Purchase of Boclean

Strangequark, thanks for your eicar experiment, now i know the proceedings of the 'after malware find' ,just in case.

 

Thanks for your information Snowbound I’m not complaining, but pff ...

I don’t have this trojan anymore and my pc has been updated as always. The trojan was due to my stupidity but I kept the infected file, so as soon as I can use Boclean, I will test the file offcourse.

 

I tested your bad file and Boclean found the TrojanHorse ' ZLOB78 Malware Variant' and removed it including all threads from memory.

BTW, where does Boclean saves the copy of the bad boys. I have activated this feature, but i can't find the copy anywhere.

 

Glad to see Boclean found it, I hope I once will experience the same. Sorry a little bit sarcastic.

 

@Tommy
Dontcha just love that BoClean
see attached: for me anyway

 

Tommy

I think BoClean renames the file so that is is harmless untill you rename it back to an exe ect.

 

I have got to pay attention to the exact question
( and remember every one here knows more that me )

 

Hm, I guess it's a joke

 

pepim

You were posted where the file is and that is renamed.
What more do you want?

con

 

Did I post something wrong? I haven't installed Boclean yet, still have some problems, but I don't quite understand your posting? I don't want to bother anybody, sorry if I did.

 

We will take the position that as of yet no one has posted anything wrong and simply chalk it up to possible language barrier problem. We'll also await your purchase of Boclean and any further comments you might like to share about the product.

Bubba

 

Ok I will do that Bubba, thanks

 

Always interested in the BOClean threads and postings...I'll watch for it...

 

pepim


Hello

I did not mean you said something wrong at all.
I do have BoClean and love it. You can buy one LIC and install it on all your home computers, even if you have 5. What I meant to say is that any scanner is only as good as it's definitions. In BoCleans case, you can still drag a file into it's open GUI but if BoClean does not have a signature for that nasty file, BoClean will not detect it. BoClean will however detect the file with heuristics if you actually click on the file. I am not talking an ICAR test file either. I am talking an unknown nasty.
One of the reasons BoClean is so good is it works as a memory scanner, which means if the nasty is packed with some program it usually must unpack itself in memory before it can do it's damage.
I have heard rumor of a nasty that can stay packed in memory and unpack in memory on the fly. I don't know if this is true or not.
AS far as i have seen, you can't find better support for a security program. BoCleans support is the best as far as I am concerned.

Have you already submitted your file to Virus Total or Jotties?
Those two sites have become very popular this past year the scanners on those sites can many times at least show you that something looks fishy.
Another great idea is that most computers come with some form of restore from disk software these days. Which is better then Microsoft's restore program.
I think it is a rare day to become infected with something with Process Guard & NOD32 installed as you have. NOD & KAV are two of the finest Av's in the world in my opion. PG isn't really for the home user at this point it still requires some knowledge of the operating system and an understanding on what you are clicking yes or no to. Making a program as simple to use as possible for the home user is what most security vender's try to accomplish these days.
BoClean was designed this way from day one. Make it simple for any home or office user and still powerful.

What I meant to say about having security software installed prior to becoming infected was only that some nasties won't be detected by the security software if they were installed first due to taking over the operating system at the kernel level.
If by chance your infection does turn out to be a rootkit, I am sad to say the only way to make sure you are OK is to reformat your hard drive. I know most do not like to hear it and it sounds worse for a typical non computer savvy home user even though it is not as tough to do as many think, mentioning restore software preinstalled on new HP, Dell ect computers.
Back in the day there were only two good re image programs, Ghost & Drive Image. Now days there are some very good ones which are very easy to use.
As the years go by you will see more & more "experts" here using a drive image type program because they now know of all the new drive by nasties
Built for one purpose, to steal your personal information for profit.
You just can not trust your patched browser 100 percent now days.
Any way sorry for rambling. I hope some of what i posted can be useful in some way.

controler

 

Hello controller,

Sorry for misunderstanding you and yes I did submit the file to Virus Total and Jotties.

You really mean actually click on it? What happens when you do so?

As for PG I can explain, I always disable PG when I want to install something and at that moment I had it disabled. (I thought the file was ok because a friend sent it to me) Nod32 noticed it after my pc was infected and the files were sent to Eset.
I followed the instructions of Blackspeare’s topic for the settings of Nod32, so that should be ok.

It was a trojan and my Hijackthis log appeared to be clean, so I don't think I have to reformat my hard drive.

Yes it has, thanks.

I tested the infected file by dragging it into the Boclean window (as poirot suggested), Boclean reacted immediately, I was very pleased to see that.
I didn’t dare actually click on the file, should I do so?

 

I would not advise anyone to actualy click on the file since there are many
nasties not detected buy security products everyday. The rule of thumb is that by the time most software detects a nasty, it has been undetected for a few days prior.
Just googling ZLOB give a lot of results. here is an interesting site for removing ZLOB, SPysherrif ect.

http://www.zlob-removal.com.removal-instructions.com/

I am guessing the Virus Total NOD-32 missed it because they are not using advanced features of the scanner, same with Mcafee.
Before I would turn off Process Guard to install software, I would set it to learn. I personaly like to see what drivers are trying to install because you can always accept or deny them.

controler

 

Thanks for the link.

With Jotti the same, Nod missed it too.

~removed un-necessary jotti scan~

Ok thanks for the tip, I will do that next time.

 

Yes, I agree with controler do not click on it. Let BOClean do its work and don't take such a risk.

 

Uhm or can I click on it, looking at your wink? Russian roulette?
I did click on it actually and BOclean was there again!

 

BOClean detects 622 variants of Zlob, as of yesterday's update!

 

Still have some problems. (I did get contamineted before purchasing Boclean, let that be clear!)

Strange things occur, I suddenly have an infected file in a map, that I have probably one year or so?
So I scanned it online with http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html and I get very different results. Kapersky thinks it's ok with Jotti, but in Virustotal it gives a trojan.small.BOE.

What should I do? I'm worried.

 

Ny question is, with some of the AV products detecting over 99 percent of trojans, based on IBKs test results, why do you need this added protection. Sounds like extra money spent by the consumer, for just another unneeded product of protection. Of course, I could be wrong so please enlighten me.

 

Where is the infected file located?

If there is suspicious behaviour occurring on your system u could post a Hijackthis log over at this site,

http://gladiator-antivirus.com/forum/index.php?showtopic=10517

for analysis by the malware experts there.



snowbound

 

It really depends on how any protective measures that you've already implemented function.

BOClean is a process memory scanner. Malware executables can be repacked and/or encrypted so that the daughter file bears little resemblence to the original parent (which had presumably been used to develop a detection signature). This is a very facile way to avoid signature detection of the file and basically extend the effective lifetime of a piece of malware. However, the underlying program has not changed and it will be converted in that parent form when loaded into memory to run. As a convenient reference point, think of a standard program vs an archive version of this program, for example a zip file. The two files look distinct, but are the same, particularly when viewed from the running executable in RAM. BOClean focuses on this piece of the puzzle.

That's it in a rough nutshell.

Blue

 

Thanks Blue.