Do you trust your AV ?

[prashanthpai]

I recently got a common virus.
It creates a folder "resycled" with a file boot.com inside it. It also adds an autorun.inf file to the root of the drive. On execution it injects dll.dll into 2 system processes.

Neither my Norton 2009 nor the Kaspersky AVP Tool could detect it. I had to remove it manually by unloading the dll.dll from the processes and then manually deleting the virus files. I had turned off automatic loading of autorun.inf.

I then uploaded the resycled folder having boot.com along with autorun file to VirusTotal and most of the AV detected it.
Then I uploaded only the resycled having the boot.com file inside it. To my surprise, neither Norton nor Kapersky detected it.

With Autorun file :
http://www.virustotal.com/analisis/6...49b6e2adf6f862

Without Autorun File :
http://www.virustotal.com/analisis/0...5fcd6e25b4dee1

and here's a sample of the boot.com file :
http://rapidshare.com/files/155514118/resycle.zip.html

The virus is relatively less harmful. Norton was able to detect the temp files from where the virus originated and was able to remove registry entries made by it and also some of the folders and files created by it but it failed to detect boot.com

ThreatExpert reports:
http://www.google.co.in/search?hl=en&q=site%3Athreatexpert.com%2Freport.aspx+resycled&btnG=Search&meta=

So I don't trust my AV Norton or Kaspersky. Both failed to detect it. Even Microsoft (Onecare) was able to detect it. My question is do you trust your AV ?

[fletch]

No I don;t trust my AV but that is why its best to scan with stand alone antimalware programs as well,

Makes you wonder what else they miss that goes undetected

[Ceyfer √]

My answer is simple - Like human beings software have flaws too

FBI said that there's no 100% computer security - ur PC is 100% safe when its turn off

Apart from the sayings imagine there are 3-4 million malwares across the cyberworld and living inside physical boxes and Antivirus vendors cant filter all of those,despite the fact that addition of new tech innovations like Proactive features/HIPS/Heuristic tech...still not able to guarantee.

If I were u just sent the sample to the AV vendors - It's a good initiative

[prashanthpai]

I've already sent it.

FBI said that there's no 100% computer security - ur PC is 100% safe when its turn off

^ True Indeed

[Mark]

yes true..

I trust my Anti Virus.. dunno why.. I just do..

[Raymond]

Nope, a turned off computer is not even considered safe. I once a read that FBI said that the "safest computer will be the one that is turned off, buried 6 feed underground".... wait a minute, and he's even sure that's safe enough.

In short, there's no safe computer. And I do not trust antivirus. To me, it's just an alert tool rather than total protection.

[diddo09]

I have a clean file. When I scan with Norton 2009, it doesnt detect any malware threats. Yesterday, when I uploaded to VirusTotal.com ~ two scan engines said that the file contains malware [aka~suspicious file]. Does it mean that two scan engines have positive test or the others fail to detect the file.

http://www.virustotal.com/analisis/2...e22a6ba74909df

Thanks,

diddo09

[prashanthpai]

That file is safe

[Raymond]

I have a clean file. When I scan with Norton 2009, it doesnt detect any malware threats. Yesterday, when I uploaded to VirusTotal.com ~ two scan engines said that the file contains malware [aka~suspicious file]. Does it mean that two scan engines have positive test or the others fail to detect the file.

http://www.virustotal.com/analisis/2...e22a6ba74909df

Thanks,

diddo09

If you're unsure, it's time to analyze the file with ThreatExpert.
http://www.raymond.cc/blog/archives/2008/10/05/faster-and-easily-upload-suspicious-files-to-threatexpert-for-analyzing/
http://www.raymond.cc/blog/archives/2008/03/03/how-to-easily-analyze-and-get-detailed-report-of-suspicious-files/

[shan]

just like raymond i dont trust my av. thats one reason why i use mcafee its alerts are simple than kaspersky