IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Virus scan failed
huldu
post 19.08.2006 00:00
Post #1


Member
**

Group: Members
Posts: 15
Joined: 17.08.2006




I found a small mirc based trojan embedded in an executable. A nasty little thing if it ever got installed on the system in other words. First thing i did was to use this site http://virusscan.jotti.org/ to scan the file to see if it found anything at all. A few of the scanners found the trojan, not kasperskys tho.

I scanned the file with KIS 6.0 and it found nothing inside the file. Since i knew what this file had inside of it i installed it on a safe computer. No warnings from KIS at all. I did a full system scan and it found the trojan that came from the exectuable. The problem is if this was a *real* scenario this would have been too late already. Why didnt KIS detect the trojan but detected it once it was installed (when i did a full system scan)?

Personally i dont feel very safe at all, knowing that harmful objects may be installed on the system without my knowledge just because the file pass as safe when it really isnt.

Another problem im having is when doing a full system scan is the INSANE long time (and eventually lockups) on large archives. Took me 10 minutes to try shut down KIS when it hung up on an archive scan (rebooting the computer isnt a solution to a malfunction in a program). I would like to know what KIS does when it runs into a big archive, does it open the file then scan? because 60+ minutes scanning 1 file isnt exactly working as intended in my eyes. Funny thing is that this process totally drains the system on its resources and become very unstable and laggy.
Go to the top of the page
 
+Quote Post
Whizard
post 19.08.2006 00:07
Post #2


Professional
***************

Group: Moderators
Posts: 20712
Joined: 19.11.2005
From: Toronto/Canada




KIS/KAV contains a large information about archive unpackers. mIRC should be detected as Riskware (if you enabled extended signatures). Also you should utilize Exclusions, if you do not want those files scanned smile.gif


--------------------
Networking and Security Guru
~^Whizard^~
Go to the top of the page
 
+Quote Post
huldu
post 19.08.2006 00:10
Post #3


Member
**

Group: Members
Posts: 15
Joined: 17.08.2006




Just a question, how do i enabled extended signatures?
Go to the top of the page
 
+Quote Post
Whizard
post 19.08.2006 00:11
Post #4


Professional
***************

Group: Moderators
Posts: 20712
Joined: 19.11.2005
From: Toronto/Canada




Right click K >> Settings >> 3rd Checkbox in Malware Categories smile.gif

This post has been edited by Whizard: 19.08.2006 00:12


--------------------
Networking and Security Guru
~^Whizard^~
Go to the top of the page
 
+Quote Post
huldu
post 19.08.2006 00:17
Post #5


Member
**

Group: Members
Posts: 15
Joined: 17.08.2006




Ah cool, found it. It still wont detect the mirc based trojan...
Go to the top of the page
 
+Quote Post
Whizard
post 19.08.2006 00:19
Post #6


Professional
***************

Group: Moderators
Posts: 20712
Joined: 19.11.2005
From: Toronto/Canada




In that case please send a sample to newvirus@kaspeersky.com for analysis smile.gif


--------------------
Networking and Security Guru
~^Whizard^~
Go to the top of the page
 
+Quote Post
Don Pelotas
post 19.08.2006 01:10
Post #7


Global Moderator
****************

Group: Global moderators

Posts: 28886
Joined: 7.04.2005




QUOTE(huldu @ 18.08.2006 22:00)
I found a small mirc based trojan embedded in an executable. A nasty little thing if it ever got installed on the system in other words. First thing i did was to use this site http://virusscan.jotti.org/ to scan the file to see if it found anything at all. A few of the scanners found the trojan, not kasperskys tho.

I scanned the file with KIS 6.0 and it found nothing inside the file. Since i knew what this file had inside of it i installed it on a safe computer. No warnings from KIS at all. I did a full system scan and it found the trojan that came from the exectuable. The problem is if this was a *real* scenario this would have been too late already. Why didnt KIS detect the trojan but detected it once it was installed (when i did a full system scan)?

Personally i dont feel very safe at all, knowing that harmful objects may be installed on the system without my knowledge just because the file pass as safe when it really isnt.

Another problem im having is when doing a full system scan is the INSANE long time (and eventually lockups) on large archives. Took me 10 minutes to try shut down KIS when it hung up on an archive scan (rebooting the computer isnt a solution to a malfunction in a program). I would like to know what KIS does when it runs into a big archive, does it open the file then scan? because 60+ minutes scanning 1 file isnt exactly working as intended in my eyes. Funny thing is that this process totally drains the system on its resources and become very unstable and laggy.
*

Because it had not executed yet ..thats why..otherwise it would have been detected...well actually it was .......wasn't it. wink.gif


--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 24.11.2014 00:59