New AV is here >

[StevieO]

Here's a new one to me, RemoveIT Pro 2.1 SE

. . .

Quote:

Welcome to InCode Solutions official web site, The company who develops antivirus systems for Windows Platform.

Our team was formed in the year 1999. in Rijeka, Croatia.

RemoveIT Pro XT - SE in only simple antivirus protection that only scans for viruses from database.

- For full and powerfull protection check out our RemoveIT Pro XT Enterprise.
- RemoveIT Pro XT has High level protection technology (HLP) and virus removal filters which filts all new executable files.

RemoveIT Pro XT - SE (Free for non commercial use)

http://www.incodesolutions.com/index2.html


StevieO

[Eldar]

Only $15 or the free version.
It's also pretty new on the market, because the forum has no posts, no members at present.

[IBK]

Quote:

Originally Posted by Eldar

no members at present.

the only registered members are from bots that registered for making publicity to their sites (casinos, ad spaceholders, etc.) :/ could be avoided a bit by applying more strict rules for registration to the forum

Sure, all have to try it - it deletes valid SYSTEM FILES!

I pressed stop after the first false postive - there are a lot of more system files detected.

By the way this is a valid Microsoft XML Parser DLL. The guy who develops this bullshit application (It's nothing else) does not even know what is malware and what not and all people are happy that such "new antivirus" finding things which other AV's are missing. Go, make a donation for screwing up your system

[IBK]

RemoveIT Pro could be classified as Trojan Horse.

That's not but we would need another Class like "Idiotware"

I really cannot understand that people start using software which they don't know just because of the sake for having a "security software" name.

I said it already MANY TIMES in this forum - With unknown and untrustworthy Security Applications you can do more harm to your machine than having no programs at all installed! And this has nothing to do with "bashing products" or "not giving the author any chance" - it's insane to develop such applications without any expertise. You can really badly screwup a machine with this.

[Eldar]

I for sure am not going to try this one out.
Best stick to the trusted ones.
Thanks for the warning and the test Happy Bytes.

[StevieO]

Oh great i never liked that Microsoft XML Parser anyway. Maybe it could eliminate XP activation as well, along with a few other things hey !

Nice looking GUI though, worth getting just for that.

I suppose it might be better to choose an AV that misses things, rather than one that produces FP's !


StevieO

I disassembled it to bring some light into the dark. It's indeed "dangerous".
It scans for fixed filenames! That means if there is a malware which uses for example 123.dll in the systemfolder it will detect and delete ANY FILE - regardingless what it is - with the name 123.dll.

I just tryed it as follows: i renamed the own install log ( a normal text file ) of this pumpkin-application into "msxml3a.dll" and copied it into system32.

Voila: Detected! It detects it's own files if it has the matching name to the malware! That's also the reason why there is no proper virus name. The author only collects files where he ASSUMES that they are malicious. then he adds this filename in a database (simple encrypted) and scans for this filenames.

I cannot believe what crap people developing - thats really the worst i saw so far and just believe me i saw a lot of weird things

[Carver]

Quote:

Originally Posted by Happy Bytes

I really cannot understand that people start using software which they don't know just because of the sake for having a "security software" name.

I agree, some people will try anything. Doesn't seem to mater if it screws-up the computer.

[StevieO]

Happy bytes you do know it's Very naughty to disassemble or reverse engineer software ?

I've heard of self repairing Apps, but self destructing ! Maybe they could turn it into a nice little shredder App instead.


StevieO

Quote:

Originally Posted by StevieO

Happy bytes you do know it's Very naughty to disassemble or reverse engineer software ?

That's my daily work.

[IBK]

an analysts needs to disassemble malware, good thing he did .
btw, nice trojan definition which could apply can be found on http://www.research.ibm.com/antiviru...y/inwVB99.html

Quote:

# What is a Trojan horse?

A Trojan horse is a program which performs (or claims to perform) something useful, while in the same time intentionally performs, unknowingly to the user, some kind of destructive function. This destructive function is usually called a payload.

A Trojan horse is a program which performs functions other than those stated in its specifications. These functions can be (and often are) malicious.

A Trojan horse is, as the name suggests, a program which is allowed onto the user’s PC under false pretences, whereupon it has undesirable side effects.

Trojan horse: A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security.

A program which someone tells you is legitimate software, but which actually does something other than what the person claims it will do.

A program which the user thinks or believes will do one thing, and which does that thing, but which also does something additional which the user would not approve of.

A program which the user thinks or believes will do one thing (the ‘perceived purpose’), and which may or may not do that thing, but which also does something else which is not necessary to accomplish the perceived purpose, and of which the user would not approve (the ‘payload’).

etc.

Well it is NOT a trojan. The author does not even know that he's that bad. So basically it becomes a dangerous application based on unexpirience from the author, but not on purpose. A trojan always has a purpose to disguest something. Here we have a new kind of malware - i would name it "Idiotware" but unfortunately there isn't such a category now Or "PDA" Potentially dangerous Application

[dw2108]

Quote:

Originally Posted by Happy Bytes

Sure, all have to try it - it deletes valid SYSTEM FILES!

Glad to know that! My PCs always run faster with FEWER system files! I really need to give this AV a test drive!

Dave

Quote:

Originally Posted by dw2108

Glad to know that! My PCs always run faster with FEWER system files! I really need to give this AV a test drive!

Dave

If you donate 5 bucks to me i can send you a copy of DEL-Command

[Grumble]

Gotta love Happy Bytes and his 'bullshit walks' attitude!

Quote:

Originally Posted by Grumble

Gotta love Happy Bytes and his 'bullshit walks' attitude!

I don't know you, but i love you too

[controler]

Now whom is realy in the know?

Interesting young thread.

http://www.dslreports.com/forum/remark,15734965

SOunds pretty nasty to me.

Happy B, when you dissembled this did you find a rootkit?

The worm has nothing to do with this app.

[controler]

Ok sorry this must be a different version.

"There is virus Win32.Alcra.F that has name RemoveIT Pro 2.4 SE.zip and it spreads it self via sharing networks. So please beware if you downloading this zip file or some other zip file via sharing network and keep your antivirus up to date." ( »www.incodesolutions.com/index2.html )"

con

What is so difficult to understand? The worm has nothing to do with this version what you can download on their website.

[controler]

Was just wondering why this post over on Dslreports mentioned this and the link to ( »www.incodesolutions.com/index2.html )" is all.