Hi,

Submitted 2 supect files to DrWeb this evening at 21.53 GMT

Dr Web responded at at 10.24pm GMT . Now that is a quick response

Viruses: Trojan.Proxy.3335, Trojan.Packed.189.

Thank you for the cooperation.

--
Yours sincerely,
Virus Monitoring Service Doctor Web Ltd.


I also found an origin detection over the weekend and submitted that. 5 mins later emailed back with exact detection added.


Seems like Dr Web are now adding virus defs really quickly. :thumb:

Keep up the good work Dr Web.

Cheers

Jlo

they have always added them quickly, but it really is.... hit or miss.

ive had samples get checked within a minute, and some not checked at all.

still, it has improved....

not bad for skeleton staff, as it is their christmas now, nice to see samples and updates are still arriving :D

Well I had exactly the same as your experience. Last year I ran Dr Web and found that somtimes samples added really quickly and sometimes it could be weeks. I would then open up a support case with the tracking and number and it would then get sorted.

Thats what drove me away from Dr Web. Still think its a great program but am using KIS with A-Squared and on laptop using NIS2009 with Prevx edge so have no need to another licence.

I also had a licence for Bitdefender but again there sample submission process took ages.

Another AV thats improving is Avast. They were slow to add samples but now I notice detection either the next day or day after in many cases.

Cheers

Jlo

I've had similar experiences, sometimes my samples are completely ignored or take very long and sometimes I get a response within an hour. False positives have been always quickly fixed, though.

Perhaps it's something related to traffic getting blocked/filtered at some point.

I have about 3 experiences and all had very long time... (weeks). One of then I showed the ticket here in WIlders months ago... but got no response...

-{ Quote: "Hi,

Submitted 2 supect files to DrWeb this evening at 21.53 GMT

Dr Web responded at at 10.24pm GMT . Now that is a quick response

Viruses: Trojan.Proxy.3335, Trojan.Packed.189.

Thank you for the cooperation.

--
Yours sincerely,
Virus Monitoring Service Doctor Web Ltd.


I also found an origin detection over the weekend and submitted that. 5 mins later emailed back with exact detection added.


Seems like Dr Web are now adding virus defs really quickly. :thumb:

Keep up the good work Dr Web.

Cheers

Jlo" }-
They better be fast as they don't detect as many bad's as other top a/v's to start with.

-{ Quote: "They better be fast as they don't detect as many bad's as other top a/v's to start with." }-
I can inform, that DrWeb does not add in the bases dust and "broken" files which, probably, once and were viruses. It is a position of principle. It is a fair position. Speed of processing of the user tickets has increased now after introduction in a robot-output agent system.
For certain to receive the ticket it is necessary to send necessarily the sample through the web form on an official site and to place the inquiry in a correct category. It will essentially increase both speed of processing of inquiry and answer reception.

Thanks for your reply SerM,

Great to hear things are improving.

Best wishes

Jlo

things are always improving jlo :)

-{ Quote: "I can inform, that DrWeb does not add in the bases dust and "broken" files which, probably, once and were viruses. It is a position of principle. It is a fair position. Speed of processing of the user tickets has increased now after introduction in a robot-output agent system.
For certain to receive the ticket it is necessary to send necessarily the sample through the web form on an official site and to place the inquiry in a correct category. It will essentially increase both speed of processing of inquiry and answer reception." }-
Can you explain your post,please?Are you saying that bases dust/broken files,whatever those term's mean are old and can not or would not infect a computer as of today,there for Dr Web chose not to use or add them to their database?

-{ Quote: "Can you explain your post,please?Are you saying that bases dust/broken files,whatever those term's mean are old and can not or would not infect a computer as of today,there for Dr Web chose not to use or add them to their database?" }-

no. we don't add broken samples which cannot infect or even cannot run at all.

