Avast! V5 and Koobface?

I downloaded an Koobface variant for fun and ran it.
Suddenly the .exe disappears and there is no WARN or POP UP, from Avast! V5?

I find it kinda strange that such an old malware can bypass Avast! V5 or am i wrong?

Ill try to re download the file and try it with other AV's (This time on my VM OS)

 

New morphed versions of koobface are constantly released in order to bypass AV's and it is hard for all AV/AM vendors to keep up.

Also I think you may find that trying to run some koob variants in a VM that they are VM aware and auto-delete themselves.

 

Excellent post, Franklin.

 

Oops, i typed the wrong thing

Actually i RAN it on a REAL machine (Friends machine) and it bypassed Avast! V5 and i'm not lying!

I'm not bashing Avast! V5 for some reason i chose it for my friend PC. But i find it strange that it could get through Avast! defense.
Now back at my home i tested it on the SAME windows and SAME file but on a VM and even "Comodo AV" (Not hips) could block it before it executes.

I'm kinda worried i infected my friends PC LOOOOL.
I'm going to send him a copy of A-Squared to make sure it didn't do any damage
His PC was getting formatted by me actually and i just wanted to try it hahaha, but i never knew it would get through it.

 

If it was my machine , after performing an experiment such as that, sending me a copy of A-Squared wouldn't cut it.

 

Yeah, sounds fishy but i'm speaking the truth

Hahahaha, what you would recommend?
No A VS B remember

i'll probably just give him Hitman Pro (Ultra light, fast and effective + it has many top notch engines)

And since he doesn't know how to use an AV correctly, Hitman would be the best choice, just a few clicks

 

No Hitman Pro advertisement please, this is an Avast thread

 

I gotta give them their dues

 

Who needs enemies with such friends

 

As stated here thousands of times..... no antivirus is going to detect everything 100% of the time. While on the koobface subject, just a few weeks ago I got a variant sent to me on facebook just like the original was sent well over a year ago, you know, the fake video. Well, I knew what it was and downloaded the setup.exe file but obviously did not execute it, MSE did not detect the file. I then submitted it to VirScan and only Avira detected it as a generic trojan, it appeared just it's heuristics detected it. Out of 41 different av programs only Avira detected it, so does that mean all other av programs are junk, absolutely not, it was a new variant and nobody had seen it yet. I submitted the file to MS and MSE detected it the next day. This happens every single day and when you see as much malware as I do or others here who cleanup infected computers you are going to see this a lot. Also, as stated here a thousand times..... this is why a layered approach to security is the best route to go.

 

This is the problem with the many youtube videos for testing AVs, now everyone know where to get malware and some will undoubtedly make bad use of this knowledge.

 

Yes, and everyone is turning into a Security Specialist.

 

qsfvsftav.exe - Result: 3/42 (7.15%)

Had to use the force breach feature in HMP to get a scan down. Even with several engines still not enough to grab the main exe but at least it did upload to cloud.







View attachment 216377

 

Just a Q.

How come you didn't test this BEFORE you formated the HD?
Instead of after as it sounds like you did.

 

Revert your friend's machine back a day before you ran the file. System restore should work fine.

 

The recent attack on a client's computer occurred on March 10th and was with the koobface.w varient. I just wanted to mention that in this case, MSE was what saved him. The infection attempt was through a Facebook video link and also dumped a Trojan Fake Download. Fortunately in this particular case, MSE caught and killed everything so all I had to do was clean up a few disabled traces. The Prevx log showed nothing!

 

It was just for fun, i'm NOT and NEVER called myself an "expert" nor "specialist". And i wasn't "showing off", i just wanted to try Avast! V5 for fun. In fact he wasn't even there when i was doing this BS
I think this thread have been long enough and should be closed.
Some of you guys take conclusions too fast, without even knowing me.

And i never stated Avast! V5 was crap, i consider it the best free suite you can get, i just said i tested it again on my VM and found strange that Comodo could detect it and Avast! V5 not.

Anyways, i'll reformat his pc again or restore point if it has one (Probably have one since it creates one every time you install something). i got plenty of time

Closing requested.

 

Hi Noob,
Sorry if you took it personal and I apologize.It wasn't directed at you but rather a general comment.

 

Do you have a screenshot of those virustotal results??

 

LOL, I submit so many files I can't keep track of them.

 

I was actually setting a trap for you as that is against the forums rules now

 

Man, i feel i overreacted actually. So i apologize too
Happy as always now