Malware found on Virus Total with CAV but not on pc (same database numbers)

Citizen_K · April 10, 2010, 3:18pm

I was cleaning out malwares that were sent by email (most of them I submitted).

I found one that I wasn’t sure of, unpacked it and didn’t see CIS flag it. So I submitted it to Virus Total. Iit got flagged by CAV, with datebase 4555, as malware. I had the same AV database on my computer as on VT.

I then tried to download the latest available full database and updated CIS to 4556. Again it didn’t detect. Then I let it scan another folder with infected cracks and alike and it detected malwares there. The AV is working.

I am on Win 7 x32 with CIS 4.138377.779 with no other security program running in the background. On demand I have MBAM, A2, Super Antispyware, Spybot and Defender.

languy99 · April 10, 2010, 3:20pm

think you can send it to me? I want to see if I can detect it.

Citizen_K · April 10, 2010, 3:43pm

Check your pm for a download link.

Melih · April 10, 2010, 3:45pm

hmm…

Umesh is the right guy for this job. he can get this checked out and report back.

thanks
Melih

Citizen_K · April 10, 2010, 3:51pm

Done.

languy99 · April 10, 2010, 4:03pm

yup no detection on my end either. But it definitely is a bad file, check it out

http://anubis.iseclab.org/?action=result&task_id=1eaecb37e4deabaf431c33e4cb2798674&format=html

Citizen_K · April 10, 2010, 4:10pm

The VT analysis shows 37 of 39 programs think it is malware.

languy99 · April 10, 2010, 4:14pm

I’m going to try to replace my database with a fresh one and see if the problem is still there.

languy99 · April 10, 2010, 4:47pm

ok replaced bases file and still no detection, :o

Citizen_K · April 10, 2010, 5:28pm

Thanks for confirming. Let’s see what Umesh comes up with.

umesh · April 11, 2010, 4:56pm

Hi Guys,
This is being detected in CIS 3.x but not in CIS 4.x as of now.
I will get back to you after finding out more details for fix of this.

Thanks
-umesh

umesh · April 12, 2010, 8:59pm

Hi All,
This issue has been resolved in today’s CIS release (V4.0.141842.828).
You can scan using latest version and sample must be getting detected.

Thanks
-umesh

languy99 · April 12, 2010, 9:49pm

good to hear, must have been something important if a program update is needed.

umesh · April 12, 2010, 10:00pm

We already had released planned. This was an additional fix. This was one of exception cases, so nothing very critical about it.

Thanks
-umesh

languy99 · April 12, 2010, 10:07pm

well whatever you did it detected the file just fine now. I’m happy again.

HeffeD · April 12, 2010, 10:46pm

You mean other than users systems getting infected? ???

Citizen_K · April 13, 2010, 1:43am

I just did a clean install of 4.0.141842.828 and I can confirm the problem is fixed.

What do you mean? It sounds a bit cryptic.

Citizen_K · April 19, 2010, 11:13am

Bump.

Received a suspicious file by email that according to Virus Total could be malware and got flagged by the online Comodo scanner, database 4641, as “Heur.Packed.Unknown”. But it doesn’t get seen by CIS on my computer (database 4642) even with Heuristics set to high.

I submitted it to CIMA .