undetected virus

avast did not detect the attached virus virus :cry:
virus def : 0538-3 dated 20/9/2005
sample sent to alwil Software.
the strange thing is that avast detect a variant VPS 0537-1, 14.09.2005.
if this is a new variant,I hope they add it soon ::slight_smile:

AVG replied: Dear Sir/Madam,

Thank you for your email.

The trojan horse will be added to the next update.

Thank you

 Best regards,

 Oldrich Muller 
 AVG Technical Support

website: http://www.grisoft.com
mailto: technicalsupport@grisoft.com

well done guys ;D
now where is alwil’s? ::slight_smile: ???

now, reply of Ca has arrived:

Dear Mina Guindy,

Thank you for emailing CA Security Advisor.

This is to notify you of the results of your submission, issue number
620773. Please keep this issue number for future reference.
Please see below for the final results of our analysis of your file
submission.

We successfully received the following files:

FILE SIZE CONCLUSION

28256-infected.zip 239449 clean

infected.exe 242247 malware

mailpart0 432 clean

This automated scanning service “Virtue” complements our regular
technical support service. It is not a replacement for it. For
technical support please visit http://www.ca.com/about/support.htm.

If you would like to comment on the quality of this automated service,
please send your suggestion to virtue.feedback@ca.com .

CA Security Advisor


For the latest security advisories, including detailed analysis of the
latest vulnerabilities, viruses, trojans, worms and spyware, and for
complete information on how to protect yourself or your organization,
please visit
http://www.ca.com/securityadvisor

FILE

28256-infected.zip

The PkWare Zip Archive file “28256-infected.zip” has been determined to
be clean. For the results of files contained please see below.

FILE

infected.exe

The MsDos Executable (EXE) file “infected.exe” has been determined to
be malicious.

Aliases reported by other AV products are listed here:
(W32/Backdoor.FDR) (Backdoor.Win32.Bifrose.ay) (BackDoor-CEP)

CA antivirus products address this malware as follows:

eTrust Antivirus 6.x/v7 (Vet Engine)
We will inform you by email ASAP when we have a signature update
available providing detection.

eTrust Antivirus 6.x/v7 (InoculateIT Engine)
We will inform you by email ASAP when we have a signature update
available providing detection.

FILE

mailpart0

The Html(no active content) file “mailpart0” has been determined to be
clean. Your mail was in HTML format, which we have extracted as
‘mailpart.’ file.

========================================================================

Two facts:

  1. Alwil does not automatic answer to virus submission.
  2. Alwil should make submission, analysis and vps update better.

Simultaneous (theard): http://forum.avast.com/index.php?topic=16380.msg140328#msg140328

1- AVG did not automatically reply to my message (as far as I understand). Thier tech. support man replied me.
2- I agree 100% , the current submission system is a big weekness point in alwil ::slight_smile:

As has been mentioned in the forums that is in hand, extra staff for analysis and VPS Update and they are working on a new submission system. Exactly when all this will come to fruition is not stated but I feel it is not the sort of thing that happens overnight. Staff have to be trained, program enhancements have to be tested, etc. etc.

We have to be a little patient.

virus -now- is being detected with update VPS 0538-7, 23.09.2005 ::slight_smile: