Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Malware In Archives

Options
graciliano
graciliano
edited September 2014 in Bitdefender antivirus free edition

Classification


After reading comments that conflicted with my understanding, I tested how Bitdefender Antivirus Free Edition handles the detection of malware within unencrypted archives. For this test I made achives with different formats* each containing two (2) files:

  • KILLCMOS.EXE (Bitdefender® identifies** it as Trojan.KillCMOS.C .)
  • KILLCMOS.NFO (Safe. This is the companion information file in the distribution of KillCMOS.)
After I scanned the folder containing all archives I partitioned the formats into three (3) categories:
  1. Quarantined archives formats, which were quarantined as a whole:
    • 7Z (.7z)
    • Self-Extracting 7Z (.7z.exe)
    • WIM (.wim)
    • XZ (.tar.xz)
  2. Disinfected archives formats, which had KILLCMOS.EXE deleted from them:
    • BZip2 (.tar.bz2)
    • GZip (.tar.gz)
    • TAR (.tar)
    • Split TAR (.tar.001)
    • ZIP (.zip)
  3. Undetected archives formats, which miss any detection:
    • ARC (.arc)
    • Self-Extracting ARC (.arc.exe)
    • PAQ (.paq8o)
    • PEA (.pea)
    • QUAD/BALZ (.tar.balz)
These results did not seem to be affected if changed the file extension, e.g., changing .zip to .txt in the name of an achive made no difference in the detection and deletion of KILLCMOS.EXE within that archive. However it is not entirely clear to me this classification is set in stone.


Unexpected Behavior


I have to say that these detections only occurred when I scanned the folder containing the archives. Before scanning, I was able to open the archives without any warning or action from Bitdefender Antivirus Free Edition.


As a final note I must state that at some point of playing with the KILLCMOS.EXE file, it seemed it was not being detected properly anymore, as if some invisible exclusion rule was set by Bitdefender Antivirus Free Edition. So, files labeled malware are not toys... if you play with fire you might get burned.


______________


*I could not cover all archive formats, e.g, I made no RAR archive (.rar).


**This file is considered safe and a useful tool by some.

All Time Leaders

Categories

Defenders of the month