Data Loss Prevention

Expand all | Collapse all

FUD(Fully UnDetectable) virus.

Jump to Best Answer
  • 1.  FUD(Fully UnDetectable) virus.

    Broadcom Employee
    Posted 08-21-2012 02:25 PM

    why antivirus cannot detect virus which is created in crypter? crypter makes virus FUD(Fully UnDetectable). is there any solution for this?



  • 2.  RE: FUD(Fully UnDetectable) virus.

    Broadcom Employee
    Posted 08-23-2012 03:40 PM

     

    FUD means fully Undetectable or no anti virus detect. Fud crypters can be used to Encrypt Viruses, Rat, keyloggers, some spywares tools. Exact means hide virus from av. cypter simply assign hidden values to each individual code within source code. thus, the source code becomes hidden. so your victim can not understand that its virus(fud).

    Anti virus work on signatures base. Anti virus has virus definitions, signatures stored in its database. when scaning a file, anti-virus searches for these virus definitions or signatures in a file and if its finds these signatures in file, anti virus alert file as virus otherwise no virus.

    If you are trying to crypt virus using publicaly known available crypter. They are detected by anti virus. crypter remain FUD for 1 week after, their publc relese.

    you dont use free crypter because they are public relese. you can use licence versions crypter or build your own crypter.

     

     

     



  • 3.  RE: FUD(Fully UnDetectable) virus.

    Broadcom Employee
    Posted 08-23-2012 04:37 PM

    I think this needs to be moved out of this DLP based thread into the SEP threads.



  • 4.  RE: FUD(Fully UnDetectable) virus.
    Best Answer

    Broadcom Employee
    Posted 08-23-2012 08:41 PM

     

    win32 cryptor virus symantec

    http://www.symantec.com/security_response/writeup.jsp?docid=2004-051715-4324-99&tabid=3

     

    Is your system infected? Symantec tools to help clear an infection

    https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

    Hello,

    Yes, you could Either Run the Power Eraser utility OR Symantec Endpoint Recovery Tool.

    1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

    2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool.  The tool is free, so there is no need for a Fileconnect account to download the software.

     



  • 5.  RE: FUD(Fully UnDetectable) virus.

    Broadcom Employee
    Posted 08-24-2012 12:31 AM

    this is also why you should consider whitelisting applications only approved to run ont he machine. Flamer and stuxnet would not of infected machines with application whitelisting turned on. Ashish stated SERT may be the way to go or a boot cd/resuce disk  from norton may be the better option, The boot cd works by loading this into memory and scans the OS befoer it gets a chance to load,