Webburners

A Technique Used by Antivirus Programes

Posted on 20. Dec, 2009 by admin in Tips & Tricks

A Technique Used by Antivirus Programes
In past when a virus was released it was detected by antivirus experts after 15-30 days. Till then virus had done enough damage to millions of users like “I love you worm”. Then antivirus experts started using a new technology.

In this technology , when a certain files does specious activity in computer, Av program does not perform any action and keep eye on that file. Next, when you update your antivirus these files are send to security experts of antivirus that you are using. Some time you have to submit that files manually by selecting those specious files and then clicking “Submit” (An option in Antivirus Program). Malware analysts analyze the file, if it is a virus then they make it’s signatures. By this a virus is caught with in 3-4 days and less damage is done.

Antivirus Using these Technique:-
May be some other antivirus vendors also use this technique but i know these.
Eset Nod32 (Threat Sense Engine)
Bitdefender 10
Norton Antivirus 2009

So A bad new for malware writers but to counter this many malware writers try to delete and disable Antivirus programs. A simple example is “Avkiller.Trojan”. Let discuss little bit more about this Trojan.
————————————————————–

Avkiller.Trojan is written in Delphi. It is usually UPX packed. The unpacked size is approximately 34 KB. It adds the value to start every time when PC Starts.

MSWindows C:\windows\spool16.exe

to the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

This Trojan horse also terminates antivirus programs and services; for example:
Zonealarm.exe
Zapro.exe
Vsmon
Minilog
Minilog.exe
Vsmon.exe
Svw3
Blackice
Blackd.exe
Blackice.exe
Nisum
Nisserv
Nisum.exe
Nisserv.exe
Nmain.exe
Iamapp.exe
Iamserv.exe
Frw.exe
Persfw.exe
Lockdown.exe
Lockdown2000.exe
Sphinx.exe
Nprotect.exe
Ndd32.exe
Smc.exe
Netutils.exe
Ldnetmon.exe
Portmonitor.exe
Connectionmonitor.exe
Cpd.exe
Defwatch.exe
Rtvscn95.exe
Vpc32.exe
Vptray.exe
Poproxy.exe
_Avp32.exe
_Avpcc.exe
_Avpm.exe
Avpcc.exe
Avpm.exe
Avp.exe
Nav Alert
Nav Auto-Protect
Navapw32.exe
Alertsvc.exe
Navapsvc.exe
Navlu32.exe
Navw32.exe
Sweepnet
Sweepsrv.Sys
Swnetsup.exe
Icload95.exe
Icmon.exe
Icsupp95.exe
Icloadnt.exe
Icsuppnt.exe
Iface.exe
Ants.exe
Anti-Trojan.exe
Wrctrl.exe
Wradmin.exe
Cleaner3.exe
Cleaner.exe
Tc.exe
Tca.exe
Tcm.exe
Moolive.exe
Mcshield
Avsynmgr
Mcshield.exe
Vshwin32.exe
Vsmain.exe
Scan32.exe
Scrscan.exe
Alogserv.exe
Vsecomr.exe
Webscanx.exe
Avconsol.exe
Vsstat.exe
Avxw.exe
Avxmonitornt.exe
Avxmonitor9x.exe
Avxquar.exe.exe
Amon9x.exe
Avgserv
Avgserv.exe
Avgw.exe
Avgcc32.exe
Iomon98.exe
Webtrap.exe
Pccwin98.exe
Pcciomon.exe
Pop3trap.exe
Tds-3.exe
Ss3edit.exe
Doors.exe
Jedi.exe
Monitor.exe
Rav7win.exe
Rav7.exe
Sweep95.exe
Mcagent.exe
Mcupdate.exe
Claw95.exe
Claw95cf.exe
Normist.exe
Nvc95.exe
Vet95.exe
Vettray.exe
Autodown.exe
Rescue.exe
Avkserv.exe
Ackwin32.exe
Dvp95.exe
Dvp95_0.exe
F-Agnt95.exe
F-Prot95.exe
Expert.exe
Fp-Win.exe
F-Stopw.exe
Vir-Help.exe
F-Prot.exe
Spyxx.exe
Atwatch.exe
Atupdater.exe
Atcon.exe
Pview95.exe
Wgfe95.exe
Avgctrl.exe
Ldpromenu.exe
Ldscan.exe
Generics.exe
Processmonitor.exe
Programauditor.exe
Avsynmgr.exe
Guard.exe
Tfak.exe
Luall.exe
Lucomserver.exe
Trjscan.exe
Regrun2.exe
Navapsvc
Symproxysvc.exe
Neowatchtray.exe
Netstat.exe
Regedit.exe
Regedit95.exe
egui.exe
So always practice a good Anti-Virus program to keep your PC safe from malwares before your PC get infected.