virus flyby as if avast is in bet with it (well you are in bed with it!)

system · 2017-06-06T02:31:37.000Z

avast, this is BS, you detect all king of not harmful software but the real viruses they fly by as if nothing is wrong, and BTW i’m tired of getting asked to install avast to my cellphone every time i get near avast, i’m going to start recommending another antivirus to my clients because to me it seems you are getting very lazzy,
I believe that you detect applications based on their behavior but for some reason you don’t monitor scripts or software writing to removable drives the instant they are plugged in, nor do you monitor the ones that instantly hide all files on removable media and creates shortcuts to the original files but also run the virus via the shortcut. is this so hard to fight? come on, what is the excuse?
I always install avast to my clients and i install chrome via the avast installer to support you because i know noting is free for free, you make money with that google chrome installer scheme, and I am ok with that, but I’m getting tired of the viruses getting past your scanners, and the not harmful software, that usually are just powerful tools, are detected as POTENTIALLY DANGEROUS!!!, stop the paranoia and start getting the real viruses.
i want to post the virus here bur well probably its not a good idea, where do i upload it or please pm me for the download link, i have the 2 files it creates removable media and the 2 files installed on system temp drive, it runs as svchost.exe hard to distinguise from the real svchost.exe

TrueIndian · 2017-06-06T02:49:57.000Z

Sorry but no AV is 100% you can send undetected files to avast via email.Submit to submit@virus.avast.com

Also avast does detect USB viruses as well it has saved me couple a times from it.Sometimes some these samples are polymorphic meaning they change constantly so it get harder to detect that’s why avast had behaviour shield and deepscreen to help detect unknown malware if it is executed.

Also you can PM me the download link.I will check the samples and upload it personally.

Are you using the latest avast free? It has major improvements over the older ones.

Pondus · 2017-06-06T07:35:44.000Z

I believe that you detect applications based on their behavior but for some reason you don't monitor scripts or software writing to removable drives the instant they are plugged in, nor do you monitor the ones that instantly hide all files on removable media and creates shortcuts to the original files but also run the virus via the shortcut. is this so hard to fight? come on, what is the excuse?

These are probably detected by signature and new versions arrive evry day Anyway, a very good tool to detect and clean these is MCShield FREE >> http://www.mcshield.net/ It works in a different way and dont need signature to catch these

system · 2017-06-06T21:51:39.000Z

Pondus, thanks for the mcshield software, will install that to quite a few people actually, i don’t fall for the virus shortcuts but some people just don’t get it.
TrueIndian, link send via pm

Pondus · 2017-06-06T22:08:05.000Z

imo MCShield should be installed on all Hotell / Printshop / Internetcafe / School computers to avoid removable drive infections

mchain · 2017-06-06T23:39:14.000Z

Pondus post:5:

imo MCShield should be installed on all Hotell / Printshop / Internetcafe / School computers to avoid removable drive infections

Private and Public Libraries as well.

TrueIndian · 2017-06-07T01:12:33.000Z

Hey guys,
The samples that were shared contains 2 fps and 1 vbs file that is about a year old that doesn’t do anything bad essentially.I tested it myself.I have submitted the vbs to avast.The other 2 files are clean.

https://www.virustotal.com/en/file/cb4bfa289b0a98a667713fd51d13651b9dd265b96675af0aefc69fdfeb391cff/analysis/1496797780/
First submission 2016-02-12 18:15:10 UTC ( 1 year, 3 months ago )
Last submission 2017-06-07 01:09:40 UTC ( 3 minutes ago )

I think most vendors detect it because of the normal signatures where they got the file that was already detected by other AV’s and so they detected it too.Its not the way avast works.

the 2 binaries:
https://www.virustotal.com/en/file/17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae/analysis/1496797790/
First submission 2011-01-19 15:00:02 UTC ( 6 years, 4 months ago )
Last submission 2017-06-07 01:09:50 UTC ( 1 minute ago )
This file belongs to the Microsoft Corporation software catalogue. The file is often found with cmd.exe as its name.

https://www.virustotal.com/en/file/2160ba6829909eeb1d272ac4a5f43588750c0b4743477bf2b46952033b5d4b3b/analysis/1496797807/
First submission 2013-12-11 21:08:57 UTC ( 3 years, 5 months ago )
Last submission 2017-06-07 01:10:07 UTC ( 2 minutes ago )
This file belongs to the Microsoft Corporation software catalogue. The file is often found with wscript.exe as its name.

Read the additional information tab on VT.

I think this is not a miss considering the running binaries are harmless and are known trusted files except the trash vbs which triggered wscript.exe and that’s all.One of the reasons maybe why avast never detected the 2 binaries since they are associated with windows and its operations.The shortcuts the vbs creates is probably going to trigger the vbs over and over again when executed.Time to format the stick.

TrueIndian · 2017-06-10T05:03:54.000Z

The VBS file that runs wscript.exe and messes up the USB is now detected.Thanks for helping in improving detection

Announcements