now recognizes it. Wow.
[]'s
But not on virustotal.

How strange

Shadow wrote:
> now recognizes it. Wow.
> []'s
> But not on virustotal.
>
> How strange

If you had sent a suspected malware file to VT and it was positive, or
positive with any other antimalware application, you can also upload
it to:

<http://www.uploadmalware.com/>

It will then get a bit of help from those who can move it along.

--
1PW

On Wed, 19 Aug 2009 10:43:26 -0700, 1PW <(E-Mail Removed)> wrote:

>Shadow wrote:
>> now recognizes it. Wow.
>> []'s
>> But not on virustotal.
>>
>> How strange
>
>If you had sent a suspected malware file to VT and it was positive, or
>positive with any other antimalware application, you can also upload
>it to:
>
> <http://www.uploadmalware.com/>
OK, I will.
>
>It will then get a bit of help from those who can move it along.
You didn't understand. Avast now plays all the sirens when I
tell it to scan the file,
"AutoIt:Balero-A [Wrm]" has been found in
"C:\Recycled\Dc1.exe\AutoIt.script" file

but when I upload same file to virustotal, the virus is not
recognized by avast.. They should give the same results.


http://www.virustotal.com/analisis/a...f7e-1250796304

On Thu, 20 Aug 2009 16:51:30 -0300, Shadow <Sh@dow> wrote:

>On Wed, 19 Aug 2009 10:43:26 -0700, 1PW <(E-Mail Removed)> wrote:

>>If you had sent a suspected malware file to VT and it was positive, or
>>positive with any other antimalware application, you can also upload
>>it to:
>>
>> <http://www.uploadmalware.com/>
> OK, I will.
Sorry, I lied, I won't. It requires an email address and
identification.
[]'s

From: "Shadow" <Sh@dow>

| On Thu, 20 Aug 2009 16:51:30 -0300, Shadow <Sh@dow> wrote:

>>On Wed, 19 Aug 2009 10:43:26 -0700, 1PW <(E-Mail Removed)> wrote:

>>>If you had sent a suspected malware file to VT and it was positive, or
>>>positive with any other antimalware application, you can also upload
>>>it to:

>>> <http://www.uploadmalware.com/>
>> OK, I will.
| Sorry, I lied, I won't. It requires an email address and
| identification.
| []'s

No it doesn't. You do NOT have to enter an email address nor ID as the are not required.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

FromTheRafters wrote:
> "Shadow" <Sh@dow> wrote in message
> news:(E-Mail Removed)...
> [...]
>
>> "AutoIt:Balero-A [Wrm]" has been found in
>> "C:\Recycled\Dc1.exe\AutoIt.script" file
>>
>> but when I upload same file to virustotal, the virus is not
>> recognized by avast.. They should give the same results.
>
> Why?
>
> The one on your computer and one on their's may not be configured the
> same - even if the engine versions are the same.
WTF?

From: "Buffalo" <(E-Mail Removed)>



| FromTheRafters wrote:
>> "Shadow" <Sh@dow> wrote in message
>> news:(E-Mail Removed)...
>> [...]

>>> "AutoIt:Balero-A [Wrm]" has been found in
>>> "C:\Recycled\Dc1.exe\AutoIt.script" file

>>> but when I upload same file to virustotal, the virus is not
>>> recognized by avast.. They should give the same results.

>> Why?

>> The one on your computer and one on their's may not be configured the
>> same - even if the engine versions are the same.
| WTF?


Different signature revisions albeit VT should get multiple updates.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"Buffalo" <(E-Mail Removed)> wrote in message
news:h6krgd$avd$(E-Mail Removed)...
>
>
> FromTheRafters wrote:
>> "Shadow" <Sh@dow> wrote in message
>> news:(E-Mail Removed)...
>> [...]
>>
>>> "AutoIt:Balero-A [Wrm]" has been found in
>>> "C:\Recycled\Dc1.exe\AutoIt.script" file
>>>
>>> but when I upload same file to virustotal, the virus is not
>>> recognized by avast.. They should give the same results.
>>
>> Why?
>>
>> The one on your computer and one on their's may not be configured the
>> same - even if the engine versions are the same.
> WTF?

What heuristic level does VT use with the Avast! scanning engine as
opposed to what a desktop machine might use?

Besides, VT doesn't have the luxury of possible (ancillary) context
scanning.

On Wed, 19 Aug 2009 11:42:17 -0400, Shadow <Sh@dow> wrote:

> now recognizes it. Wow.But not on virustotal.How strange

The malware submission at Avast is being upgraded and will be finished
soon.
--
This post was created using Opera's revolutionary e-mail client:
http://www.opera.com/mail/

"Buffalo" <(E-Mail Removed)> wrote in message
news:h6krgd$avd$(E-Mail Removed)...
>
>
> FromTheRafters wrote:
>> "Shadow" <Sh@dow> wrote in message
>> news:(E-Mail Removed)...
>> [...]
>>
>>> "AutoIt:Balero-A [Wrm]" has been found in
>>> "C:\Recycled\Dc1.exe\AutoIt.script" file
>>>
>>> but when I upload same file to virustotal, the virus is not
>>> recognized by avast.. They should give the same results.
>>
>> Why?
>>
>> The one on your computer and one on their's may not be configured the
>> same - even if the engine versions are the same.
> WTF?

Differences in definitions, the "engine" doesn't exist in a vacuum - it
is more like a "engine/definitions" set that may contain disparity
despite the engines being the same.

A submitted file scanner wouldn't have the luxury of context. I wouldn't
expect identical results from an installation of Avast! against an
Avast! file submission scanner.

Okay, so I don't know how Avast! works, but it would be possible that
the "program" does some preparatory work (such as unpacking archives )
prior to giving the "engine" a go at the results. If this is the case,
even more reason to expect variance.

Sometimes, a file's contents changes subtly during transmission - maybe
not that often anymore...