Hi, i just run dr web cure it. a few question

1. does it scans your whole hard drive? and it if it does it way fast IMO took like 3minutes
2. it found paperport by scansoft possible dloader.trojan how can i send it to them as fp?

3. im glad all it found was an FP IMO.

I can see why people recommend using it thou with its fast scanning.


thanks in advance
lodore

-{ Quote: "Hi, i just run dr web cure it. a few question

1. does it scans your whole hard drive? and it if it does it way fast IMO took like 3minutes
2. it found paperport by scansoft possible dloader.trojan how can i send it to them as fp?

3. im glad all it found was an FP IMO.

I can see why people recommend using it thou with its fast scanning.


thanks in advance
lodore" }-

The first scan is for processes in memory, then you have to select the drive you want scanned for a complete hard drive scan. The complete hard drive scan will take longer than 3 minutes. Select from the drive tree in above window on the GUI. They have a link on their website for submitting samples.

-{ Quote: "The first scan is for processes in memory, then you have to select the drive you want scanned for a complete hard drive scan. The complete hard drive scan will take longer than 3 minutes. Select from the drive tree in above window on the GUI. They have a link on their website for submitting samples." }-


thanks I only did the memory scan IMO.

You will quickly find out that it is in fact the slowest scanner around, very nice of Dr Web to make it though, very handy from a USB when you're cleaning an infected pc for a friend.:)

-{ Quote: "You will quickly find out that it is in fact the slowest scanner around, very nice of Dr Web to make it though, very handy from a USB when you're cleaning an infected pc for a friend.:)" }-


I thought dr web's scanner was fast?
or is it just that there cure it version isnt?

lodore

CureIt utility is the same scanner as used by Dr.Web antivirus.

-{ Quote: "CureIt utility is the same scanner as used by Dr.Web antivirus." }-


oh so its just that the dr web scanner is really slow IMO. i thought it was a fast light scanner like nod32.

-{ Quote: "I thought dr web's scanner was fast?
or is it just that there cure it version isnt?

lodore" }-
No, it's the same whether you use cureit or the full product, i think you must have been thinking of the real-time monitor (which is light) instead of the scanner.:)

-{ Quote: "You will quickly find out that it is in fact the slowest scanner around, very nice of Dr Web to make it though" }-
Don, you obviously have not tried either TrustPort or VBA32 with thorough mode :P ;D

-{ Quote: "Don, you obviously have not tried either TrustPort or VBA32 with thorough mode :P ;D" }-
No, they are too exotic............even for me.;) ;D

-{ Quote: "Don, you obviously have not tried either TrustPort or VBA32 with thorough mode :P ;D" }-
The list of products which are slower than Dr.Web for on-demand scans in my experience:

Kaspersky (without iStreams/iChecker or iSwift)
Symantec
TrustPort
BitDefender

Dr.WEB is a bit slow in scanning, but version 5 should change that. We can already see that certain Dr.WEB clones were able to significantly increase the scan speed. :)

I always assumed that Dr Web cureit has exactly the same on-demand detection as the full version of Dr Web, but I have a file that's detected on jotti and virustotal as Trojan.dnschange for a couple of days but the latest download of cureit (downloaded a few minutes ago) does not detect this. I assume either Dr Web cureit does not have the same heuristics, or they do not update the cureit download as often as they update signatures for the main products. ???

Londonbeat

EDIT: It is detected on jotti/virustotal as trojan.dnschange, not trojan.popuper

-{ Quote: "I always assumed that Dr Web cureit has exactly the same on-demand detection as the full version of Dr Web, but I have a file that's detected on jotti and virustotal as Trojan.popuper for a couple of days but the latest download of cureit (downloaded a few minutes ago) does not detect this. I assume either Dr Web cureit does not have the same heuristics, or they do not update the cureit download as often as they update signatures for the main products. ???

Londonbeat" }-
Hmm...Would it be possible for you to check whether the database in CureIt is current?

Also, please check the Dr.Web engine version (drweb32.dll). Having an older version of the engine has affected Virus Chaser's detection rates in the past, and by first hand experience, this affects the Trojan.Popuper variant detections.

-{ Quote: "Hmm...Would it be possible for you to check whether the database in CureIt is current?

Also, please check the Dr.Web engine version (drweb32.dll). Having an older version of the engine has affected Virus Chaser's detection rates in the past, and by first hand experience, this affects the Trojan.Popuper variant detections." }-

In the "about" section of cureit it says the latest version of virus base is: 2006-11-18 (08:49) with 153810 records and status: ok.
The engine version is: 4.33.5.10110
The scanner version is: 4.33.2.10060

Londonbeat

-{ Quote: "I thought dr web's scanner was fast?
or is it just that there cure it version isnt?

lodore" }-

its 5 mins slower than f-secures, just to give you an idea of its scan speed.

Dr.Web CureIT can't scan compressed files(like Zip,RAR).

And a fews days ago, I saw that a kind of Worm/Brontok can be cured by Dr.Web4.33 on its official site. But When I use CureIt to scan files containing this virus, it can only delete it, but not cure it.

So I think CureIT is a function-restricted Edition fo Dr.Web. :)

i think delete it, is curing it.

if its a worm, then no other option than delete should be used.

ive always been impressed with Dr.Web, with its cheap and cheerful look, and with the cure it feature, you dont have to install it, just to run a scan, very cool idea.

for people just looking for an antivirus, welcome to Dr.Web ... or Nod32, i know their are other choices, but id choose between those 2 for just an antivirus, and with dr web being sooo cheap, id choose that :)

-{ Quote: "Don, you obviously have not tried either TrustPort or VBA32 with thorough mode :P ;D" }-
Right! VBA32 even on-access is killing my system:wacko: .

Dr.web is not that slow, it's medium fast IMO.

-{ Quote: "iive always been impressed with Dr.Web, with its cheap and cheerful look, and with the cure it feature, you dont have to install it, just to run a scan, very cool idea.

for people just looking for an antivirus, welcome to Dr.Web ... or Nod32, i know their are other choices, but id choose between those 2 for just an antivirus, and with dr web being sooo cheap, id choose that :)" }-

For me, Dr Web is appealing because it doesn't seem to be interested in making a profit as much as some other companies that make their product so ridiculiously expensive; Kaspersky. (hint hint!!). Even NOD32 has a student/military discount. As you said, Dr Web is cheap. But they also do not seem to place money above safety and security, else they would not have released CureIt, which is free. It is constantly updated too, which further shows that their motive it not the all mightly dollar. Right now it is not as good as it could be but...wait for version 5.

-{ Quote: "Dr.Web CureIT can't scan compressed files(like Zip,RAR).

And a fews days ago, I saw that a kind of Worm/Brontok can be cured by Dr.Web4.33 on its official site. But When I use CureIt to scan files containing this virus, it can only delete it, but not cure it.

So I think CureIT is a function-restricted Edition fo Dr.Web. :)" }-

Deleting it, is curing your computer from this infection.

-{ Quote: "Deleting it, is curing your computer from this infection." }-
Yep. In the Dr.Web engine the "cure" function is from the viewpoint of removing infection by all means. Therefore "curing" a trojan or worm means deleting the file. Only for viruses will the "cure" function leave the file intact after cleaning the virus code.

At least this is how it is in CureIT as well as Virus Chaser.