Prevx bypassed !

Latest POC on XP/SP2 in Admin with Prevx v.187







Still doesn't work Looks like v.187 is tops in this at least on my comp.

*

As for EP_X0FF my impressions of him and his modus operandi etc, taken over several years of my watching/reading etc, is that he dislikes BS etc intensely. So if he "feels" that anyone, whoever they are, is involved in ANY way/s in something even remotely looking/smelling like that, he calls out.

I'm NOT suggesting that Prevx is though.

It "appears" he's Not interested in $ for finding bugs/vulnerabilities etc, but instead prefers to try and shock vendors into action, publically. I have to say, so far it seems to be working, and not just with Prevx. We all know what happens when people have contacted for eg MS discreetly in the past with Many such things, they often get put on the back burner, sometimes for years, and some still havn't been fixed.

So is public outing ever justified ? I believe it "can" be. Though in Prevx's defense, i would say, if they were contacted privately i'm Sure they would react a LOT quicker than many other vendors have/do.

*

@ EP_X0FF

I appreciate your expertise, tools RkU & Unreal etc etc, and your contributions to various forums over the years, but i think there are much better products/companies more deserving of your time etc, to highlight etc, than Prevx.

*

I_like_Prevx

*

No. Have you tested yet ?

 

no i didnt tested yet

 

Okay, I tested this latest Blovex in VM (XP SP3 with all updates) and it really killed Prevx (and Prevx wasn't resurrected)
Wasn't detected by real-time guard (right click on executable and then Scan with Prevx found it)
I'm not in the mood to test this on main OS (Win7) , have to install Win7 on VM one of these days.
So, I guess he did a pretty good job this time (on XP machines as far as I can tell) , don't know for other Win versions...

 

mmmmmm

 

Chicken

@ pabrate

Killed your XP SP3 with all updates This is interesting as I'm on XP/SP2 with Only a couple of updates, and in Admin mode, and i'm fine. Could be because i'm using v.187 and not v.188 ? But i would have thought these 3 POC's would at least do something !

Wonder why ?

 

This is because you're using a cracked version Even though Prevx may appear to function properly, all of our licensing is stored centrally - you will be receiving no protection or signatures

 

i can tested but i dont have prevx yet i just wonder to if i can test it againts defensewall

 

Defencewall will just stop it from running.

TH

 

Sorry for the late reply, I've been playing with Linux

Ref my post and screenshot #123 - I was running as Admin using XP Home SP3 with PSO188, and Zemana also simply stopped it dead because it is unsigned

 

http://www.kernelmode.info/forum/vi...sid=6d230fbed89ad3cca983f864512187d1&start=40

password: Signature_is_my_only_one_method

Not detected by Prevx, in any way.

And kill Prevx everywhere on NT x32.

 

Sorry to say, but that's not the reason. Guaranteed.
I don't know what version of POC you tested , I used latest from his forum with pwd I_love_Prevx
I'll say again , Prevx SafeOnline .187 , XP SP3 with all updates in VM.
His previous POC's wasn't working in same conditions (real-time guard blocked it ) and when I added his tool to override, POC was able to kill it (not hard at all) but Prevx resurrected in cpl of seconds.

 

This started somewhere in the middle of 2006.

Continued in the following article -> Prevx, The Epic Fail.pdf

http://www.rootkit.com/blog.php?newsid=1042

Sources have been published.
Kernelmode.info thread will be locked until something sane from the Prevx except stupid signatures.

@PrevxHelp
"internal testings", "cannot run", "filenames generated automatically" - this is named Fail at failing.



Have a fun!

 

Funny, looks like a war of deaf. On the one hand a CPOC (childish proof of concept) keeping mutating to demonstrate that the "water is wet" and on the other security experts explaining the basics of the POC and the unwillingness to follow the same route due to potential negative impacts on the entire PREVX Community (instability of the desktop systems overall).

The first getting more and more negative exposure, the latter more and more gaining grounds both in terms of reputation and most of all PATIENCE. LOL

 

I'll give you my method to wipe out Prevx from a computer:

Control Panel>Add/Remove Programs>Remove Prevx.

It looks a lot like yours.

But without all the fuss.

 

wandering which antivirus EP_X0FF considers as well self protected ?

 

Personally, I think this whole thread is amusing and a total waste of time. So I take it he can kill Prevx. Which can be said about all security software. So why the focus on Prevx. Has to be a hidden reason. Who cares what you can do and on a scale of worthy acts for humanity on a daily basis, hmm, dont even think this ranks.

Prevx is a great product and all you have done is show people just how good it is, not how good it isnt. You might want to think about that.

If I were another vendor, I would be begging you to come do this now for my product.

 

OT, but couldn't resist

He's "keeping his powder dry"
Waiting for the BIG $$ for the endorsement LOL
The tools/POCs he's delivered have punched holes through all the standard Av's.
LOL, as per now he and friends some times takes "an interest" in various tools.
Interesting face-off:" EP and Giuliani

IS EP still gainfully employed by MS ?? or just part of the mythology
Be surprised if MS endorsed this exercise ??

 

Hello all
We've added a minor update to Prevx in build .189 ( http://info.prevx.com/download.asp?grab=prevxcsibeta ) which now fully protects against all of his exploits. Again it was merely a trivial change on our end but for now, we believe that this thread has far outlived its usefulness.

I've posted a response to the whole exercise in a new thread here: https://www.wilderssecurity.com/showthread.php?p=1730993#post1730993

Feel free to continue the discussion there, but the volume of tangential posts in this thread made it turn down the wrong path.

Thanks for your support!