Two unrecognized viruses

Avast Free Antivirus / Premium Security
1

Here - http://www. yvs. makeevka. com/files/viruses.zip
two viruses. Password - virus.
Virus@avast.com not hear me one month.
Why?..
Heeeelp…

2

Please, don’t post live links to infected files (even password protected).
After you have sent the samples to virus@avast.com you can try sending the files to Chest and, from there, resend to Alwil for analysis.

The preferred way for submitting samples is e-mail (or sending them from Chest). Although, you can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won’t have READ access to the ftp server, just write - so you won’t even be able to see what you’ve just uploaded).

Anyway, this is not an excuse for not having improved the detection yet… Shame on virus analyst team…

3

File AUH5j6Ma.exe received on 08.07.2007 19:00:52 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.07 -
AntiVir 7.4.0.57 2007.08.07 TR/Crypt.ULPM.Gen
Authentium 4.93.8 2007.08.07 -
Avast 4.7.1029.0 2007.08.07 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.07 GenPack:Win32.Worm.Luder.F
CAT-QuickHeal 9.00 2007.08.07 -
ClamAV 0.91 2007.08.07 -
DrWeb 4.33 2007.08.07 Trojan.Inject.351
eSafe 7.0.15.0 2007.07.31 suspicious Trojan/Worm
eTrust-Vet 31.1.5040 2007.08.07 -
Ewido 4.0 2007.08.07 -
FileAdvisor 1 2007.08.07 -
Fortinet 2.91.0.0 2007.08.07 -
F-Prot 4.3.2.48 2007.08.07 -
F-Secure 6.70.13030.0 2007.08.07 Trojan.Win32.Agent.avd
Ikarus T3.1.1.8 2007.08.07 Win32.SuspectCrc
Kaspersky 4.0.2.24 2007.08.07 Trojan.Win32.Agent.avd
McAfee 5092 2007.08.07 -
Microsoft 1.2704 2007.08.07 -
NOD32v2 2442 2007.08.07 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.07 W32/ZlFake.A.drp
Prevx1 V2 2007.08.07 Trojan.Lozyt
Rising 19.35.12.00 2007.08.07 -
Sophos 4.19.0 2007.08.01 Mal/HckPk-A
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.07 -
TheHacker 6.1.7.163 2007.08.07 -
VBA32 3.12.2.2 2007.08.07 Trojan.Win32.Small.oj
Webwasher-Gateway 6.0.1 2007.08.07 Trojan.Crypt.ULPM.Gen

File ZARAZA.DOC received on 08.07.2007 19:01:12 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.07 -
AntiVir 7.4.0.57 2007.08.07 HEUR/Macro.Word97
Authentium 4.93.8 2007.08.07 could be infected with an unknown virus
Avast 4.7.1029.0 2007.08.07 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.07 Macro.VBA
CAT-QuickHeal 9.00 2007.08.07 -
ClamAV 0.91 2007.08.07 -
DrWeb 4.33 2007.08.07 W97M.VMPCK
eSafe 7.0.15.0 2007.07.31 O97M.GNcsin
eTrust-Vet 31.1.5040 2007.08.07 Word97Macro/Nid.A (weak rule) fa
Ewido 4.0 2007.08.07 -
FileAdvisor 1 2007.08.07 -
Fortinet 2.91.0.0 2007.08.07 -
F-Prot 4.3.2.48 2007.08.07 -
F-Secure 6.70.13030.0 2007.08.07 Possibly infected with an unknown virus
Ikarus T3.1.1.12 2007.08.07 Virus.MSWord.Zaraza.b
Kaspersky 4.0.2.24 2007.08.07 Virus.MSWord.Zaraza.b
McAfee 5092 2007.08.07 W97M/Generic
Microsoft 1.2704 2007.08.07 -
NOD32v2 2442 2007.08.07 a variant of W97M/Generic
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.07 W97M/Havix.A
Prevx1 V2 2007.08.07 Generic.Malware
Rising 19.35.12.00 2007.08.07 Unknown
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.07 W97M.VMPCK1.gen
TheHacker 6.1.7.163 2007.08.07 W97M/Generico
VBA32 3.12.2.2 2007.08.07 -
VirusBuster 4.3.26:9 2007.08.07 -
Webwasher-Gateway 6.0.1 2007.08.07 Heuristic.Macro.Word97

4

Well I have also sent them from the chest so lets see what happens.

