Ad-Aware 2007 Beta Is Out

Download & Screenshots:
http://www.neowin.net/index.php?act=view&id=38600

 

here are some screenshots,from neowin.net

 

Known bugs can be found in the Beta after login

http://www.lavasoft.com/support/securitycenter/beta_applications.php


Beta Forum

http://beta2007.lavasoftsupport.com/forums/

 

WOW That looks GREAT a HUGE step up from the last version. I can't wait till the full version gets out. I'll download the personal use version.

 

I wonder if it is any good. in my experience everything that adaware detects can be removed by deleting temp, cookies, etc.

 

Well they did put up an apb for all things CWS related which would suggest the target group just got bigger

12+mb tho is somewhat catching up with some of the competition for bloat

 

Nothing special...

 

Well i'm currently hosed with CWS type infection c/o one of my regular sources(driveby at Keygen .XX)

So this is not some archived test but very current testing as i type

Any new stuff/not widely detected is being uploaded to MIRT malware listserve as recovered/tested,already a few up there

Niether software are expected to get 100% clearance since this is fresh of the malware servers but none the less a good guide is how much they can chew out of the infected PC

So tonight for a change i'm using 2 botkillers,my premier tool(SAS free) and Adaware Beta to clean as much of this infection and produce a comparison between the new software and a botkiller that i consider to be the field leader.

All dropped files by the infection have been copied to a holding folder(Malware Samples) for further testing/uploading(MIRT/SAS) etc whilst the infection/dropped files remain in their dropped homes and are active/inactive as the infection depicts after a reboot.All relevent files have execution granted and software firewall has dropped the big iron down to stop anymore additional files being imported during this brief comparitive testing.

Edit to follow with results as they are gained but the new kid is having first bite of the malware pie after laying down a non cleaning run with SAS free as benchmarking point

http://img120.imageshack.us/img120/2756/sas1hc8.jpg

At this point SAS is not allowed to feast so Adaware gets first bite

http://img444.imageshack.us/img444/6727/lsadawaremk7.jpg

Here is part of the report log generated of the hosed machine by the first Adaware scan.

I allowed it to delete what it found and then rebooted to give it a second run.

http://img248.imageshack.us/img248/3374/ad2ka9.jpg

Unfortunetly there are still malwares present that are reinstalling the files that Adaware has cleaned on reboot and you can see the net result of this when the second scan redetects files that were deleted after the first run but have now been redeployed

SAS free fist full detect and clean scan.
http://img410.imageshack.us/img410/1853/sasfirstbz4.jpg

SAS fee log from first run has been attached to the post

2nd SAS free run after reboot draws a blank but something is still lurking since Explorerer is trying to connect out on port 80 after the ISP software has auto launched on bootup.(Bit of a give away y'know ).

ProcessExplorer is reporting/showing no malware executables running,HiJackThis is clear of malware run entries so the culprit is hiding

Time to bring on my principal ARK forensic tool to see if anything is hiding away that has bypassed both softwares and is causing the system behaviour witnessed.

http://img87.imageshack.us/img87/2842/rkumm3.jpg

Using wipe file option of RKU and rebooting has now cured the autolaunch and outboud FW alert.So the culprit is nailed but fwiw i had already archived a copy of the file during the infection process to Malware Samples folder

Interesting enough this line now appears in the HJT log when the tool is run

O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - D:\WINDOWS\System32\gpwujg32.dll (file missing)

It was absent before so the .DLL is more than likely a standalone rootkit trojan and hiding its startup registry entry once it has loaded but i leave that to the uber g33ks to decide

Quicktrip to VT service confirms it as Trojan Backdoor.Nibu with a healthy rate of file identification but for the more clued up how many of those that identify the file at VT service would detect the file if it was loaded into memory during a full system scan on an infected machine....

There are was thinking a complete exorcism was performed but only to find that i had a stubborn (12.tmp) file refusing to be deleted in local settings /temp folder .Rebooted and again delete failed and i know for sure it was malware related becuse i bagged a copy for archiving as it was imported during the initial infection.The hunt was on,no HJT start up entry so testing a theory that it might be registered as OS service i used one of my tools to check the services.

http://img413.imageshack.us/img413/80/12we7.jpg

Busted, it made it up onto ML as not widely detected

 

And a happy man i'll bet!

 

Sort of aspi trojan is barely known(SAS nuked it) but most of the bots have been doing the circa for a little while.I bagged Nibu when CC was under DDos for the first time and only Symantec were calling it back then.

Being honest i'm sincerly hoping this was'nt the full extent of the Adaware threat database in use because most of the associated bots have already been uploaded to MIRT malware listserve over the past month

Its not very often you get a complete new infection(once in a blue moon)usually they slip the odd couple of repacks or the occaisional new thing in the main infections familiesor at least that is what i have experienced so far.

