

If so it should have been detected on VT…but it will not say PUP on VT … OBS: looks as that have changed

There was a case some weeks back with something detected on VT but not in the comp, until he turned on PUP…

system · November 27, 2010, 7:16pm

I set my avast! File System Shield to ‘paranoid’ mode: heuristics is on high and PUP-checking is enabled.
I set the Web-Shield heuristics high, but PUP-checking is disabled because I fear of false site-blocking.

Asyn · November 27, 2010, 7:23pm

Usually the chip-sites are safe and most of the VT results are Adware related…
So what should we do about it, folks…??
asyn

system · November 27, 2010, 7:35pm

I read on a forum that Win32/Adware.ADON is not only a bit harmful!

Asyn · November 27, 2010, 7:43pm

Sorry, what do you mean by this…?
That it is harmful or not…??
asyn

system · November 27, 2010, 7:51pm

Not the most dangerous, but harmful. ;D
(Sorry, my English is horrible, so I can’t say it in a better way)

Asyn · November 27, 2010, 8:02pm

I see. As it seems to be Adware, it’s up to you, if you install it or not. I wouldn’t.
No problem, I ask if I don’t understand you… Btw, we can also talk German, if you feel better with it, my Hungarian isn’t that good, though. ;D
asyn

system · November 27, 2010, 8:14pm

But… I sent it to avast! few months ago… When I say that it tooks a long time to detect a new sample, and if somebody sent a trojan/adware/whatever it will be on the VPS " in 100 years", I refer to situations like this. And the problem is: I see lots of situations like this!
Thank you, but my German is horrible! I’ve learnt German for 4 years, but I know NOTHING. I’m not so good at it.

Pondus · November 28, 2010, 1:04pm

Norman analysis say unlocker_1.8.7.hu.exe : Clean!

Malwarebytes have not added detection

Avira

File ID Filename Size (Byte) Result 4177851 unlocker_1.8.7.hu.exe 237.5 KB KNOWN CLEAN
Please find a detailed report concerning each individual sample below: Filename Result
unlocker_1.8.7.hu.exe KNOWN CLEAN

The file ‘unlocker_1.8.7.hu.exe’ has been determined to be ‘KNOWN CLEAN’. In particular this means that we could not find any malicious content. Please note that the file is part of 'Unlocker 1.8.7 '.

system · November 28, 2010, 1:26pm

1. But... I sent it to avast! few months ago... When I say that it tooks a long time to detect a new sample, and if somebody sent a trojan/adware/whatever it will be on the VPS " in 100 years", I refer to situations like this. And the problem is: I see lots of situations like this!

every sample you send to virus is under investigation, you cannot just add detection in security software, need a lot of experimentation. because in a single mistakes a lot of user out there in the wild will suffer. Why when you send Sample, what percentage you are sure that it is malware/trojan? what machine you use to identify it??

OR maybe you saw only an incomplete download, and this is dangerous when it is added to detection.

Regards!!!

Still undetected adware!

Announcements