Hi!
I am currently involved in a project on the topic of zero-day malware.
In this project we have used the BART CD as one of our tools, i will not go into detail on the experiments here.
When using the BART CD we scanned six different machines containing almost the same data on two different dates, with a month in between the scans.
On the second scan something strange happened, we scanned all machines with the BART CD but only two of these detected a special type of malware: WMA:Wimad [Drp]. Several hundreds of files were infected with this malware, and when we scanned the four first machines again, with the same CD, they also detected the malware.
It seems it is more or less random if this type of malware was detected.
avast! support suggested that:
first scan probably deleted or unlocked something what was hiding the other infection., but no actions were performed on the file system.
The infected files were media files inside small .rar archives, no error messages were logged on the files in question.
The machines were not booted in between the scans.
Can anyone explain what has happened here? Is this some kind of bug?
