why these malware sample not being detected on access or on demand?

i have 2 samples which are not being detected by avira free 8 on access.
but virustotal report shows that it is detected by avira and bitdefender. then i installed bitdefender 2008 trial but this one also didnt detect these samples.
"on demand scan also couldnt detect these files." by both AVs

~Screenshot removed per Policy. - Ron~

Then i found that the sample is exe but there are two or more viruses embedded in it.so i extracted then these AVs detected them.

my question is how these files been detected on virustotal and why not on my comp

 

wow what happened? i just installes avira premium thinking that maybe its because avira free detects only virus not spyware,
and it indeed detected these files after extracting that exe.
but when i double click on that exe no warning no detection by avira premium.
and the malware got installed.
im curious whats happening here with this file. anyone have suggestion?
oh and no worry for that malware, i have mr. fdisr who will get my system cleanedup.
thank you.

 

wrong configuration? you probably enabled scan on write only...

 

sorry but i have to say that i use AVs rarely. and its infact my friends system which got infected so i brought that sample to test and installed avira to check it.
And no i didnt changed any settings.oh actually i didnt opened the avira gui.except that on demand scan.
so that means it is on its default settings.

 

On-Access does not scan archives (you can enable it) and the free version does not report adware/spyware.

 

i have got another sample and this time its bitdefender 2008 which didnt detected the sample while virustotal showed that it detects.
does differnt virus engines of same vendor differ like this(like old and new version as virus total scans with avira 7 and bitdefender 7)?
i dont know whats happening here.

 

First you didn't bother to configure Avira properly and then wondered why it didn't detect for you.

Then I bet even after you were told to configure Avira properly that you didn't bother to configure BD either.

VirusTotal has both of them properly configured. You should do the same. I would NEVER dream of using any AV on default settings! Geeez....

 

that is a stupid thing to say really.
av default settings are ment to be appriate for most users.
most people dont know anything about what the best settings to set are so they keep them at defaults. i tweak av settings if installing for other people but most people wouldnt change the defaults.

 

How could that possibly be a stupid thing to say? Avira will not scan archives in real time unless you configure it to do so. You'd be crazy to leave Avira, or any AV at default. Default is set up by the AV companies so that those with old, slow computers won't complain. Default is never the optimum. You have to configure it yourself. You leave Avira on default and get the situation this OP got. Avira is not even configured to scan all files! Insanely stupid. But again that is done so that those with old, slow computers will still buy Avira (or KAV or whatever AV).

 

Scan inside archives isn't enabled by the default settings for the on-access scanner in BitDefender Antivirus 2008. You have to manually enable it by doing this first start BitDefender navigate to the antivirus section once you are on the shield tab press on the custom level and check the option and press on ok.

For an on-demand scan you have to choose for a deep scan otherwise archives aren't being scanned.

 

Are these zip files?

 

no aigle they are not zip files they are embedded in an exe file but it can be extracted by archiever "IZarc",which is why im testing them.
I know archive(rar,zip etc) file scanning is not included on access in AVs(avira or BD)
i told in my first post only that its an exe file. i think they are talking about zip or rar archive scan settings

 

Hello sach1000rt,

Did you tried what I said? On what protection level is the BitDefender virus shield set? BitDefender on access scanners scans all files but will not extract archives if you didn't have enabled scan inside archives and scan packed files (this option is only unchecked if you set the protection level on permissive).Try to scan it again normally it should be detected now.

Niels

 

FWIW stupid is not a term I use for people that are technically challenged & isn't needed. I agree that if an AV needs that much adjustment to find a viruse I suggest another AV. Most people just install & expect the program to work. Remember most people use their computer for something other than testing AV's...

 

no av has scanning archives on access enabled because it slows down the computer with no real benefit.

the old av i used to use i had to set it to scan selected files because it had multiple engines which ment it was impossible to use the computer with the on access scan set to "all files"

 

Totally agree.

 

ok i will explain whole thing now,
i installed avira 8 on my friends machine and updated it. same day he got that virus through usb.i took that sample(exe file) from usb and copied it.scanned it through
virustotal and found avira is detecting it.i thought it may be a spyware so i got a trial of avira premium and installed it,updated it. and opened the folder where i have kept the virus.no detection. when i right clicked and saw an extract option in IZArc context menu so i extracted it, within a second avira detected multiple malwares.I got curious, so i double clicked on it and "there is no detection by avira". malware got installed,and i saw what it had created as i knew what it will create thanks to threatexpert report(i submitted it to threatexpert).
no problem cause i had FD-ISR.then i installed BD 2008 but no detection.
im not complaing about anything here of those AVs.Im just curious about whats happening here. Because when my friend tried to open usb drive by double clicking it avira should have detected it when its installing(if not on access)and archive files like zip and rar dont install on double clicking a drive.
anyway i have already submitted it to avira.