My first worm - only KAV picked up

Well, i'm sure other AV's may pick it up but all other security apps I have did not.
MKS online scanner did not pick this up - Of course may not be geared for worms I suppose

Here is my first worm P2P tibick


After KAV reported it, I hit it with everything i've got here


I've got Wormgard trial installed as well

Of all the scanners I have availale, only KAV reported it - successfully deleted upon closing emule.

Maybe this is a false positive? I wll take it to other online scanners then

 

Are part files even executable?

I am not familiar with emule but is this just part of a file?

Wow you sure got a lot of items in your context menu

 

Yeah, nice of KAV (if it's legit) to pick it up as it arrived - even as a part file. performing google search did not turn up much info but KAv included this in definitions.

I know, I need to clean up context menu a little.

 

This has actually been debated before in the form of AV tests. How effective is it really for an AV to detect "part" of a malware? Especially when the "part" by itself is not dangerous or in some cases not even executable. If part files are not executable, and even if this is a legit virii/worm, i consider it as a bad detection.

 

This is the first ever detection for me (with KAV) and i'm glad it was a part file - I would prefer that over a full live file - if this is truly a worm.

 

Found here in definitions:

http://ni.fe.up.pt/MIRRORS/nav/rapidrelease/whatsnew.txt

Cheers

 

Ab-so-bloody-lutely... so would I... don't give the buggers a chance to "breed" is my motto, LOL....

It could also mean by part file, it grabbed it before it fully had a chance to dl.

In a thread about using AVG, I pointed out that AVG [for me anyway] did not even detect the start of the eicar.com/.bat/.zip test files upon download, it waited until downloaded and then a scan done. I want mine to detect FIRST, not after dl'd.

TAS

 

hehee, it's a "newbie"

 

the worm is??

Submitted I take it?

Good show...

TAS..


PS: Keep us informed of updating from KAV.

 

No I mean it's relatively new submitted:

W32.Tibick File infector 07/27/04

 

This would actually make a little bit more sense to me. Though I do not know enough about this method of detection to know if it is reliable. I know DrWeb can also detect some suspicious/infected files in the download process. Doesn't NOD32 use something similar in the form of HTTP scanning?

The problem for me is that if the file is not even executable what danger does it really pose? An example that comes to mind is that of perrun. A couple of years ago when it first came out, many at first thought that jpegs and txt files could now be used to infect computers. In fact it still required an executable to be run (proof.exe). Even if you were to click an infected jpeg or txt it would still have to trigger yet another exe (extrk.exe) for the payload to occur. If one only adds detection for the exes, it will be detected before it infects the computer or even before the payload occurs.

I don't mean to start another argument on this subject, just thought i would provide another point of view

 

LMAO, I see a Aussie amoungst us