I have tried. In user-mode, it does not get activated (on my computer). @Gavin Have you tried the ArmadilloTheef in the meantime? Btw ......
@Igor I would like to know whether ... 1. KAV 5 will offer a better detection rate than KAV 4; 2. there are any changes of the scan...
I understand that DCS is quite critical about AV/AT tests. I wonder whether this test will be accepted by them. It seems to me that the testers...
IMHO it's almost ridiculous to discuss whether TH is sufficiently protected against TerminateProcess: 1. It's not really important whether TH...
Hi Wayne: I mentioned SetWindowsHookEx in order to make sure that we are not talking about GetAsyncKeyState keyloggers. I agree that we can...
Wayne: Many thanks for the explanation. I would like to bother you with one more question (since this topic is quite interesting ;-) Let's...
"And then there's modification ..." Exactly ... that's why I like PG. In addition, I did not say that it is useless to protect a firewall...
1. Keylogger protection -- very good. 2. IMHO Beast is moderatetly dangerous. But not due to its process termination feature. I believe it...
@Gavin I have tried to detect it with signatures dated Dec 28, 2003. Process Mem Scan detects nothing. Same applies to Object Mem Scan. File...
JSA Please register yourself and send a PM to me. I will reply and tell you about a download link. EDITED: I have provided three users with...
1. I have already stated that I like PG. It's good that SetWindowsHookEX will be covered soon. 2. It may be true that you will find a way to...
Hi Kevin, Thanks for contributing to this topic. 1. Do you know why BOClean detected both samples? 2. Do you believe that detecting...
Theef suffers from various design flaws. You can easily take signatures from the resource section (e.g., RCData -- PACKAGEINFO or TFORM1) in order...
Are you just speculating or do you know that it was still possible to purchase a renewal in respect of the outdated versions within the last few...
@Pilli Thanks. But I believe that I have already posted all my arguments and thoughts now (i.e., it would have been a very short thread).
"You seem to be under the impression that full-disk encryption offers you more protection than something else in certain situations, this isn't a...
@Ainur 1. Yes. I have nothing against a resident mem scanner. But also see http://www.wilderssecurity.com/showthread.php?t=18473 ;-) 2. "...
Jason: You arguments are valid. Actually, I expected them ;-) 1. It is true that harddrive encryption does not protect you from internet...
AFAIK there is no good registry protection tool at the moment. DCS RegProt is outdated. That's why we all hope that DCS will develop an updated...
The file "archive3.jpg" is a password protected .rar archive (i.e., it must be renamed before it can be opened /w WinRAR). The archive contains...
Re:Another attack stopped by Process Guard - an attack on Windows File Protectio Still nice! (although the server deleted my first post)
Just for the record: my intention is not to bash musicman, Daniel or The Cleaner. I hope The Cleaner will be a strong player in the market,...
No. The conclusion is wrong. It just confuses people. 1. The trojans were not detected by the filescanner because there is no decompression...
@musicman O.k....I believe we now say almost the same. We agree that PECompact is not unpacked by The Cleaner. We agree that UPX is...
@musicman I sent a private message to you detailing the location from where the samples can be downloaded. Possibly (though unlikely), a...
Separate names with a comma.