Morpine Viruses Not Detected

[mikerz]

Hi
I have notice that Avast does not seem  detect viruses encrypted with morphine.  Is there a fix for this ?

[inthewildteam]

Isn't this just something used to encrypt files as opposed to being a specific virus?

[techie101]

Mike,
What do you mean by "Avast does not seem to detect the Morphine?
Have you had a specific instance where it was not detected?  If so, provide the full virus name and path.
As far as I know, Avast will detect Morphine through the Heuristics scanner.

inthewildteam,
No, it is not just a form of encoding but a true virus.
This is a benign memory resident parasitic polymorphic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed or opened. While installing a memory resident, the virus also infects the COMMAND.COM file. The virus checks the file names and does not infect the anti-viruses F-PROT, TBAV, SCAN. The virus deletes the anti-virus data files: ANTI-VIR.DAT CHKLIST.MS CHKLIST.CPS ZZ##.IM
I believe that it will not affect Avast.

[igor]

I also thought that Morphine is a polymorphic engine - and you could pack anything with it.
Mikerz, if you are packing viruses with Morphine, you're actually creating new variants of viruses - so there's no wonder avast! cannot detect them (it doesn't have a generic "Morphine" unpacker).

[mikerz]

Hey Guys,

The Path to Virus file is
%systemroot%\system32\quicktimemngr.exe

It is downladed via ftp using:
%systemroot%\system32\c.bat

quicktimemngr.exe is encrypted with Morhpine and of course c.bat isn't a virus.

For time being I have removed ftp.exe from my system so that c.bat fails.

I can send a sample if you like.

Thanks,
Mikerz