Whats with Avira ??

Discussion in 'other anti-virus software' started by vijayind, Mar 26, 2009.

Thread Status:
Not open for further replies.
  1. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I submitted a sample via Avira Website for analysis. I got this response from Avira :

    ~Private communication removed per the TOS.~

    But I scanned it on VT/ThreatExpert. On VT, 12/37 scanner found it as malicious.
    ThreatExpert seemed to clearly show the same as malware (It added itself to startup, downloaded stuff from the net and started a keystroke monitor).

    Yet Avira experts think its harmless !!
    So are the Avira Labs off course ?
    or is it because I am a Antivir Personal user, hence as in the mail I will not be provided Adware/Spy detection ?

    If anyone has any insight please let me know.
    Thanks.
     
    Last edited by a moderator: Mar 26, 2009
  2. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    well would be nice to know the detection of the other scanners.
    i asked for reanalysing your sample, but perhaps it isn't malware the other scanners detect.
     
  3. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I seriously doubt that so many scanners would have the same FP. Plus you can checkout the ThreatExpert or CWSandbox report for the sample. It clearly installs a hook and downloads files remotely from a server reported to be maliciouos.

    Its hard to imagine a legitimate program would be doing all that and 12 scanners would suddenly fall for it.

    EDIT: I sent a PM to you with the VirusTotal/ThreatExpert link. Since posting VT links is not allowed on the forum.
     
  4. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    well that's a fake antispyware. we'll see if it will be added. perhaps as spr.
     
  5. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    416
    Location:
    Belgium
    Well, it's the Avira way of thinking.

    Rogue Fake Anti-Virus products are flagged as harmless, while harmless No-CD cracks are flagged as virii or trojans.:gack:
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    It's not an FP, as a malware analyzer in my spare time, I often mass mail new malware to VT engines. I have sometimes got replies from Avira and Kaspersky that a malware file is clean. The solution is to provide the evidence and direct to the code or sub-file if it's a packer.

    I don't think it's a matter of missing the malware more a matter of mixing up files in the vast array of files they have to analyze, but I don't blame them we are all human.
     
  7. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Ok, the mail said that Personal Edition Adware/Spy would not be detected. Hence I was confused.

    Maybe Avira should list what it feels is defination of malware. There seems to be a difference of opinion on that, about many ppl here.
     
Loading...
Thread Status:
Not open for further replies.