-{ Quote: "Can you explain your post,please?Are you saying that bases dust/broken files,whatever those term's mean are old and can not or would not infect a computer as of today,there for Dr Web chose not to use or add them to their database?" }-
Hi,pugmug
One of heads of the company (format_c) has already answered your question. I will respond such example:
KAV, he AVP, very much likes to find viruses there where they are not present. DrWeb is in this respect much more fair - if the program is not a virus or was a virus, but is hurt and disabled, he will not shout, that the virus is found out. KAV for a long time is engaged in frank and impudent censorship of a software, added in the virus bases of the program which are not viruses, for various reasons - for example, generators of keys, programs which can be used at a writing of viruses or for their inclusion in viruses in view of the small size etc. Though, I do not argue, this competent marketing course KAV smoothly operates on teapots - it is necessary, what abrupt program, viruses catches, and anybody them and does not notice another :).

-{ Quote: "Hi,pugmug
One of heads of the company (format_c) has already answered your question. I will respond such example:
KAV, he AVP, very much likes to find viruses there where they are not present. DrWeb is in this respect much more fair - if the program is not a virus or was a virus, but is hurt and disabled, he will not shout, that the virus is found out. KAV for a long time is engaged in frank and impudent censorship of a software, added in the virus bases of the program which are not viruses, for various reasons - for example, generators of keys, programs which can be used at a writing of viruses or for their inclusion in viruses in view of the small size etc. Though, I do not argue, this competent marketing course KAV smoothly operates on teapots - it is necessary, what abrupt program, viruses catches, and anybody them and does not notice another :)." }-
First,SerM let me thank you for informing me on who format c is as that person was ask nothing nor answered the question ask by myself.

SerM,what do you mean when you say dust and broken files, not samples as format c posted?Please start with dust.p.s.I would not think it correct to come here to this forum and down grade any other a/v such as KVA when you work for Dr Web.It matter's not to me as I use neither of the two product's but it may offend some here who do.

-{ Quote: "SerM,what do you mean when you say dust and broken files, not samples as format c posted?Please start with dust.p.s.I would not think it correct to come here to this forum and down grade any other a/v such as KVA when you work for Dr Web.It matter's not to me as I use neither of the two product's but it may offend some here who do." }-
The respected pugmug.
I am not the representative of company Dr. Web. Therefore I have no possibility to tell about all nuances of this policy. Let's arrive so:
I can address with the personal message to format_c and ask him to tell about it. And, if he considers it possible, he can tell to us about it.
P.S.
1). I do not wish to give an unreliable information.
2). Concerning a question on politician of the KAV: these are my personal observations (and not only mine) and I think, that at on a free forum I have the right to express the personal opinion.

-{ Quote: "The respected pugmug.
I am not the representative of company Dr. Web. Therefore I have no possibility to tell about all nuances of this policy. Let's arrive so:
I can address with the personal message to format_c and ask him to tell about it. And, if he considers it possible, he can tell to us about it.
P.S.
1). I do not wish to give an unreliable information.
2). Concerning a question on politician of the KAV: these are my personal observations (and not only mine) and I think, that at on a free forum I have the right to express the personal opinion." }-
My mistake for which I am sorry as my thinking you were employed by Dr Web was in error.Can you state what you meant by the term dust to start with?

-{ Quote: "SerM,what do you mean when you say dust and broken files, not samples as format c posted?Please start with dust.p.s.I would not think it correct to come here to this forum and down grade any other a/v such as KVA when you work for Dr Web.It matter's not to me as I use neither of the two product's but it may offend some here who do." }-


Dr web adds only real malware which can run and infect system , if malware couldnt run and infect it isnt malware it is junk , it is simple code and doesnt need to be added in the bases because it wont protect users. But many companies do this , adding everything to the bases just to do good in tests ( i am not saying about Kaspersky , i like K :P)

So far in real life scenarios Dr web is a really solid antivirus , ligth and protect very well just my opinion but I think many will agree with me.

-{ Quote: "Dr web adds only real malware which can run and infect system , if malware couldnt run and infect it isnt malware it is junk , it is simple code and doesnt need to be added in the bases because it wont protect users. But many companies do this , adding everything to the bases just to do good in tests ( i am not saying about Kaspersky , i like K :P)

So far in real life scenarios Dr web is a really solid antivirus , ligth and protect very well just my opinion but I think many will agree with me." }-
It is good that you believe in said a/v but that is and was not my question.

