Doctor Web, Ltd. launches beta-testing of a new generation anti-virus

I've installed Dr.Web on my laptop since last year (I've just changed my avatar cuz of the new beta ). Today I used the new beta to scan my friends comp who was infected by *Lots of* viruses, and it completly cleaned his computer : no more viruses, and a fast comp. It just found 2 FPs (2 exe of one software, trusted one), among 600.000 files scanned, which took about 4 hours (all securitys enabled).

Dr.Web is perfect for me (never say perfect lol, they would stop developping their fantastic product), and I don't really judge it by its results on AV-Comparatives or even other Independant Test. I forged my own opinion about it (very very reliable, never had problems with it, unlike Avira and many others ...), as I am using it for so long

 

Is there a specific email addy to submit the beta .origin false positives to? I've submitted to the usual vms{AT}drweb.com but have not got any reply, and they usually reply quickly at that address ?

Londonbeat

 

no, same addresses as before.

submit a sample link in my signature works fine for origin files, as i used it with reply on 2 fps regarding dell drivers.

 

I've tried Norton, Panda, F-secure, AVG, Norman, nod32, bitdefender, F-prot, Kaspersky, Avast, Trend Micro and Antivir.. but there is nothing like Dr.Web

It uses very little resources, works 100% without conflicting with anything and runs silently in background doing it's job. I am not new to computers so I don't need that 99.983% detection of everything, so Dr Web is perfect for me.

 

yep ive tried all and i just love dr.web

welcome risl, it looks like the spider is mutating and spreading around

 

remember its personal opintion my fav two av's are kav and nod32.
must stop going off topic
lodore

 

Thank you

Perhaps an army of Web-a-maniacs is gathering.

.. back to the topic: Only minus I can find that should be improved is the scanning speed. Otherwise, don't fix it until it gets broken!

 

yeah, you must.

now bog off and join the kaspersky threads *lol*

 

my point about personal opintions is correct thou.
you like dr web because its right for you and runs well on your pc.
lodore

 

I will second that. The key for the future isnt detection but reducing FPs. If they improve in this area, more will come.

 

I have not found any FP:s named by this "*.origin" albeit I've scanned almost 180k of files from my laptop. Is it normal?

Still a bit confused about this brandit.exe,

C:\SWSetup\BrandIt\Disk1\brandit.exe probably infected with STPAGE.Trojan

which even was found by Drweb in VirusTotal too.

I've submitted brandit.exe to drweb lab in here over 2 weeks ago and still only drweb is finding this file as possible infected in VirusTotal. I'm pretty sure that it's a FP, because with Kaspersky it takes never over two weeks to add a signature for a nasty scanned in VirusTotal. I think that this brandit.exe is a legit HP file preinstalled to this Compaq laptop.

Best regards,
Firefighter!

 

Hi trjam

Do you have an antivir suite licence to sell ?

Just joking

MaB

 

@ Firefighter

I'm pretty sure STPAGE.trojan is a heuristic detection (same as DLOADER.trojan), you could check this by disabling the heuristic and rescanning the file, it probably won't be detected then.

Regards,
Londonbeat

 

I know that already, but usually DrWeb is correcting these FP:s within a couple of hours after they have got these files but now it's over two weeks from that.

Best regards,
Firefighter!

 

i'm using DrWeb now and i will move to antivir, but stpage.trojan is a generic detection and dloader.trojan is a heur detection.

 

Yeah I've got a couple I submitted last week still not fixed and no reply, I guess they are snowed-under working through the beta FP's, or maybe they aren't correcting any of the beta fp's until the beta trial is finished.

Londonbeat

 

It's not a beta FP because it's not named as "*.origin" and DrWeb finds it even in VirusTotal.

Best regards,
Firefighter!

 

You wont be any better protected and keep in mind folks, detecting is one thing, removing it completely is another. And for that Dr Web would be worth keeping.

 

I thought version 4.33 onward heuristic detections included all the following: DLOADER , MULDROP ,
STPAGE , BACKDOOR , PWS, WORM and MAIL.WORM.

