• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Trojan:Win32/FakePowav

Uploaded file to VirusTotal. Already Analyzed. 1/37 antivirus programs detected it as malicious, Microsoft OneCare.

I elected for the file to be Reanalyzed. This time 3/37. Wow, not bad. Probably not a FP ... Too bad Norton does not reconigze it. 

http://www.virustotal.com/analisis/63e865719b9e761b86942d61ce4fd532

Appearantly the big "bear", Symantec does move slowly in the winter =). 

I just really hope that Symantec bothers to include this in the definitions. Another file I submitted was deemed to be malicious; the link to the site was removed ... do not post links to malicious sites ... and everyone aggreed after I did some extensive testing within Sandboxie. However, its been so long ... =) ... 3 days as a matter of fact ... and I am just hoping that right now some SSR employee is adding that to the defs.

My tracking for this sample is

#10090727

ThreatExpert analysis coming soon! Stay posted! 

http://www.threatexpert.com/report.aspx?md5=fe6b29b732087ea22b6d1d943c4ffa97

Looking at the ThreatExpert Report, OneCare was able to discern deep into the actions of the program without even executing it. Too bad Bloodhound can't do that. OneCare was able to see that the file created scrmss.exe entry in %AppData%\. OneCare was also able to see that the file created was malicious. 

Message Edited by Tech0utsider on 12-03-2008 10:49 PM
=\

回复

好评0

Re: Trojan:Win32/FakePowav

Uploaded file to VirusTotal. Already Analyzed. 1/37 antivirus programs detected it as malicious, Microsoft OneCare.

I elected for the file to be Reanalyzed. This time 3/37. Wow, not bad. Probably not a FP ... Too bad Norton does not reconigze it. 

http://www.virustotal.com/analisis/63e865719b9e761b86942d61ce4fd532

Appearantly the big "bear", Symantec does move slowly in the winter =). 

I just really hope that Symantec bothers to include this in the definitions. Another file I submitted was deemed to be malicious; the link to the site was removed ... do not post links to malicious sites ... and everyone aggreed after I did some extensive testing within Sandboxie. However, its been so long ... =) ... 3 days as a matter of fact ... and I am just hoping that right now some SSR employee is adding that to the defs.

My tracking for this sample is

#10090727

ThreatExpert analysis coming soon! Stay posted! 

http://www.threatexpert.com/report.aspx?md5=fe6b29b732087ea22b6d1d943c4ffa97

Looking at the ThreatExpert Report, OneCare was able to discern deep into the actions of the program without even executing it. Too bad Bloodhound can't do that. OneCare was able to see that the file created scrmss.exe entry in %AppData%\. OneCare was also able to see that the file created was malicious. 

Message Edited by Tech0utsider on 12-03-2008 10:49 PM
=\
好评0

Re: Trojan:Win32/FakePowav

Instead of making all these post why dont you just stop and go with One Care if you love it so much. All you do is pick on Norton and say how much better One Care is.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
好评1 Stats

Re: Trojan:Win32/FakePowav

Tracking #10013804 

Below is a status update on your virus submission:

Date: November 6, 2008

Rohit Gupta
Jiitu



Dear Rohit Gupta,

We have analyzed your submission.  The following is a report of our
findings for each file you have submitted:

filename:  e3ad5e.scr
machine: Machine
result: See the developer notes

http://www.virustotal.com/analisis/a70caf1fef5c3d562caee94842a5a23f

12 out of 37 still find it a virus norton can't (1 month since my submission), too bad norton doesn't bother to look into the matter 

----------------------------------------------------------------NIS 2011 beta 18.0.0.107 Win 7 7600 RTM 32-bit
好评1 Stats

Re: Trojan:Win32/FakePowav

Thank you very much for submitting. I will ask one of the employees to have a look
"All that we are is the result of what we have thought"
好评1 Stats

Re: Trojan:Win32/FakePowav

Dieselman, that was totally uncalled for. There is a problem with Norton detecting malware too late for comfort, and tech0utsider is pointing to it. As this is a board where problems are solved, I think this is definitely the place where these kinds of problems need to be pointed out.

Windows 7 Ultimate x64 SP1 -- NIS 21
好评1 Stats

Re: Trojan:Win32/FakePowav

Thanks Tech and Rohit1gupta for your submissions, and for supplying the relevant tracking numbers.

As Stu has already marked this thread for the attention of Symantec employees, please wait for a reply here.

Thanks again.

好评1 Stats

Re: Trojan:Win32/FakePowav

They are looking into things. Please be patient
"All that we are is the result of what we have thought"
好评1 Stats

Re: Trojan:Win32/FakePowav

Allow me once more to agree with Tech's course of action.  Further, I also believe that TomRed's statement is also correct.

This is a forum for ponting out weaknesses as well.  Trying to improve is not a bad thing.  We all use Symantec's product(s), and we have the healthy  "demand", that it should protect our pcs. 

If someone  who is not using a Symantec'c product is present here and making claims or accusations then it is a different game.  But I don't think this is the case.

TrDo.

好评0

Re: Trojan:Win32/FakePowav

No product is perfect. If I wanted total security I wouldn't own a computer.

I am just wondering why Norton seems whitelist a lot of adware/spyware. 

=\
好评0

Re: Trojan:Win32/FakePowav

Detection added as AntiVirus2008.

 

JohnM

好评1 Stats

Re: Trojan:Win32/FakePowav

Rephrase:
Detection has been for 10090727 as AntiVirus2008.

10013804 is a corrupted file and does not function, so detection will not be added for it. This file may be deleted manually.

JohnM

Symantec

好评0

Re: Trojan:Win32/FakePowav

Hi JohnM,

Sorry...I'm confused.  I thought this Def was already there:Antivirus2008.

It was pointed out by yogesh_mohan, at :Infected Registry Key..

Can you explain please?

Thank you.

TrDo.

Message Edited by TrDo on 12-05-2008 09:24 AM
好评1 Stats

Re: Trojan:Win32/FakePowav

Hi TrDo

Symantec has added definitions for detection of this Malware to Norton and Norton will detect the Threat as Antivirus 2008, so when Norton detects the threat it will notify you, it has detected the treat "Antivirus 2008"

It's like when new variations of Vundo/ Virtumode appear, they update the definitions to detect the new variant as 'Vundo or Virtumode' as well.

Quads 

P.S. Helps if I can spell. 

Message Edited by Quads on 12-05-2008 07:46 PM
好评0

Re: Trojan:Win32/FakePowav

Thanks Quads, well put.

 

I should have said, "added as a new variant of existing threat Antivirus2008".

 

JM

好评0

Re: Trojan:Win32/FakePowav

Hey Quads,

OK, got it now. Thank you both.

TrDo.

好评0

Re: Trojan:Win32/FakePowav

Thanks JohnM for your patience and helpfulness! 
=\

This thread is closed from further comment. Please visit the forum to start a new thread.