question about nod32 scan

I was sent an .exe file recently. I used nod32 scanner to scan and it scanned 7 files, not detecting anything. So I opened the .exe and the real-time protection popped up saying some w32 trojan has been blocked and explorerr.exe has been quarantined. Though it was my fault that I should of have known better not to open random .exes, but I'm really confused on why it didn't detect anything during the scan but is able to do so after I opened the file.

 

Many .exe files are compressed for file size. When compressed, the scanner will not be able to see all the components of the file. Once extracted, the scanner can then view all files and processes within the .exe file and locate any malware that may be present. This may explain why the scanner did not detect anything on the initial scan but did pick up the trojan present once the .exe was extracted.

 

It could have been simply a dropper which dropped files recognized by ESET. The question is whether the exe file did also something else besides dropping the file that was detected or not. If not your computer should be perfectly clean. To make sure, I'd suggest submitting the exe file along with a SysInspector log to ESET for perusal.

 

Thanks for the reply guys.

To mack - I was thinking originally that it might not have scanned all files, but it did report back 7 files scanned - showing some degree of extraction. Maybe it didn't dig deep enough into the file?

To Marcos - that's very possible. Is there a way then to detect these dropper programs, or do I just have to be more careful next time? Unfortunately I don't have the original program anymore - reinstalled the entire system.

 

Maybe the dropper has not performed malicious actions, thats may explain the no detection of the file