if you're just joining this thread, there has been some confusion from other readers so i'll try and correct it with this edit. no single virus protection program will detect everything as shown by the example below. I'm already running deep packet inspection with a single service and was wondering if anyone has every tried more than one to decrease the odds of something getting through. Think of it as layered deep packet inspection. when I talk about "downloading" the file below, it was downloaded specifically to test the suspicious file. it didn't actually infect any of my computers.
I got an email this morning through yahoo that contained a file called aneox.pps. The email had malware written all over it. I downloaded the file which contained aneox.pps.cpl. yahoo didn't detect the file nor did security essentials or clam. I decided to run the file through an online scan which gave the following results. note that the dashes (-) are programs that didn't detect anything. I'm already running clam AV through a proxy server and was considering adding 1 or 2 other programs. has anyone done this before? any other thoughts?
Antivirus Result Update
Agnitum - 20121127
AhnLab-V3 Downloader/Win32.Banload 20121127
AntiVir - 20121128
Antiy-AVL - 20121127
Avast - 20121128
AVG - 20121127
BitDefender Gen:Variant.Zusy.18723 20121127
ByteHero - 20121116
CAT-QuickHeal - 20121127
ClamAV - 20121127
Commtouch - 20121128
Comodo - 20121127
DrWeb - 20121128
Emsisoft Gen:Variant.Zusy.18723 (B) 20121127
eSafe - 20121126
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.RMB 20121127
F-Prot - 20121128
F-Secure Gen:Variant.Zusy.18723 20121127
Fortinet - 20121128
GData Gen:Variant.Zusy.18723 20121127
Ikarus - 20121127
Jiangmin Trojan/Generic.awglo 20121127
K7AntiVirus - 20121127
Kaspersky HEUR:Trojan.Win32.Generic 20121128
Kingsoft - 20121119
McAfee - 20121128
McAfee-GW-Edition - 20121127
Microsoft - 20121128
Norman - 20121127
nProtect - 20121127
Panda Trj/Genetic.gen 20121127
PCTools - 20121128
Rising - 20121126
Sophos - 20121128
SUPERAntiSpyware - 20121128
Symantec - 20121128
TheHacker - 20121127
TotalDefense - 20121127
TrendMicro - 20121128
TrendMicro-HouseCall - 20121127
VBA32 - 20121127
VIPRE - 20121128
ViRobot - 20121127
Well, can the file just be deleted? I mean, it looks like it's intended to be an addition to the Control Panel.
yeah the file can be, i didn't run the file so it's no problem. I'm a little paranoid of security because of past problems (i'll leave it at that). I would prefer that these be blocked before they make it to my desktop if at all possible.
i know there will be more in the future not as easy to detect as this one
I don't want to risk being rude, but I am curious: how did you end up downloading it? Was it an accident?
it's fine, i understand your question. I was just using this as an example that many malware items out there aren't detected by all virus scan software. I've had problems in the past with SQL injection and drive-by attacks. Most of this stuff wasn't as obvious as this simple one I showed in the example. when I say run multiple services, i'm not talking about installing avg and norton on my desktop. I have a server that I proxy through for security, I was considering adding more scanning programs on the server side for layered deep packet inspection. so far one layer doesn't seem to slow down my internet at all. has anyone done this or does this just sound dumb?
Oh! I understand what this thread is for now. Nice idea. :)
I have no idea if this would be a good thing to do or not. So, I wouldn't have replied if I were smart enough to understand the purpose of this thread. lol I'm sorry for the confusion. Carry on!
i edited the first post, hopefully that clears things up. sorry about that.