Re: 4.2.7.2 (Virusdetection of some Scanners - List of 16.07.2009 10:58 CET)

[Martin Schneider]

Hello folks,

as you all seem to be worried about the Virus detection in "the_bat.exe" I was 
running a check on www.virustotal.com with the following result (due to format 
I have to post in HTML).



File tb4272.rar received on 2009.07.16 09:02:27 (UTC)
Result: 5/41 (12.2%)
Email:




Antivirus
Version
Last Update
Result
a-squared
4.5.0.24
2009.07.16
-
AhnLab-V3
5.0.0.2
2009.07.16
-
AntiVir
7.9.0.215
2009.07.16
-
Antiy-AVL
2.0.3.7
2009.07.16
-
Authentium
5.1.2.4
2009.07.16
W32/Heuristic-THX!Eldorado
Avast
4.8.1335.0
2009.07.16
-
AVG
8.5.0.387
2009.07.15
Win32/Themida
BitDefender
7.2
2009.07.16
-
CAT-QuickHeal
10.00
2009.07.16
-
ClamAV
0.94.1
2009.07.16
-
Comodo
1668
2009.07.16
-
DrWeb
5.0.0.12182
2009.07.16
-
eSafe
7.0.17.0
2009.07.15
-
eTrust-Vet
31.6.6617
2009.07.15
-
F-Prot
4.4.4.56
2009.07.16
W32/Heuristic-THX!Eldorado
F-Secure
8.0.14470.0
2009.07.16
-
Fortinet
3.120.0.0
2009.07.16
-
GData
19
2009.07.16
-
Ikarus
T3.1.1.64.0
2009.07.16
-
Jiangmin
11.0.706
2009.07.16
-
K7AntiVirus
7.10.793
2009.07.15
-
Kaspersky
7.0.0.125
2009.07.16
-
McAfee
5677
2009.07.15
-
McAfee+Artemis
5677
2009.07.15
Artemis!45BB7D458EA5
McAfee-GW-Edition
6.8.5
2009.07.16
Heuristic.LooksLike.Win32.Suspicious.K!92
Microsoft
1.4803
2009.07.16
-
NOD32
4248
2009.07.16
-
Norman
6.01.09
2009.07.15
-
nProtect
2009.1.8.0
2009.07.16
-
Panda
10.0.0.14
2009.07.15
-
PCTools
4.4.2.0
2009.07.15
-
Prevx
3.0
2009.07.16
-
Rising
21.38.31.00
2009.07.16
-
Sophos
4.43.0
2009.07.16
-
Sunbelt
3.2.1858.2
2009.07.16
-
Symantec
1.4.4.12
2009.07.16
-
TheHacker
6.3.4.3.368
2009.07.15
-
TrendMicro
8.950.0.1094
2009.07.16
-
VBA32
3.12.10.8
2009.07.15
-
ViRobot
2009.7.16.1838
2009.07.16
-
VirusBuster
4.6.5.0
2009.07.15
-



Always remember: mostly every scanner makes some mistakes. However keep an eye 
on which scanner you really do trust. I have some favourites. But even they are 
failing sometimes...

So, bottom line: the EXE is clean (as to be expected) - but it is packed with a 
runtime packer. That method many new viruses use for being not detected. Why 
Ritlabs is doing that is not completely clear for me. If it is because of 
piracy it may make sense. However the dark side also has methods to break these 
protections... So maybe it is worth it to rethink the way of delivering the 
EXE's to prevent confusion of the "real" users.

-- 
Best regards,
 Martin
________________________________________________________
 Current beta is 4.2.7.2 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html