Trojan.Webkit!html and others not detected

Hello.

in fact, the forum did not have time to stay, I know I can return very soon.

There was a change in the transmission of samples services, now supports only receives URL or other issues and no longer files.In day 10/06/15 were sent 9 files, only 1 was added detect as Win32: FakeDownload-G [PUP] .

http://i.imgur.com/sP1UEZu.png

A week ago I sent over 11 files that have not yet been detected.
Today lost a link in a where I got a script,my system is not infected.

CSIDL_PROFILE\appdata\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P9DVZCHH\style[1].js

But I have saved ,this is a new, not part of detections of avast.

https://www.virustotal.com/en/file/8366a7c7e3e3229509497a0f96edfe9a522164078314d601b9d6bce6d96a9f0a/analysis/1435451594/

VirScan has it here, only one example: http://v.virscan.org/Trojan.Script.633135.html
This is a good detection survey: http://www.scumware.org/report/217.76.132.207.html
Read: http://forum.bitdefender.com/index.php?showtopic=42754
My Malware Script Detector v. 2.0 blocks the javascript attack, code: http://ddecode.com/hexdecoder/?results=a8a4824d39d4f7e585b05210b11316b6
See: htxp://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fwww.sierracharra.com%2Fleidsegfre%2Fcl.js%09&useragentheader=&acceptheader=
decoded results manipulation of search results via my start incredibar browser hijacker etc.
Removal of this is not that easy and should be performed under guidance of a qualified removal expert.
Avast should at least detect the encoded javascript for what it is,e.g.: “crap-adware”.

polonus (volunteer website security analyst and website error-hunter)

files is in a sandbox
this script was captured elsewhere, it is not detected

http://www.symantec.com/security_response/writeup.jsp?docid=2007-100915-0239-99&vid=4324&product=Norton%20AntiVirus&version=21.7.0.11&plang=sym:BR&layouttype=TrialWare&buildname=Retail&heartbeatID=E829A7FF-B0C4-4E90-9F8B-E24BC43BC61B&env=prod&vendorid=1002080&plid=1&plgid=1&skup=21323278&skum=21323278&skuf=21291069&endpointid={E829A7FF-B0C4-4E90-9F8B-E24BC43BC61B}&partnerid=1002080&lic_type=512&lic_attr=21155857&psn=VDCJ94VRXD9T&osvers=6.1&oslocale=iso:BRA&oslang=iso:POR&os=windows

rescan analysis

threats are medium and high risk

Adware.ELEX
https://www.virustotal.com/en/file/174dd119c3fb87e2793f0059701c4bad7af474ed907b6cb873a08afeb2679b76/analysis/1435522842/

Win32:Adware Esprot
https://www.virustotal.com/en/file/8f895c19d04b411edcb51ebe86f60d44676ac0f411bd072a0a46da9e40e289a3/analysis/1435523247/

SearchProtect
https://www.virustotal.com/en/file/d8de6dd9b3f330889a8ac4cd821e5dd635a03c7a9a1affaa8a98210e3b247913/analysis/1435523246/

Win32:AdwareSubTab
https://www.virustotal.com/en/file/c97801f42d16ac69318562281b67904d716262ff6fd098dddce2d7af56dd7342/analysis/1435523244/

Win32:SoftPulse
https://www.virustotal.com/pt/file/be1ad7aa07fd805528b6759936cac70861bc43f66c45abfb4c6c41efc1c8304b/analysis/1435523256/

Adware Miuitab

https://www.virustotal.com/en/file/075bbb7d95caa26123332a6697ab40ff0e8c0bade1b02dad398e2eb9f938c1e2/analysis/1435523828/

Hi jefferson sant,

As all are riskware/adware detections, the question is how Avast performs in PUP-mode (not as per default)?
How is MBAM, AdwCleaner and JRT performing on mentioned detections?

polonus

some of it is done through the statistics sending it take to process certain files , avast because the heuristic is weak requires new signatures created to detect PUP.

malwarebytes use generic detections and other technologies in aggressively

http://news.softpedia.com/news/malwarebytes-anti-malware-to-integrate-junkware-removal-tool-485031.shtml

On the last Thursday 09.07.15 was added to Ikarus database as Trojan.Script.Avast already detected style[1].js as JS:ScriptXE-inf [Trj]

https://www.virustotal.com/en/file/8366a7c7e3e3229509497a0f96edfe9a522164078314d601b9d6bce6d96a9f0a/analysis/1436825157/

Thank you very much.