Wait I thought TDS3 should scan through mulltiple rars

I recall long time ago one of the selling points was to take a trojan and pack it, zip it rar it and use TDS-3 and it will still find it. I just discovered that it's not true. I have X-rat and delerium of disorder which are ziped and then rared and when I scan them through right click context menu I had nothing. When I unpack them and just scan the first packed file I get positive ID. So this means that I can double pack a trojan and it will evade TDS-3?

 

Hi,

And what use would it be ? The file still needs to be extracted before it will be run. The same goes for many scanners, TDS-4 will probably scan only a few layers deep to avoid ZIP exploits wasting processing power. By this I mean a 40kb zip file which actually contains many many layers of zips inside zips, and faked 4GB files in each of the last level of zips - 4GB files which are actually 0 bytes. A scanner which tried to scan all of these would go on nearly forever

 

Ok does the same goes for exec packers? If I triple pack an exec with different packers will TDS-3 still detect via right click context menu? How about if I placed the triple exec packed exec into an zip or rar or what have you and try to scan that?
Just wondering.

 

Those cases i think are when someone aims you in particular and forges a nasty thing for you.
All In The Wild trojans, packed or not, will be detected by TDS.