using multiple virus scans to detect malware? - Overclock.net

Forum Jump: 
 
Thread Tools
post #1 of 8 Old 11-28-2012, 05:43 PM - Thread Starter
4.0ghz
 
hks85's Avatar
 
Join Date: Nov 2006
Location: AU
Posts: 1,265
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 27
:::EDIT:::
if you're just joining this thread, there has been some confusion from other readers so i'll try and correct it with this edit. no single virus protection program will detect everything as shown by the example below. I'm already running deep packet inspection with a single service and was wondering if anyone has every tried more than one to decrease the odds of something getting through. Think of it as layered deep packet inspection. when I talk about "downloading" the file below, it was downloaded specifically to test the suspicious file. it didn't actually infect any of my computers.

:::/EDIT:::



I got an email this morning through yahoo that contained a file called aneox.pps. The email had malware written all over it. I downloaded the file which contained aneox.pps.cpl. yahoo didn't detect the file nor did security essentials or clam. I decided to run the file through an online scan which gave the following results. note that the dashes (-) are programs that didn't detect anything. I'm already running clam AV through a proxy server and was considering adding 1 or 2 other programs. has anyone done this before? any other thoughts?


Antivirus Result Update
Agnitum - 20121127
AhnLab-V3 Downloader/Win32.Banload 20121127
AntiVir - 20121128
Antiy-AVL - 20121127
Avast - 20121128
AVG - 20121127
BitDefender Gen:Variant.Zusy.18723 20121127
ByteHero - 20121116
CAT-QuickHeal - 20121127
ClamAV - 20121127
Commtouch - 20121128
Comodo - 20121127
DrWeb - 20121128
Emsisoft Gen:Variant.Zusy.18723 (B) 20121127
eSafe - 20121126
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.RMB 20121127
F-Prot - 20121128
F-Secure Gen:Variant.Zusy.18723 20121127
Fortinet - 20121128
GData Gen:Variant.Zusy.18723 20121127
Ikarus - 20121127
Jiangmin Trojan/Generic.awglo 20121127
K7AntiVirus - 20121127
Kaspersky HEUR:Trojan.Win32.Generic 20121128
Kingsoft - 20121119
McAfee - 20121128
McAfee-GW-Edition - 20121127
Microsoft - 20121128
Norman - 20121127
nProtect - 20121127
Panda Trj/Genetic.gen 20121127
PCTools - 20121128
Rising - 20121126
Sophos - 20121128
SUPERAntiSpyware - 20121128
Symantec - 20121128
TheHacker - 20121127
TotalDefense - 20121127
TrendMicro - 20121128
TrendMicro-HouseCall - 20121127
VBA32 - 20121127
VIPRE - 20121128
ViRobot - 20121127

hks85 is offline  
Sponsored Links
Advertisement
 
post #2 of 8 Old 11-28-2012, 05:50 PM
New to Overclock.net
 
TwoCables's Avatar
 
Join Date: Dec 2008
Location: Brooklyn Park, Mini Soda
Posts: 76,918
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 19 Post(s)
Liked: 6213

Well, can the file just be deleted?  I mean, it looks like it's intended to be an addition to the Control Panel.


 Semi-Classic Firefox Add-ons Manager (CSS script)

 

The virtuous spirit has no need for thankful approval, owning a certain conviction that what has been done is right.

TwoCables is online now  
post #3 of 8 Old 11-28-2012, 05:54 PM - Thread Starter
4.0ghz
 
hks85's Avatar
 
Join Date: Nov 2006
Location: AU
Posts: 1,265
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 27
Quote:
Originally Posted by TwoCables View Post

Well, can the file just be deleted?  I mean, it looks like it's intended to be an addition to the Control Panel.

yeah the file can be, i didn't run the file so it's no problem. I'm a little paranoid of security because of past problems (i'll leave it at that). I would prefer that these be blocked before they make it to my desktop if at all possible.

:::EDIT:::

i know there will be more in the future not as easy to detect as this one

hks85 is offline  
Sponsored Links
Advertisement
 
post #4 of 8 Old 11-28-2012, 05:59 PM
New to Overclock.net
 
TwoCables's Avatar
 
Join Date: Dec 2008
Location: Brooklyn Park, Mini Soda
Posts: 76,918
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 19 Post(s)
Liked: 6213

I don't want to risk being rude, but I am curious:  how did you end up downloading it?  Was it an accident?


 Semi-Classic Firefox Add-ons Manager (CSS script)

 

The virtuous spirit has no need for thankful approval, owning a certain conviction that what has been done is right.

TwoCables is online now  
post #5 of 8 Old 11-28-2012, 06:12 PM - Thread Starter
4.0ghz
 
hks85's Avatar
 
Join Date: Nov 2006
Location: AU
Posts: 1,265
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 27
Quote:
Originally Posted by TwoCables View Post

I don't want to risk being rude, but I am curious:  how did you end up downloading it?  Was it an accident?

it's fine, i understand your question. I was just using this as an example that many malware items out there aren't detected by all virus scan software. I've had problems in the past with SQL injection and drive-by attacks. Most of this stuff wasn't as obvious as this simple one I showed in the example. when I say run multiple services, i'm not talking about installing avg and norton on my desktop. I have a server that I proxy through for security, I was considering adding more scanning programs on the server side for layered deep packet inspection. so far one layer doesn't seem to slow down my internet at all. has anyone done this or does this just sound dumb?

hks85 is offline  
post #6 of 8 Old 11-28-2012, 06:17 PM
New to Overclock.net
 
TwoCables's Avatar
 
Join Date: Dec 2008
Location: Brooklyn Park, Mini Soda
Posts: 76,918
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 19 Post(s)
Liked: 6213

Oh!  I understand what this thread is for now.  Nice idea.  :)

 

I have no idea if this would be a good thing to do or not.  So, I wouldn't have replied if I were smart enough to understand the purpose of this thread.  lol  I'm sorry for the confusion.  Carry on!


 Semi-Classic Firefox Add-ons Manager (CSS script)

 

The virtuous spirit has no need for thankful approval, owning a certain conviction that what has been done is right.

TwoCables is online now  
post #7 of 8 Old 11-28-2012, 09:05 PM
Overclocker
 
shadman's Avatar
 
Join Date: Aug 2009
Location: West Coast
Posts: 1,551
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 83
Ha, I got a little confused too. I read:
"I am paranoid of security from past problems"
"It had malware written all over it"
"I downloaded it"

Unfortunately I don't really have an answer for you on that one. But at least its a bump.

Not from Shadbase

Chimp Challenge Participant 

shadman is offline  
post #8 of 8 Old 11-29-2012, 12:20 AM - Thread Starter
4.0ghz
 
hks85's Avatar
 
Join Date: Nov 2006
Location: AU
Posts: 1,265
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 27
Quote:
Originally Posted by shadman View Post

Ha, I got a little confused too. I read:
"I am paranoid of security from past problems"
"It had malware written all over it"
"I downloaded it"
Unfortunately I don't really have an answer for you on that one. But at least its a bump.

i edited the first post, hopefully that clears things up. sorry about that.

hks85 is offline  
Reply

Quick Reply

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off