Author Topic: Detection or Generic? (Read 4394 times)

LunarWolf · « **on:** January 06, 2011, 02:33:39 PM »

Recently, I submitted 2 files to avast which I know are rogues. Before submitting, there was no detection from avast. But after submission and a VPS update, the rogues are detected as Win32:Trojan-gen.

So is it a generic/heuristic detection or a signature detection?

Pondus · « **Reply #1 on:** January 06, 2011, 02:44:10 PM »

Quote

Win32:Trojan-gen.

Generic

yongsua · « **Reply #2 on:** January 06, 2011, 03:55:03 PM »

May i know mostly Avast! names the viruses as "Win32"?

LunarWolf · « **Reply #3 on:** January 06, 2011, 04:16:25 PM »

Then how do I know it is heuristics?

DavidR · « **Reply #4 on:** January 06, 2011, 05:03:45 PM »

Quote from: yongsua on January 06, 2011, 03:55:03 PM

May i know mostly Avast! names the viruses as "Win32"?

Because in most cases they are specific to windows 32bit, many other AVs also use this sort of prefix.

Pondus · « **Reply #5 on:** January 06, 2011, 05:28:31 PM »

Quote from: LunarWolf on January 06, 2011, 04:16:25 PM

Then how do I know it is heuristics?

See the link in post #2 http://www.wilderssecurity.com/showthread.php?t=280190

LunarWolf · « **Reply #6 on:** January 07, 2011, 12:48:22 PM »

Quote from: Pondus on January 06, 2011, 05:28:31 PM

Quote from: LunarWolf on January 06, 2011, 04:16:25 PM
Then how do I know it is heuristics?
See the link in post #2 http://www.wilderssecurity.com/showthread.php?t=280190

I am not asking about the difference between heuristics/genenric/behaviour.

What I am asking is how do I know what type of detection is avast detecting when they said Win32:Trojan-gen?

DavidR · « **Reply #7 on:** January 07, 2011, 02:45:34 PM »

All those with -gen are generally (couldn't help myself) generic. Heuristic detections tend to have a [Heur] suffix after them. Or in the case of anti-rootkit detections have it mentioned in the alert window, e.g. detection made using heuristic methods, or words to that effect.

Pondus · « **Reply #8 on:** January 07, 2011, 03:09:29 PM »

Quote

What I am asking is how do I know what type of detection is avast detecting when they said Win32:Trojan-gen?

Or does he mean type of malware.......it does say Trojan

LunarWolf · « **Reply #9 on:** January 09, 2011, 01:34:33 PM »

What I am asking, is it a signature detection?

Asyn · « **Reply #10 on:** January 09, 2011, 01:52:26 PM »

Quote from: LunarWolf on January 09, 2011, 01:34:33 PM

What I am asking, is it a signature detection?

Yes.
asyn

LunarWolf · « **Reply #11 on:** January 09, 2011, 03:02:12 PM »

Then why not give it a name? Why use -gen?

DavidR · « **Reply #12 on:** January 09, 2011, 03:30:58 PM »

Because the signature (generic) is designed to detect multiple variants of malware 'trojans in this case.' For a detection to be given a specific signature/name first a sample must be received/analysed, a signature and name produced and included in the next VPS.

This all takes time and the generic signatures serve an important purpose in detecting new variants that might otherwise not be detected.

Author Topic: Detection or Generic? (Read 4394 times)

LunarWolf

Detection or Generic?

Pondus

Re: Detection or Generic?

yongsua

Re: Detection or Generic?

LunarWolf

Re: Detection or Generic?

DavidR

Re: Detection or Generic?

Pondus

Re: Detection or Generic?

LunarWolf

Re: Detection or Generic?

DavidR

Re: Detection or Generic?

Pondus

Re: Detection or Generic?

LunarWolf

Re: Detection or Generic?

Asyn

Re: Detection or Generic?

LunarWolf

Re: Detection or Generic?

DavidR

Re: Detection or Generic?