a² : comments

Discussion in 'other anti-trojan software' started by no13, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Ok... o_O
    a² is a trojan/spyware guard and has a built in firewall (http://www.a-2.org)
    I didn't know where to place this post...
    But it caught a trojan :ninja: (Backdoor.Nibu.G) 2 days BEFORE symantec got wind of it (june 7 is symantec's date)...By the time I updated my NAV at the end of the month, I had removed it 4 times...
    My point : Its heuristics are better than NAVs... but I need some one to confirm.
    I've only used free version, so i can't say about the shield/autoprotect.
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    ewido is the one to go for, DAILY UPDATES, cheap and good signatures. a2 isn't updating everyday. so the most recent ones will not be catched if you ask my humble opinion. we are speaking of free at's. ewido and a2 are the only ones. and if I can choose it would be ewido. but maybe you just like a2 better and that would be perfect for you I guess. personally I never used a2 because of the bad reviews and respons here and on other forums so that is why I have other ones.
     
  3. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Just making a point... haven't used it a lot. Seemed that a2's heuristics were working better in this case.
    I will check out ewido tho'.
     
  4. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Sorry... but the current version of a² doesn't have ANY heuristics nor a firewall... :)
     
  5. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    a2 firewall is in pro ver. I believe...and by heuristics, i mean the capability to sniff out worms WITHOUT having prior knowledge in terms of available signatures of that particular case (I'm a layman - that's how i define heuristics)
     
  6. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    it should have some sort of firewall but it's not included yet.

    same as above...
     
  7. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Then how come it stopped "backdoor.Nibu.G" as symantec calls ito_O
     
  8. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Because it has got a signature for it?
     
  9. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  10. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    weird fact....
    earlier.....206.204.52.17 was one of Microsoft's adservers that also collected user info... now its search DB for Symantec.
     
  11. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    they have SOME other signatures too, just a small note though :D
     
  12. coasttocoast

    coasttocoast Guest

    I feel A2 is worth having, as it has caught some keyloggers in my tests that even NAV, Spybot, Ad-Aware and X-cleaner didn't find. So it is still worth having as another opinion. It makes a good back-up to Ewido. Also it is really the only choice for those still on 9x/me.
     
  13. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi fish
    I had an alert from a2 guard,I just seen it at the bottom of screen and clicked and clicked on it and it wouldnt display what it was.Is there any way inside the program i could find it-dont know why it wouldnt display,anyway should i run the scanner-wonder if it would find it?I'm kinda worried about what it could be.
    thanks
    rita
     
  14. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    that is a fact my friend. that is a fact.

    maybe interested in safe hex while using win98?? could't surf without it in the days of the good win98

    http://www.claymania.com/safe-hex.html


    bye ;)
     
  15. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    I just ran the scanner-found no malware so i guess nothing was installed(no malware)am i correct in assuming this?--thanks
     
  16. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    never too sure, what av are you usingo_O what is spybot saying??
     
  17. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi Infinity
    Panda platium and spybot says nothing either
    rita
     
  18. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    then you could say you have a clean system cause panda isn't too bad with spyware signatures and spybot is one of the best. but for trojans...try ewido or tds-3 to be sure...but I guess you tried ewido allready with some bad results If I remember.
     
  19. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi infinity
    yes,i tried ewido and couldnt run it.i think system is clean though,I run adware also and there was nothing.guess i'll wait and see if it comes up again--thanks
    rita
     
  20. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    maybe u shud try "Trojan remover"... some of the c++ dev guys recommend it
     
  21. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi no13
    I have already several progs and the av.I'm guessing it was just a mistake--the alert never come back thanks for replying
    rita
     
  22. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    okies.
    Now... does anyone dare come up with a verdict for a2?
    from this discussion it seems to be an average product worthy of only a "bench" status instead of a playing eleven place.
     
  23. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    A2 is a good product and I can't help you on the comparison but will talk to you about this Backdoor.Nibu.G you had if you are willing to post the logs for A2 and your NAV.

    Since that exploit also hides in the Temp folder and you are removing it 4 times in this post and then with your other comments in the other posts you have made..I would suggest to you that you will be very surprised just where A2 found copies of NIBU.G on your PC.
     
  24. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Dear Primrose
    I can't post the logs as I've reformatted the HDD at least twice now (Ram troubles caused Blue Screens... I was deceived into thinking that Windows installation had become corrupt)
    Anyway, this backdoor I found in C:\Windows\System32 with the names svohost.exe(which a2 caught) and swchost.exe (both of which norton detects).
    Now... If you want handles details... that i've a copy of (maybe if you're a programmer, it could be useful)
    As far as the removal goes, that was before the system format and before I'd updated NAV (which is why I'm inclined to think that a2 has better heuristics than NAV)
     

    Attached Files:

  25. NODFAN

    NODFAN Guest

    no13 said:

    "By the time I updated my NAV at the end of the month, I had removed it 4 times..."

    Methinks you should be checking for updates on a daily basis with NAV.

    There IS a way to do that, isn't there? "Intelligent Updater", I believe? That had the def out FOUR DAYS EARLIER than "Live Update", if I'm reading that correctly? (Sorry, I don't use NAV).

    Thank goodness for GOOD A/V programs like NOD32 that check (automatically when set up to) HOURLY for any updates.
     
Thread Status:
Not open for further replies.