Can an A.V. become infected itself and then infect what it scans ?

I vaguely remember that a few years ago there was a virus/trojan/whatever which was able to infect an A.V. when it was scanned, and there-after whatever the A.V. scanned was also infected.

This could have been just a bad dream, but I think it was reality.
I would really appreciate being given relevant Google search terms or Virus and A.V. names.

I have encountered some-one who is confident that malware is unable to do harm whilst in a Restore Point, and the only danger is if the restore point is used to go back in time.

I do not share his confidence, and suspect that any A.V. scanner etc which scans the contents of a Restore Point is a possible carrier that might be corrupted.

I also believe that M.$ originally left gaping security holes in the API’s (or whatever) that handle Word *.DOC files and Adobe *.PDF files,
and see absolutely no reason to assume that they have done any better with other APIs etc.
When a new Disc Defragger is announced as being absolutely safe against data loss due to use of official APIs,
I hear a little voice asking if those official API’s could actually gain/distribute malware as they shift/shuffle the data in the Restore Points.

I would appreciate information and comments upon my thoughts and fears.
Is the danger minimal, or absolutely impossible because …

Alan

Can an A.V. become infected itself ?
Yes, In fact I have a nice collection that can do just that. It can infect and/or cripple just about every av and/or firewall out there. comodo and prevx seem to be that hardest to cripple (In my book).
I would really appreciate being given relevant Google search terms or Virus and A.V. names.
Search for "virus sality" "tdss" "mebroot"

As for Av names (like av’s that suck in general): Nortan and mcafee just sucks really bad, but there very good in marketing.
An example of that if you look around. —> A computer with nortan gets infected. Customer goes to nortan for help. Nortan wants a lot of money$$$$ to try to fix the damage that the virus caused that the customer payed in the first place to protect. (Weither it gets fixed or not) :-TD

I’ve never heard of an actual antivirus program becoming infected but I certainly haven’t seen it all. The AV should be AT MOST the secondary (or hopefully further back) line of defense. With a good firewall, which Comodo provides in spades, I really wouldn’t worry about it. :slight_smile:

Did you know this forum is infected - with spiders from Google ! ! !
I searched for
mebroot “virus sality”
and jay2007techr’s answer was top of the list, and this topic was timed at 1 hour ago.

I was very amused by the first result I visited :-
most of the screen gave removal instructions,
but top of the right hand advertisement column was the name we all cringe at - Norton ! ! !

Watasha - I am not worried for myself, but for others who do not know the risks.

jay2007tech - Thank you for that info - but I would like a little more.

What I would like is specific information upon a hazard I vaguely remember,
that a specific virus was able to co-opt as a distributor a (possibly specific) A.V.,
AND whatever the A.V. then scanned would also become infected
I would like specific name(s) for the virus, and also for any specially targeted A.V.

MY CONCERNS :-

I believe that copies of infected files can be preserved by System Restore,
and that if a vulnerable A.V. scans such a virus it will be infected regardless of what folder it was in.

If it is possible for the simple reading/scanning of a virus (either existing or future) to transfer infection elsewhere,
then perhapst a defragger or disc imager etc could also become a carrier of infection.
Typically the purveyors of defraggers etc are proud to announce that the data is shifted safely because they use the official M.$ API’s,
But I am concerned that M.$. *.DOC files spread infection with 100% M.$ code (no one else to blame)
and EVERY ADOBE and NON-ADOBE reader of *.PDF files has needed patching because they use M.$. API’s or whatever that, like all of Windows, was originally cobbled together with no regard for security against malware,
Therefore I assume that when a defragger etc. accesses data via an official M.$. API,
the result can be just as disastrous (or far more so) as when any Reader accesses a “infected” *.PDF.

I have encountered some-one who seems to hold the opinion that malware in the System Restore is totally harmless unless you tell System Restore to put the system back to the time when that malware was running free - before it was zapped and transferred to System Restore.

I disagree with him.
I accept that whilst the virus is in the R.P. it is unlikely to be active,
and only people with “dangerous” permissions access can actually see the virus in Windows Explorer,
but fear that when A.V. or defragger or whatever does access files within the R.P.
There is potential for the opening of “Pandora’s Box”

I do not wish to counter his opinion with mine - I want hard solid facts.

