did you create log/report files for each AV, especially Kaspersky 2018 scan? i'm curious to see which ones were missed and detected. also if I have them in my collection. Can you send me the log/report file?

Masaw wrote on 2025-07-24, 00:18:

did you create log/report files for each AV, especially Kaspersky 2018 scan? i'm curious to see which ones were missed and detected. also if I have them in my collection. Can you send me the log/report file?

Hi, sorry I didn't create log files for AVs during testing. The results in the table were only for scan detection. But I can tell you what was left undetected and some other technical info about the samples for Kaspersky 2018 (and other if you would like to).

Undetected scan samples:
Sality samples: one stealthily infected google chrome installer (most didn't pick this one up, tbh I think this one has only some code of sality inside that isn't "harmful" but still enough to get detected)
Trojan getdwonloader (aka WMAWimad): all
Adwgen: missed "Bearshare" installer
Bolzano-S: these are files which AVG reported infected from "SDISK2.IMG" file. Unsure what those are since the file inside the IMG looks to be an ELF executable (and I suck at linux)

Undetected real time detection samples:
Same sality infected chrome installer
Bearshare adware installer

regarding the Sality infected files, it's possible these files could contain only traces or part of the virus that was not completly removed or the file was corrupted when it was disinfected rendering the file non-executable.
That Adwgen is a "not-a-virus" it's a PUA (possible unwanted app), there is an option for kaspersky to be able to detect these kind of files otherwise if that option is not set it will not scan for it.
That Bolzano-S infected file could be a text or script (script.ini) file created by the virus to spread but not the actual virus, since this virus was written during the time when mIRC was still a popular chat client

Masaw wrote on 2025-07-24, 10:32:

regarding the Sality infected files, it's possible these files could contain only traces or part of the virus that was not completly removed or the file was corrupted when it was disinfected rendering the file non-executable.
That Adwgen is a "not-a-virus" it's a PUA (possible unwanted app), there is an option for kaspersky to be able to detect these kind of files otherwise if that option is not set it will not scan for it.
That Bolzano-S infected file could be a text or script (script.ini) file created by the virus to spread but not the actual virus, since this virus was written during the time when mIRC was still a popular chat client

By "...when it was disinfected rendering the file non-executable" you mean the virus code or the chrome installer? The installer is operational in some way but since it's the online and not offline installer, I won't connect it to my network.
Adwgen (adware generic) is infact an PUP, but it was only one sample that was undetected (Bearshare) while an torrent installer was blocked. Highly unlikely the PUP/PUA detection was off.
Bolzano-S files is one .data and one "pavlc) ELF executable (cannot run it on windows). As for the .INI files, I had a few "autorun" ini files which were detected as vbs malware generic (they all point to some random file I never saw).

Since these tests were done on low end hardware, one must account for lack of resources leading to misses.