I just received an email containing this trojan, which Avast does not alert on. Fortunately, I was using a system with Comodo AV at the time, which did alert for Heuristics:Suspicious. Other onboard scanners a-squared and ClamWin confirmed a positive detection.
I am not, I have Avast 5 free on 4 systems, and CAV (CIS 3.14.x) on 2 systems (one, a network commercial server). I added CAV to the second system when Avast shields stopped running for the third time, and couldn’t be revived without a fresh Avast install. I determined Avast does not alert on the trojan from the VirusTotal and onlinescan.avast.com results I received.
According to Prevx, this (ORIGINAL_LETTER.EXE) is a new malware first seen by them on July 14, 2010.
I’m a new avast user and a new forum member.
I scanned a downloaded file before to open it with my new avast and told me it was CLEAN…but as a new user a checked it either by Emsisoft AntiMalware and surprise!!
I made some other tests and everytime avast skip to detect Meredrop on the contrary of Emsisoft!
I’m sending the image of the situation!
I'm a new avast user and a new forum member.
I scanned a downloaded file before to open it with my new avast and told me it was CLEAN...but as a new user a checked it either by Emsisoft AntiMalware and surprise!!
this emsisoft thing is known to have false positives. upload file to virustotal.com to make sure its not fp but misdetection of avast.
Trojan-Downloader:W32/Bredolab is a family of trojan-downloaders that are known to download and install rogue antivirus programs - also known as rogueware - onto the infected computer.
The installed rogueware generates misleading or downright false alerts, notification messages and/or scanning reports to pressure the user into “purchasing” or “activating” the rogueware in order to disinfect or remove the supposed threats. Even if the user does so however, the program may not function as intended.
Activity
During installation, Bredolab variants create the following registry entry so that the trojan-downloader runs every time Windows starts: