Whats with Avira ??

Discussion in 'other anti-virus software' started by vijayind, Mar 26, 2009.

Thread Status:
Not open for further replies.
  1. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I submitted a sample via Avira Website for analysis. I got this response from Avira :

    ~Private communication removed per the TOS.~

    But I scanned it on VT/ThreatExpert. On VT, 12/37 scanner found it as malicious.
    ThreatExpert seemed to clearly show the same as malware (It added itself to startup, downloaded stuff from the net and started a keystroke monitor).

    Yet Avira experts think its harmless !!
    So are the Avira Labs off course ?
    or is it because I am a Antivir Personal user, hence as in the mail I will not be provided Adware/Spy detection ?

    If anyone has any insight please let me know.
    Thanks.
     
    Last edited by a moderator: Mar 26, 2009
  2. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    well would be nice to know the detection of the other scanners.
    i asked for reanalysing your sample, but perhaps it isn't malware the other scanners detect.
     
  3. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I seriously doubt that so many scanners would have the same FP. Plus you can checkout the ThreatExpert or CWSandbox report for the sample. It clearly installs a hook and downloads files remotely from a server reported to be maliciouos.

    Its hard to imagine a legitimate program would be doing all that and 12 scanners would suddenly fall for it.

    EDIT: I sent a PM to you with the VirusTotal/ThreatExpert link. Since posting VT links is not allowed on the forum.
     
  4. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    well that's a fake antispyware. we'll see if it will be added. perhaps as spr.
     
  5. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    454
    Location:
    Belgium
    Well, it's the Avira way of thinking.

    Rogue Fake Anti-Virus products are flagged as harmless, while harmless No-CD cracks are flagged as virii or trojans.:gack:
     
  6. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,034
    It's not an FP, as a malware analyzer in my spare time, I often mass mail new malware to VT engines. I have sometimes got replies from Avira and Kaspersky that a malware file is clean. The solution is to provide the evidence and direct to the code or sub-file if it's a packer.

    I don't think it's a matter of missing the malware more a matter of mixing up files in the vast array of files they have to analyze, but I don't blame them we are all human.
     
  7. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Ok, the mail said that Personal Edition Adware/Spy would not be detected. Hence I was confused.

    Maybe Avira should list what it feels is defination of malware. There seems to be a difference of opinion on that, about many ppl here.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.