Trojan.FakeAlert

My friend uses AVG 8.0 Antivirus and the Web Shield detected a Trojan in an exe before the download. I tried the website and download exe myself with Avast and it didn’t detect it. Malwarebytes Anti-malware detected what it called a Trojan.FakeAlert with a context menu scan once it was downloaded to my DeskTop, but Avast’s context menu scan found nothing. Neither did SuperAntiSpyware, but this is a real threat in that it is a rogue program. I understand Avast may not detect rogues, but AVG did. Just wondered what some peoples thoughts were on this. Thanks.

They don’t all detect all the malware all of the time. Which is why it’s often recommended to have more than one scanner installed, some of them will include different detections on the day.
One of the limitations of blacklist scanning.
Submit the file to http://www.virustotal.com/ for online scanning. Takes maybe 2-5 min.
And also mail the sample to virus@avast.com
it should be zipped, password protected, and a description of the malware and the password should be included in the message body.
Can you name this malware/file, please, with both names assigned (MBAM and AVG.) Thanks.
[edit] By the way, Avast actually detects quite a high nr of rogues/spyware etc. Plus rootkits. Just not this one, (yet.)]

Hey Tarq57. I deleted the exe from my DeskTop. If you want I can PM you the link where the exe can be downloaded. It seems my friend was looking for license keys he shouldn’t be looking for if you know what I mean. I only tried to see if Avast would catch it. I just installed DriveSentry and it doesn’t catch it either. Don’t get me wrong I like Avast Home a lot and both my son and wife use it without any problems. I think it is one the best AV’s out there free or paid. I just couldn’t believe AVG caught something with it’s Web Shield that Avast’s didn’t. LOL. Take care and let me know if you want the website URL. If you have Malwarebytes Antimalware installed it should quarantine it from the DeskTop exe. Oh, and I see you have ThreatFire installed. I wonder if that detects it? Take care.

If you aren’t going to submit the sample to Avast, I’ll be happy to, so please do PM the link, and a description/name of the file, please.
Does it try to auto-install, or is it a user controlled download?
I’m not about to run it to see if TF stops it, tempting though that is, but thanks for the idea. ;D

Hey Tarq57. I sent you the link via PM. Please let me know if you got it. It’s a user controlled download, but everything is explained in the PM. Take care.

Hi, Jeleal, no PM has arrived. Try again?

Hey Tarq57 I sent another PM and resent two more as I’m not sure they’re going out. Let me know if you got any of them. Thanks.

Hi, Jeleal. Got all three in a row, the last two complete with rapidshare link.
Downloading the “activation code” (a pirated and illegal code that allegedly registers a good quality mainstream AV suite) produces no alerts. The file is clean. Contains text and JPEGS only. However, on the rapidshare page hosting this crap are several links (not including the porn redirects.) One purports to be a rapidshare link but is actually a link to a warez codec site. That’s what would have triggered your friends’ webshield/linkscanner.
Rant mode on: (And frankly, if he or anyone else is dumb/dishonest enough to want to try that out, they get all they deserve. It’s a matter of when, not if, their AV won’t protect them from this. And then who knows what crap they’ll be helping to spread. Maybe even to you.)
Rant mode off.
Thanks for taking the trouble to PM me the link. There is nothing there that I can safely download that is infected.

Yeah, I told them they’re asking for trouble and of course doing so is piracy. The AVG Web Shield slows down his surfing anyway so I’m hopeful of another Avast convert. LOL. Thanks for all your responses and I’ll be sticking with Avast Home. It has saved me from two trojans after being redirected while surfing and my PC runs well with it installed. Take care.

If he is visiting those kinds of sites I think that he needs to stay with AVG to help improve their detections

:(de problem is that this nasty by passes avast then nullifies -negates avast. Worse, it also negatives system restore. Yes Avast DOES detect it but after the event!the only way i find is to go safe with networking and get avast bot scan working from there-rather a long way round. I have reported it several times I have encountered it more than once from various sites and still avast has not found a way to dal with it. Rather hard to uderstand this…
so a question…can avast be set to work to detect these infested sites BEFORE opening(downloading)? Many of them are revolvers, I suspect and maybe are faster than avast can detect when they are “dumping” at speed.
Yes avast has given many warnings and that’s great but if just one fake alert gets past, especially frequently, it negates the whole business of detection!
running full scans may -usually does- detect esecially boot scan but thats not really an option when surfing. And if the virus nullifies everything, it is rather difficult to run a scan at all. d’you see…

Please open a new topic for your problem.
Thanks,
asyn