http://www.ewido.net/en/onlinescan/

still beta... comments welcome :)

thanx Fish, right on it.

Wow, a online AT scanner.......and they said it couldn't be done.....LOL



Starrob

I get a 404 not found when trying the above link....

I just tried and I was able to get there.



{QUOTE-> I get a 404 not found when trying the above link.... <-QUOTE}

Hmmm, still getting the 404 for that page but can get to the rest of the site.... Will try again a bit later and see what happens...

Huh? Veeery strange...

ok scanned like 180000 files and folders, everything was ok .. no malware found .. no error whatso ever ... doesn't feel like beta at all.


now I will scan with my other files and see what this puppy will do ;)

I can get to the page but, no start scanner option? The activeX on ie is set to prompt.

Does the direct link work?

http://www.ewido.net/en/onlinescan/run/

Yes much better :)

Agreed much better, I attached a pic of what happens in my previous post.

Works perfect.
Fast scanning, found 3 threats (2 cookies, 1 exe) and removed them successfully.
The .exe was placed there by myself, just for testing purposes.

{QUOTE-> http://www.ewido.net/en/onlinescan/run/ <-QUOTE}
Great work! ;D :D

It will be possible to just scan a folder?

Thanks

Works fine with Opera

I installed the Trojan Simulator (http://www.trojanhunter.com/trojansimulator/) to test the online scanner and ewido online didn't detect it...
I try with the ewido installed on my system and had the same result.

If the ewido guard detect this when I try to install it or when I enable the guard after install the Trojan Simulator (http://www.trojanhunter.com/trojansimulator/), why the Memory Scan didn't detect the Trojan Simulator (http://www.trojanhunter.com/trojansimulator/)?

im now running it on the comp im using atm, ill post back in a few hours.

update: within minutes of running the scan i say numerous entries for cydoor and altnet :o . go figure, apparently someone was careless enough to install kazaa and they did quite a bit of downloading :lurking: , but at least they tried using kazaa lite k++. ill make sure to give a talk to my cousin about his habits.

I am running the online scanner now, and so far it has found lots of spyware. About 150 or so. ::)
Will this also remove them from my computer? Or do I have to do that myself?

Here is a company that does more action then they do talking. Most companies that call themselves AT's do more talking than action. Just a observation from a beholders point of view.



Starrob

Hi Sonya,

Hey that's a lot of stuff you got there. I think you should be able to remove it though. After you ran the scan what did it tell you apart from what you mentioned ? Also have you read the FAQ page on there ?

I'm very suprprised it found so much as i thought you had NOD32 AV. Maybe NOD doesn't recognise all these kinds of things !

You might like to try a2 AT as they do a Freeware version too.

Hope all goes well for you.


StevieO

Hey,All

Well i'm lost yet again i just run this scan & i have to say wow
but i don't get why it scan all of my PC in 30 Mins & the Reg was just 1 Min
but if i install Ewido on the PC it scans all of PC in 200 + Mins
& the Registry in 190 + Mins i don't get it.

Thank you

SonyaM32 - i have not tried removing the spyware that ewido found (cuz it part of kazaa) but when i clicked stop there was a button to remove infections.

IMO an excellent online scanner without any troubles.
It discovered even one high risk threat : http://securityresponse.symantec.com/avcenter/venc/data/dialer.comsoft.html
The very first scanner that finally removes something from my harddisk after six months.

Where do we submit false positives?. It says part of my Pinnacle software is a Spyware hijacker.

submit@ewido.net thx :)

Item submitted :)

We need the actual file, thx :)

The activex component installs....the blueish bar downloads the latest def file and then just sits there acting innocent.

Win2k
IE6 Sp1
ewido.net in trusted zone
no other layers added to IE

{QUOTE-> Hi Sonya,

Hey that's a lot of stuff you got there. I think you should be able to remove it though. After you ran the scan what did it tell you apart from what you mentioned ? Also have you read the FAQ page on there ?

I'm very suprprised it found so much as i thought you had NOD32 AV. Maybe NOD doesn't recognise all these kinds of things !

You might like to try a2 AT as they do a Freeware version too.

Hope all goes well for you.


