avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 24, 2018, 06:10 AM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: A few viruses, trojans & a rootkit or 2  (Read 2780 times)


  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 43
    • View Profile
    • Donate to Member
A few viruses, trojans & a rootkit or 2
« on: April 14, 2007, 02:27 AM »
I'm wondering if it's past due my time to switch AV's.

I am currently using KAV within ZAPS7(Zone Alarm Suite 7). I have decided that I'm not happy with ZAPS's AV counterpoints resource usage.
KAV's stand alone is far better on resource usage and has already gained my the close yet distant past.
After reading an article http://techsupportal...ecurity_scanners.htm by Gizmo, I find myself wondering if Nod32 is worth a shot.

That was a few days ago. I have since installed Nod32 on Vista with a pre-existing install of KAV. I also have Nod32 now installed in XPwith ZAPS KAV shutdown and plan on getting KAV stand alone app on XP too, once again.

So far my initial findings are...
Nod32 uses double the memory under XP then it does under Vista.
Nod32 and KAV can co-exist within Vista & XP
KAV has a better/user freindly GUI
Nod32 has more options
KAV and NOD32 roughly use the same mem under Vista
It is possible to run 'em in tandem even including with ZAPS7 form.(heavily not recommended...but possible)

My initial findings, give me knowledge that I can safely test both KAV and Nod32 under Vista and XP separately and together without the sinking feeling of possibly losing boot.

Whoosh! TYG that I got past that first hurdle :)

Now that I am already to go and if I didn't lose your interest yet, I'm stuck on what AV to fully trust.

The only baddie I could find on-board here was a "legit" keylogger, to test both AV's on.

While under Vista, KAV happily told me about the keylogger while it was in it's uninstalled installer form.

I told KAV to leave it alone...repeatedly.

I installed Nod32, told KAV not to start on boot then rebooted.

Nod32 started up(KAV didn't initiate) and all was fine. I updated Nod32's defs and went to scan the keylogger that KAV had found...Nod32 said it was a harmless installer.

With Nod32 still running I then fired up KAV. Again KAV started popping up uninitiated warnings about the keylogger installer.

The KeyLogger is XT SPY(XTS).

I imitated a scan with Nod32 and still get no warning.

I then installed the XT SPY keylogger with both Nod32 & KAV on-access running in tandem.

Neither, Nod32 or KAV complained while XTS installed. The same goes after XTS was fully installed and working beautifully on recording every key stroke I made.  :(

I rebooted into Vista a few more times...with Nod32 on and KAV off then the other way around.

Nod32 never seen the Keylogger, KAV did see it's installer but not after I installed it!?!

So now I wish test both KAV & NOD32 more throughly to reach my own conclusion on which AV will gain the most of my trust.

Read the above sentence again.....yeap I will never ever trust just one product fully. However, I will trust one over another.

Oh and BTW! NewsFlash! WinDefender nor Vista ever complained about XTS and it installed beautifully while I was in Vista...harr...harrr.

I need some baddies to test to figure out which AV will earn my trust.

Any baddies will do.

You can up them to any filesharing link or PM me for my email addy.

I will happily post my findings in return.

Nod32 vs KAV under XP Pro SP2 & Vista Ultimate
Dell 4600 Beefed
2.8g HT cpu
256 geforce
1.55g ram
XP SP2 IE 6(tweaked to the max)
Vista Ult retail(fresh install)


  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 269
    • View Profile
    • Donate to Member
Re: A few viruses, trojans & a rootkit or 2
« Reply #1 on: April 14, 2007, 05:21 AM »
Well you are doing it all wrong. Leave it to experts to test - all of which will shake head at your testing conditions. 1 miss or 1 hit dont make a perfect AV. They all have several of both.

Since you have 2 options you also have 2 programs to research. So do that. Will also tell you if it really is possible to make nod32 and Kav co-exist. Dont feel too sure just because there is no bsod. After 5 minutes you find out both are "highly recommended" - then you are supposed to install and test for your self. Now it is down to GUI and feelings ;) Take a look at AV-Comparatives and perhaps Wilders Security forums - though that can be bit too chatty at times. As I understand it AV-Comparatives is all about trust worthy testing environments (lack of same from just about every other test) - opposite them you have 1 sample and judge accordingly. Cant really go wrong since you have 2 of the best products but dont think you are testing... They also say over and over that there is much more to an AV than rigid numbers. How does it desinfect for example, options, customization, updates, resource usage etc. etc.

Not sure what Zonealarm product you have but I recently read their suits with all the goodies will receive updated Kaspersky code - very fast because the 2 companies should be more connected than is apparent. Money wize that is. Check out Zonealarm site and Kaspersky, probably best info at their user forums. Pretty good deal for the price, almost a bargain, but of course no use if it hogs whole computer. The real Kaspersky is not light by default that is for sure. Can be made to - if you make it work like Avira for example ;) Most is optional. Basic AV actions seems fast enough, all the extras especially Proactive stuff is very much active. Occasionally you feel it, have to work with excluded masks and trusted apps no matter tears. I dont know how much you can fiddle with Zonealarms version. I cant really see mini-Kaspersky being too heavy when you are happy with the big one? Cant be or you have run into a bug or whatever which will be fixed. Zonealarms KAV do get the very same updates as the real one Ive read so if you have paid license already may be try to work more with the suite instead of dumping it prematurely. I dont know it but assuming they have not messed up there is good value for monney - for those who need all included in the suite.

I just paid for 2 years license of Kaspersky but checked out trial versions of that and NOD32 first. Had no doubt what to get. Current detection I dont value that highly really. Overall they are both great. Paid more attention to GUI, options, support, general feel (probably the most important) - and a little bit to the beta in works. Nod32 is crap with GUI, Kaspersky almost elegant - just messed up here and there, until you read help files, heh. Can see the point in getting Avira and just forget about. Who needs popups of code injections? Kaspersky is almost a life commitment - but I guess security is so much better? ;)