|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Rasheed187
Trooper
Joined: Jul 21, 2005
Posts: 10
Location: Netherlands
|
 Posted: Mon Jul 25, 2005 8:16 pm Post subject: TR/Virtl.Breaker.SN (Found by AntiVir) |
|
|
Hi,
I canīt seem to find any info about a trojan which was spotted by AntiVir perhaps someone can help me, this was the trojan:
TR/Virtl.Breaker.SN
TIA 
|
|
| Back to top |
|
 |
TopperID
Captain
Joined: Oct 14, 2004
Posts: 375
Location: UK
|
|
| Back to top |
|
|
Rasheed187
Trooper
Joined: Jul 21, 2005
Posts: 10
Location: Netherlands
|
| Posted: Wed Jul 27, 2005 6:09 pm Post subject: |
|
|
Hi,
It was found by the scanner, and I have deleted the file. But if it was in memory, AntiVir should have spotted it with the realtime Guard right? Because I didnīt get a warning.
However MSAS reported that the "restrict anonymous guest access" setting was trying to be changed so I think a hacker tried to exploit it.
But itīs a bit strange that I couldnīt find any details about this trojan, so thatīs why I asked. Itīs always interesting to see what a specific trojan can do exactly.
|
|
| Back to top |
|
|
TopperID
Captain
Joined: Oct 14, 2004
Posts: 375
Location: UK
|
| Posted: Wed Jul 27, 2005 8:06 pm Post subject: |
|
|
| Quote: | | It was found by the scanner, and I have deleted the file. But if it was in memory, AntiVir should have spotted it with the realtime Guard right? |
How do you know it was running in memory? AV Guards are generally looking at files being written to and read from the HD, rather than running in memory, ATs like ewido do the memory scanning.
Unless you give the file path it is not possible to comment further, but there are numerous reasons why things may be found by the demand scanner and not by the Guard. For example:-
1) you may have had different configuration 'Search' settings for the Guard and main scanner;
2) the file may not have come to the Guard's attention since the definition was included in the sig base;
3) the Guard will not look into archives while the main scanner will;
4) the file may have been located in a cache inaccessible the the Guard.
I'm sure there are are other reasons too, if one thinks about it.
Provided the signature was in AntiVir's data base at the time, I'm sure the Guard would have pounced on this file if it was in a position to cause mischief on your system. Though a number of leading AVs (eg McAfee , AVG and CA VET) are, at the time of writing, apparently unable to find this malware at all!
|
|
| Back to top |
|
|
Rasheed187
Trooper
Joined: Jul 21, 2005
Posts: 10
Location: Netherlands
|
| Posted: Tue Aug 02, 2005 8:52 pm Post subject: |
|
|
Hi,
Thanks for the feedback, I was looking at my system events log and it seems like AntiVir spotted the trojan in my browser cache. Iīm not sure if the trojan was active at on point or not, but the MSAS notifications did make me a bit suspicious.
And yes, I forgot AntiVir doesnīt scan the memory. But at the moment there doesnīt seem to be any trojan active, will scan with A Squared and Ewido just to be sure.
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
