Signature of packed files

Discussion in 'malware problems & news' started by r3l4x, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. r3l4x

    r3l4x Registered Member

    Joined:
    Jun 6, 2004
    Posts:
    19
    Hello
    I wonder how removal tools (like Symantec fixes for worms) work to detect packed viruses (UPX, ASPack, PECompact etc....).
    An antivirus can unpack files with unpackers so an antivirus researcher can analyze the real code and find a signature.
    But a removal tool I believe can't upack files, so the virus signature isn't the same because it scan packed file and not unpacked file.
    So how detect a "strong" signature for packed infected files without unpack them? (like F-Prot do)

    Regards :cool:
     
    r3l4x, Sep 29, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...