Maybe if Lavasoft were serious about CWS bots they might want to go to MIRT and pickup around 75% of my uploads there since November06

 

http://www.majorgeeks.com/Ad-Aware_2007_Beta_d5549.html

In part MG said, "....Crashed on our test machines...."

 

That is been the same old scenario of Ad-Aware all along so looks like nothing at all is changed except the "HYPE" which is really the only driving force anymore with it.

I suggested months ago they could do themselves and users/customers plus the security community a huge service if they would at least throw in a HIPS or other behavior blocking capability because AAW is never been able to eradicate fully formidable malware and their accomplices. That's why they always have a HijackThis Forum. That program is still resting on it's previous morals which continue to prove grossly ineffective and outdated.

 

for those who care,adware 2007 beta-2 has been released,

What's new in beta 2

Graphic User Interface

* Lost connection to service when Windows hibernates is fixed.
* Ad-Aware 2007 “lost connection” dialog message is fixed and only launches with lost connection to the service.
* Removed memory leak after closing Ad-Aware.
* The “Windows Start-up Scan” setting can now be implemented from the Settings menu.
* Screensavers cannot be activated during scanning (Smart, Full and Custom Scans) in order to prevent a “Lost connection” error to the Ad-Aware service.
* Improvements to GUI speed on select tabs.
* “Scanner is busy” error message removed when “Start-Up Scan” mode is set to Smart or Full Scan in the Settings menu.
* Multiple minor corrections made in response to forum submissions.

Program

* Database now displays the date of the last incremental update as the database date (core engine).
* Tweaked callback for preparing file hash scan.
* A template bug used for standard windows directories (%temp%, %appdir% etc) is fixed (core engine).
* The service now registers its own failure actions, instead of relying on sc.exe during the installation process which does not work on Win2k.
* Now able to stop process during “preparing GUID scan.”
* Now able to stop process during “preparing File hash scan.”
* Added shortcuts to Ad-Aware and Ad-Watch to the desktop.
* Removed the call to sc.exe during installation in response to installation problems concerning Win2K.

Coming Attractions

* Browser hijack detection in Opera and Firefox
* Ad-Watch Connect
------------------------------------------------------------------------------
Download:http://beta2007.download.lavasoft.com/public/aaw2007beta/2/aaw2007beta.msi

 

You'll excuse me if i'm wrong but doesn't a lot of the added improvements above more or less really address AAW SE's previous shortcomings on a more cosmetic side than adding some real teeth to removing malware without choke sessions?

I'm all ears, or in this case, eyes.

 

My very first run with AAW 2007 [beta] produces this:

Service error:6000 has occured.
Description:Lost connection with
Ad-Aware service
Terminating gracefully....

The more things change the more they stay the same.

 

Seconded
What's (almost) funny is after the 4-day (!) eval period, 2 out of the 3 buttons say "order" .. like they expect people to pony up for a beta

 

The NDA i agreed to when i was with them doesn't apply to my personal opinions so long as i don't devulge the efforts or activities when i was actively testing SE, but i take a very disappointing stance with them as to why they don't try to go beyond the very obvious. Yes the GUI looks better of course and they added what i always considered a very valuable feature in setting a restore point in case of some error in judgement on the users end.

The main sticking point still remains IMO, and that is for the like of me why wouldn't they emulate the advantages of making AAW 2007 ride the same wave as some other AS's and at the very least offer some form of application firewalling combined with their detection capabilities? They as well as users have everything to gain in protection as opposed to continually fighting an endless battle of how to unlodge some deeply embedded malware that no doubt will exploit a weakness and prevent a complete removal. A HIPS feature would greatly curtail that annoyance plus free up plenty of time to perfect an even better design that would make it more difficult for malware to circumvent those defenses.

A scanner just for the sake of scaning can only go so far and if it was tops in detections, a user needs the confidence that a program will also REMOVE most if not all offending intruders making it innumerably simpler to cope with and driving interest in AAW 2007 beyond it's former limitations.

Am i so far off base in this asumption you think, or only wishful thinking because this thing doesn't get any easier overnight when dealing with potential PC threats not to mention time lost on a seek and find mission all the time.

 

i don't know either,i have forwarded this info from neowin.net,and for your info i haven't tried any ad-aware version in years including this beta........so i am in no position to either support or counter your argument.

 

...And the realtime security part of this this new 2007 version is where...

Is there going to be one for the paid versions?

What does Adwatch do for you that is different? Anybody know?

 

Thats about the only preventitive measure AAW ever offered besides simple detections and the occasional try to unload the process?

I see nothing offensive in their development of this but the same old defensive stance it's always had. One thing positive for AAW users though is at least AAW sets them a restore point. Wooopee, now they add one.