Sign in to follow this  
Followers 0
huldu

Virus scan failed

7 posts in this topic

I found a small mirc based trojan embedded in an executable. A nasty little thing if it ever got installed on the system in other words. First thing i did was to use this site http://virusscan.jotti.org/ to scan the file to see if it found anything at all. A few of the scanners found the trojan, not kasperskys tho.

 

I scanned the file with KIS 6.0 and it found nothing inside the file. Since i knew what this file had inside of it i installed it on a safe computer. No warnings from KIS at all. I did a full system scan and it found the trojan that came from the exectuable. The problem is if this was a *real* scenario this would have been too late already. Why didnt KIS detect the trojan but detected it once it was installed (when i did a full system scan)?

 

Personally i dont feel very safe at all, knowing that harmful objects may be installed on the system without my knowledge just because the file pass as safe when it really isnt.

 

Another problem im having is when doing a full system scan is the INSANE long time (and eventually lockups) on large archives. Took me 10 minutes to try shut down KIS when it hung up on an archive scan (rebooting the computer isnt a solution to a malfunction in a program). I would like to know what KIS does when it runs into a big archive, does it open the file then scan? because 60+ minutes scanning 1 file isnt exactly working as intended in my eyes. Funny thing is that this process totally drains the system on its resources and become very unstable and laggy.

Share this post


Link to post
Share on other sites

KIS/KAV contains a large information about archive unpackers. mIRC should be detected as Riskware (if you enabled extended signatures). Also you should utilize Exclusions, if you do not want those files scanned :)

Share this post


Link to post
Share on other sites

Right click K >> Settings >> 3rd Checkbox in Malware Categories :)

Edited by Whizard

Share this post


Link to post
Share on other sites

In that case please send a sample to newvirus@kaspeersky.com for analysis :)

Share this post


Link to post
Share on other sites
I found a small mirc based trojan embedded in an executable. A nasty little thing if it ever got installed on the system in other words. First thing i did was to use this site http://virusscan.jotti.org/ to scan the file to see if it found anything at all. A few of the scanners found the trojan, not kasperskys tho.

 

I scanned the file with KIS 6.0 and it found nothing inside the file. Since i knew what this file had inside of it i installed it on a safe computer. No warnings from KIS at all. I did a full system scan and it found the trojan that came from the exectuable. The problem is if this was a *real* scenario this would have been too late already. Why didnt KIS detect the trojan but detected it once it was installed (when i did a full system scan)?

 

Personally i dont feel very safe at all, knowing that harmful objects may be installed on the system without my knowledge just because the file pass as safe when it really isnt.

 

Another problem im having is when doing a full system scan is the INSANE long time (and eventually lockups) on large archives. Took me 10 minutes to try shut down KIS when it hung up on an archive scan (rebooting the computer isnt a solution to a malfunction in a program). I would like to know what KIS does when it runs into a big archive, does it open the file then scan? because 60+ minutes scanning 1 file isnt exactly working as intended in my eyes. Funny thing is that this process totally drains the system on its resources and become very unstable and laggy.

Because it had not executed yet ..thats why..otherwise it would have been detected...well actually it was .......wasn't it. ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0