C
Chip
Today I came across a file that contained the trojan Backdoor.Subseven,
which was not found by AVG 6.0/518. The file had a name such as
"xyzabc.avi.com". Because the filename had the .com extension, AVG failed
to properly scan the file when I saved it. Being suspicious, I ran "list
xyz*.com" to view the contents of that file, and found many references to
socket support, to pwd=, trojan=, etcetera. The start of the file had a
..EXE header, so I renamed the file to have .exe extension instead of .com.
Afterward, AVG finally found the trojan embedded within the file. The
problem I uncovered is that AVG is looking at filename extensions and making
erroneous decisions about what to scan for or how to scan. If the file had
arrived with .exe extension in the first place, I suspect AVG would have
warned of the infection to start with.
If I had not been diligent and suspicious, AVG would have allowed my system
to become infected despite having AVG actively running. Something like this
is way beyond normal users, who would have then screamed that AVG is broken
(or worse).
I sent the above note to AVG's techsupport, with the s/n they gave me, but I
receive an autoresponse that their bot cannot determine the s/n from my
message, and they do not want to hear from users of their free version. Oh
well, maybe they will read about it here instead, albeit a little belatedly.
which was not found by AVG 6.0/518. The file had a name such as
"xyzabc.avi.com". Because the filename had the .com extension, AVG failed
to properly scan the file when I saved it. Being suspicious, I ran "list
xyz*.com" to view the contents of that file, and found many references to
socket support, to pwd=, trojan=, etcetera. The start of the file had a
..EXE header, so I renamed the file to have .exe extension instead of .com.
Afterward, AVG finally found the trojan embedded within the file. The
problem I uncovered is that AVG is looking at filename extensions and making
erroneous decisions about what to scan for or how to scan. If the file had
arrived with .exe extension in the first place, I suspect AVG would have
warned of the infection to start with.
If I had not been diligent and suspicious, AVG would have allowed my system
to become infected despite having AVG actively running. Something like this
is way beyond normal users, who would have then screamed that AVG is broken
(or worse).
I sent the above note to AVG's techsupport, with the s/n they gave me, but I
receive an autoresponse that their bot cannot determine the s/n from my
message, and they do not want to hear from users of their free version. Oh
well, maybe they will read about it here instead, albeit a little belatedly.