UPX compressed variant of Deborm-AF trojan not seen by Avast.

I found a trojan on my computer that Avast was missing and sent it off for analysis. I tried to use the on demand scanner with the thorough scan, with scan archives checked. Avast indicates that the file is a password protected and is unable to find the actual trojan. Would you have expected Avast to see the virus in this case or is the only way to detect this trojan the added string that the Avast virus support team mentions. (email snippet below)

Thanks again and keep up the good work guys. I’m really impressed with the quick response of this company.
-mark

thank you for re-sending. It’s an internally packed variant of the
Deborm-AF trojan. Avast can detect it if scanning files internally UPX
compressed is on. We’ll add the string for compressed version.

:slight_smile: :slight_smile:

add the string or see if trend can clean or delete it http://housecall.trendmicro.com

I think the string is refering to a virus signature update. As far as other scanners finding/cleaning this trojan, Antivir and Kaspersky are able to find and remove. (So cleanup is ok, I was just wondering if Avast should have been able to find this file with the right settings in regards to archives) BTW, Mcafee cmd line snanner seemed to miss this trojan as well.

Thanks,
-mark

mcafee command line scanner looks ONLY for boot viruses

I really doubt it - I think it looks for all viruses you want.

Try to start the Mcafee commandline with “/secure /sub”. Mcafee has an exelent Scanningengine.

Igor, before avast I used Mcafee, Norton, Kaspersky all of them almost.

Mcafee rescue disks have “emergency .dat files” these ONLY contain information on boot viruses. the program (virusscan 6.02.5000) said this every time I created or updated my rescue disk.

That was Bootscan.exe i think, but the normal Commandlinescanner is called scan.exe,

Ok. I must have forgotten. :-[