Cureit: Bug Or Feature?
#1
Отправлено 18 Январь 2009 - 17:04
Kind Regards
Carlo Tiedemann
#2
Отправлено 18 Январь 2009 - 17:16
firstly, im not sure i understand your question,The old V4.4 versions removes virii like Polipos completely from the infected exe file, the new V5 version only overwrites the virus code with the last bytes from the clean exe. As a result the exe is desinfected (good!), but it isn't the same as before (Bad, this confuses other sercurity mechanisms like md5 hashes, simple length checkers etc).
Kind Regards
Carlo Tiedemann
v5 introduces better curing techniques in comparison to v4.44
whereas 4.44 might have just deleted the infection on certain files, V5 has a better ability/a greater chance to actually keep the file, but cure it from the infection, whilst hopefully leaving the file in proper working order.
isnt the same as before?... not sure what you mean here.
if you could post more information about your question, that would be helpful for everyone.
#3
Отправлено 18 Январь 2009 - 20:22
#4
Отправлено 18 Январь 2009 - 20:23
The old V4.4 versions removes virii like Polipos completely from the infected exe file, the new V5 version only overwrites the virus code with the last bytes from the clean exe. As a result the exe is desinfected (good!), but it isn't the same as before (Bad, this confuses other sercurity mechanisms like md5 hashes, simple length checkers etc).
could you say the virus name you speak of?
#5
Отправлено 18 Январь 2009 - 20:35
An example: A clean exe file has a size of 200.000 Bytes. After infection with Polipos the size is incremented by 57344, overall size of the infected file is 257.344 Bytes.
After desinfection with the old V4.4: the virus code is removed, the size is back to 200.000 Bytes again.
After desinfection with the V5: the appending virus code was overwritten with the last 57344 Bytes of the clean exe file, the size of the desinfected exe is 257.344 Bytes. The bytes from #142.657 to #200.000 are identical to the ones from #200.001 to #257.344.
The file works, the virus is removed, but the file isn't isn't in the original condition.
Kind Regards
Carlo Tiedemann
#6
Отправлено 18 Январь 2009 - 20:44
<br /><br /><br /><br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />
I have no infected file atm, but I'll try to reget one again.
#7
Отправлено 18 Январь 2009 - 20:46
<br /><br /><br /><br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />
I have no infected file atm, but I'll try to reget one again.
have you files cured incorrectly?
#8
Отправлено 18 Январь 2009 - 20:59
<br /><br /><br /><br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />
I have no infected file atm, but I'll try to reget one again.
have you files cured incorrectly?
Only one, I'd deleted the rest
#9
Отправлено 18 Январь 2009 - 23:00
<br /><br /><br /><br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />
I have no infected file atm, but I'll try to reget one again.
have you files cured incorrectly?
Only one, I'd deleted the rest
well, maybe you can send it to viruslab - http://vms.drweb.com/sendvirus - category 'request for curing' and, please, post your comment about incorrect size.
#10
Отправлено 19 Январь 2009 - 07:25
Regards
Carlo Tiedemann
#11
Отправлено 19 Январь 2009 - 19:23
Send an archive with the original, the Polipos infected and the cured file + comment to the support.
thank you, the problem has been reproduced. the fix is comming soon.
Читают тему: 1
0 пользователей, 1 гостей, 0 скрытых