StevieO <-QUOTE}
I do have NOD32 AV. Here is whats happening. It is now finding 22 each time I do the online scan, or if I scan with the regular ewido on my computer. I have been scanning back to back. But, when I went to Zone Alarm and stopped all internet activity, and then scanned, it didn't find any at all. But when I allow internet activity, it always finds 22. I did the scan in safe mode, and it didn't find any. It's only if I'm on the internet.

{QUOTE-> SonyaM32 - i have not tried removing the spyware that ewido found (cuz it part of kazaa) but when i clicked stop there was a button to remove infections. <-QUOTE}
Thanks, I found it ;D

Could you please copy & paste the logfile here?

{QUOTE-> Could you please copy & paste the logfile here? <-QUOTE}
Are you talking to me fish25? ;D If so, I will scan and paste the files here. :)

Yesss ;)

{QUOTE-> Yesss ;) <-QUOTE}
Ok, I am scanning now. As soon as it's finished I will post them. ;D

Yes sounds a bit wierd Sonya !

As Fish has turned up i'll leave you in his capable hands.

Hope you find out what's going on soon.


StevieO

Ok, I don't know what happened to the 22, but last night it found 22 over n over, but anyway, here is the reports. The first is from the online scan, and the second is from the ewido scan on my computer. And when I tried to remove infections from the online one, it said sorry there was an error and infections cannot be removed.

{QUOTE-> ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: TrojanDownloader.Swizzor.bo
Path: [340] C:\DOCUME~1\sonya\APPLIC~1\CASTID~1\DoesFour.exe
Risk: High

Name: Spyware.Cookie.Doubleclick
Path: :mozilla.26:C:\Documents and Settings\sonya\Application Data\Mozilla\Profiles\default\kle7cb79.slt\cookies.txt
Risk: Medium
<-QUOTE}

{QUOTE-> ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:28:49 PM, 7/27/2005
+ Report-Checksum: C7493FFD

+ Scan result:

[340] C:\DOCUME~1\sonya\APPLIC~1\CASTID~1\DoesFour.exe -> TrojanDownloader.Swizzor.bo : Cleaned with backup
[2376] C:\DOCUME~1\sonya\APPLIC~1\CASTID~1\DoesFour.exe -> TrojanDownloader.Swizzor.bo : Error during cleaning
:mozilla.26:C:\Documents and Settings\sonya\Application Data\Mozilla\Profiles\default\kle7cb79.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


::Report End <-QUOTE}

Can someone tell me if I need to do the turn off restore scan????????
It looks like my computer has a trojan >:(

fish25,

can you anwser to this?

{QUOTE-> I installed the Trojan Simulator (http://www.trojanhunter.com/trojansimulator/) to test the online scanner and ewido online didn't detect it...
I try with the ewido installed on my system and had the same result.

If the ewido guard detect this when I try to install it or when I enable the guard after install the Trojan Simulator (http://www.trojanhunter.com/trojansimulator/), why the Memory Scan didn't detect the Trojan Simulator (http://www.trojanhunter.com/trojansimulator/)? <-QUOTE}
Thanks

Yes, because there was a bug in detecting TrojanSimulator... Simply try again :)

{QUOTE-> Ok, I don't know what happened to the 22, but last night it found 22 over n over, but anyway, here is the reports. The first is from the online scan, and the second is from the ewido scan on my computer. And when I tried to remove infections from the online one, it said sorry there was an error and infections cannot be removed. <-QUOTE}

hello SonyaM32,
the numbers in brackets[ ] are the pid# of the running process I believe if you check in your task manager you should see the running process for pid [340] & [2376] if they are not in the running processes list check to see if the files actually exist in the directory listing you posted. please let me know what you discover. thanks 8)

Will it interfere with BOClean or BOClean with it?

