I just fought XP Antispyware on my brothers computer, Avast was finding nothing. I ran the renamed exe past Jotti.org… results here:
http://virusscan.jotti.org/en/scanresult/6c7cc8d5324fd34eff7cb396e698187b64eab8ce
I don’t fault Avast for not finding this, only 2 softwares(1 engine) find it as of Thu 23 Jun 2011 04:22:40… Ikarus and Emsisift(they use Ikurus’ engine)
Wierd thing is, when I got home after cleaning his PC, I went to my Avast and into virus vault… in there I could see no way to submit a non detected file. While looking around, I viewed an entry that is a false positive and clicked it’s submit button. In that dialog it let’s you choose a different file, so I thought cool, there is a way to send my file… so i chose mine, entered a description and sent. It said it would be submitted during the next update.
So, I went ahead and clicked to update definitions now, wierd part is I seen the false positive file being sent instead of the one the submit dialog let me choose.
Anyhow, I resubmited the same file but with an altered description and a link pointing to the renamed virus on my personal server…
NON EXE VIRUS!!! hxxp://www.conradshome.com/files/virus_psp.ex~ NON EXE VIRUS!!!
#1 - How to go about submitting a file that Avast don’t detect?
#2 - Why does the vault submit let me choose a different file but still send the one I was viewing (this is just buggy)