Jump to content

Recommended Posts

A coworker of mine forwarded me an email with an attachment: Fees_2008-2009.zip. Inside the zip file there is a file: Fees_2008-2009.doc.exe.

 

Now, that doc.exe thing made me suspicious. I scanned it with KIS 8.0.0.454, with databases 08-09-08 and according to KIS, the file is clean.

 

Well, I uploaded it to Virustotal and there Kaspersky, along with some others give different results - http://www.virustotal.com/analisis/f989f05...0d52a61598d44d9 -. So I uploaded it to Jotti, and again, the file is detected as a trojan.

 

My question is why doesn't KIS detect it when I do a manual scan of the file?

 

Many thanks

Martin

Share this post


Link to post
hello

could you wait a couple of hours an scan again? i think VT gets bases quicker because FP is not a major issue there.

Thanks, Lucian. No problem.

 

But I still think this is a dangerous situation. There are other AV engines at VT picking up this nasty, so I don't think it's something that's just been released ITW.

 

I can not imagine if my wife had received that attachment and executed it thinking that KIS was protecting her machine. Not everybody thinks of uploading files to Jotti or VT.

Share this post


Link to post
detection: there are heuristics, genewric detections there, and so on. testing is required otherwise a FP in this product can create a lot of problems

 

This one is definitely not a FP!

 

Wonder why KIS heuristics didn't, at least, raise a warning.

 

One question.

 

Can I set Heuristics analysis to Deep Scan only for manual, on-demand scanning while leaving it in Light Scan for Scan My Computer for example?

Edited by Martin Palmieri

Share this post


Link to post
Send it to newvirus@kaspersky.com for analysis, it will be added to the bases. :)

Thanks. I've done that.

 

But my point is that there was a time when my co-workers forwarded me this kind of mails and I only needed to run the attachments thru' KAV and always could say if it was malware, suspicious or if the file was clean. It looks like now I have to send every file to VT or Jotti to be able to report back.

 

I wish I could set KIS AV engine to scan more aggressively on-demand. I've tried the Additional Settings in Scan - Heuristics maxed out and Deep Scan but same results.

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.