I enjoy extreme paranoia - especially when I was right and successfully anticipated and averted disaster.
Often the fear does not materialise - yet, but I can live with that.

Regards
Alan

but top of the right hand advertisement column was the name we all cringe at - Norton
Like I said nortan and mcafee is terrible, but they are good in marketing
I would like specific name(s) for the virus, and also for any specially targeted A.V.
I won't go into that, but I point to you a virus encyclopedia seeing how you like to learn more on this type of subject

(2 places, the second site is more detailed)
http://www.virus-encyclopedia.com/

I believe that copies of infected files can be preserved by System Restore,
If you clean a computer after it got infected, delete all the system restore points and create a new one
But I am concerned that M.$. *.DOC files spread infection with 100% M.$ code (no one else to blame)
With windows being far more popular than macs. There main reason why their the most targeted You can easily switch from microsft office to "open office" (it's open source)

Text files (.txt) are safe, but are not very business friendly

I have encountered some-one who seems to hold the opinion that malware in the System Restore is totally harmless
If a attacker can hide malware in system restore, what stops the attacker from creating a scipt to activate it <--- Poor coice of words, but you get the idea :)
I've never heard of an actual antivirus program becoming infected but I certainly haven't seen it all.
Some things are just best NOT experiencing >:-D

Enjoy >:-D

Thanks for those links. They should keep me busy !

Regards
Alan

We do not all cringe at the name Norton. Norton still is one of the best AV products available as all testing and review sites will tell you. I used Norton AV since 2000 and NIS from 2005-2009 without a single infection or problem of any kind. Many attempts at infection were detected but none got through. I also found it completely unobtrusive and extremely user friendly. I never experienced any of the supposed (and in my opinion mythical) system slowdown problems that so many have complained about. Norton is an excellent product. I only switched to Comodo because it was free. My system runs no better now than it did with NIS, in fact , probably worse because now I get interrupted by needless warnings and a malfunctioning and useless “sandbox” (which is now disabled) and have to sometimes jump through hoops to get my favorite games to work properly. If I was willing to pay the $50 a year, I’d go back to Norton in a heartbeat and feel perfectly safe in doing so.

I have heard of a lot of malware that can disable AV and other security programs, sometimes even making it appear that they were still working when they weren’t, but I have never heard of the AV being infected so that it infects other things while scanning.

This doesn’t seem odd to you? Symantec is made out to be the “big bad guy” alot I’ll agree, but disregarding the “big reviews” you will see that most users (in reviews) find Norton to be a resource hog, NOT user friendly, and why in God’s name have they not figured out a way for Windows to recognize the product? If you liked it then great, to each their own, but to throw out the “review” word…

Norton is not a resource hog… >:(

http://www.youtube.com/user/Bunyip783#p/u/9/uFMAmJHt6Bs

Sluuuuuugish…

Not saying it’s a bad product but this is the same as my experience with Norton. :wink:

i can’t be bothred watching a 10 minute video lol. I’ve used, and you can find in alot of places that norton 2009-2010 are nice suites.

You can’t find? Anyway, I don’t blame you about the vid. I just find it to be slow. I never said it wasn’t competent. :wink:

Watasha
I know what your saying, The fact is that it USED to be pretty damm bloated. Now they fixed the bloat for the most part.

NIS 2010 in my experience wasn’t much bigger than CIS from the task manager perspective. That being said, it SEEMED like the great white elephant of security apps. It just crawled.

I used every version of NIS from 2005 to 2009 and never experienced any slowdown or resource problems. I will say that the 2009 product used less resources than it’s predecessors, but the actual performance stayed the same for me and was just as good as CIS in that regard while being far more user friendly and far less obtrusive.

As far as the thing about Windows recognizing it, I have no idea what you mean. I never had any problem that way either. The only combination of security apps that I have noticed a system slowdown with (and it was minimal) was the PC Tools Firewall in combination with Avast! AV.

Whenever I have had Norton installed on a PC windows has never recognized it as an AV. The security center acted like it wasn’t even there and the little red emblem in the tray was always telling me that I had no AV installed. This may have changed but that’s how it was for me.

Really? That has never happened for me with any version of Windows or Norton. It has always been recognized by the security center with no problem.

Can we stop bashing norton as this topic is getting off base.
(please hold in your personal experiences for a topic of that purpose)