{QUOTE-> hello SonyaM32,
the numbers in brackets[ ] are the pid# of the running process I believe if you check in your task manager you should see the running process for pid [340] & [2376] if they are not in the running processes list check to see if the files actually exist in the directory listing you posted. please let me know what you discover. thanks 8) <-QUOTE}
Ok, I am trying to figure this one out. I knew where task manager was at on my Windows 98, but I don't know where on XP. All I found was scheduled tasks :-\ And what do you want after that? I'm sorry, I am still trying to learn all of this.
Thanks :-\

I just posted this in the other thread. But I run CCleaner, and cleared the cache in Java, and Mozilla, and the new scan found no infections. Now i'm scanning with the online one to see if it finds any.
Thanks everyone :)

{QUOTE-> Yes, because there was a bug in detecting TrojanSimulator... Simply try again :) <-QUOTE}
Now is working fine :)

Thanks

{QUOTE-> Will it interfere with BOClean or BOClean with it? <-QUOTE}
No.:)

http://www.ewido.net/en/compatibility/

{QUOTE-> Ok, I am trying to figure this one out. I knew where task manager was at on my Windows 98, but I don't know where on XP. All I found was scheduled tasks :-\ And what do you want after that? I'm sorry, I am still trying to learn all of this.
Thanks :-\ <-QUOTE}

if you use the key combination ctrl+alt+delete this should bring up a dialog and you can select the taskmanager. on the tabs you should see one that says processes.

What I'm trying to determine is if the files you posted with those pid's (process Identification number) are running or #2 if the files are actually in the directory you posted. hope this helps. and sorry for no reply yesterday had a client with immenent hard drive failure. again please let me know what you find. thanks

Hi,SonyaM32

Not sure if anyone helped you with this but there are
2 ways that i know of

1)Press Ctrl + Alt + Delete

2)Right click Taskbar you should see Task Manager

i hope this is some help to you.

Thank you

{QUOTE-> if you use the key combination ctrl+alt+delete this should bring up a dialog and you can select the taskmanager. on the tabs you should see one that says processes.

What I'm trying to determine is if the files you posted with those pid's (process Identification number) are running or #2 if the files are actually in the directory you posted. hope this helps. and sorry for no reply yesterday had a client with immenent hard drive failure. again please let me know what you find. thanks <-QUOTE}
Ok, here is the top half of what in taskManager, and the other half is in the next post. Is this what you needed? :) Thanks :)

I removed attachment ;D

{QUOTE-> if you use the key combination ctrl+alt+delete this should bring up a dialog and you can select the taskmanager. on the tabs you should see one that says processes.

What I'm trying to determine is if the files you posted with those pid's (process Identification number) are running or #2 if the files are actually in the directory you posted. hope this helps. and sorry for no reply yesterday had a client with immenent hard drive failure. again please let me know what you find. thanks <-QUOTE}
The other half

{QUOTE-> Hi,SonyaM32

Not sure if anyone helped you with this but there are
2 ways that i know of

1)Press Ctrl + Alt + Delete

2)Right click Taskbar you should see Task Manager

i hope this is some help to you.

Thank you <-QUOTE}
Thanks :)

thanks sonya - but what you need to do now is click the process tab then pick on view and check next to pid. this will show the pid# beside the processes. then look for the numbers [340] & [2376]. you really didn't need to post the screenshots and can edit and remove them.

if those two pid's are in the list after you check on view and pid then yes you are infected with the swizzor.bo trojandownlader.

it appears from your scan logs that they reside in your documents and settings application folder as you posted please check to see if they are there as well.

from what I read and understand about this trojandownloader is that when you connect to the internet it downloads certain spyware etc. which would explain the 22 hits you get when connected.

I believe when can get this outta there for ya. please be patient as I'm trying to verify what your scan log showed. It said that it had quarantined the trojan but could not clean it. I think because it could not close the running processes.

I hope I'm being clear. let me know what you discover.

{QUOTE-> thanks sonya - but what you need to do now is click the process tab then pick on view and check next to pid. this will show the pid# beside the processes. then look for the numbers [340] & [2376]. you really didn't need to post the screenshots and can edit and remove them.

if those two pid's are in the list after you check on view and pid then yes you are infected with the swizzor.bo trojandownlader.

it appears from your scan logs that they reside in your documents and settings application folder as you posted please check to see if they are there as well.

from what I read and understand about this trojandownloader is that when you connect to the internet it downloads certain spyware etc. which would explain the 22 hits you get when connected.

I believe when can get this outta there for ya. please be patient as I'm trying to verify what your scan log showed. It said that it had quarantined the trojan but could not clean it. I think because it could not close the running processes.