The below link is 4.33 for unix but it's the same heuristic names for windows 4.33 I think:
http://forum.drweb.com/viewtopic.php?t=1783

Londonbeat

 

you have changed your mind again jeff?
acording to your sig it is.

 

i dont think it matters, i dont think dr.web give you any ideas whether its been picked up heuristically or through the signatures, i think the name of the virus remains the same.

although i personally would like to see dr.web give a different name to the virus if picked up heuristically, would be nice to see

i think 'possibly infected with......' are the only heuristic detections that you can know of 100% unless you scan a set file with heuristics on... then same again with them off.

 

That's true, at least in my case.

Best regards,
Firefighter!

 

Dr.web Beta Comparison

hello,

following on from my first comparison between the beta release and the released version, see here and here

here is test 2:

4.33 released version

http://www.freeimagehosting.net/uploads/991814cc41.jpg

-----------------------------------------------

Beta Version

http://www.freeimagehosting.net/uploads/6240165ebd.jpg

-----------------------------------------------

Summary:

the beta only detected 160 more on such a big test-set, i still am not seeing the big improvement on this technology as of yet, but dont be too down hearted just yet as it did still detect more, just not by much. *lol*

released: 80.56%
beta: 80.59%

will continue to monitor the beta's progress and will hope for greater improvment next time around.

 

Re: Dr.web Beta Comparison

Just a curious, but how many "*.origin" labelled detections you have got in your test?

Best regards,
Firefighter!

 

Re: Dr.web Beta Comparison

hey firefighter,

19 files,

1. Backdoor.Win32.Latinus.10.b infected with BackDoor.Fade.origin
2. Sniffer.Win32.Ngsniff.11/ngSniff.exe infected with Exploit.IISSynx.origin
3. Trojan-Downloader.Win32.Delf.dt infected with Trojan.DownLoader.origin
4. Trojan-Downloader.Win32.Harnig.a infected with Trojan.DownLoader.origin
5. Trojan-Downloader.Win32.Livup.a infected with Trojan.DownLoader.origin
6. Trojan-Downloader.Win32.Puram.09 infected with Trojan.DownLoader.origin
7. Trojan-Downloader.Win32.Small.ab infected with Trojan.DownLoader.origin
8. Trojan-Dropper.Win32.Delf.ci\data002 infected with BackDoor.Fade.origin
9. Trojan-PSW.Win32.Lmir.lp infected with Trojan.PWS.Legmir.origin
10. Trojan-PSW.Win32.Lmir.ml infected with Trojan.Click.origin
11. Trojan-PSW.Win32.Lomaster infected with Trojan.DownLoader.origin
12. Trojan-PSW.Win32.Pasorot.d infected with Trojan.PWS.Legmir.origin
13. Trojan-Spy.Win32.Delf.o infected with BackDoor.Gersang.origin
14. Trojan-Spy.Win32.PCspy.b is riskware program Program.XPCSpy.origin
15. Trojan.Win32.Dialer.ah infected with Dialer.Sexfiles.origin
16. Trojan.Win32.Dialer.k is dialer program Dialer.AsianRaw.origin
17. Trojan.Win32.KillFiles.ac infected with Trojan.Crash.origin
18. Trojan.Win32.StartPage.nk infected with Trojan.DownLoader.origin
19. Virus.Win32.Evyl.a infected with Win32.Evul.origin

not sure if this was the answer you wanted, but there you go....

hope its an interesting read and i will check the beta again in a few weeks maybe to see if its updating etc.

--------------------
antivir classic testing on the same test-set

scan time: 2hrs + compared to 16 minutes through dr.web, avira has big problems scanning single-file malware and its unbelievable slow, but please note if its put into a .rar there is no problems and scanning is fast again.

detection:

Avira: 84.4%
Dr.web 4.33: 80.56%
Dr.web Beta: 80.59%

i aint sure if nod detects all of the above type-threats in the test-set, but thought id test it to it anyway.

Nod32: 59.2%