Sign in to follow this  
malware1

Bug

Recommended Posts

Emsisoft Anti-Malware - wersja 8.1

Ostatnia aktualizacja: 2013-12-20 13:25:30

Nazwa użytkownika: OS\User

Ustawienia skanera:

Typ skanu: Użytkownika

Obiekty: C:\Users\User\Documents\2\2013-12-20\Nowy folder\invoiceord‮fdp.exe

Wykrywanie PNP: Włączone

Skanowanie plików skompresowanych: Włączone

Skanowanie ADS: Włączone

Filtr rozszerzeń plików: Wyłączone

Zaawansowana pamięć podręczna: Włączone

Dezpośredni dostęp do dysku: Wyłączone

Skanowanie uruchomiono:    2013-12-20 13:32:01

C:\Users\User\Documents\2\2013-12-20\Nowy folder\invoiceord‮fdp.exe     Wykryto: EICAR-Test-File (not a virus) (B)

Przeskanowano:    1

Wykryto:    1

Koniec skanu:    2013-12-20 13:32:01

Skan trwał:    0:00:00

 

 

This happens if I try to scan a file with the Unicode Right-to-Left trick (RLO):

http://blog.malwarebytes.org/intelligence/2013/07/bi-directional-trickery-%E2%95%AF%E2%96%A1%E2%95%AF%EF%B8%B5-o%D7%9F%C9%B9/

 

I've attached Eicar test file with this trick for testing.

Share this post


Link to post
Share on other sites

The log looks fine to me, but that's probably because I am using Notepad++:

Edit: Actually, now that I look at it, the extension is reversed. It says "exe.pdf" instead of "pdf.exe".

Share this post


Link to post
Share on other sites

Thanks for checking.

 

Please look at my log. "EICAR-Test-File (not a virus) (B)" is written backwards.

 

I've just opened the log in Notepad++, and you're right, it's shown correctly. Seems to be Notepad's fault.

 

If you can, open your log using Windows Notepad and try to select the detected malware path along with the threat name. You'll see something odd.

Share this post


Link to post
Share on other sites

That's just how Notepad handles the switch between LTR and RTL. I guarantee that it has been reported to Microsoft before and they didn't bother fixing it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.