AVG missed one...any thoughts?

[Bovon]

Today I received an email...from "K" (red flag...donno any "K" ding-bat.

This email had an attachment.... WORK.ZIP

Realizing this to be a covered worm/virus... I D/L it to the HDD and ran an updated (today) AVG on that folder..nada..nothing, clean as a whistle.

So...I ate a garlic button and unzipped the file...I now have 1.exe

Ok (I thought) now then...lets see what AVG has to say.

I ran AVG on that folder only (plus it will always run on the OS) and once again..it came up clean.

If I were a betting guy, I would bet somebody a pile of money at extreme odds that 1.exe is a virus or worm....and AVG MISSED IT!!!

What would you do?

I am thinking of writing AVG and asking them if they want that file to see why their antivirus missed it..but, I am also human (the last time I looked) and asking them if they want the file to checkout..I may just have a joke some old friend who has a new email address has forwarded on, (but I seriously doubt it).

[Rocketmech]

Hey Bo, run that file thru Kapersky's scanner
http://www.kaspersky.com/scanforvirus see what ya get.

As for AVG , I don't remember them offering a way of reporting a suspected virus file.

[Bovon]

Ahhh haaaa...that nailed it!!

Thanks a bunch man!!.. I did not know about that site, but now that I do..it is bookmarked (big time)..

Online Virus Scanner



Attention!
Kaspersky Anti-Virus has detected a virus in the file you have submitted.

We suggest that you consider:

Reading about the virus/viruses in our Virus Encyclopedia

Downloading a trial version of Kaspersky Anti-Virus

Purchasing a copy of Kaspersky Anti-Virus in our E-Store

Purchasing Kaspersky Anti-Virus from a certified partner


Scanned file: 1.exe

1.exe - infected by Email-Worm.Win32.Bagle.bj


Statistics:
Known viruses: 125343 Updated: 17-04-2005
File size (Kb): 38 Virus bodies: 1
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0

[MJCfromCT]

Any chance you can send me that file, i'd be curious if my copy of AVG detects it.

[ukulele]

For what it's worth, they can all miss files. I had Kaspersky loaded last November for a trial run and got nailed by two online viri before switching back to Norton. I have AVG on another computer and have been very lucky with it but it's never used for e-mail or much net browsing.

[Bovon]

Originally posted by MJCfromCT
Any chance you can send me that file, i'd be curious if my copy of AVG detects it.

Sure, PM me with the address you want it sent to...

I found an on website at AVG to contact Tech and/or customer support and asked them if they want a copy.. I'll hold onto a copy for 5 days before I completely rid my machine of it.

Uke.. yeah, I know.. I have used most all brands of antivirus software and did like NAV best for a long time. I did have one bug get by NAV once too. Several years ago...some company did a series of tests on several different antivirus software by using known virus files. At the time, none of the antivirus applications caught 100%... if I remember correctly, about 85% was near tops, and I believe that antivirus company's name was something like Commander.

Norton is so difficult to work with anymore...#1, I never could get the $!@?#dang program setup to work like I wanted it to...and #2, uninstalling Norton is/was a joke. I still have remnants of it on this drive because it would not uninstall. I edited as much as I could find in the registry and simply deleted it as well as all of the files I can find...but, the only successful way to completely get rid of Norton (anything) is to wipe the drive and start over.

[bassman]

I may be wrong but I really think AVG's on-access (resident, whatever) scanner won't scan compressed files. I had already tested this: I opened an infected file and it got detected, then I compressed it (with zip) and it didn't. The virus only gets detected by AVG when you decompress the file and try to use it.

[Bovon]

Originally posted by bassman
The virus only gets detected by AVG when you decompress the file and try to use it.

Heh heh...please read my first post:

So...I ate a garlic button and unzipped the file...I now have 1.exe

AVG would not detect the virus either compressed or decompressed...but, after this mornings update of the AVG definitions..it now will detect the file as a worm/bagle, and in its zipped compressed mode...see image.

I have tried this AVG every day since work.zip came here and it would not fine it, zipped or unzipped.

I wrote AVG and asked if they wanted a copy.. I received a notice from them today to retry the file after updating my copy of AVG...

Sounds kinda strange to me that they should write me and request I upgrade AVG and retry that file..which it now catches...

[bassman]

I'm sorry for misreading your post. Even so, the situation I tested got me somewhat alarmed...

[Bovon]

Originally posted by bassman
I'm sorry for misreading your post. Even so, the situation I tested got me somewhat alarmed...

No problem... I skim-read so bad anymore that if I actually find that I want to comment, I need to go back and read the thread.

Yep.. you nailed it.. I don't trust any antivirus application too much, but that worm/Bagle has been around now for at least 6 months...why did my (updated that morning) copy miss the bug?

And now...rwo days later, after I had written them that AVG had missed a bug, they write me to update my copy and try again..

Its almost like somebody at their office was saying...'oopss'

Here is the email:

Dear Xxxxxx

Thank you for your email.

Please try to update your AVG anti-virus system and run the AVG Complete Test again. When the file is not detected and you are still in doubt, put the file into password protected archive (WinZip, WinRar, PowerArchiver etc.), attach this archive to the email to virus@grisoft.com. Describe why you send the file and write password for the archive into email.

Thank you for your cooperation.

Best regards,

Xxxx Xxxxxx

sales Team
GRISOFT

http://www.grisoft.com

BTW... how do we pasword protect a file?...somehow, I have missed that one. I have never heard of putting a password on a file before..

[bassman]

He means password protect the archive. zip and rar formats allow password based encryption and Winzip and WinRAR offer that feature.