Jump to content

Malwarebytes Labs URL - Avast Blocked Virus


Recommended Posts

A response on this forum:

https://forums.adafruit.com/posting.php?mode=reply&f=44&t=113296

Subject:  VMonitor - Operating System Problems?

suggested that someone had used VMonitor to house malware.

I searched for the concept and found this hit:

https://www.google.com/search?num=50&site=&source=hp&q=malware+which+installs+itself+under+the+same+name%2C+not+to+the+legitimate+binary.&oq=malware+which+installs+itself+under+the+same+name%2C+not+to+the+legitimate+binary.&gs_l=hp.3...1108.1108.0.1639.2.2.0.0.0.0.235.336.0j1j1.2.0....0...1.1.64.hp..0.0.0.0.RIaD20NHcIE

Cerber Ransomware - New, But Mature - Malwarebytes Labs ...

Mar 11, 2016 - Name of the folder is specific to a particular sample – in the .... in a different campaign – not as a Cerber, but under some other name. ... After the successful installation, the initial malware sample ... Otherwise, it tries the same trick with different pair of EXE + DLL. .... Ransomware usually deletes itself. You're ...

When I opened the link, Avast Free popped up, excitedly saying it had blocked a threat. The name of the threat disappeared before i could note it our I would post it here.

1) Why would Avast announce that malwarebyteslabs.com tried to plant a virus?

2) If someone converted the contents of VMonitor.exe into malware, would a malwarebytes scan find the malware?

Answers to either one or both of the questions are of interest to me.

thanks

baumgrenze

 

 

Edited by baumgrenze
I missed checking the notification box, but it did not represent itself in edit mode.
Link to post
Share on other sites

Hi baumgrenze,

Quote

1) Why would Avast announce that malwarebyteslabs.com tried to plant a virus?

avast! most likely blocked the page because it contains a VBS script (that is harmless and thus cannot be executed) in the article. avast! is known to block webpages that contains malicious scripts, even though they cannot be executed. 

Quote

2) If someone converted the contents of VMonitor.exe into malware, would a malwarebytes scan find the malware?

We cannot read the thread over at Adafruits, since it requires you to be logged in in order to access it.

Link to post
Share on other sites

Thanks for the prompt response.

Re 2) Here is a copy (I hope it does not violate their forum terms to quote it here) Their reply did not make a lot of sense to me; I hope you understand it better

Topic review: VMonitor - Operating System Problems?

  •  

Re: VMonitor - Operating System Problems?

Post by adafruit_support_mike » Fri Mar 10, 2017 5:52 am

That looks like a case of antivirus protection software being aggressive. That's arguably a good thing for security software to do, but the natural consequence is that you get false positives.

In this case, reading the page linked above shows that the security issue is related to malware which installs itself under the same name, not to the legitimate binary.

Thank you for letting us know about the issue, but we don't have any control over the software, and definitely have no control over the way AV systems rank threats.
 
thanks
baumgrenze
 
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.