-{ Quote: "Can you state what you meant by the term dust to start with?" }-
... if the program is not a virus or was a virus, but is hurt and disabled ....
More detailed information can be received at employees of the company

Corrupted files, malware that cannot propagate, cause damage or are some old DOS malware probably won't be added, simple or what? Perhaps they priorize current threats(honeypots, email tickets)higher than wasting time on some old collections from VX sites .. or malware collections from bittorrent.

-{ Quote: "It is good that you belive in said a/v but that is and was not my question." }-

Yes that was your question. Dust and broken files is malware files which cant run at all so doesnt need to be covered in bases. I just make a observation in my comment.

-{ Quote: "... if the program is not a virus or was a virus, but is hurt and disabled ....
More detailed information can be received at employees of the company" }-
How do you hurt or know a virus is hurt in reguard to it's age?

-{ Quote: "How do you hurt or know a virus is hurt in reguard to it's age?" }-

Because some old malware doesn't even run on modern OS. It is also possible that some corrupted executable contains malicious code from some old virus but the executable doesn't even start.

They focus on current threats and viruses that the user could face today and in normal use. Not on some old viruses that you can only get yourself infected with only on purpose.

Dr web cover old malware , but doesnt cover malware which cant run or infect system because they arent malware , they are junk code.

-{ Quote: "There is a myth that Dr.Web’s virus databases is the most compact because old viruses are excluded from it that is why it is so compact and the scanning speed is so high.

This is not true. We never delete old viruses from the virus database. And the best proof of it is successful participation in the comparative reviews of the most authoritative magazine Virus Bulletin. The anti-virus programs are tested on the collections where viruses of almost all generations are kept. " }-

-{ Quote: "Yes that was your question. Dust and broken files is malware files which cant run at all so doesnt need to be covered in bases. I just make a observation in my comment." }-
How would you know what some other than yourself posted?

-{ Quote: "Because some old malware doesn't even run on modern OS. It is also possible that some corrupted executable contains malicious code from some old virus but the executable doesn't even start.

They focus on current threats and viruses that the user could face today and in normal use. Not on some old viruses that you can only get yourself infected with only on purpose." }-
You know of which you speak as positive,how?

-{ Quote: "How would you know what some other than yourself posted?" }-

You are ignoring the facts. You simple dont want to know a truth which doesnt bellong to you :-\

-{ Quote: "You know of which you speak as positive,how?" }-

I consider it as a positive thing to know that they concentrate all the efforts on something that is more important, which would result in good protection. But unfortunately, bad test results if you like diagrams, percentages and numbers.

-{ Quote: "You are ignoring the facts. You simple dont want to know a truth which doesnt bellong to you :-\" }-
How do you arrive at that post?

A short question, and if off topic, asked with apologies, but is DrWeb going to release a version that will function on 64 bit systems? I would like to return to DrWeb but am currently unable to do so. Thought with so many responses coming from those with knowledge of the company I'd ask.

-{ Quote: "How do you arrive at that post?" }-

Because You simple dont accept facts and arguments like you are doing now. I dont want to make a fight , but man you need to be more open minded.

-{ Quote: "A short question, and if off topic, asked with apologies, but is DrWeb going to release a version that will function on 64 bit systems? I would like to return to DrWeb but am currently unable to do so. Thought with so many responses coming from those with knowledge of the company I'd ask." }-

I think a 64 bits new beta is gonna to be released soon , You may ask to C.S.J he knows more details.

-{ Quote: "Because You simple dont accept facts and arguments like you are doing now. I dont want to make a fight , but man you need to be more open minded." }-
My point is you have shown no fact's.Just what you belive to be as such,correct?

-{ Quote: "A short question, and if off topic, asked with apologies, but is DrWeb going to release a version that will function on 64 bit systems? I would like to return to DrWeb but am currently unable to do so. Thought with so many responses coming from those with knowledge of the company I'd ask." }-

Sergey Komarov from Dr.Web R&D said that at their support forum that there will be a 64bit version soon.

