Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: mikerz on October 08, 2004, 01:36:03 AM
-
Hi
I have notice that Avast does not seem detect viruses encrypted with morphine. Is there a fix for this ?
-
Isn't this just something used to encrypt files as opposed to being a specific virus?
-
Mike,
What do you mean by "Avast does not seem to detect the Morphine?
Have you had a specific instance where it was not detected? If so, provide the full virus name and path.
As far as I know, Avast will detect Morphine through the Heuristics scanner.
inthewildteam,
No, it is not just a form of encoding but a true virus.
This is a benign memory resident parasitic polymorphic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed or opened. While installing a memory resident, the virus also infects the COMMAND.COM file. The virus checks the file names and does not infect the anti-viruses F-PROT, TBAV, SCAN. The virus deletes the anti-virus data files: ANTI-VIR.DAT CHKLIST.MS CHKLIST.CPS ZZ##.IM
I believe that it will not affect Avast.
-
I also thought that Morphine is a polymorphic engine - and you could pack anything with it.
Mikerz, if you are packing viruses with Morphine, you're actually creating new variants of viruses - so there's no wonder avast! cannot detect them (it doesn't have a generic "Morphine" unpacker).
-
Hey Guys,
The Path to Virus file is
%systemroot%\system32\quicktimemngr.exe
It is downladed via ftp using:
%systemroot%\system32\c.bat
quicktimemngr.exe is encrypted with Morhpine and of course c.bat isn't a virus.
For time being I have removed ftp.exe from my system so that c.bat fails.
I can send a sample if you like.
Thanks,
Mikerz