Bugtraq mailing list archives
Re: Bypass Virus Checking
From: pauls () UTDALLAS EDU (Paul L Schmehl)
Date: Tue, 8 Feb 2000 14:50:20 -0600
I doubt this would work. To introduce a virus into the system, it has to be loaded into memory as an active program, not just written to disk. As soon as the virus-infected file/program was launched (and thus became active), the A/V program should/would detect its presence and alert the user. The reason pagefile.sys and recycle bins are not normally included in default scanning is precisely because in_those_locations a virus is essentially benign. If one were to try to activate it, normal detection routines should discover its presence and remove it before any infection of files takes place. Furthermore, only pagefile.sys on specific drive letters is excluded from scanning. So your proposed technique of writing to a non-existant pagefile would be precisely the same as writing to disk, which is a detectable activity. --On 2/3/00, 11:12 PM -0500 "Eric D. Williams" <eric () INFOBRO COM> wrote:
Another stab with a little more clarity ---
Paul L. Schmehl, pauls () utdallas edu Technical Support Services Manager The University of Texas at Dallas
Current thread:
- Sprint PCS vulnerable to malicious tags, (continued)
- Sprint PCS vulnerable to malicious tags Paul Schreiber (Feb 04)
- Re: Bypass Virus Checking minus (Feb 03)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Re: Bypass Virus Checking Uwe Schurig (Feb 02)
- Re: Bypass Virus Checking Neil Bortnak (Feb 02)
- Re: Bypass Virus Checking Nick FitzGerald (Feb 03)
- Re: Bypass Virus Checking Winkelmann, Brian (Feb 02)
- Re: Bypass Virus Checking Kuo, Jimmy (Feb 02)
- Re: Bypass Virus Checking Eric D. Williams (Feb 03)
- Zeus Web Server: Null Terminated Strings Julian Midgley (Feb 08)
- Re: Bypass Virus Checking Paul L Schmehl (Feb 08)
- Re: Bypass Virus Checking David Harley (Feb 03)
- Re: Bypass Virus Checking Max Vision (Feb 04)