Maximize
Bookmark

VX Heavens

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

A brand new way to fool TBScan

Automag
Vlad [3]
February 1995

[Back to index] [Comments (0)]

Abstract

Today I worked on some features for Antipode: I wanted it to infect a file during a scan by AV software so I added the usual int 21h 3Dh (open) infection. It already infected the files under McAfee's SCAN so I added the 21h 6Ch (extended open) infection and F-PROT became a vector but I was surprised that TBSCAN didn't infect my test files (5 byte .COM just 3 NOPs and an int 20h). I took SoftICE and traced some code and was really surprised as TBSCAN didn't open any file in my directory!

[Read the article]

deenesitfrplruua