why these malware sample not being detected on access or on demand?

Discussion in 'other anti-virus software' started by sach1000rt, Apr 24, 2008.

Thread Status:
Not open for further replies.
  1. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    i have 2 samples which are not being detected by avira free 8 on access.
    but virustotal report shows that it is detected by avira and bitdefender. then i installed bitdefender 2008 trial but this one also didnt detect these samples.
    "on demand scan also couldnt detect these files." by both AVs

    ~Screenshot removed per Policy. - Ron~

    Then i found that the sample is exe but there are two or more viruses embedded in it.so i extracted then these AVs detected them.

    my question is how these files been detected on virustotal and why not on my comp
     
    Last edited by a moderator: Apr 24, 2008
  2. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    wow what happened? i just installes avira premium thinking that maybe its because avira free detects only virus not spyware,
    and it indeed detected these files after extracting that exe.
    but when i double click on that exe no warning no detection by avira premium.
    and the malware got installed.
    im curious whats happening here with this file. anyone have suggestion?
    oh and no worry for that malware, i have mr. fdisr who will get my system cleanedup.
    thank you.
     
  3. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    wrong configuration? you probably enabled scan on write only...
     
  4. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    sorry but i have to say that i use AVs rarely. and its infact my friends system which got infected so i brought that sample to test and installed avira to check it.
    And no i didnt changed any settings.oh actually i didnt opened the avira gui.except that on demand scan.
    so that means it is on its default settings.
     
  5. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    On-Access does not scan archives (you can enable it) and the free version does not report adware/spyware.
     
  6. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    i have got another sample and this time its bitdefender 2008 which didnt detected the sample while virustotal showed that it detects.
    does differnt virus engines of same vendor differ like this(like old and new version as virus total scans with avira 7 and bitdefender 7)?
    i dont know whats happening here.
     
  7. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    First you didn't bother to configure Avira properly and then wondered why it didn't detect for you. :(

    Then I bet even after you were told to configure Avira properly that you didn't bother to configure BD either.

    VirusTotal has both of them properly configured. You should do the same. I would NEVER dream of using any AV on default settings! Geeez....
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    that is a stupid thing to say really.
    av default settings are ment to be appriate for most users.
    most people dont know anything about what the best settings to set are so they keep them at defaults. i tweak av settings if installing for other people but most people wouldnt change the defaults.
     
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    How could that possibly be a stupid thing to say? Avira will not scan archives in real time unless you configure it to do so. You'd be crazy to leave Avira, or any AV at default. Default is set up by the AV companies so that those with old, slow computers won't complain. Default is never the optimum. You have to configure it yourself. You leave Avira on default and get the situation this OP got. Avira is not even configured to scan all files! Insanely stupid. But again that is done so that those with old, slow computers will still buy Avira (or KAV or whatever AV).
     
  10. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Scan inside archives isn't enabled by the default settings for the on-access scanner in BitDefender Antivirus 2008. You have to manually enable it by doing this first start BitDefender navigate to the antivirus section once you are on the shield tab press on the custom level and check the option and press on ok.

    For an on-demand scan you have to choose for a deep scan otherwise archives aren't being scanned.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Are these zip files?
     
  12. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    no aigle they are not zip files they are embedded in an exe file but it can be extracted by archiever "IZarc",which is why im testing them.
    I know archive(rar,zip etc) file scanning is not included on access in AVs(avira or BD)
    i told in my first post only that its an exe file. i think they are talking about zip or rar archive scan settings
     
  13. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    Hello sach1000rt,

    Did you tried what I said? On what protection level is the BitDefender virus shield set? BitDefender on access scanners scans all files but will not extract archives if you didn't have enabled scan inside archives and scan packed files (this option is only unchecked if you set the protection level on permissive).Try to scan it again normally it should be detected now.

    Niels
     
    Last edited: Apr 25, 2008
  14. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    FWIW stupid is not a term I use for people that are technically challenged & isn't needed. I agree that if an AV needs that much adjustment to find a viruse I suggest another AV. Most people just install & expect the program to work. Remember most people use their computer for something other than testing AV's...
     
  15. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    no av has scanning archives on access enabled because it slows down the computer with no real benefit.

    the old av i used to use i had to set it to scan selected files because it had multiple engines which ment it was impossible to use the computer with the on access scan set to "all files"
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Totally agree.
     
  17. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    ok i will explain whole thing now,
    i installed avira 8 on my friends machine and updated it. same day he got that virus through usb.i took that sample(exe file) from usb and copied it.scanned it through
    virustotal and found avira is detecting it.i thought it may be a spyware so i got a trial of avira premium and installed it,updated it. and opened the folder where i have kept the virus.no detection. when i right clicked and saw an extract option in IZArc context menu so i extracted it, within a second avira detected multiple malwares.I got curious, so i double clicked on it and "there is no detection by avira". malware got installed,and i saw what it had created as i knew what it will create thanks to threatexpert report(i submitted it to threatexpert).
    no problem cause i had FD-ISR.then i installed BD 2008 but no detection.
    im not complaing about anything here of those AVs.Im just curious about whats happening here. Because when my friend tried to open usb drive by double clicking it avira should have detected it when its installing(if not on access)and archive files like zip and rar dont install on double clicking a drive.
    anyway i have already submitted it to avira.
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Several off topic posts removed. Discuss software, not other members.
     
Loading...
Thread Status:
Not open for further replies.