-{ Quote: "My point is you have shown no fact's.Just what you belive to be as such,correct?" }-

What You want me to do? If you really want i can download malware samples from VX sites and prove to you that Dr web only adds definitions to malware that can execute and run at all.

And these facts i know from Dr web staffs not what i simple think it is correct, if you dont believe me , you are free to ask in their forum.

As I stated before,I have no dog in this fight.I do not nor will not use any product posted about in this thread so it matter's not to me what people take as the truth.

-{ Quote: " you are free to ask in their forum." }- O, yes. It's well. Go, go... ;D

-{ Quote: "O, yes. It's well. Go, go... ;D" }-
Lol,best post of the thread!

-{ Quote: "SerM,what do you mean when you say dust and broken files, not samples as format c posted?Please start with dust.p.s.I would not think it correct to come here to this forum and down grade any other a/v such as KVA when you work for Dr Web.It matter's not to me as I use neither of the two product's but it may offend some here who do." }-

you should read "junk" instead of "dust" here, even "garbage" or "trash" :)

-{ Quote: "you should read "junk" instead of "dust" here, even "garbage" or "trash" :)" }-
As you are not SerM and did not post the statement in question I will refrain from further responce on that subject.I will say that I hope you will continue to post in this forum about your product and what it can do.It is good to speak to someone in the know and not just fanboy's of a product.p.s. Be ready to backup with facts what post you may make about your product.Thank you for your time spent here at this forum.

-{ Quote: "Be ready to backup with facts what post you may make about your product.Thank you for your time spent here at this forum." }-
lol, im pretty sure he doesn't even have to do that. ;)

plus anyway, he develops the enterprise product and the drweb users of this forum are purely AV-only or Security Space.

but of course, staff are always welcome :P

As stated before,it is good to speak to someone with real knowledge of a product,but not so much with just a fanboy.I do hope you will return to this forum format c.

-{ Quote: "As stated before,it is good to speak to someone with real knowledge of a product,but not so much with just a fanboy.I do hope you will return to this forum format c." }-

Are you saying i am a fanboy? I dont use Dr web in first place , and i wont reply this thread anymore. You have a real superior knowledge and critic sense :argh: , Anyone who read this thread will see my arguments and facts and understand why this thread has come to this. If you cant accept opinions and arguments from another people ... serious man you are in the wrong place , perhabs in the internet people create a courage to show their true personality making jokes from someone. Perhabs what i know? I am just a teenager ;) .

Because someone doesnt have a gold nick it doesnt necessary indicated that he/she/*puppy* is a dumby and doesnt have real knowledge.

-{ Quote: "As I stated before,I have no dog in this fight.I do not nor will not use any product posted about in this thread so it matter's not to me what people take as the truth." }-

As stated by you here , you are in this thread just to have some fun , great man , people like you unfortunately exist in every place. No more , thats it.

-{ Quote: "As you are not SerM and did not post the statement in question I will refrain from further responce on that subject.I will say that I hope you will continue to post in this forum about your product and what it can do.It is good to speak to someone in the know and not just fanboy's of a product.p.s. Be ready to backup with facts what post you may make about your product.Thank you for your time spent here at this forum." }-

/me shrugs.
welcome to the hell, bro

http://img84.imageshack.us/img84/6910/diskdrivedrwebou6.jpg

It's the detection (today!) from a sample sent on september 24 to Dr. Web (ID of [drweb.com #608495]). I sent it again later but I have no ticket number. I never received a reply about the tickets. Only automated reply with ticket number.

I can't show VirusTotal results but from 38 engines only Dr.Web, etrust and Fortinet don't detect the sample that I sent 4 months ago.

I commented about it here:
http://www.wilderssecurity.com/showthread.php?t=220881&page=4&highlight=drweb

No quick response, no detection...

-{ Quote: "http://img84.imageshack.us/img84/6910/diskdrivedrwebou6.jpg

It's the detection (today!) from a sample sent on september 24 to Dr. Web (ID of [drweb.com #608495]). I sent it again later but I have no ticket number. I never received a reply about the tickets. Only automated reply with ticket number.

