Recently, I submitted 2 files to avast which I know are rogues. Before submitting, there was no detection from avast. But after submission and a VPS update, the rogues are detected as Win32:Trojan-gen.
So is it a generic/heuristic detection or a signature detection?
Win32:Trojan-gen.Generic
May i know mostly Avast! names the viruses as “Win32”?
Then how do I know it is heuristics?
Because in most cases they are specific to windows 32bit, many other AVs also use this sort of prefix.
See the link in post #2 http://www.wilderssecurity.com/showthread.php?t=280190
I am not asking about the difference between heuristics/genenric/behaviour.
What I am asking is how do I know what type of detection is avast detecting when they said Win32:Trojan-gen?
All those with -gen are generally (couldn’t help myself) generic. Heuristic detections tend to have a [Heur] suffix after them. Or in the case of anti-rootkit detections have it mentioned in the alert window, e.g. detection made using heuristic methods, or words to that effect.
What I am asking is how do I know what type of detection is avast detecting when they said Win32:Trojan-gen?Or does he mean type of malware.......it does say Trojan
What I am asking, is it a signature detection?
Yes.
asyn
Then why not give it a name? Why use -gen?
Because the signature (generic) is designed to detect multiple variants of malware ‘trojans in this case.’ For a detection to be given a specific signature/name first a sample must be received/analysed, a signature and name produced and included in the next VPS.
This all takes time and the generic signatures serve an important purpose in detecting new variants that might otherwise not be detected.