I hope I'm being clear. let me know what you discover. <-QUOTE}
Nope, there isn't a 340 or 2376. I just leaned something new ;D well sorta ;D

ok. good, and by the way your doing well with my directions:)

now I need for you to open your ewido and select the quarantine tab and see if the offending file is in there. I believe it was DoesFour?

{QUOTE-> ok. good, and by the way your doing well with my directions:)

now I need for you to open your ewido and select the quarantine tab and see if the offending file is in there. I believe it was DoesFour? <-QUOTE}
Ok, the only 2 high risk ones I see are the swizzor, and market score. I held my mouse pointer over the swizzor so I could read more of it, and it didn't show the whole entire name, so I didn't see does four, but it is the trojan downloader.

great, it did make it to quarantine. you can select it I believe by picking it once and then select remove finally.

and also i would do a search for the DoesFour.exe file and if found delete it as it was the infected file.

let me know how it goes from there.

I don't mean to revive an older thread, but I just tried the online scan with FF and since it has no ActiveX, it offered a minimal version of Ewido, Ewido_Micro, when executed it downloads the latest signature and then offeres up the normal scanning options from Ewido. This is a great little app.

A question for Fish,
Is it ok to put Ewido Micro on a USB stick/Bootable CD's(WinPE) for cleaning out infected PC's that have issues, i.e. Malware infestations?

Yes, that's ok :)

The only problem is that it needs internet access for downloading the signatures...

{QUOTE-> Yes, that's ok :)

The only problem is that it needs internet access for downloading the signatures... <-QUOTE}

Thanks Peter,
This solves my issues with spyware cleanup from WinPE. Now I can save $400 from purchasing an AVAST BARTCD simply for Malware and "junk files". Thanks alot. :)

{QUOTE-> Now I can save $400 from purchasing an AVAST BARTCD simply for Malware and "junk files". Thanks alot. :) <-QUOTE}

Splendid alternative! big thanks for this, ewido 8)

Impressive scanning speed too. :D

Any plans to make it work with Frefox ? ( i try and avoid opening IE if at all possible )



Mike

Not at the moment, that's why we have ewido_micro.exe... :)

awesome tacular, i've downloaded it and am running it now.



Mike

{QUOTE-> http://www.ewido.net/en/onlinescan/

still beta... comments welcome :) <-QUOTE}
Everything is working fine with the Maxthon browser;)

{QUOTE-> Everything is working fine with the Maxthon browser;) <-QUOTE}

Does Maxathon use the IE Engine ?


Mike

Yup
http://forums.whirlpool.net.au/forum-replies-archive.cfm/437030.html

I can't run the scan due to the ActiveX not being installed... Windows will not allow me to install it.. I recieve this error: 'Windows has blocked this software because it can't verify the publisher'. I have XP SP2 installed.. So when it blocks the ActiveX installation, and then I opt to install it, it still won't install, and gives me the above error message :(

Sorry... fixed :)

Thanks man. Works like a charm :)

Downloaded and ran your Anti Malware program V3.5 today to try out. Love it. It was finally able to rid my computer of cpbrkpie.ocx, something that no other program I have has even found. Thanks!;D (Haven't tried the online scanner yet will do so shortly)

Is there a way you can make it use the dat and dll file if they located in the same folder as it?

{QUOTE-> Yes, that's ok :)

The only problem is that it needs internet access for downloading the signatures... <-QUOTE}

Yes, that does pose a problem trying to scan from a Windows boot CD (XPE) when there is no internet access available. Any chance of downloading the sigs so they can be later used with ewido_micro.exe on the CD?

I.e. if no network connection, look for sigs in the ewido_micro.exe directory. Would really be nice for offline scanning. I know .. it's an online scanner :-)

Also, if the ewido_micro.exe were able to the scan system registry files on other partitions, that would be a real plus. As far as I can tell, it only scans the registry of the active partition, which doesn't help much when booting from CD.

Thanks for listening .. Ciao Al

Using the Mirco scanner offline would be awesome.......

The only thing I have fidgured out how to do about this is to decrease the download time by manually (With a batch file) copy the program and older signatures from a thumb drive to the directories needed, this is helpful for dialup users.

{QUOTE-> Does the direct link work?

http://www.ewido.net/en/onlinescan/run/ <-QUOTE} THANK YOU!!!!!!!! It succeeded where MS failed! Thanks--you rock!!!