Av-comparatives April results

[No_script]

Yeah I did block those files, my mistake. But runddl32.exe is flagged anyway?

Still doesn't explain missing

NMC.INFOSTEALER.SCRAPKUT
NMC.SAULTY.G

I got a hit on those from other scanners.

[TonyW]

Quote:

Originally Posted by No_script

But runddl32.exe is flagged anyway?

If the filename is exactly as you've typed it, I'm not surprised WSA flagged it. The legitimate Windows file is rundll32.exe.

[PrevxHelp]

Quote:

Originally Posted by No_script

Yeah I did block those files, my mistake. But runddl32.exe is flagged anyway?

Still doesn't explain missing

NMC.INFOSTEALER.SCRAPKUT
NMC.SAULTY.G

I got a hit on those from other scanners.

I can't work through the noise in your scan log. You blocked and cleaned too many operating system components which made everything stop functioning properly. I wouldn't be surprised if the AV was detecting WSA as bad as it was told to delete so many critical files.

[Mongol]

Heh...I go back to my post #82...

[ProTruckDriver]

Quote:

Originally Posted by PrevxHelp

I can't work through the noise in your scan log. You blocked and cleaned too many operating system components which made everything stop functioning properly. I wouldn't be surprised if the AV was detecting WSA as bad as it was told to delete so many critical files.

Wow

[superssjdan]

You seem to have the worst luck with infections.From what i've seen,the least of your problems is Webroot.Something tells me no matter what av you run,you will wind up being infected.Some things should NEVER be changed.Too much tinkering is a horrible thing.Throwing stones constantly at Webroot won't fixed your self inflicted problems.I wonder,how much pirated software you might possess??Might be the answer to some of your infections

[Mongol]

Hate to say it but is sounds to me like re-format time...

[STV0726]

Maybe your "friend" tested his "hax skills" on you?

[No_script]

Webroot shouldn't **** itself if you block a few processes. A few things, why is HTTPS protection off by default? At least on my system it is. The firewall basically lets everything in without exception! You MUST block ICMP echo pings, have this as a setting please.

Quote:

.I wonder,how much pirated software you might possess??Might be the answer to some of your infections

NONE, so rule that out. Webroot just hasn't picked up the infections I've got. But there are so many programs out there that are well respected as safe when they are not, Combofix & Bleechbit are 2 that are very very very dodgy to the point that they should be flagged as a malware.

[PrevxHelp]

Quote:

Originally Posted by No_script

Webroot shouldn't **** itself if you block a few processes.

Well, it certainly won't break if you block a few processes. It's when you manually decide to block and manually delete Windows Explorer, rundll32, wuauclt, mscorsvw, wudfhost, wermgr, ... (the list goes on), that any operating system would get a bit angsty

Quote:

NONE, so rule that out. Webroot just hasn't picked up the infections I've got. But there are so many programs out there that are well respected as safe when they are not, Combofix & Bleechbit are 2 that are very very very dodgy to the point that they should be flagged as a malware.

Again, I haven't seen an actual infection on your PC, but there has been far too much clutter in the scan logs with incorrect actions to tell. If you could reimage and install Webroot but then do not change any configuration options or manually delete operating system files I'll gladly take a look at what remains in your scan log to see if you are indeed infected.

[silverfox99]

Has the OP considered he may have been targeted by Flamer/SkyWiper...?

http://www.wilderssecurity.com/showthread.php?t=325011

Just sayin.

[xXDarkStalkerxX]

Joe , you sure got a saint 's patient. Professionalism all the way

Trolls nowadays are so easy to identify ...

[No_script]

Knew it. I'm checking with the tool right now.

BTW Webroot turned off all settings on reboot, hmmmmm somethings up. Why would it turn itself off?

I think malware/attacker executing code in/to/through Webroot to shut itself down and infect the machine.

[fax]

So far I have seen only the user getting heavily "infected"

[Mongol]

Sounds to me like user error. Time to reformat or re-image...

[superssjdan]

Definitely reformat.Reimage is ok assuming there was nothing screwed up in the first place and no changes made to critical system files before imaging,which i find hard to believe.Do yourself a favor and reformat unless somehow you think Webroot will get you infected after that as well

[Breakfastofchumps]

I'd go a step further and zerofill.

[No_script]

There is no user error, I don't run crap programs like flash, java & harden my OS. Seriously so much fanboism going on.

[Scoobs72]

Quote:

Originally Posted by No_script

There is no user error, I don't run crap programs like flash, java & harden my OS. Seriously so much fanboism going on.

But you did manually delete a bunch of operating system files as Joe states? Yes or no?

[Sir Percy]

Perhaps time to move the "No_script posts" to it's own thread, chances are he might learn something over the next weeks?

Then the rest of the world (fanboys the lot of them) can have this one to discuss the latest AV comparatives.

[superssjdan]

There is a big difference between hardening and breaking the os.It seems your hardening hasn't done you much good being you claim you are infected.I might suggest attending a Microsoft IT seminar nearest you.They are given all the time.You might learn a great deal

[No_script]

Quote:

Originally Posted by Scoobs72

But you did manually delete a bunch of operating system files as Joe states? Yes or no?

No, I installed a fresh image from the start. So there is no chance of anything being dirty or me deleting anything this time.


If you don't believe me explain this below. Seems a little fishy to me.

Quote:

[+] System Hijack

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Start
Data: 4
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

Value: Wallpaper
Data: C:\Users\Consumer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: LoadAppInit_DLLs
Data: 1
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

[PrevxHelp]

Those are all perfectly normal.....

[fax]

LoL... this getting very funny... or tragic
PopCorn and beer ready here

[Scoobs72]

Quote:

Originally Posted by No_script

...or me deleting anything this time.

So you did delete operating system files then? i.e. WSA's log is correct?