I can't show VirusTotal results but from 38 engines only Dr.Web, etrust and Fortinet don't detect the sample that I sent 4 months ago.

I commented about it here:
http://www.wilderssecurity.com/showthread.php?t=220881&page=4&highlight=drweb

No quick response, no detection..." }-

what did you expect? you don't send the sample.

Why you say that?

I sent the sample 2 times to Dr. Web.

Today, after the previous post, I received two e-mails from Vladimir Martyanov:

1. "Please, send me suspicious files."

2. "Dear Tiago,

Your request has been analyzed. It was not a virus.

Thank you for the cooperation."
---
I repeat that I sent the file 2 times. If Dr. Web doesn't detect it as virus I should supose that all 36 companies detected a false positive?
I don't think so.

Well... I sent one more time now... Maybe with 3 times you can detect it as virus and add signature.

Best regards.

The file has been analyzed.

It is not a virus, they will not keep checking it for you once they have already done it.

Wow! Ok!

I'll send an e-mail to Avira, Kaspersky, F-Secure, BitDefender, Avast, Grisoft, ClamAV, eSafe, F-Prot, GDATA, Ikarus, McAfee, Microsoft, Trendmicro, Panda, Sophos, PCTools, Sunbelt, Symantec, VBA32, K7, ESET, Rising, Norman, TheHacker, Ahnlab, ViRobot and VBA32 about the "false positive".

Or maybe I'll wait for a new reply from Dr.Web saying that the file is infected.

\o/

No. I won't.

-{ Quote: "Wow! Ok!

I'll send an e-mail to Avira, Kaspersky, F-Secure, BitDefender, Avast, Grisoft, ClamAV, eSafe, F-Prot, GDATA, Ikarus, McAfee, Microsoft, Trendmicro, Panda, Sophos, PCTools, Sunbelt, Symantec, VBA32, K7, ESET, Rising, Norman, TheHacker, Ahnlab, ViRobot and VBA32 about the "false positive".

Or maybe I'll wait for a new reply from Dr.Web saying that the file is infected.

\o/

No. I won't." }-
so, you submit a file for analysis, yet you dont want it to be analyzed?

you simply submit the file to be automatically added, Drweb do not operate their business this way.

:wacko:

I don't think that all other companies added the file without analysis... How do you explain 36 companies found a signature and Dr Web says it's clean?

I got the malware in my pendrive when I used it in the university. When I opened it in my computer F-Secure detected the malware. It was on september. So I sent to Dr.Web, Trendmicro and Panda because the three didn't detect (and some other). Panda and Trendmicro added...

maybe corrupt,

but if they have analyzed it, and they tell you its not a virus... I dont see how you can complain ;)

-{ Quote: "
I repeat that I sent the file 2 times. If Dr. Web doesn't detect it as virus I should supose that all 36 companies detected a false positive?
I don't think so.

" }-

they may do what they want, that's their own business.
we never added and won't add the garbage into the bases.
another story - if you don't send the sample, you have answer "that was not a virus" because of duplicated requests.

I needed to come here today to say that the file I sent to Dr.Web about 4 months ago (ticket #608495) and created a lot of discussion here was finally analyzed (or reanalyzed?) and they discovered (!) that it's infected and that it's not a false positive from other 36 companies.

\o/ \o/ \o/ \o/ \o/ \o/

I received an e-mail now:
----------
~Private email removed per the TOS. (http://www.wilderssecurity.com/tos.php)~
----------
It looks like a joke but it is not.

I tested and now Dr.Web is really detecting the malware... what other companies are doing since October...

Good job!

Yes, such excesses sometimes intervene.
I can offer to all of wishings a good way of the decision of similar problems.
At a forum DrWeb http://forum.drweb.com there is a topic about raw tickets. http://forum.drweb.com/index.php? showtopic=4084&st=740&start=740
In this topic does not need knowledge of Russian. Simply write number of the raw ticket and, at necessity, a detail. This topic is traced by virus analysts of the company, and it is sufficient an effective. Try this way!