Online scanner results discrepancy

Discussion in 'other anti-virus software' started by apm, May 23, 2009.

Thread Status:
Not open for further replies.
  1. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    162
    Have just accidentally visited a website injected with malware, the on-sccess scanner detected the installed files and removed them, but after uploaded to Virustotal and see that the same version cannot dectect the renamed files. What could possibly cause this discrepancy? As from the displayed update time thay should be using same engine and updated sigs (Dr.web 5.0.0.12182).

    http://www.host-images.com/u/files/4uzjiropfzofy3qgjvlp.jpg


    http://www.host-images.com/u/files/3h0ybqfxcee1und8v61c.jpg
     
  2. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    They are using commandline scanners which may not have the same options enabled as the desktop scanner (with regards to scan settings/heuristics)
     
  3. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
    what about http://online.drweb.com?
     
  4. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    162
    Checking: extext4499459t.exe.7B0391B3
    Engine version: 5.0.0.12182
    Total virus-finding records: 553060
    File size: 10.50 KB
    File MD5: deaa687b95335e4db2970637805e5338

    extext4499459t.exe.7B0391B3 infected with Trojan.DownLoader.origin



    Checking: 4467183test.dll.320A1743
    Engine version: 5.0.0.12182
    Total virus-finding records: 553060
    File size: 44.50 KB
    File MD5: 5625b5e70c6a5fb3fe51fb74389fb6c4

    4467183test.dll.320A1743 infected with Trojan.AVKill.origin
     
  5. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    162
    As for another sample, the virustotal with updated sig but didnt detect and it doesnt look like is heuristic detection (sample sent to http://vms.drweb.com/sendvirus on 22/5)

    Is like something at virustotal causing this discrepancy.

    ~VirusTotal screenshot removed per Policy.~
     
    Last edited by a moderator: May 24, 2009
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    That's why tests based on Virus Total results are inaccurate and unfair to AV Vendors.
    VT uses command line Linux scanners.
     
Loading...
Thread Status:
Not open for further replies.