5

Why?

Now these viruses in known, and user can find infected files with the help of any file manager.
For example: find *.doc files with string “c:\windows\system\sys_z.drv”.

Dangerous is not a virus, dangerous is slow virus analyst team. :cry:

6

Whilst this link is to a zip file (not an executable), it is still clickable allowing for accidental exposure by those not so well equipped to deal with a possible infection, more so one not detected by avast.

So it is better to break any link and those of us who don’t feel it a problem can still get at it without much of a problem, but it is a step that keeps the unwary and inquisitive away, e.g. http :// www . yvs.makeevka.com/files/viruses.zip.

So please modify you link so it isn’t clickable, it is just good practive to avoid accidental exposure.

7

For the other users, dangerous is the infection due to virus link exposure and a slow virus analyst team.

8

Modified.

9

:o

Why?..

File AUH5j6Ma.exe i was send to Alvil (virus@avast.com) and to DrWeb (http://www.drweb.ru/newvirus/).

Alvil not hear me.

From DrWeb i was recive immediately confirm e-mail message with special ID for meeting about this virus if i want. After some hours i recive e-mail with thanks and with name of virus added to database.

I like Avast. Why Avast not like me…

Sorry for my french.

10

For me, some kind of response from the Alwil team would be appropriate. This is not the first time they have been accused of being slow. Not really acceptable, as the product doesn’t have heuristics to fall back on…

11

It’s a problem of the virus analyst team… hope they hurry up with (more) this sample.

12

Not to hijack the thread/topic but will Avast have heuristics added in future updates?

13

yvs: the executable will be detected by some new vps in near future (added to internal vps already)… and the doc file needs some more time but will follow soon…

Tech: you know… we don’t ignore this sample, but there are many other viruses, which are more dangerous or more spreading and it’s legitimate to add Tibs, Zhelatin, Warezov or Virtumonde/Vundo first and this sample with a little delay… simply bacause of virus priorities… hopefully the whole process will become faster (i’m working on a new detection module)… :wink:

14

Good to know we’ll have a new detection module.
I understand the virus adding priority. The problem is that the user is infected with a virus and not will all the other dangerous one round… so he/she complains about that: my infection is the worst for me myself…

15

Good to know there are many improvements on the way, keep up the good work. One more thing by new detection module what do you mean ie heuristics, better scanning techniques etc (sorry for probing for answers I’m just trying to learn new things) :slight_smile:

16

new module: it’s in testing stage now… it will be able to detect e.g. Allaple virus in some generic way… but it’s not a heuristic module… heuristics will come with the 5 version, cause it needs more changes in current engine…

17

Thanks mate for going through the trouble of describing it to me as I only have a basic knowledge of these things and any knowledge is greatly appreciated

Keep up the good work mate and I will look forward to seeing Version 5 when its released

18

Oh, good…

Simple macros in doc file?..

Ve have a problem…

To wish list: antivirus program must have user-defined base of strings (signatures) for some types files. And if user define signature “c:\windows\system\sys_z.drv” or “Mad Max” for doc-files - antivirus can switch-off (kill) macroses, contained this strings.

19

well… i know there’s a string with the driver name… and we are able to unpack MS OLE offcourse… but - we don’t want to make a chaos with detecting it by the string… it’s a macro, so it should be detected by the macro engine…

20

Of course. And if Avast can treat doc-files, then he already have “macro engine”.

And this “macro engine” don’t must execute macroses, like MS Word. Just some parse file (doc, xls, odt, …), select (exctract) marcoses and just search substring (may by with wildcards) and so on…

No, i not understand why Alwil working so slow. May by virus stream to Alwil is more bigger, then to other antivirus center?..

Imho, antivirus program can not recognize virus only if nobody send virus to developer. But must by strong maximum term from recieve virus to update antivirus database. Then user feel protection.

Thank for good free program.