Spybro versus Prevx fight

[SystemJunkie]

Look the fight between antispy companies, it´s really funny, but on the other hand a bit sad, I don´t think that spybro is so bad, but most antispy think so. Look:

First round goes to PrevX:

http://i13.tinypic.com/2rg2kg0.png

Second round goes to spybro:

http://i14.tinypic.com/2cct6aa.png

I don´t like PrevX argument that memory is infected only because lawenforcer.dll hooks files.
It is totally useless to restart the pc because of this fact.

[Longboard]

Hello System Junkie
You mean this right?
http://www.spyware-browser.com/

If you don't mind, a couple of low end user questions:

Why does spybro get such a bad time in so many malware removal forums?
Looks like quite a powerful process scanner.
Does it do removals? How well?
Do you know What the difference is btwn:
SpywareBrowser & Advanced Free Spyware Monitor http://www.spyware-browser.com/freeware/

I see you have been using AAK: http://www.spydex.com/
this app seems to be able to block kernel level malware with great success: could you tell me a bit about it, please

How do these tools compare to say Process Explorer, Autoruns, SAS or Rootkit scanners?

Thanks.

[dah145]

Seems like a very powerful software, it has HIPS , but is it trustworthy....?

Some screenshots:

http://www.spyware-browser.com/Help/...p_image001.jpg

http://www.spyware-browser.com/Help/...nced/servicios

http://www.spyware-browser.com/Help/...vanced/drivers

http://www.spyware-browser.com/Help/...p_image005.jpg


It really looks good, but who knows? ? ?

[Notok]

Quote:

I don´t like PrevX argument that memory is infected only because lawenforcer.dll hooks files.
It is totally useless to restart the pc because of this fact.

If you have a particular question about or want to dispute any determination of any program, feel free to write in to support. The easiest way to do so would be to double click the file in your Holding Cell or Jail to bring up the web info and click the "Disagree with us?" link in the upper right hand corner. This sends us all info needed to research that particular file. Keep in mind that this may have been a heuristic determination.

[SystemJunkie]

Quote:

Hello System Junkie
You mean this right?
http://www.spyware-browser.com/

Yes, exactly!

Quote:

Looks like quite a powerful process scanner.
Does it do removals? How well?

It´s a great api hook and hidden dll finder.

Quote:

It really looks good, but who knows? ? ?

It is great. Spybro is maybe the most advanced api hook finder, you get more usable results then with any other.

The Spy Scanner is not the top but the subtle forensic functions are really cool.

Quote:

I see you have been using AAK: this app seems to be able to block kernel level malware with great success: could you tell me a bit about it, please

How true, it is probably the best Anti-Screener and Anti-Keylogger in the world actually. I did not see anything better. It finds the deepest low level sh*t you can imagine, even very unknown not yet revealed rootkits.

It founds two crazy sys driver in my system and a unknown screen capture event, source of this malware still not known.

PrevX finds nothing but look AAK ;-) Firefox Exploit.

http://i10.tinypic.com/2yjy43m.png

[dah145]

Quote:

Originally Posted by SystemJunkie

Yes, exactly!



It´s a great api hook and hidden dll finder.



It is great. Spybro is maybe the most advanced api hook finder, you get more usable results then with any other.

The Spy Scanner is not the top but the subtle forensic functions are really cool.



How true, it is probably the best Anti-Screener and Anti-Keylogger in the world actually. I did not see anything better. It finds the deepest low level sh*t you can imagine, even very unknown not yet revealed rootkits.

It founds two crazy sys driver in my system and a unknown screen capture event, source of this malware still not known.

PrevX finds nothing but look AAK ;-) Firefox Exploit.

It really looks great!!! Is like SSM with AS.

[Devil's Advocate]

Quote:

How true, it is probably the best Anti-Screener and Anti-Keylogger in the world actually. I did not see anything better. It finds the deepest low level sh*t you can imagine, even very unknown not yet revealed rootkits.

I agree. It is the best anti-rootkit in the world!!!

[EP_X0FF]

Quote:

Originally Posted by SystemJunkie

Spybro is maybe the most advanced api hook finder, you get more usable results then with any other.

Totally disagree. It is very slow scan and very easy implemented. Detects only inline hooks in user mode. Modern malware do not work in user mode Can't remove hooks, can't work with HaxDoor -> rootkit will do BSOD (hooks on hooks).

And it is not HIPS. SpyBro using hooking model based on DLL-injecting. It is very easy to bypass such things. And this programme give a huge affect on PC performance due to poor hooking realisation. I can prove that in any time. I fully tested this SpywareBrowser and posted results on SysInternals. Unfortunately I didn't found something new or impressive in that product, including annoying "KAU Antivirus" inside =)

Just my two cents.

[Longboard]

@DA
You mean AAK right?
Have you looked at this?
Tested with anything?
How work?

[SystemJunkie]

@longboard: you have to be a bit carefully with DAs comments,

Quote:

I agree. It is the best anti-rootkit in the world!!!

there are two possibilities, on the one hand he could acknowledge the power of aak on the other hand it could be the mockery of the devil ;-) Or the disappointment of not receiving screenshots anymore.

Quote:

SpyBro using hooking model based on DLL-injecting.

Yep

Quote:

It is very easy to bypass such things.

Probably, don´t know.

Quote:

Detects only inline hooks in user mode

But it shows very clear details of those hooks.

[Devil's Advocate]

Quote:

Originally Posted by Longboard

@DA
You mean AAK right?
Have you looked at this?
Tested with anything?
How work?

Be patient, and all will be revealed soon.