SAS not detcting Sub7??

if one was to do some searching on sub7 they would see that AV was and still is whats recommended to stop it not AM people have just jump the gun and laying blaming on apps that are not evan recommended to stop it. {a idiot I maybe but I'm a informed idiot}

 

Agreed, well done Kaspersky, F-Secure etc...

 

Absolutely. I meant all those guys out there working to fight the bad guys. They all bring something to the arena, and each individual contributes something unique.

 

A couple of OT and generally useless posts removed. Let's keep it civil folks.

Blue

 

ok 1st you say it's AM place to stop it and not AV than you attack people with pm's and on the board when they tell you it's always been detected with AV/FW and than give Hi5 to AV for detecting it when they alway have. Sub7 is a (back door trojan) a 2 part trojan at that. the victim has to d/l something first hints why AV stops it than the controller [remote user] can do there thing hints why a FW can stop it. and to why AM do not include it is because it's old for 1 and AV have always detected it and a FW will stop it. there is nothing to be lost about the information is there on the net!! just look for it.

 

Again, you have lost me - explain to me, why SAS, a dedicated AM / AT scanner fails to find this? Forget everything else, explain why it does not detect it when all AVs do.

 

http://www.castlecops.com/p1094317-pLEASE_HELP_ME.html

You can see MBAM here finding and correcting both the current clock hijack and ID hijack .

AV and FW have 0 ability to handle this sort of damage , that is why antimalware is needed .

If any other scanner has a fully automated fix for this I would love to hear about it .

 

Do you use an AV?

 

lol there is nothing to explain AV are what detects it they have the sig in there data bank and evidently it has some virus property's do to it being used mostly by script kitty's and i'm not saying no AM/AT scanners do not detect it just some do not included it in there data bank but that's not saying they do include all the variants of it. Sub7 is old i would rather be protected from the new malware that AV do not detect than be protected from old trojans that AV do detect.and if my FW can stop the remote part of Sub7 i have nothing to worry about.

 

Hi ChrisP

As a former specialist in helping global users in a security forum for a number of years track down innumerous types of from the easy to most notorious malware ever conceived, i truly sympathize with your utter frustration.

I would like to offer you an alternative you may or may not be interested in but i can guarantee that it would go a long way in helping you stave off anything that either AS's miss or AV's, and thats a good quality dependable HIPS.

The only drawback is they require some personal attention to fine tune and set to monitor areas of potential intrusions, the good part is they STOP! ANYTHING DEAD IN THEIR TRACKS by aborting their intentions UNTILL YOU FIRST have had a chance to conduct a Google Search on what that file is whether it be offending, possibly dirupting, or safe enough to allow you to let it then proceed as normal or not.

Another alternative is Faronic's Anti-Executable that stops executables in their tracks too. I use both as a security net along with Returnil but i am on the same page as you, i want and expect a combination to intercept and dismiss anything that can prove disrupting to your good machine.

EASTER

 

The problem is that anti-malware developers deliberately don't add old malware samples to there database because they don't feel these old malwares are a security risk to the mainstream user.

So one might say that the longer an anti-malware vendor is on the market, the more definitions they have = the safer you will be from getting infected.

 

Malware does not have a time machine so once where it comes from dies or has changed enough that old definitions cant detect it any more those defs do nothing to protect you .

Why would detecting something that does not exist protect you ?

 

Although I agree with you to some degree, I'm also having a hard to figure out who must have the final decision in determining if a certain piece of malware is obsolete or not.

Also you mentioned adding definitions based on the day to day surfing habits of current internet users.... but not all users browse and use the internet in the same way. And just because certain malware may be old, that doesn't mean there is a 100% change that it will not cause any problems for current internet users.

But I do understand your statement that the smaller anti-malware companies have limited manpower, and that this manpower is better used to add protection for currently spreading malware.

 

I'm chiming in awfully late... But from my (brief) reading of this thread this is what I'm gathering (from the vendor's viewpoint)...

1) Old/Obsolete/Non-Widespread malware does not affect a majority of users.
2) New/Widespread malware does (or has the potential to) affect a majority of users.
3) Therefore, the focus will be in what can/will affect the majority of users.

It would seem to me that the vendor is not looking so much at completeness as much as it is looking for relevance to *today's* threats. And yes, yesterday's threats can become today's threats... But when/if that happens I'm sure it'll be taken care of.

 

If it has the ability to infect a computer today then it is current .

If there is nothing you can do to catch it other than download an old malware archive intentionally then its old .



You are not understanding my definition of old , it has nothing to do with when the malware came into existence . Old only refers to when the malware STOPPED existing as in no matter what you download , where you surf and what you share you wont come into contact with it .

 

Correct .

There is a LOT of research involved with this and if something long dead were to come back to life it would be current .


We maintain a dead list that is checked a few times a week , just in case .

 

Oke, if you look at it that way, then I guess you have a point.

The moment old malware becomes current again, you add it to the database.