Signature of packed files

Discussion in 'malware problems & news' started by r3l4x, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. r3l4x
    Offline

    r3l4x Registered Member

    Hello
    I wonder how removal tools (like Symantec fixes for worms) work to detect packed viruses (UPX, ASPack, PECompact etc....).
    An antivirus can unpack files with unpackers so an antivirus researcher can analyze the real code and find a signature.
    But a removal tool I believe can't upack files, so the virus signature isn't the same because it scan packed file and not unpacked file.
    So how detect a "strong" signature for packed infected files without unpack them? (like F-Prot do)

    Regards :cool:
Thread Status:
Not open for further replies.