Jump to content
Tuts 4 You

Why Wont You Understand Antivirus


Recommended Posts

This is kind of funny show I thought I would share. I was playing around with some Armadillo Unpackmes from tuts4you, no big deal, after unpacking I went to lord pe and cut out the unneeded sections, I guess I cut out one too many sections because on repair of the dump, my antivirus went off saying Trojan.Qqpass.ND. I use BitDefender which is pretty good to me most of the time. Anyway I thought this was bs, closed down my AV, and run the file to see if it still works, I lost the icon, but app still works. :P

Man these AV can be quite a nuisance, then again it could be worse I could be using Norton or Mcafee, memory hogs that go of all the time. :rolleyes:

Link to comment
Guest Individual11

Without knowing the specific mechanisms AV software uses, it`s a fair bet that malware/virii of different types also utilise packers of one sort or another. False positives (presumably from sigs) are pretty common when messing about with reversing. Similarly heuristic-type detectors go off not infrequently, again presumably because of the unusual techniques (from a "normal" standpoint) which are utilised to reduce a binary down to its base components (source).

But yeah my experience of SYmantech in a revresing environment is you`d better disable it most of the time and set the majority of your files to be excluded from scans otherwise you`re gonna have abunch of work, clearing alarms and restoring quarantined files!

Link to comment

See, I don't see the big thing about symmantec is... Must admit I use the 2007 version because my gf gave it to me for $20. I've had one false positive reversing, and truth be told, on my laptop, it isn't a memory hog *at all*

Link to comment
Guest Individual11
See, I don't see the big thing about symmantec is... Must admit I use the 2007 version because my gf gave it to me for $20. I've had one false positive reversing, and truth be told, on my laptop, it isn't a memory hog *at all*

I haven`t had problems with memory consumption etc and when I`ve tested Symantech against known malware/virus stuff it does a decent job. However as I said, it is prone to false positives. I have had a number of RCE-type files flagged as infected when I know that they are not. Too many false-positives leads to complacency of course and it only takes one "baddie" to get through and chanes are you`re looking at a reinstall (after malware outbreaks I invariably treat the platform as suspect and frag the lot).

Link to comment

Heh, My AV found about 8 or 9 "viruses" in Lena151's tuts.

Most were Generic and some Zombie... Lol.

Bad thing is that it moves the files to Vault...

Life is alot simpler without any AV :)

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...