Bitdefender, does it unpack?

Discussion in 'other anti-virus software' started by Main, Apr 17, 2003.

Thread Status:
Not open for further replies.
  1. Main

    Main Guest

    I got those 2 test files from the other board and neither bitdefender or F-prot could pick them up but GAV did.

    I'm using bitdefender and I was wondering if I'm not configuring it right or does it not have the ability to unpack files.
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    When you say test files, what kind of test files exactly.
    AVs use virus definitions for actual viruses and of course the eicar test virus.
     
  3. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    I'm curious too, I have a paid up F-Prot here and there isnt much it doesn't detect. I'd be interested to run these test files.


    :)
    Kev
     
  4. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I think this is the thread referred to:

    http://www.wilderssecurity.com/showthread.php?t=8425

    It *is* an interesting test! ;)
     
  5. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Thanks Jim, indeed it is an interesting test ( I somehow missed the last few posts)

    For what its worth I scanned with my backups (albeit trimmed down now)

    Gav- Detected both
    Nod32 - Missed both
    Mcafee v7 pro - Missed both :eek:
    Kavlite 4.071- Detected Both
    F-Prot 3.13 - Missed both

    This is by no means a scientific test, just a quick 'right click scan'
     
  6. Redhat

    Redhat Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    4
    Location:
    United Kingdom
    Suprising results, may I confirm the test file so I can test avast! ?

    Thanks :)
     
  7. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Sure Matt, see Jims link above, reply no12 for the links :)
     
  8. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Its good to see that KAV lite stops it. Running Lite on normal settings it didnt . running Lite on Medium settings it did. And running Lite on High settings it would not allow me to down load the files at all.
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I checked those two files with AVP 3.5 scanner and it did not catch anything. So, I checked my settings and scan in archives was not checked.
    After I told AVP to scan inside of archives, it picked up both.
    I do not remember is there is a setting for this in F-Secure, but I would check. Same for all other AV's and AT's.
     
  10. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Picked by AVK (KAV Engine). It’s a matter of unpacking engine that AV offers. Bitdefender has a pretty decent unpacking engine, but nothing beats Kaspersky.
     

    Attached Files:

    • avk.gif
      avk.gif
      File size:
      15.1 KB
      Views:
      675
  11. main

    main Guest

    I got a bit worried so I removed bitdefender and re-installed NAV2002 that I got with my computer, now I know why I don't like Norton....... my system is crawling right now.

    I don't know, maybe I should give it another shot, I can't stand that Murphy shield, it always bothers me if I want to allow this and that, I have no time for that already since I got Outpost firewall.
     
  12. main

    main Guest

    Me too, I have F-prot as a backup and it missed both files, along with Bitdefender and I also did a quick right scan.

    That got me thinking that if it can't pick them up off a quick right scan than maybe the resident shield can't pick it up either with the file is excuting and BAM!!!

    Were toast!!
     
  13. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    BD v7 standard is out and does not include a firewall! Murphy is gone! :cool:

    During installation uncheck "act as firewall" option and it won’t bother you again! ;)



    Technodrome
     
  14. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    F-Prot has a poor unpacking engine but its a very strong AV!



    Technodrome
     
  15. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    It sure has and has been steady for me for many years.

    Incidentally Technodrome, how did you manage to get an English language version of AVK? I trialled it but my German is not good so iI couldn't use it properly. :)
     
  16. Main88a

    Main88a Guest

    Just for kicks, I'm going to DL the evaluation of Sophos, try it out for maybe a week and see how it does, I know it's pretty expensive.

    These things scare me because I use alot of Kazaa.WinMX and I can't afford mistakes, not right now.

    Keep me informed on how Avast does in detecting these viruses.
     
  17. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Posted by: Tinribs Posted on: Today at 01:15:32am
    It sure has and has been steady for me for many years.

    Incidentally Technodrome, how did you manage to get an English language version of AVK? I trialled it but my German is not good so iI couldn't use it properly.

    Good question Kev Id like to know too :)
     
  18. xor

    xor Guest

    Sophos won't help here - pick a AV with good trojan/backdoor/worm detection and a unpacking engine.
    Sophos is expensive and good in classical virus detection but dont think about it if you use kazaa. Sophos is mainly for companys.
     
  19. _anvil

    _anvil Guest

    Guys, don't panic if one AV doesn't detect this "firewar" exploit - it is only a 'proof of concept' (from the author of the firewall leaktest "backstealth"), and not a real virus/trojan.
    That's why only a few AV companies have added signatures of this tool. :cool:

    From the AVs mentioned above, Bitdefender, McAfee, KAV(lite), AVK and GAV can unpack UPX. :)
     
  20. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    No prob Kev... :)

    My weigh-in:

    PC-cillin 2002--missed both. Allowed the .exe to run! :eek: (Odd, since Trend has the trojan in their def files)

    NAV 2001--Caught zipped. Did not allow execution.

    GAV--Caught both. Prevented execution.

    BOClean--hammered 'em on execution.
     
  21. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Go to http://www.extendiaavk.com/ !

    CompUSA sells AVK Pro (eXtendia) for $19.99! I used this AV since version 9! Just purchased new version (in English). ;)

    No need to mention how strong it is! ;)

    http://www.compusa.com/products/product_info.asp?product_code=301775&pfp=BROWSE



    Technodrome
     
  22. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I agree with Gladiator! If you use Kazaa , then SOPHOS is not your best bet ($ 299 per license)!

    Your best bets are:
    KAV, AVK, F-Secure( any product that uses Kaspersky engine), Mcafee, DrWeb, RAV!


    Technodrome
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,605
    Location:
    Hawaii
    Technodrome- Thanks letting us know about the bargain price for AVK! I just bought it for $19.99 for pick-up at a CompUSA store just a few miles away from where I live.

    Such a deal! :D
     
  24. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I couldn't resist it either! :D

    Its up and running here.... ;)


    The only thing I need to do is a full system check. But I am sure 100% that there are no virii on my machine...

    Ok maybe 81%.... :D



    Technodorme (edit typo) :D

    Technodrome
     

    Attached Files:

  25. I_lack_commonsense

    I_lack_commonsense Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    44
    Technodrome,

    In your screenshot of AVK, was wondering what "Protocol" referred to. Thanks
     
Loading...
Thread Status:
Not open for further replies.