Archives Flagged, Extracted Files Are Not - Possible Reasons?

I have had *.exe archives flagged as trojans that when I extracted the files contained and scanned them, the files were not flagged. I have the depth of recursion set to 0 (i.e., infinity). The total size of the files and the size of the *.exe files were always very close so if something was hiding in the exe that wasn't extractable it couldn't be very big. And the extraction program didn't report any irregularities. I've scanned the same archives and extracted files with clamscan and avast as well and they don't see anything problematic. Are these types of events likely false positives?

Is the quantative aspect of my reasoning sound or is iit possible for a *.exe to have some innocent files archived in it and ALSO some short but still nasty code?

I'm assuming that if Bitdefender was just unable to extract an archive and flagged it on the general principle that archives it can't extract might be hiding something nasty it would give an error message saying so but whenever I've seen this I think it was always flagged as a trojan.

I'm tempted to check out files like that in a virtual machine. If anyone knows of a good article on using a vm safely to test suspected programs I would be interested.

Find more posts tagged with

Comments

csalgau

Would it be possible for you to upload and provide a link to the archive in question? (over PM, if you're concerned about posting it on the forums)

rootkit

Hi and welcome to our forums.

Please pack that file in archive with the password infected and send me a PM with it.

If the file is too big to attach it, upload it on

http://www.sendspace.com

http://www.mediafire.com

and send me a PM with the download link.

We will analyze the information you sent and then reply with a possible solution in the shortest time.

Have a nice day.

rootkit

Hello

The file is a keygen, no detection will be added.

File example_rar declared IGNORE

Take care.