Trojan detection

Hi,

I run the TrojanSimulator (read the page for more details) maded by TrojanHunter and run it...

The NOD32 only detects the trojan if I run the on-demand scanner, but he can't disable the trojan

This could be a good tester to improve the detection of Trojans for NOD32...

 

I tried the simulator and got very interesting results. First, my BOClean stopped the installation dead. Second, (after turning BOClean off) NOD32 gave me the same results as Vampiric Crow--didn't block installation but reported it as a trojan when scanned with the on demand scanner (all NOD32 settings on maximum). However NOD32 did delete the file when I chose that option. I was worried about NOD32's result and decided to try scanning it with Kaspersy AV 5.0 Personal (all defintions up to date--all settings on maxiumum). Not only did KAV not prevent installation, it did not recognize the file as a trojan when scanned with its on demand scanner. Eset may not be the only AV maker who can use the file to test its antitrojan scanning capabilities.

 

It is reported under the potentially dangerous applications scan.

A similar type is AV3. It is not harmful, but is used for testing purposes (labeled as Win32/AVTester Application).

These are made for testing and have not been agreed upon as a standard (as far as I am aware) for antivirus companies to use (i.e. eicar.com). Probably the reason to not have AMON alert.

 

How? I only have the option "Leave"

 

You are right. Only if I've that option enable, the NOD32 detects this Trojan. Since AMON doesn't have it, he couldn't detect him...

 

I wonder,with Kav,if it recognised as a simulation and ignored for that reason?if it was a "proper" trojan it would probably be in that products data base(especially as they update every hour or so)and it would probably have reacted to,unless you got infected 2-3 mins after an update ie before the update that would contain the def to deal with it!(hope that makes sense!:-I know what I mean!!)
Steve

 

Good point!

The a2 didn't detect this TrojanSimulator... Nor in on-demand scan...

The PestPatrol and ewido detects it on install and on-demand...

I know, this a simulator, but...

 

has any1 tested this with TDS3. i would be interested to see the results as i am using the free trial @ the moment an deciding if i should buy it?

 

adwatch detects it,but that detects any change to registry while you have it enabled,malicious or none malicious the problem is that,using the same criteria to detect this simulator,that more none trojan activity than trojan activity may be detected:-is everything that changes the Windows/current Version/Run key need to flagged as a trojan or everything that runs in memory?there are probably more none malicious installs(most if the truth be known)want to run as soon as windows start,most of which do it via the registry

 

I tried it with TDS, it was found in the zip file.