Author Topic: Win32:Beagle-J and Win32:Beagle-C [Unp]  (Read 2346 times)

0 Members and 1 Guest are viewing this topic.

F4

  • Guest
Win32:Beagle-J and Win32:Beagle-C [Unp]
« on: July 15, 2004, 06:16:04 AM »
Hi all,

I''ve usually hit by internet worms via e-mail (+20/day) and since I've used avast! almost 1 year avast! has never let me down it has caught every worms right on time.

Yes, this is my real-world test and no matter avast! is the only AV in the world that has never missed a single ITW viruses in 100 years period or not. ;D ;D ;D ;D

But what I'm wondered is that I got a Beagle worm family yesterday via e-mail. avast! says it is Win32:Beagle-J [Wrm] (pix A)by its on-access scanner but when I do an on-demand scanner (avast! quick scanner) avast! says it is Win32:Beagle-C [Unp] (pix B).

Why avast! states different name when it's the same worm body?

Thanks.
 

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11809
    • AVAST Software
Re:Win32:Beagle-J and Win32:Beagle-C [Unp]
« Reply #1 on: July 15, 2004, 09:58:23 AM »
It's caused by different settings for unpacking archives for both scanners.
The on-access scanner detects the packed file as it is (it doesn't unpack it); the quick scanner tries to unpack it first - and it detects a different ("unpacked") variant. If the unpacked variant detection wasn't present in the virus database, it would detect the packed file (Beagle-J) afterwards as well.