ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Windows Security Essentials

<< < (18/28) > >>

IainB:
Thanks for the feedback on my post.
@f0dder: I went to M/soft virus Encyclopedia and looked at those "viruses" detected by MSE. None of them seemed to be false positives, though they were not too nasty-looking.
e.g. http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanClicker%3AWin32%2FYabector.gen&ThreatID=-2147338578

As @Bamse ponted out - "without user consent" would be the trigger, or "Potentially harmful or otherwise unwanted" as I think M/soft describe it.

Mind you "unwanted" could include Adware, M/soft Windows Genuine Advantage and all those annoying and unnecessary plugins (e.g., DRM and Windows Media Player plugins) that M/soft has been quietly forcing into Firefox without telling you, every time you run Windows Update. One of those plugins Mozilla now blocks as it introduces a security risk and destabilises Firefox performance.    :P

@Bamse: Thanks for the advice - I have taken it and have changed the default actions in MSE to "Quarantine" from "Recommended" and unticked the box beneath for "apply recommended actions:...".

@Innuendo: I had not known of VirusTotal before now, thankyou. I shall use that in future now that I have set MSE actions all to "Quarantine". Actually, the file containing one of the viruses (I forget which one) found by MSE was uploaded to M/soft - the program requested permission to do so first, and I gave it. I also sent an email to the author of Unlocker with a snapshot of the MSE details screen describing the Trojan that MSE had found in the Unlocker install file.

I generally mistrust M/soft as they are a perfect example of a corporate psychopath (per the film "The Corporation") and I therefore use their software with well-advised caution. I try to control that software by, for example, stopping it from "phoning home" in ZoneAlarm. When you see how M/soft have forced those Firefox plugins on you, it speaks volumes about their motivation and shows their deliberate intention to put their needs/desires first and their often crass disregard for the needs of the customer/victim.   ;D

Innuendo:
Thanks for the feedback on my post.
@f0dder: I went to M/soft virus Encyclopedia and looked at those "viruses" detected by MSE. None of them seemed to be false positives, though they were not too nasty-looking.-IainB (October 18, 2009, 05:22 PM)
--- End quote ---

I think F0dder's point wasn't how nasty-looking they were but MSE might have though the virus code was in those files when in reality there might have been nothing there. Every AV program has a false detection like that once in a while. Nobody & nothing is perfect, after all...

Bamse:
That is true http://www.virustotal.com/analisis/83f5ea1856d2de0229b30224c4649051662c120320f299225c29e30af6cda647-1255977409

4 hours later perfect again http://www.virustotal.com/analisis/83f5ea1856d2de0229b30224c4649051662c120320f299225c29e30af6cda647-1256013326

IainB:
@Innuendo:
Yes, I wish Iain had uploaded the files to VirusTotal before deleting them, but I can totally understand his "get these files off my PC *NOW*!" reaction.

--- End quote ---
Anything to oblige!  :)  As it is a long weekend here in NZ and because I am very curious about such things, I took the time to search out those infected files from my backup drive and then run them through MSE and submit them to Total Response as you had suggested.

There were 5 viruses detected by MSE:

* 1. BrowserModifier Win32-Hijacker.A in file ico_printui0008.ico ("removed" by MSE).
* 2. TrojanDownloader-ASX-Wimad.BD in a partially donloaded Frostwire file T-3410427-connected barbie.mp3 (virus in ASF_Script_Commands)  ("removed" by MSE).
* 3. TrojanClicker:Win32/Yabector.gen and TrojanClicker:Win32/Yabector.A in 2 separately obtained copies of file unlocker1.8.7.exe (quarantined by MSE).
* 4. VirTool:Win32/Obfuscator.XY in file FreeskyVideotoMPEG.exe (quarantined by MSE)
* 5. Trojan:JS/Loop in filr 1stpage2.zip (quarantined by MSE).
I was unable to locate backup copies of infected files Nos. 1 and 2, but I did have Nos. 3, 4 and 5, and I have detailed them below:

3. My copy of MSE detected TrojanClicker:Win32/Yabector.gen in my Archive copy of File unlocker1.8.7.exe
Virus Total report:
File unlocker1.8.7.exe was already a known file, received on 2009.10.24 22:11:12 (UTC)
Result: 4/41 (9.76%)
Microsoft 1.5202    2009.10.24    TrojanClicker:Win32/Yabector.gen
NOD32    4539       2009.10.24    a variant of Win32/Adware.ADON
Prevx    3.0       2009.10.25    Medium Risk Malware
VirusBuster 4.6.5.0    2009.10.24    Trojan.CL.Yabector.C

This file was downloaded from http://ccollomb.free.fr/unlocker/unlocker1.8.7.exe
When I downloaded a fresh copy of the same file from the same location, my copy of MSE detected TrojanClicker:Win32/Yabector.A
Virus Total report:
File unlocker1.8.7.exe received on 2009.10.25 06:19:07 (UTC)
Result: 5/41 (12.2%)
Ikarus   T3.1.1.72.0   2009.10.25   Trojan-Clicker.Win32.Yabector
Microsoft 1.5202   2009.10.25   TrojanClicker:Win32/Yabector.A
NOD32 4539      2009.10.24   a variant of Win32/Adware.ADON
Prevx   3.0      2009.10.25   Medium Risk Malware
Sunbelt   3.2.1858.2   2009.10.24   Trojan.Win32.Generic!BT

Firefox did not block or give any cautions for http://ccollomb.free.fr/unlocker/
_____________________________________

4. My copy of MSE detected: VirTool:Win32/Obfuscator.XY in file FreeskyVideotoMPEG.exe
Virus Total report:
File FreeskyVideotoMPEG.exe received on 2009.10.24 22:03:46 (UTC)
Result: 2/41 (4.88%)
Kaspersky   7.0.0.125   2009.10.24   Packed.Win32.Black.d
Microsoft   1.5202      2009.10.24   VirTool:Win32/Obfuscator.XY

This file was downloaded from www.freeskyvideo.com.
When I browsed to the FreeskyVideotoMPEG link, Firefox blocked www.freeskyvideo.com and told me it is a "reported attack site".
_____________________________________
5. My copy of MSE detected: Trojan:JS/Loop in filr 1stpage2.zip
Virus Total report:
File 1stpage2.zip was already a known file, received on 2009.08.22 12:13:58 (UTC)
Result: 5/41 (12.20%)
Contained viruses:
BitDefender    7.2    2009.08.22    JS.Trojan.Winbomb.F
F-Prot    4.4.4.56    2009.08.21    File is damaged
GData    19       2009.08.22    JS.Trojan.Winbomb.F
Microsoft    1.4903    2009.08.22    Trojan:JS/Loop
Panda    10.0.0.14    2009.08.22    Generic Trojan

This file was downloaded from http://www.evrsoft.com and is for setting up a program called "1st Page 2000".
Currently, this file is advertised as being available from http://www.evrsoft.com, but neither the download function nor any mirrors seem to work for that file.
Firefox did not block or give any cautions for http://www.evrsoft.com.
_____________________________________

Hope this information helps or is of use. I think it shows that MSE seems to be doing its job quite well.

Innuendo:
I think it shows that MSE seems to be doing its job quite well.-IainB (October 25, 2009, 02:22 AM)
--- End quote ---

Microsoft has already started beta-testing the next version & already has a new version out to testers. It appears they are very serious about improving MSE. I can't wait to see how the next release performs.

EDIT: Oh! And thanks for digging out those files for us, Iain. I know that had to be a pain to do.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version