Fun with win32.Virut.56 - Page 2 - [H]ard|Forum

**Ranma_Sao** · #21 11-08-2009, 03:27 PM

I legally cannot add it to my sig. I have already asked, sorry. (As to why it bothers people, I don't understand.)

As to the other concerns, I'll take a look at that file on Monday. I can say that we hold the Advanced+ rating from Av-Comparitives.

This posting is provided "AS IS" with no warranties, and confers no rights.

**number69** · #22 11-08-2009, 03:33 PM

Quote:

Originally Posted by Toytown

It wasnt a test site, but a place i know is full of virii (a newsgroup full of it). There was several other people reporting that the file in question had a virus so downloaded it, Unrar'd it and MSE which was updated today, didnt do anything (it should have detected it during the read/write process), i even bought up the properties of the file, so that it definetely did read it, finally i right clicked the file and told MSE to scan it......again nothing.

I uploaded it to kaspersky's file checker (there original online scanner is currently unavailable) and it correctly detected the virus in several of the files, same for 1-2 other anti virus places i checked.

EDIT - I just went and got another well known virus file, MSE shows no problems, with the virus definitions 1.69.690.0 dated today. Whilst almost every other anti-virus detects it correctly as malware. Hmm, not too confident in the application anymore.

Did you try uploading the file to virustotal.com? I'm curious to see which AV's pick it up. I don't have the same balls as you to go fishing around trying to find infected .exe files to see test my AV.

**number69** · #23 11-08-2009, 03:41 PM

Quote:

Originally Posted by Ranma_Sao

I legally cannot add it to my sig. I have already asked, sorry. (As to why it bothers people, I don't understand.)

As to the other concerns, I'll take a look at that file on Monday. I can say that we hold the Advanced+ rating from Av-Comparitives.

This posting is provided "AS IS" with no warranties, and confers no rights.

Maybe i'm missing something but the latest report at AV Comparatives is from August '09. The only MS AV I see listed on the Aug. 09 report is MS One Care and it got a standard rating.

The following got Advanced +

Avast
Bit Defender
eScan
F-Secure
G Data
NOD32
Norton.

**Toytown** · #24 11-08-2009, 04:09 PM

Quote:

Did you try uploading the file to virustotal.com

Yep heres the link, less detection rate, but im pretty sure its malware, as its a 2MB file pretending to be crisis, its patches and its cracks

http://www.virustotal.com/analisis/d...13d-1256296295

**Salorian** · #25 11-08-2009, 04:30 PM

Sounds like an awful experience.

Why could you just not format and start over?

**number69** · #26 11-08-2009, 04:32 PM

Quote:

Originally Posted by Toytown

Yep heres the link, less detection rate, but im pretty sure its malware, as its a 2MB file pretending to be crisis, its patches and its cracks

http://www.virustotal.com/analisis/d...13d-1256296295

Yikes only 10 out of 41 picked it up. I know Virus Total is a bit behind on definition updates.

**hardc0re** · #27 11-08-2009, 10:43 PM

Salorian,
I had to reinstall the OS due to extensive system file and registry corruption, but in no way was going to format all my partitions and lose a terabyte of data.

**Pkirk618** · #28 11-08-2009, 10:58 PM

could be worse my homies

http://www.msnbc.msn.com/id/33778733...ence-security/

Quote:

The prosecution's forensics expert, Randy Huff, maintains that Solon's antivirus software was working properly. And he says he ran other antivirus programs on the computer and didn't find an infection — although security experts say antivirus scans frequently miss things.

**Ranma_Sao** · #29 11-09-2009, 12:39 AM

Quote:

Originally Posted by number69

Maybe i'm missing something but the latest report at AV Comparatives is from August '09. The only MS AV I see listed on the Aug. 09 report is MS One Care and it got a standard rating.

The following got Advanced +

Avast
Bit Defender
eScan
F-Secure
G Data
NOD32
Norton.

I can't link to the site, but if you look at the latest removal tests, Microsoft Security Essentials got an Advanced+ rating.

This posting is provided "AS IS" with no warranties, and confers no rights.

**Jon55** · #30 11-09-2009, 01:30 AM

I would also like to see if MSE on Win7 64-bit could catch this.

**Toytown** · #31 11-09-2009, 09:12 AM

Quote:

Originally Posted by Jon55

I would also like to see if MSE on Win7 64-bit could catch this.

It sure can

, i finally found it at last.

**number69** · #32 11-09-2009, 12:11 PM

Quote:

Originally Posted by Ranma_Sao

I can't link to the site, but if you look at the latest removal tests, Microsoft Security Essentials got an Advanced+ rating.

This posting is provided "AS IS" with no warranties, and confers no rights.

I got ya.

**heatlesssun** · #33 11-09-2009, 12:17 PM

Quote:

Originally Posted by Toytown

It sure can

, i finally found it at last.

So why didn't others get this result? Of course without everyone comparing the same files and definitions its a pointless argument. I wish there was a simple catalog of malware samples out there. Of course that would be very dangerous for most people.

**Toytown** · #34 11-09-2009, 12:53 PM

Quote:

So why didn't others get this result?

I dont know, but remember that my MSE is updated to the latest and the website i was using with the multiple checkers was also using the very latest virus definitions.

Whilst looking for virii with some fairly new files on the internet, MSE was unable to detect about half that i actually bothered to test with, albeit a small sample. Below are the results i managed to pick out from my browser history, for the following MSE didnt find anything at all, and some of the other anti-virus vendors didnt exactly do brilliant detecting them either, with NO antivirus picking them all up

Trojan-Dropper.Win32.VB.aexk
Trojan.Win32.VB.ujq
Win9x.CIH
TR/Agent.rsh.11
Gen:Trojan.Heur
Trojan-Dropper.Win32.Mudrop.fgp

**heatlesssun** · #35 11-09-2009, 12:59 PM

Quote:

Originally Posted by Toytown

I dont know, but remember that my MSE is updated to the latest and the website i was using with the multiple checkers was also using the very latest virus definitions.

Whilst looking for virii with some fairly new files on the internet, MSE was unable to detect about half that i actually bothered to test with, albeit a small sample. Below are the results i managed to pick out from my browser history, for the following MSE didnt find anything at all, and some of the other anti-virus vendors didnt exactly do brilliant detecting them either.

Trojan-Dropper.Win32.VB.aexk
Trojan.Win32.VB.ujq
Win9x.CIH
TR/Agent.rsh.11
Gen:Trojan.Heur
Trojan-Dropper.Win32.Mudrop.fgp

Thanks for the info. Just wanted to see if this was some type of bad outbreak but it doesn't look like anything out of the ordinary. It's been so long since I got a virus on any of my personal systems that I have to fight complacency because I just really don't understand how this stuff gets around.

I download a fair amount of software but nothing pirated and the I get is from pretty well used sites so I just figure that stuff like this gets spotted pretty quickly.

**hardc0re** · #36 11-10-2009, 01:14 AM

how did you end up finding it? And all those other virii? share it with us please!

I'm surprised NOD32 is so bad at detecting, I use to think it was the best anti virus.

**Toytown** · #37 11-10-2009, 05:14 AM

Quote:

how did you end up finding it? And all those other virii? share it with us please!

For virut, i just searched for it using google by putting "virut torrent" in the search and going through maybe 10-12 pages, until i found people commenting on a torrent for an app telling others to beware as it was a virus called Virut. Download torrent, voila.

For the others i just looked in several places in newsgroups etc.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search