Author Topic: UPX compressed variant of Deborm-AF trojan not seen by Avast. (Read 6568 times)

jepp1 · « **on:** February 21, 2004, 04:00:16 AM »

I found a trojan on my computer that Avast was missing and sent it off for analysis. I tried to use the on demand scanner with the thorough scan, with scan archives checked. Avast indicates that the file is a password protected and is unable to find the actual trojan. Would you have expected Avast to see the virus in this case or is the only way to detect this trojan the added string that the Avast virus support team mentions. (email snippet below)

Thanks again and keep up the good work guys. I'm really impressed with the quick response of this company.
-mark

> thank you for re-sending. It's an internally packed variant of the
> Deborm-AF trojan. Avast can detect it if scanning files internally UPX
> compressed is on. We'll add the string for compressed version.
>
>

.: Mac :. · « **Reply #1 on:** February 21, 2004, 06:38:40 PM »

add the string or see if trend can clean or delete it http://housecall.trendmicro.com

jepp1 · « **Reply #2 on:** February 21, 2004, 07:56:09 PM »

I think the string is refering to a virus signature update. As far as other scanners finding/cleaning this trojan, Antivir and Kaspersky are able to find and remove. (So cleanup is ok, I was just wondering if Avast should have been able to find this file with the right settings in regards to archives) BTW, Mcafee cmd line snanner seemed to miss this trojan as well.

Thanks,
-mark

.: Mac :. · « **Reply #3 on:** February 21, 2004, 08:48:17 PM »

mcafee command line scanner looks ONLY for boot viruses

igor · « **Reply #4 on:** February 21, 2004, 08:58:53 PM »

Quote from: MacLover2000 on February 21, 2004, 08:48:17 PM

mcafee command line scanner looks ONLY for boot viruses

I really doubt it - I think it looks for all viruses you want.

raman · « **Reply #5 on:** February 21, 2004, 09:54:46 PM »

Try to start the Mcafee commandline with "/secure /sub". Mcafee has an exelent Scanningengine.

.: Mac :. · « **Reply #6 on:** February 21, 2004, 10:50:50 PM »

Igor, before avast I used Mcafee, Norton, Kaspersky all of them almost.

Mcafee rescue disks have "emergency .dat files" these ONLY contain information on boot viruses. the program (virusscan 6.02.5000) said this every time I created or updated my rescue disk.

raman · « **Reply #7 on:** February 21, 2004, 11:10:16 PM »

That was Bootscan.exe i think, but the normal Commandlinescanner is called scan.exe,

.: Mac :. · « **Reply #8 on:** February 22, 2004, 01:43:30 AM »

Ok. I must have forgotten.

Author Topic: UPX compressed variant of Deborm-AF trojan not seen by Avast. (Read 6568 times)

jepp1

UPX compressed variant of Deborm-AF trojan not seen by Avast.

.: Mac :.

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

jepp1

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

.: Mac :.

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

igor

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

raman

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

.: Mac :.

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

raman

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.

.: Mac :.

Re:UPX compressed variant of Deborm-AF trojan not seen by Avast.