10 ответов в этой теме

[Carlo Tiedemann]

The old V4.4 versions removes virii like Polipos completely from the infected exe file, the new V5 version only overwrites the virus code with the last bytes from the clean exe. As a result the exe is desinfected (good!), but it isn't the same as before (Bad, this confuses other sercurity mechanisms like md5 hashes, simple length checkers etc).

Kind Regards
Carlo Tiedemann

[C.S.J]

The old V4.4 versions removes virii like Polipos completely from the infected exe file, the new V5 version only overwrites the virus code with the last bytes from the clean exe. As a result the exe is desinfected (good!), but it isn't the same as before (Bad, this confuses other sercurity mechanisms like md5 hashes, simple length checkers etc).

Kind Regards
Carlo Tiedemann

firstly, im not sure i understand your question,

v5 introduces better curing techniques in comparison to v4.44

whereas 4.44 might have just deleted the infection on certain files, V5 has a better ability/a greater chance to actually keep the file, but cure it from the infection, whilst hopefully leaving the file in proper working order.

isnt the same as before?... not sure what you mean here.



if you could post more information about your question, that would be helpful for everyone.

[pig]

Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).

[Eugeny Gladkih]

The old V4.4 versions removes virii like Polipos completely from the infected exe file, the new V5 version only overwrites the virus code with the last bytes from the clean exe. As a result the exe is desinfected (good!), but it isn't the same as before (Bad, this confuses other sercurity mechanisms like md5 hashes, simple length checkers etc).

could you say the virus name you speak of?

[Carlo Tiedemann]

Thanks for the qucik reaction.


An example: A clean exe file has a size of 200.000 Bytes. After infection with Polipos the size is incremented by 57344, overall size of the infected file is 257.344 Bytes.

After desinfection with the old V4.4: the virus code is removed, the size is back to 200.000 Bytes again.
After desinfection with the V5: the appending virus code was overwritten with the last 57344 Bytes of the clean exe file, the size of the desinfected exe is 257.344 Bytes. The bytes from #142.657 to #200.000 are identical to the ones from #200.001 to #257.344.

The file works, the virus is removed, but the file isn't isn't in the original condition.

Kind Regards
Carlo Tiedemann

[Carlo Tiedemann]

<br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />

<br /><br /><br />

I have no infected file atm, but I'll try to reget one again.

[Eugeny Gladkih]

<br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />

<br /><br /><br />

I have no infected file atm, but I'll try to reget one again.

have you files cured incorrectly?

[Carlo Tiedemann]

<br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />

<br /><br /><br />

I have no infected file atm, but I'll try to reget one again.

have you files cured incorrectly?

Only one, I'd deleted the rest

[Eugeny Gladkih]

<br />Some file viruses cannot be cured perfectly correct beacuse of incorrect infection method. Please contact suport service and send them infected file(s) and incorrectly cured one(s) (te same file(s) before and after curing).<br />

<br /><br /><br />

I have no infected file atm, but I'll try to reget one again.

have you files cured incorrectly?

Only one, I'd deleted the rest

well, maybe you can send it to viruslab - http://vms.drweb.com/sendvirus - category 'request for curing' and, please, post your comment about incorrect size.

[Carlo Tiedemann]

Send an archive with the original, the Polipos infected and the cured file + comment to the support.

Regards
Carlo Tiedemann

[Eugeny Gladkih]

Send an archive with the original, the Polipos infected and the cured file + comment to the support.

thank you, the problem has been reproduced. the fix is comming soon.