system
1
I have a sample of Win32:Mapson [Wrm] on my computer and it seems that the Resident Scanner did not detect it at all. When I used the Explorer Extension to scan the file, it was detected as Win32:Mapson [Wrm].
I tried sending this file to virus @ avast.com but it seems that they they do not reply. It has been a week now and a resent with no luck.
Any ideas?
igor0
2
If the Explorer Extension detects it, the problem is somewhere else.
What was the filename you checked and how did you access it?
system
3
File name is file.exe and accessed it via Notepad. (Simply by opening it)
Right click → Properties also did not popup any alerts.
igor0
4
What is your OS and how is your Standard Shield configured?
system
5
XP Pro w/ SP2 2126
Standard Shield - Custom
Basic - All
Scanner (Advanced):
Scan files on open
- Ext: *
Always scan WSH-script files
Scan created/modified files
- All files
Blocker
Default extension set
- Formatting
- Deny the operation
Advanced
-All unchecked w/ default ignore list.
igor0
6
Gee… and you say that with this configuration, the on-access scanner doesn’t show a warning when you open it in Notepad (i.e. Notepad displays the binary content of the file)?
What is the full path of the file?
system
7
G:\Scans\exe.exe
Does the explorer extension have more heuristics applied to it?
igor0
8
No, certainly not.
What is the length of the file?
system
9
The file is 358,370 bytes long.
It seems that the file is compressed with UPX although I have not attempted to decompress it.