?
Solved

re: detection of computer viruses withing setup and install files

Posted on 2003-03-23
5
Medium Priority
?
232 Views
Last Modified: 2010-05-18
Hi Everyone:

      I have recently downloaded some Setup Files for various programs and scanned these setup files for viruses and Trojans.  After going to trendmicro.com and running a virus scan, these files came up clean.  However, is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?

      Any thoughts or insights on this question will greatly be appreciated.

      I look forward to hearing from someone regarding this question.

      Thank you.

      George
0
Comment
Question by:GMartin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 44

Accepted Solution

by:
CrazyOne earned 500 total points
ID: 8193043
Yes it is possible but not likely. Altouhg I woudln't put my trust in just using the online version of trend.

Use all three of these

 Norton Web Services  
     Rating  = 4  
Go to this page and click on Scan for Viruses
http://security2.norton.com/ssc/vc_about.asp?langid=us&venid=sym&plfid=22&pkj=RKNYPJUIYCZRWEJGSSK

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
 
Downloading Scan for Viruses controls. Please wait...
 
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
 
Note: Scan for Viruses does not scan compressed files"
======================
 Trend Micro HouseCall  
     Rating  = 3
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp
======================

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8193050
Also you really should have a virus scanner residing on your machine. Such as Norton or McAffee which both test out as being the top two virus scanners on the market and have them be running all the time.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 8194028
Its certainly possible - hidden inside an installer *deliberately* it could be encrypted, compressed, or any combination of the two that appeals to the attacker (the 7z library for example offers AES encryption for compressed files; it would be trivial for an attacker to call that and make a trojan indetectable to AV software.

On the other hand, your AV should have a "real time" scanner, that detects a trojan being unpacked and deployed, and blocks it at the time it is installed. By definition, a compressed and encrypted trojan is no threat :)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 8197312
> is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?

Yes, that is easy to code, but not found all that often, the script kiddies can't do. So odds are that you can install and have no problem. Beware of products that do like MS and download parts of it from the web during install. Always scan after install, and backup before.

More than likely, the trojans you'll get are not virus but spyware, and the AntiVirus companines won't help with that a bit. Uninstalls don't work with those beasts.
0
 

Author Comment

by:GMartin
ID: 8319067
Hi Everyone:

      Thanks so much for sharing your time, insights, and expertise.  I especially appreciated the links to the free online virus scanners in addition to the tips.

      Have a great weekend everyone.

      George
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question