SAS real-time protection fails - Prevx saves!

Discussion in 'other anti-malware software' started by ako, Aug 6, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    667
    I did a small very unscientific test. I installed Superantispyware Pro, Winpatrol, Hitman pro and Prevx free. Then I started installing 5 nasty malwares. SAS was almost blind preventing only one from installing. Winpatrol and Prevx both warned of the infections.

    http://img80.imageshack.us/i/sas3.jpg/
    http://img231.imageshack.us/i/sas6.jpg/ (look at Winpatrol warning!)

    The system was soon full of pop-ups.

    http://img44.imageshack.us/i/sas5.jpg/

    I scanned with SAS, cleaned and rebooted. It could remove quite a lot, but after reboot only Prevx could run, and malware prevented all execution of other programs.

    http://img26.imageshack.us/i/sas7.jpg/

    I scanned with Prevx, put licence key, cleaned

    http://img39.imageshack.us/i/sas8.jpg/

    and rebooted. Now the PC was clean, but file associations for exe-files had not been corrected,so the system was still unusable.

    http://img401.imageshack.us/i/sas9.jpg/

    I booted to safe mode (command prompt), restored a clean system and booted. Evething was ok now! Programs could start, and Hitman pro also told system is clean. Prevx rocks!

    Ps. I've found Winpatrol very useful in my tests! SAS real-time protection seems poor,and SAS cleaning capabilities seem clearly inferior to Prevx.
     
    Last edited: Aug 6, 2009
  2. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    Very interesting. Whilst the test uses a tiny number of malware samples and could therefore be seen as having little meaning, it does fit with my experience of testing. Whenever I have tested SAS on current and new malware, it has always been the worst.

    Puss
     
  3. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    667

    It is also interesting that Prevx could resist killing, while SAS could not.

    P.S: Could someone french speaking look these videos on Prevx and make a summary?

    http://www.youtube.com/user/PegHorse
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    did you tried the new malwarebytes againts same test and wooooo winpatrol is getting better:thumb:i also wonder what would happen if your answer for winpatrol in the alert is no,no,no will winpatrol block the malware?what kind of malware were they?thanks
     
  5. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    667
    Can't test MBAM real-time, I have no key to it.

    In my tests Winpatrol sometimes blocks, sometimes queries again and again. Anyway, it is very good at telling what's going on.

    Fake AV:s, trojans.

    PS. Does anyone know how to recover file association for .exe without system recovery (see my first post)?
     
    Last edited: Aug 6, 2009
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thanks:)
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Our removal routines "should" have cleaned them but apparently there is some issue (just received a few reports from other users of ours about that failing aspect of cleanup as well so we will be fixing it).

    However, try renaming regedit.exe to regedit.pif and then running it and edit:

    HKEY_CLASSES_ROOT\.exe

    set the default value to:

    exefile

    and then open HKEY_CLASSES_ROOT\exefile\shell\open\command and set the default value to

    "%1" %*

    That should fix it - let me know if it doesn't, however, and I'll investigate further on this particular infection :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.