Antivir Issue

Discussion in 'other anti-virus software' started by Toby75, Nov 6, 2006.

Thread Status:
Not open for further replies.
  1. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Hi All,

    One thing I've noticed about Antivir is that even if you execute a malicious program on your PC it will still run...Antivir will pop saying it's malware...but the program will still execute.

    Example:

    I executed Martin's Undetectable Keylogger...Antivir popped up and warned me but the program was still able to execute and log my keyboard strokes.

    Anyone else also experience this?

    Best Regards,
    Toby
     
    Last edited: Nov 10, 2006
  2. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Ideally, and normally, a real-time scanner will of course catch a file before it is run. My guess is that AntiVir only caught this executable in memory after it had done its unpacking. At that point, the warning is pretty much informational.

    Like I said, just a wild-assed guess.
     
  3. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Antivir did catch it before it was run...but yet it still executed.
     
    Last edited: Nov 6, 2006
  4. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Can you send me the file? 4d5nbbb02 at sneakemail.com. No problem if you can't or won't.
     
  5. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Oh gee, I'm sorry, I didn't have Martin's Not-Quite-So-Undetectable Keylogger bookmarked.
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I downloaded the file. The moment I extracted it, AntiVir detected it. So, I have no idea what you're talking about, unless you have AntiVir misconfigured, or this detection falls under one of the "Extended threat categories" (I doubt it, since it's classified as a trojan).
     
  8. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Now you can bookmark it.
     
  9. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Ok...let me say this again...execute the file. Don't extract it...execute it.
     
  10. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Downloaded fine. Then when I:

    Tried to extract it, AntiVir caught it.
    If I tried to run it from within WinZip (i.e., not extracting it first, just trying to run it), AntiVir caught it.
    If I extracted it and had AntiVir ignore it (i.e., let me extract it to my hard drive), when I tried to run it AntiVir caught it.

    Basically, AntiVir caught it no matter what I did.

    BTW - SSM also caught it.
     
  11. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480

    Really? Damn that is not what happened to me...can you do me a favor and do it again just to confirm? with winrar would be preferable...because that's what I use.

    Please note: my Antivir detected it as well but did not prevent it from executing. Please make sure the program doesn't open in the background.
     
    Last edited: Nov 6, 2006
  12. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Toby: check your settings, you might have set it to "ignore" by default, or you might have clicked ignore which would allow access to the file.
    Otherwise all access _will_ be blocked.
     
  13. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Yeah..I just did...everything is configured properly.
    o_O
     
  14. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    In any case, upon extraction the AV catches it. That's tons better than executing it.

    Better still, scan the file before even thinking of extracting it. My AV detects the executable in the archive as having a keylogger. Needless to say, I deleted the blighter!
     
  15. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    As a follow-up, VirusTotal reports that 10 AVs detect this at the time of analysis.
     

    Attached Files:

  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s just new detection. I remember few months back, only Antivir was detecting it by heuristics.
     
  17. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    Avast missed this big time !


    Edit:Update. I tried sending keylogger.exe to virustotal and a msg from avast popped up saying the file was suspicios. I wonderhow come the mail scanner caught it but when I opened thekeylogger nothing happened ?
     
    Last edited: Nov 9, 2006
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    good news for the avg suite, both avg and ewido caught it, and both signatures are in the suite :)
     
  19. jasonago

    jasonago Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    31
    Location:
    Philippines
    I downloaded the keylogger and as I extract it, Avira caugh it...
     
  20. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543
    Strange avast missed this.Ewido caught it right away.

    Any of u using avast and caught the keylogger ? I am not sure maybe I didnt configure avast right ?
     
  21. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Yeah...though my only concern is going to a "nasty" site that tries to execute something automatically...then I'm screwed.

    Regards,
    Toby
     
  22. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    So go there in a SandBox.
     
  23. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    Not using Avast but have in the past - maybe turn the resident up to High and see if that works to detect it?
     
Loading...
Thread Status:
Not open for further replies.