Can a compressed file infect a PC?

Hello guys. Last month, i've been testing some AV suites, like G-Data, F-Secure, Avira, Nod32, Avast...., downloading some crap keygens and cracks in compressed files (rar, zip...), obviously in a virtual environment. Some AV didn't detect those infected files, or they detected those malware when i uncompressed them. My question is: can a compressed virus infect a PC if i don't extract the infected files?
Curiously, i downloaded the eicar test (compressed) in a partition of my hard disk, with the antivirus deactivated. When i activated my antivirus, none of the tested solutions told me he had a virus in that rar file. Only when i tried to unrar this file, antivirus blocked the attack.... but it was an exception: Comodo Internet Security. With the same procedure, when i activated CIS and browsed in this partition, automatically CIS said me there was a virus in eicar file . Same in a compressed file that it had a crack infected by a trojan, CIS alerted me..., without having to open or unzip the file. Seriously, i had never seen this behavior in another AV...

Best regards

Miguel Angel

 

This is usually because the other AV don't have "scan archives" enabled by default, or they just don't have that option. Comodo will scan those by default with both a manual and scheduled scan. Avast has it disabled (i think) by default, you can turn it on easily however.

 

Mmm, but i haven't scanned those infected files with CIS (no manual or scheduled scan), only i've opened "My computer", D: partition, and automatically CIS say me there is a virus!...

 

Compressed files cannot infect a pc without extracting it. That is unless it has an executable format.

 

no, compressed file dont execute like exe , so dont infect PC. moreover its always recommended to not scan them as they take lot of time for scanning (involves extraction etc. )

moreover if it contain virus then Av would still detect it on execution or during extraction.

hope that clears your doubt

 

Archives (ZIP,RAR,7z etc) cannot infect the computer by themself when EXE or any other malicious file is inside. They always have to be unpacked first where real-time protection catches them.

Packers (UPack, UPX, PeProtect, PECompact etc) are a different kind of compressors. They usually extract and execute directly from memory. But then again, all half decent antiviruses have unpacking engines for these buggers.
Plus, the end user doesn't really have much control over these as they work very transparently and you can't really see if the file is packed or not unless you analyze it's structure.

SFX archives are kind of blend of both types except they still unpack to the HDD and you can simply open them with 7-zip or WinRAR using right-click "Open archive" command. This way you can inspect the content before actually extracting the stuff. Often malware is packed in these and then another filetype icon is attached to it to give impression of being something else than it actually is. Upon clicking, the content is unpacked and usually executed by the SFX archive. These are a bit more dangerous than archives without the extraction engine integrated and if your AV doesn't catch it it will run right away where with normal archive you can still decide if you really want to run it based on the looks of the file after extraction (name alone, icon, extension, whitespace, size, digital signature etc).

 

think he meant self extracting executables

 

Thanks for your replies. This forum is amazing!

Best regards

Miguel Angel

 

Very nice explanation there RejZor.

My Avira Premium / Avast IS detects them even in the process of downloading zip/rar files that are infected, stops the download and prompts for a decision. But you have to set them to scan archives.