Detection within Installation files

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

One kind of test of scanners that seems to be rare is that of their
ability to detect a variety of malware "within" install files.
Catching malware prior to installation is obviously a important

I used a list of rogue web sites:

to steer me to a number of installation files. Below are just three
results of AV scanning using KAV:
Install file: KDM-Setup.EXE
Trojan-Downloader.Win32.Small.asf     data004
AdWare.Win32.WebHancer.351           whAgent.exe
AdWare.WebHancer                              whInstaller.exe



Install file: mp3ms.exe
AdWare.Win32.NewDotNet                  WISEOO24.BIN
Server-Proxy.Win32.MarketScore.k     WISE0025.BIN                WISE0026.BIN
Install File: kazaap-3.6.exe
Adware.Win32.MediaBack                   data002
Trojan-Clicker.Win32.VB.dn                 data003
Trojan-Downloader.Win32.Agant.jt    data005
Notice the variety of Trojans and Adware in every install file.

One of the deficiencies of many or most spyware/adware/Trojan scanners
is their inability to scan "within" install files and act as a
preventative. One approach would be to upload install files to Virus
Total. That would only be viable if the file size is small enough. If
you have low upload speed, and/or the server is maxing out, this
approach could be painful :)

Having several free on-demand antivirus scanners on hand is another
approach. The best preventative though is to only download and install
known reputable software from trusted sources.  

If your scanner, whatever kind, doesn't alert on at least the three
install files above, you are being short-changed. Demand of your
vendor that they learn to do a better job at preventative type of


Site Timeline