lol Easter8) Now can confirm that every malware rooter i have in my extensive zoo collection that hides it driver from WinAPI enumeration...
Ok Magnus ...i'm going to beg to differ with you at this point:-[ and call into question the ARK capabilities within your tool! Earliar when i...
Ok after further testing can confirm some limitations with this tool in its current form. Stating the obvious many malware drivers live outside...
Hi Magnus:) I just love playing with ARK tools so was more than happy to put PDD through it paces 8) First run created 0 falsePositives...
Larryb52 For the meantime you could always use in software function to ignore file:thumb: Go Preferences>>>scanning control>>>manage...
One of the best ways to get infected...go surf some pr0n and when you end up having to download a codec to view clip.....bam you are hosed;D...
You wont see this file using Windows explorer as it is located in ADS attached to system32 folder.You will only see file with tools that offer...
Hmm well then i'm stumped;) Oh well then since you are Pro user next step would be to use there inhouse support to help sort ya out:thumb:...
Do you have SAS running when you you goto use context menu scan ? IIRC SAS need to be running/loaded(icon in taskbar) at the time for it to work.
Hmm well IIRC, back sometime when i last tested Pestpatrol& PP online scanner around 2 years ago then they had an issue with detecting registry...
http://www.superantispyware.com/superantispywarefreevspro.html HTH
Well first off if you want an on demand scanner to clean out these infections then SAS free is an absolute steal at that price;D Next off if...
Definetly a false/positive but strange this pattern that is forming from DW labs....it was'nt that long ago that they were flagging MBAM...
Yep i can also confirm "find file" very much in use for that particular file name too but thankfully "multi dimension scanning" means more than...
Just so you know just coz brand X makes deals with devils dose'nt make it cosha for brand Y...just my opinion of course but 2 wrongs don't make it...
IIRC Realtime is fully operation in 64 but it is First Chance Prevention that is not working under 64bit yet.
Well just picking out one of thoes brands alone for highlighting my take on things....The mighty Kaspersky which i hold with great reguard! A...
Probaly as English is not Marco's native language:thumb:
Dr Web cure it versus loaded inch.sys= blind. [ATTACH] I can only conclude that the tool is blind to this driver afterall Dr Web has a...
lol the case of the vanishing post is solved;D Well certainly prevention is far better than cure(this always rings true) and RK's are no...
No probs aigle on the support data/history of inch.sys;) but phide_ex write up??? ...if you mean versus rootrepeal(screenshots of its detections)...
Hi, Just to clarify i have not tested versus PDM as in realtime blocking/capture of driver as it is loaded. My comment's to Kaspersky being...
Ok guys time to wade in with some facts/history just so you all can stop chasing your tails on whether brand X,Y or Z will detect this sample etc...
Without wishing to split hairs but what would be the difference between say Eicar test,leaktest.exe(or someother HIBS testing POC) and in this...
Here is some background for this phide sample used by Aigle:thumb: Just to clarify as is not to be confused with phide_ex POC released by...
Separate names with a comma.
