Avast! V5 and Koobface?

Discussion in 'other anti-virus software' started by Noob, Mar 18, 2010.

Thread Status:
Not open for further replies.
  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I downloaded an Koobface variant for fun and ran it.
    Suddenly the .exe disappears and there is no WARN or POP UP, from Avast! V5?

    I find it kinda strange that such an old malware can bypass Avast! V5 or am i wrong?

    Ill try to re download the file and try it with other AV's o_O (This time on my VM OS)
     
    Last edited: Mar 19, 2010
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    New morphed versions of koobface are constantly released in order to bypass AV's and it is hard for all AV/AM vendors to keep up.

    Also I think you may find that trying to run some koob variants in a VM that they are VM aware and auto-delete themselves.
     
  3. iTrendsNET

    iTrendsNET Registered Member

    Joined:
    Aug 6, 2008
    Posts:
    93
    Excellent post, Franklin. :thumb:
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Oops, i typed the wrong thing :p

    Actually i RAN it on a REAL machine (Friends machine) and it bypassed Avast! V5 and i'm not lying!

    I'm not bashing Avast! V5 :D for some reason i chose it for my friend PC. But i find it strange that it could get through Avast! defense.
    Now back at my home i tested it on the SAME windows and SAME file but on a VM and even "Comodo AV" (Not hips) could block it before it executes. o_O

    I'm kinda worried i infected my friends PC LOOOOL.
    I'm going to send him a copy of A-Squared to make sure it didn't do any damage :p
    His PC was getting formatted by me actually and i just wanted to try it hahaha, but i never knew it would get through it.
     
  5. CiX

    CiX Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    404
    :doubt: :ninja:
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    If it was my machine , after performing an experiment such as that, sending me a copy of A-Squared wouldn't cut it.:rolleyes:
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah, sounds fishy but i'm speaking the truth :)

    Hahahaha, what you would recommend?
    No A VS B remember

    i'll probably just give him Hitman Pro (Ultra light, fast and effective + it has many top notch engines) :ninja:

    And since he doesn't know how to use an AV correctly, Hitman would be the best choice, just a few clicks :D
     
  8. progress

    progress Guest

    No Hitman Pro advertisement please, this is an Avast thread :D
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I gotta give them their dues :)
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Who needs enemies with such friends :thumb:
     
  11. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    181
    Location:
    Chesapeake, VA USA
    As stated here thousands of times..... no antivirus is going to detect everything 100% of the time. While on the koobface subject, just a few weeks ago I got a variant sent to me on facebook just like the original was sent well over a year ago, you know, the fake video. Well, I knew what it was and downloaded the setup.exe file but obviously did not execute it, MSE did not detect the file. I then submitted it to VirScan and only Avira detected it as a generic trojan, it appeared just it's heuristics detected it. Out of 41 different av programs only Avira detected it, so does that mean all other av programs are junk, absolutely not, it was a new variant and nobody had seen it yet. I submitted the file to MS and MSE detected it the next day. This happens every single day and when you see as much malware as I do or others here who cleanup infected computers you are going to see this a lot. Also, as stated here a thousand times..... this is why a layered approach to security is the best route to go.
    :D :cool:
     
  12. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    This is the problem with the many youtube videos for testing AVs, now everyone know where to get malware and some will undoubtedly make bad use of this knowledge.
     
  13. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Yes, and everyone is turning into a Security Specialist.:doubt:
     
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    qsfvsftav.exe - Result: 3/42 (7.15%)

    Had to use the force breach feature in HMP to get a scan down. Even with several engines still not enough to grab the main exe but at least it did upload to cloud.

    AV Soft.JPG

    HMP.JPG

    Up.JPG

    View attachment 216377
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Just a Q.

    How come you didn't test this BEFORE you formated the HD?
    Instead of after as it sounds like you did.
     
  16. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Revert your friend's machine back a day before you ran the file. System restore should work fine.
     
  17. iTrendsNET

    iTrendsNET Registered Member

    Joined:
    Aug 6, 2008
    Posts:
    93
    The recent attack on a client's computer occurred on March 10th and was with the koobface.w varient. I just wanted to mention that in this case, MSE was what saved him. The infection attempt was through a Facebook video link and also dumped a Trojan Fake Download. Fortunately in this particular case, MSE caught and killed everything so all I had to do was clean up a few disabled traces. The Prevx log showed nothing!
     
  18. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    It was just for fun, i'm NOT and NEVER called myself an "expert" nor "specialist". And i wasn't "showing off", i just wanted to try Avast! V5 for fun. In fact he wasn't even there when i was doing this BS :p
    I think this thread have been long enough and should be closed.
    Some of you guys take conclusions too fast, without even knowing me.

    And i never stated Avast! V5 was crap, i consider it the best free suite you can get, i just said i tested it again on my VM and found strange that Comodo could detect it and Avast! V5 not.

    Anyways, i'll reformat his pc again or restore point if it has one (Probably have one since it creates one every time you install something). i got plenty of time :D

    Closing requested.
     
  19. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Hi Noob,
    Sorry if you took it personal and I apologize.It wasn't directed at you but rather a general comment.:oops:
     
  20. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Do you have a screenshot of those virustotal results?? :p
     
  21. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    181
    Location:
    Chesapeake, VA USA
    LOL, I submit so many files I can't keep track of them.
    :)
     
  22. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    I was actually setting a trap for you :D as that is against the forums rules now :(
     
  23. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Man, i feel i overreacted actually. So i apologize too :D
    Happy as always now :argh:
     
Loading...
Thread Status:
Not open for further replies.