another test:)

Discussion in 'other anti-malware software' started by jmonge, Feb 3, 2009.

Thread Status:
Not open for further replies.
  1. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
    A2 even blocks the website.

    MZ
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i know that but strange but got it here :)
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Full paid Version?

    TH
     
  4. Max Zorin

    Max Zorin Former Poster

    Joined:
    Nov 3, 2008
    Posts:
    103
    Hi, yes, the full version.

    I have never used the free version - but I understand it is an on demand scanner only.

    The paid version has real time protection - which includes surf protection (protects from bad sites / hosts etc) and has a soft HIPS (is the same as Mamutu). The realtime AM scanning is on execution only and because of this, does not conflict with any other AV (A2 has the Ikarus AV engine which wont miss a thing - but gives a few FPs)

    I believe you can trial the full version for free - time limited, but fully functional) Give it a go and see what you think.

    Hope this helps.

    MZ
     
  5. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Great!

    TH
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    yes sir;)
     
  7. Judge Dee

    Judge Dee Guest

  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  9. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Spy Blaster has a crappy GUI and not many convincing fake alerts in only finding one.

    Winiguard has the best fake detection rate at 741 followed by AntiSpy Knight at 494.

    SpyB.jpg
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    wooooo that looks nice:D
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Why, ClamWin doesn't have much nicer GUI and this is more intelligent and shows less fake alerts to convince that it's not fake! :D
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    what is interesting, and I saw your orginal post with link before it was axed, was, that of the few that did detect it, was Norton.:thumb:
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Very clear info, Not a virus but a fraud tool.Nice an easy to understand.
     
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Yes true! That's what most detect as!

    TH
     
  15. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Those rouge security apps depend mostly on sigs. Heru. don't really help. It's just a matter of who's first and who's among to last to add definitions. Don't be surprised if some vendors fail to provide sigs, months after the discovery. Or never.

    Norton has failed to detect several rouge apps before. I posted about it and it took an 8 page long thread for the defs to be updated.

    ---

    However, heru. may help. Like an AV could use heru. to match an new strain of a rouge app to an existing sig.
     
  16. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    what is heru? do u mean heur short for heuristics?
     
  17. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Quite right,rogue AMs are difficult fellas to pin down given their similarities in structure to genuine apps.People often download and install these things themselves giving BBs a dilemma.Many of these buggers are not malicious at all in the accepted sense of the word,just very deceptive in the 'results' they throw out to scare the $$$ outta folks.
    Threatfire got a load of flack for over zealously terminating legit applications previously. A signature is the best method of catching this stuff at present for the average user,while a HIPS will fill the zero-day gap for the technically minded (sometimes).There's no perfect solution alas.:'(
     
  18. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    This one is especially tricky; it lacks the invasive component of most rouge apps and doesn't download other files from the net. It doesn't create a startup entry ... very surprising. And it doesn't use a suspicious packer; just an MS installer package.
     
  19. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Here I can generate any numbered installer for the rogue Antivirus 360 which is a clone of Antivirus 2009.

    I just visit the download site and change the number at the end of the link and it auto downloads a new installer with that number.

    They are all the same size and packed the same but can change from day to day.

    I was able to do the same for Antivirus 2009 a couple of days ago but that link isn't rendering atm.
    AV 360.jpg
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    this rouge is very diferent than the other ones it is more quiet:D
     
  21. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Basically it shows that signature based detection still has a role to play.I've said for ages that the hosting companies of these sites need to be held accountable for the crap on their servers.
     
    Last edited: Feb 4, 2009
  22. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Never doubt the doctor. ;)

    Good ol Dr.Web's free link checker does the trick. It at least analyses the file in-depth and gives you a clear 'suspicious' warning. You don't even have to download the file. :thumb:

    http://www.freedrweb.com/browser/
     

    Attached Files:

  23. normishmael

    normishmael Guest

    "Fatal error during Installation" when ran in Returnil.
    Does this mean it is smart enough to detect a virtual environment?
    But it ran in Shadow mode of Shadow Defender!
    maybe i just got a bad Spy BlasterExe.
    WOT rates site red for what its worth.
     
  24. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Worked for me in Returnil.

    No doubt its an rouge; intentional FP database.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Timely topic. LoL

    I been experimenting with this InstallAVg_1.exe thia week myself, the old rogue AV enticement exploit. I wonder how many open/vulnerable websites their gonna sneak this one in on the web host's customers. Because the 2008 was distributed like a machine and it's a sure bet they used some sort of (hilarious to them) crawler app to search out open unprotected sites to stick in onto. I ran across a series of them just from simple Google searches like for one example, northern lights.

    EASTER
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.