Have a read here:
http://forum.sysinternals.com/forum_posts.asp?TID=21226
Sigh ...
I suppose new heuristics will produce false positive until worked on but Avira I've found always generate a lot - but as long as they're catching they have good scores eh.
Originally posted by ntunldr
Smallest trojan
So called "heuristics" checks Import table and if LdrLoadDll || LdrGetProcedureAddress found then -> TR/Dropper.Generic found!
And another funny detection DR/Delphi.Gen [dropper]
LolCode:var dll: THANDLE; p1: pointer; begin dll := LoadLibraryW('wininet.dll'); if (dll <> 0) then begin p1 := GetProcAddress(dll, 'InternetSilentTrojanDownloadW'); if (p1 <> nil) then; DbgPrint('RUSTOCK'); LdrUnloadDll(dll); end; end.
Bookmarks