CIS Froozen highly infected machine

I'm curious to know why he is avoiding doing the same test for drweb.

 

I wouldn't say he is avoiding it. Why don't you try asking him nicely to do one instead of coming into the thread and making an unfounded claim?

 

So does the other guy at remove-malware.com, he did mention that drw is to be tested some time ago but nothing happened.

 

I was really intersted in DrWeb results my self from either Matt from malware.com or guest.I could only suspect what the doc finds would squash it since its cleaning ability actualy works.

 

For entire day I was trying to do the same as moymoons done, on my virtual machine..
This should be intresting for you C.S.J I tried to install dr web as my last line of defence (kav/nod beta 4/avg/bit defender/avira fail totally, avast patrialy)
Have you seen something like on the picture below?


After installation of Dr Web found some active malware and delete it. But after restart...... I must admint that exept avast, dr web was only av witch was able to update his database.

Regards...
y

 

no, ive never seen an image as such, you sure you installed it properly?

did drweb find and remove the malware?

any other AV's installed?

 

Yup after installation I made a full system scan - dr web found 4 active malware (one of them was in winlogon - unfrotunatly missed some others). Dr was unable to cure infection so I chose to delete this files instead. Everyhing was fine until I rebooted my machine - the results of reset you can admire on the picture.
Dr has been only one installed av at the moment.

 

I quickly looked through this thread, and if I didn't miss anything all the tests were performed on a VM, right? If that's really the case, then all the tests are completely useless. From my own testing I found out, that even thou some AV programs are a complete disaster on a VM, they work without a hitch on real hardware (and CIS is one of them, on some VMs it wont even start in the first place).

 

Please explain why?

 

now that's a far fetched assumption.....for with that much infection only virtual machines are safe or maybe yours might be an exception...vm are virtual clones of actual system so if os....av and other software work in it so does the malware affecting normal system....thus it is the preferred for testing.....as for security programmes not starting on vm....well there are many threads here at wilders dealing with them not starting on perfectly clean and normal pc's....so why vm bashing.............

 

Cause VM bashing might start an argument and get the thread closed. Hey, this is just one of millions of tests that have been performed. It's not the 'definitive' test, so hopefully everyone just takes it for what it is, just another test.

 

Because it's simply not the real environment where the software is meant to operate.

My guess would be that the problem with those antiviruses are their drivers that probably don't work correctly under VM. Someone wiser than me should correct if I'm wrong.

 

It's true, certain av's can't load properly under vm. Even cfp used to pop up a message saying it cannot function properly in virtual machine hardware.

 

IMHO visualised environment shouldn't vary from real os.. But maybe someone wiser with deeper knowledge will answer us for that question?

Few notice about various av that I tested (of course as someone mentioned It's only one of millions such tests and will not apply to yours tests probably)

Most av were not able to updated because active malware blocked access to the serwers (it's included KAV 2000, NAV 2009, AVIRA, ESET v4 beta) Only AV that were able to update were Dr Web and Avast (I'am not sure if they were not blocked or they used their unique tricks to connect to database).
KAV was able to detect some malware but after entering in special disinfection routine causing BSOD on my machine all the time. Also I was triyng to use kaspersky tools to detect problem with browser settings etc to help KAV to update but with no success.
nod was picking up all the time malware, some by heuristics, and was blocking access to malware sites - witch was pretty good on the other hand was not able to clean all of them (even if claim that it's going to clean the file by deleting after reset) - and after reboot I have the same rouge av and others trojans detected
NAV 2009 that I have has definition 99 days old - and because of that probably was not effective (even with "agressive" heuristics). It was picking up some fakealert trojan but nothing else. It was also little annoying creating new windows with alert that it's imposiible to connect with database and with the number to their helpline.
Avira (free edition) was alerting with dozens of popups with different type malware but was not able to clean single one active (starting with active process) - causing restarts. Also It was not possible to update virus database
Avast was surprising me a little bit. It found some rootkits (generic detection) and trojan (also generic/signature), was able to update, after memory scan offered boot scan - and found some malware inside windows/system32 folder that none of others av found and really deleted them. After restart advertisement pop up's were gone, and system worked pretty fast and stable. Unfortunate there were some active malware that was missed (processes like udf.tmp b46.tmp or others in task menager) and network shield was occasionally blocking access to some websites (even when I was not using browser at all) . But I must say that was the best that I gain in comparisone with others av that I tested....
One more think - probably because quite week self-protection - avira was only one av terminated by malware after while.

Regards
y.

 

So far I haven't found any issues with VMware Workstation and Anti-Malware Apps. I've tested a lot of apps (as many of you guys know).

YouTube.com/mrizos

 

So Please test Dr Web to see if it is compatible ... many people are curious to see Dr Web results thanks

 

Can you please tell if Trend Micro did any good in your tests?

 

So Dr. Web doesn't do well in the test either and now the supporters are crying virtual machine? Funny.

 

My comment would still be the same, even if I would have never heard of Dr.Web. Facts are facts and my selected security software can't change that. Avast is another product I use in many workstations, it probably did well .. but the fact remains -> it isn't meant to be used in VM.

And I believe the problem is with the drivers, causing BSODs and disinfection/removal errors since they perform the low level operations. I believe you cannot cause a BSOD from user mode, and if KAV does that -> problem is probably with the drivers at kernel level. Dr.Web uses a driver(spider.sys)or Dr.Web shield as they advertise it, perhaps the same problem happens with it?

 

The majority of VM software is paravirtualization and it runs inside an existing software OS. Paravirtualization is optimized for performance, speed like, so is not identical.

Platform virtualization doesn't need a host OS, it runs on the hardware, a.k.a baremetal virtualization.

VM software doesn't always mimic all components of your hardware. Virtual box doesn't mimic your bios but you can add in a lookalike.

http://en.wikipedia.org/wiki/Comparison_of_virtual_machines

I think I've found my new malwares detector. KAV. If it has trouble installing or runs extremely slow, your infected. You can then use any other software of your choice to fix.

edit: I'm hoping Wilders creates a special section for VM discussions so we can all learn the advantages and disadvantages; Installation, tweaking, testing.

 

ummm.......to fix KAV ...your malware detector you need other software....? kav is supposed to tackle the infection and is supposed to be damm good at it....i think

 

Could you not read his sarcasm?

 

what are you guys upto don't derail a nice thread by bringing sarcasm and subsequent riposte...can someone plz test outpost suite and twister...

 

I'm going to test Twister...

 

Ok.. done
It's my first touch with Twister but definitly not a last one.
Twister detected unkown processes from the begining, and also found some malware. It was able to update. After system scan detected and cleaned few backdoors and trojans. It seemed that system is clean (no strange processes in task manager). But after reboot rougue av and others pop up without any problem, and twister wasn't able to identify or block it..

http://rapidshare.com/files/171503118/screen.rar.html