A strange result

Discussion in 'other anti-virus software' started by Don johnson, Jun 19, 2007.

Thread Status:
Not open for further replies.
  1. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    AhnLab-V3 2007.6.16.0 06.19.2007 no virus found
    AntiVir 7.4.0.34 06.19.2007 TR/Zlob
    Authentium 4.93.8 06.18.2007 no virus found
    Avast 4.7.997.0 06.19.2007 no virus found
    AVG 7.5.0.467 06.19.2007 no virus found
    BitDefender 7.2 06.19.2007 Dropped:Trojan.DNSChanger.PC
    CAT-QuickHeal 9.00 06.19.2007 no virus found
    ClamAV devel-20070416 06.19.2007 no virus found
    DrWeb 4.33 06.19.2007 no virus found
    eSafe 7.0.15.0 06.19.2007 Win32.DNSChanger.jb
    eTrust-Vet 30.7.3727 06.19.2007 no virus found
    Ewido 4.0 06.19.2007 Trojan.DNSChanger.jb
    FileAdvisor 1 06.19.2007 no virus found
    Fortinet 2.91.0.0 06.19.2007 W32/DNSChanger.JB!tr.dldr
    F-Prot 4.3.2.48 06.18.2007 no virus found
    Ikarus T3.1.1.8 06.19.2007 no virus found
    Kaspersky 4.0.2.24 06.19.2007 Trojan.Win32.DNSChanger.jb
    McAfee 5056 06.19.2007 no virus found
    Microsoft 1.2607 06.19.2007 password protected
    NOD32v2 2338 06.19.2007 the file is probably password protected.
    Norman 5.80.02 06.19.2007 no virus found
    Panda 9.0.0.4 06.19.2007 no virus found
    Prevx1 V2 06.19.2007 no virus found
    Sophos 4.18.0 06.12.2007 Troj/Zlobar-Fam
    Sunbelt 2.2.907.0 06.16.2007 no virus found
    Symantec 10 06.19.2007 no virus found
    TheHacker 6.1.6.134 06.18.2007 Trojan/DNSChanger.ik
    VBA32 3.12.0.2 06.19.2007 no virus found
    VirusBuster 4.3.23:9 06.19.2007 Trojan.DR.DNSChanger.Gen!Pac.6
    Webwasher-Gateway 6.0.1 06.19.2007 Trojan.Zlob


    It is very iinteresting.If it is added password.why these antivirus softwares can detect it?
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    these kind of files have no password. ;) I have this sample and many more on which NOD32 reports "pass-protected", but it's a bug in their engine. :)
     
  3. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    no it's not. the nsis exe installer has unrar.exe and a password protected rar inside, the nsis installer has the command to run unrar.exe on the rar archive (and the password is in the commandline of course).
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    you may be right, but anyway this detection is made only on-demand, so no real-time protection against this threat.
     
  5. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    there is, the files have to be unpacked to be executed, maybe nod has signatures for the files inside the rar.
     
Loading...
Thread Status:
Not open for further replies.