How to Report Malware or False Positives to Multiple Antivirus Vendors

Discussion in 'Malware Analysis Archive' started by Chiron, Jun 17, 2012.

  1. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    Hello, I've written an article that explains How to Report Malware or False Positives to Multiple Antivirus Vendors.

    It is meant to be a comprehensive list of all reputable vendors who produce products that rely on signature detection, in some way, in order to detect all manner of malware. What I have done is investigate how to submit malware, and false positives to all of them. I have then taken this information and created a mailing list that allows you, with a few clicks, to submit malware to the majority of all of the anti-malware vendors in the world. At least that is the idea. You can also submit the malware to the reset of them manually, but the idea is to make it as easy as possible to submit it to as many as possible with as little work as possible.

    Please use this article to submit any malware you find to as many vendors as possible so we can help to make the online world a safer place. Also, for anyone who is able, and willing, to help I could use your help to improve this list. Please provide me with whatever feedback you have about the article and help me to make the information provided as accurate, and poignant, as possible. It would be most effective to leave the feedback in the comments section of the article so I have all of the feedback in one place. This will help me to best utilize it to improve the article.

    Thank you.
     
    bintangtimur and Koroke San like this.
  2. NSG001

    NSG001 New Member

    Nov 21, 2011
    2,039
    786
    IT and Systems Administrator
    Wembley, London
    Very informative as ever, thankyou thankyou :)
     
  3. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,261
    24,194
    Interesting.

    I got an issue with Gmail detecting my .zip attachments to contain .exe files. So I'm unable to send anything to vendors. :(
     
    Wihat and Kent like this.
  4. Plexx

    Plexx Guest

    Very handy information. Kudos
     
  5. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    Yep, I do note in my article that Gmail cannot be used to submit samples. That's why I suggest using AOL.
     
  6. bogdan

    bogdan New Member

    Jan 7, 2011
    1,315
    58
    Bucharest, RO
    Excellent work with the extensive list!
     
  7. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    Actually, on looking over my article again I now realize that the part that mentioned that Gmail did not work may have been a little hidden.

    I've now moved it to the very beginning of the article.

    Thank you very much for your feedback.
     
  8. WinAndLinuxTutorials

    Trusted

    Aug 23, 2011
    2,126
    157
    Schoolboy
    Jordan
    Great content! Thanks for sharing. :)
     
  9. pcjunklist

    pcjunklist Level 1

    Dec 28, 2011
    492
    9
    Boston
    Great article, Great list. Just one question what is an AOL ? Sounds like a 90's Frisbee company.
     
  10. MrXidus

    MrXidus Super Moderator (Leave of absence)

    Apr 17, 2011
    2,173
    931
    Australia
    An excellent informative and helpful article Chiron, Bookmarked straight away.

    Thanks. :)

    An AOL? Sounds ancient and out of date.
     
  11. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    I know, isn't it weird that they're one of the few who work with this new type of article... Wait, or does that actually imply that my article is already ancient and out of date?:huh:
     
  12. ranget

    ranget New Member

    Dec 8, 2011
    207
    1
    where did my post go

    i remember i posted here

    anyway i liked the tutorial Good job
     
  13. pcjunklist

    pcjunklist Level 1

    Dec 28, 2011
    492
    9
    Boston
    It would only become ancient if it came on a floppy disk and required dial-up internet. Kidding aside I think it's a great write-up.

     
  14. Malware1

    Malware1 New Member

    Sep 28, 2011
    6,481
    27,952
    Malware1
    ALYac uses also Bitdefender engine
    BullGuard uses only Bitdefender engine
    ChicaLogic probably uses Malwarebytes engine
    Commtouch uses also F-Prot engine
    Emsisoft uses also Ikarus engine
    eScan uses also Bitdefender engine
    Faronics - not Facronis
    F-Secure uses also Bitdefender engine
    Now the HitmanPro does not use Prevx engine
    nProtect uses also Bitdefender engine
    Zeobit PCKeeper uses only AVIRA engine
    Prevx has been acquired by Webroot
    TrustPort Internet Security 2012 uses AVG (Argon) & BitDefender (Xenon) engines
    TrustPort Antivirus for Servers 2012 uses AVG (Argon) & Vipre (Neon) engines
    Zemana uses G Data, IKARUS, Emsisoft and Dr.Web engines
     
    Kent likes this.
  15. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    Yes, but they also use their own. Thus I can't advise that readers just submit samples to BitDefender.

    Thanks. I'm looking into this.

    Thanks. I'm looking into this. I believe I contacted them about this before and they said they did want samples sent directly to them, but I'll make sure by asking them once again.

    Thanks. I'm looking into this.

    Yes, but unless I'm mistaken they also use their own. Thus, I can't just advise my readers to submit the samples to Ikarus. They should submit them to both.

    Thank you. I had thought they used their own engine. I'm looking into this.

    Thanks. Fixed.

    Thanks. I'm looking into this.

    Thanks. I added the new information to the article. Looks like they changed the engines they use again.

    So far nProtect has not answered most of my queries. Are you sure that they use only the Bitdefender engine? If so then I'll add that information to my article.

    Thank you. I'm looking into this.

    The product is still available and, since many people may still think of it as different, I'm currently leaving it by itself but just pointing out that it uses Webroot's signatures. You'll notice I've done the same with PC Tools.

    So far I've had trouble getting a hold of TrustPort. I sent them another email, but I'm doubtful they'll reply. Thus, if you are sure that they only use those three engines, and no others, then I'll add that information to the article and explain the situation.

    Thanks. I'm looking into this. I believe I contacted them about this before and they said they did want samples sent directly to them, but I'll make sure by asking them once again.
     
  16. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    Thanks. They have confirmed this and I've added it to the article.
     
  17. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    They responded back and explained that they also use their own engine. Thus I can't advise my readers to just submit malware to Bitdefender.
     
  18. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    I got a response back from them in which they said that the Bitdefender engine is part of its antivirus protection, but that they cannot guarantee that submitting a file to Bitdefender will mean that Bullguard will detect it as well. Thus they recommend that users continue to submit samples directly to Bullguard.
     
  19. Chiron

    Chiron New Member

    Feb 24, 2011
    243
    58
    Michigan
    They responded and said that they use many engines. Thus I will continue to advise my readers to submit samples directly to F-Secure.
     
  20. Payback

    Payback New Member

    Jan 7, 2013
    310
    7
    Paris
    How could you forget Eset???
     
Loading...