Packed / modified trojans

Discussion in 'ewido anti-spyware forum' started by ChrisP, May 23, 2007.

Thread Status:
Not open for further replies.
  1. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Will AVG 7.5 detect trojans that have been repacked / compressed or modified in some way?

    I know my F-Secure wont. I have TojanHunter which I believe does, but have removed it from my system, so rely on AVG.

    Cheers,

    Chris
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Are you referring to the realtime Guard or the demand scanner? Have a look at this review from a year ago:-

    http://scheinsicherheit.pytalhost.de/decompdelay.htm

    The following quote refers to the most recent version of ewido at that time:-

    You'll notice that the demand scanner (which has heuristics) missed some samples, but the on-access Guard found the lot! The reason for this is that the Guard will scan executables twice, once when you attempt to run the file and again as the file unloads into memory. The first scan might miss heavily encrypted samples because the sigs are disguised, but it is the scan in memory that snaps these up.

    Trojan Hunter did not do as well in these tests. Its demand and on-access scanners both missed samples.
     
Thread Status:
Not open for further replies.