Main Area and Open Discussion > General Software Discussion

I'm tired of being told.

<< < (5/7) > >>

sajman99:
Bamse, no problem mate. I was just mentioning Hitman Pro as a new malware tool to generate discussion, not trying to make a recommendation for some wonder tool. Other posters seem to have broadly interpreted this thread so I figured what the heck. 

Thanks for throwing some malware at Hitman Pro and giving your impressions. Seems too early to tell if it will evolve into a reliable on-demand scanner. I tested with Early Warning Scoring (EWS) enabled, and it scanned about 15,500 files in just under 2 minutes--great speed. But I agree it's hard to know precisely what this "behavioral scanner" is actually scanning (versus a more conventional signature-based scanner). It didn't detect anything on my system, but that wasn't surprising and it's hard for me to draw conclusions.

I definitely agree the lack of quarantine is a major flaw. Hitman Pro may still be in its early stages of development, but I'm not ready to fully trust any malware scanner without a quarantine option. If they add quarantine and continue to improve it over the next year or so, I could see myself adding it to MBAM, SAS, and a-squared(btw--likely to dump this one due to huge signature updates) for occasional checkups.

Innuendo:
a-squared(btw--likely to dump this one due to huge signature updates)-sajman99 (October 04, 2009, 02:49 PM)
--- End quote ---

Just installed A-Squared Free the other day and was shocked. 52MB download for the program and then a 60+MB download for the signatures. Holy crap!

Lashiec:
Just installed A-Squared Free the other day and was shocked. 52MB download for the program and then a 60+MB download for the signatures. Holy crap!
-Innuendo (October 04, 2009, 03:12 PM)
--- End quote ---

Plus if you don't update it often, you have to download a fresh signature package next time you do it. Extremely clever app.

Bamse:
Try Kaspersky  8) I did some more testing with a fresh infection which should be a nasty one "zeus/wsnpoem v2" - google it! Was a sad experience. Dr. Web Cureit found download and fixed hosts file, Norman Malware Scanner found download, Kaspersky Virus Removal Tool found download, Avast found download. None noticed it was already installed and running. Hitman found 1 of the infected files but it is recreated at boot. ESETs brilliant online scanner zero, Trend Micro scanner zero, Nortons zero. Could not test MSE since this Virtualbox Windows seems to have problems getting activated... I knew they would use MSE for extended check. So I fired up Malwarebytes - all detected, all removed/repaired. Got infected again, this time SuperAntiSpyware removed all except quite a few registry entries. Last ComboFix, did a 100% job except a few registry entries (I think). Problem is I can do this again with another type of infection and then may be Normans tool is the only one to offer any help. Toolbox must be huge. Good idea to always start with Malwarebytes and SuperAntiSpyware.

A2 Squared is pretty good, ugly and slow but massive database - I forgot to test that one. Be careful with FPs, expect tons. Malwarebytes is so great when it recognize stuff but price to pay is smaller view on the world of infections.

Malwarebytes perfect cleanup SpoilerMalwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3

10/4/2009 7:40:10 PM
mbam-log-2009-10-04 (19-40-10).txt

Scan type: Quick Scan
Objects scanned: 83001
Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

sajman99:
I've really liked a-squared (free version) for at least the last few years, but "holy crap" is exactly my reaction of late. While I realize you're supposed to update often to avoid large sig packages, who can remember to do that? I have an irregular work schedule, and I always forget despite best intentions. :-[ Life is too darn short to spend all your time updating security apps.

Bamse, unfortunately you are correct about the false postives with a-squared. Still though-I've really like it until this update avalanche lately.

Navigation

[0] Message Index

[#] Next page

[*] Previous page