Link to home
Start Free TrialLog in
Avatar of GMartin
GMartinFlag for United States of America

asked on

re: detection of computer viruses withing setup and install files

Hi Everyone:

      I have recently downloaded some Setup Files for various programs and scanned these setup files for viruses and Trojans.  After going to trendmicro.com and running a virus scan, these files came up clean.  However, is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?

      Any thoughts or insights on this question will greatly be appreciated.

      I look forward to hearing from someone regarding this question.

      Thank you.

      George
ASKER CERTIFIED SOLUTION
Avatar of CrazyOne
CrazyOne
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also you really should have a virus scanner residing on your machine. Such as Norton or McAffee which both test out as being the top two virus scanners on the market and have them be running all the time.
Its certainly possible - hidden inside an installer *deliberately* it could be encrypted, compressed, or any combination of the two that appeals to the attacker (the 7z library for example offers AES encryption for compressed files; it would be trivial for an attacker to call that and make a trojan indetectable to AV software.

On the other hand, your AV should have a "real time" scanner, that detects a trojan being unpacked and deployed, and blocks it at the time it is installed. By definition, a compressed and encrypted trojan is no threat :)
> is it possible the setup files can still contain malicious code which is dormant and only becomes activated after the install or setup file is launched?

Yes, that is easy to code, but not found all that often, the script kiddies can't do. So odds are that you can install and have no problem. Beware of products that do like MS and download parts of it from the web during install. Always scan after install, and backup before.

More than likely, the trojans you'll get are not virus but spyware, and the AntiVirus companines won't help with that a bit. Uninstalls don't work with those beasts.
Avatar of GMartin

ASKER

Hi Everyone:

      Thanks so much for sharing your time, insights, and expertise.  I especially appreciated the links to the free online virus scanners in addition to the tips.

      Have a great weekend everyone.

      George