Malwarebytes Labs URL - Avast Blocked Virus

[baumgrenze]

A response on this forum:

https://forums.adafruit.com/posting.php?mode=reply&f=44&t=113296

Subject:  VMonitor - Operating System Problems?

suggested that someone had used VMonitor to house malware.

I searched for the concept and found this hit:

https://www.google.com/search?num=50&site=&source=hp&q=malware+which+installs+itself+under+the+same+name%2C+not+to+the+legitimate+binary.&oq=malware+which+installs+itself+under+the+same+name%2C+not+to+the+legitimate+binary.&gs_l=hp.3...1108.1108.0.1639.2.2.0.0.0.0.235.336.0j1j1.2.0....0...1.1.64.hp..0.0.0.0.RIaD20NHcIE

Cerber Ransomware - New, But Mature - Malwarebytes Labs ...

https://blog.malwarebytes.com/threat-analysis/.../cerber-ransomware-new-but-mature/

Mar 11, 2016 - Name of the folder is specific to a particular sample – in the .... in a different campaign – not as a Cerber, but under some other name. ... After the successful installation, the initial malware sample ... Otherwise, it tries the same trick with different pair of EXE + DLL. .... Ransomware usually deletes itself. You're ...

When I opened the link, Avast Free popped up, excitedly saying it had blocked a threat. The name of the threat disappeared before i could note it our I would post it here.

1) Why would Avast announce that malwarebyteslabs.com tried to plant a virus?

2) If someone converted the contents of VMonitor.exe into malware, would a malwarebytes scan find the malware?

Answers to either one or both of the questions are of interest to me.

thanks

baumgrenze

 

 

Edited March 10, 2017 by baumgrenze
I missed checking the notification box, but it did not represent itself in edit mode.

[Aura]

Hi baumgrenze,

Quote

1) Why would Avast announce that malwarebyteslabs.com tried to plant a virus?

avast! most likely blocked the page because it contains a VBS script (that is harmless and thus cannot be executed) in the article. avast! is known to block webpages that contains malicious scripts, even though they cannot be executed. 

Quote

2) If someone converted the contents of VMonitor.exe into malware, would a malwarebytes scan find the malware?

We cannot read the thread over at Adafruits, since it requires you to be logged in in order to access it.

[baumgrenze]

Thanks for the prompt response.

Re 2) Here is a copy (I hope it does not violate their forum terms to quote it here) Their reply did not make a lot of sense to me; I hope you understand it better

Topic review: VMonitor - Operating System Problems?

•  

Re: VMonitor - Operating System Problems?

by adafruit_support_mike » Fri Mar 10, 2017 5:52 am

That looks like a case of antivirus protection software being aggressive. That's arguably a good thing for security software to do, but the natural consequence is that you get false positives.

In this case, reading the page linked above shows that the security issue is related to malware which installs itself under the same name, not to the legitimate binary.

Thank you for letting us know about the issue, but we don't have any control over the software, and definitely have no control over the way AV systems rank threats.

 

thanks

baumgrenze