A BIG difference...

Discussion in 'other anti-virus software' started by tiagozt, Jul 1, 2005.

Thread Status:
Not open for further replies.
  1. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    I received an infected file by e-mail and send it to Antivir, Arcavir, Avast!, AVG, BitDefender, GDATA, Kaspersky, MKS_VIR and NOd-32 to be analysed and added to database.
    Kaspersky answered 30 minutes later saying that it had detected a virus and it would add to the data base in the next update. One hour later the virus already was in the data base of my update.
    AVG answered (auto-response) saying that had not found a valid serial with my email and it would be ignored. NOt added to database yet.
    NOD-32 said 2 days later that my file need you be zipped and password protected to be analysed.
    Antivir and Avast! answered 1 day later saying to have found a virus and that it would be added to database. However, in update following he had still not been added. Only 2 days later it occurred.
    BitDefender and MKS_VIR added to the DB 2 weeks later, without answer to me (I don't know if they added after my e-mail).
    Other companies ignored me ;)
    It's a BIG difference that can define the quality of an antivirus software/company.
     
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Wow, pretty neat - so how did you know the file was infected when none of those applications were able to detect it?
    Where did you test all those different AVs?
    What was the filename and the name of the malware?
     
  3. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    ive never sent anything to anyone other than kaspersky, and like you experienced its usually added to the kav definitions within 1-2 hours.

    and how did i know? something new trying to connect out
     
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    If possible, try to send that sample to McAfee too. I was quite pleased with their malware analysts. :)
     
  5. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    i think ill stick with sending it to companies i like
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You dont want me to cry now do you? :'(:p:D
     
  7. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    LOL! :D
     
  8. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    i read an interview with one of the virus analystrs from norman some time ago. according to him all the anti virus companies have some kind of joint server where all new samples are uploaded to. that means as soon as one company spots a new malware all the others will have access to it too. but its just the malware that is shared, not the cure, thats up to the individual companies to find
     
  9. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331

    1. Ppl that sent it to me have a website about virii and said that was infected.
    2. I install and uninstall antivirus software every week. I scan the files using online scan service of antivirus websites or generic websites with scan engine.
    3. The filename isn't important and Kaspersky analysts said:
    "Hello.

    This is trojan script Trojan.BAT.Shutdown.l.
    Detection added.

    Sincerely yours,
    Pavel Zelensky
    Virus analyst"
    ____
    As you questioned about it, I can put here more information about other AV companies.
    I sent the file to the companies at May 20.
    ___
    Kaspersky answered - May 20 - with the information above.
    __
    AVG said:
    This email is an auto-response message.

    Thank you for your email.

    We have not been able to find AVG Professional License Number or your email address registered in our database.

    Your license number or email address has been found to be registered with AVG Free.
    *Maybe I sent to worng address...
    ___
    Antivir:
    Dear Sirs,


    Thank you for your recent inquiry.

    We found a new virus in the attachment you have sent us.
    The signature will be integrated in one of our next updates.


    We thank you for your assistance.
    --
    Freundliche Gruesse/Sincerely
    AntiVir PersonalProducts GmbH

    --
    Mit freundlichen Grüßen/Sincerely
    AntiVir PersonalProducts GmbH

    _____
    Avast!:
    Dear customer,
    i sent it to analysis, but normally, you should not even read these mails and delete it, as they are allways fake.

    --
    Best regards,
    David Podracky - avast! support team
    ____
     
  10. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331

    I think it's impossible. If you get a virus detected by Kaspersky (or by other companie and not detect by Kaspersky) other you'll see that itsn't ok... You can get an infected file and send to ONLINE SCAN of antivirus companies (F-Secure, kaspersky, mks-Vir and other)... or install and uninstall many softwares... (!!!)
     
  11. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
  12. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
  13. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Here is the procedure to manually submit suspected virus files to Eset, as found on http://www.eset.com/support/nodfaq2.htm#virus :
    Or, since you are in Brazil...
    http://www.nod32.com.br/support/faq.php
    By doing so, you will do those of us who do use NOD32 a favor by helping them update their definitions. ;)
     
  14. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    This is very interesting. How about this...well sounds like colabiration is going on and that is a good thing. ;)
     
  15. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Well if I understand this correctly this blows one of my reasons that I thought AV companies distibuted Free versions of their AV products, which was to gather virus samples quickly from their free av users in order to get them into their update data bases quickly. Any thoughts anyone?
     
  16. Pollmaster

    Pollmaster Guest

    I doubt that's the primary reason for distributing free versions.
    The people tech savy enough to submit virus samples, probably use several AVs and will be smart enough to submit it to more than 1 company.

    There's autosubmission of samples of course, but that's not very reliable as compared to manual submission by someone who knows what he is doing.
     
  17. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well,take a look at avast! and AntiVir. avast! guys don't make any difference between free and payable version. Even support is the same (altghough i assume, that paying customers have priority for support).
    All samples that i have sent to avast! and AntiVir were added regardless if i was running free or payble version. GriSoft guys are dumb if they don't allow free users to submit files (like digging grave for yourself).
     
  18. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    I also agree, seemed like good people when I submitted stuff.
     
  19. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    To submit virus samples to Grisoft (AVG) send them zipped and password protected to virus@grisoft.com

    I don't ever get a reply but they do usually end up being detected in future updates.

    Kind Regards

    Jlo
     
  20. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Which is why I consider every aspect of one's post, and take them with a grain of salt ;)
     
  21. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    I received this file by mail and searched for malware.
    The results are:

    July 3, 02:00 AM (England)

    Jotti
    http://antivirus.nafoto.net/images/photo20050704213711.JPG
    and
    VirusTotal
    http://antivirus.nafoto.net/images/photo20050704213739.JPG

    After send the sample to ALL Antivirus listed in dobble websites, we have now it:
    July 5, 00:43 AM

    Jotti
    http://antivirus.nafoto.net/images/photo20050704214024.JPG
    and
    http://antivirus.nafoto.net/images/photo20050704214240.JPG
    ====

    You can analyze and create your own conclusions.

    Best regards
     
    Last edited: Jul 5, 2005
Thread Status:
Not open for further replies.