I have some funny problem with this worm. It is not detected On-Access and not in the Chest (if i use Scan feature). But it is detected if i scan it with ashQuick (right-click).
Can anyone from Alwil contact me,so i’ll send you this problematic sample.
The sample is heavily corrupted (well, “heavily”… the first 4 bytes of the file were overwritten, so it’s not a valid executable file anymore).
So, ashQuick detects it (since it has the “Scan whole files” flag set), but the resident protection does not because it (correctly) decides that it is not an executable file, so it doesn’t scan the file parts it would scan if it was an executable.