A pure heuristic antivirus software--- ByteHero

Discussion in 'other anti-virus software' started by NobleT, Sep 8, 2009.

Thread Status:
Not open for further replies.
  1. NobleT

    NobleT Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    58
    this software is from china,and it is completely depend on heuristic technology to detect virus and trojan etc.It is not any signature get involved.so anyone can try it:D
    website:http://www.bytehero.com/english.asp
     
  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Ikarus doesn't like this hero.

    Gerard
     

    Attached Files:

    • hero.jpg
      hero.jpg
      File size:
      6.9 KB
      Views:
      1,865
  3. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Ikarus doesn't like a lot of things.

    Last I checked with a laptop of mine, with a2, Ikarus engine claimed several trojans on editors for well-known PC game ... Official editors even.


    So, I am afraid Ikarus really isn't the thing you can place your faith in :D No offence to anyone but they do have horrible rate for f/p's.
     
  4. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Several other AV's have this FP then :)

    Gerard
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    9 out of 41 on VirusTotal.
     
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    The exe. gets hits on jotti's from Ikarus,CP Secure, and Sophos as a "trojan- Flux, Generic A or Pakes".
     
  7. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Comodo, F-Prot, F-Secure, McAfee, PCTools detect it as well.

    Gerard
     
  8. pbw3

    pbw3 Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    113
    Location:
    UK
    NOD didn't show up as one of those detecting it on my upload to Virus Total, and yet it did detect it when I first tried to download it - a variant of Win32/Packed.Themida application..

    Is this one of those examples of the real life AV functionality not being fully replicated by the up load scanners..??
     
    Last edited: Sep 8, 2009
  9. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    mse says is clean iobit 360 also says clean ...... but my mind says no to a software without any serious page and adress to contact.... anyone can put a malicious file to internet with an email for contact
     
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    prevx doesnt like it eiether. says its a backdoor trojan.
     
  11. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    As lodore has noted, Prevx does not like it !

    I downloaded it and compared it with the Prevx www -

    bdv1.png

    The file size matches Exactly ! might not be the same, but ?

    bdv2.png

    Prevx didn't jump when i unpacked the RAR, but did when i right scanned it

    bdv3.png
     
  12. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
  13. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    My Eset Smart Security blocked it.
     
  14. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
  15. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    I ran the file past MalwareBytes and SuperAntiSpyware just to see what they would say and neither found it to be malicious.
     
  16. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    It's Themida packed, making it hard to analyse.

    Strange, Oreans always claimed that Avira reports *every* Themida file... :rolleyes:
     
  17. 1timeuserrr

    1timeuserrr Registered Member

    Joined:
    Mar 12, 2009
    Posts:
    43
    A2 AntiMalware (Ikarus scan engine) has just updated it's database and now says it's clean.
     
  18. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    This looks like a "greyware" find.
    No definitive consensus yet.
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    MSE scanned the download, you could tell it was using its cloud ability because it hung on a few files till finished, but came back clean with it. I would say any detection is a FP.
     
  20. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
  21. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
  22. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    At the end of the day, I probabily wont use it regardless of its status.
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Best post of the thread.:thumb:
     
  24. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    There is always some curious dumb who will use it.

    So, I did it. :argh:

    Avira, Threatfire and Malwarebyte did not find malware, there were no problems with OS etc. Looks like crapware rather than the malware. Slow scanning speed and very poor detection when testing with a smaller number of newer malware samples (Avira, Avast and Threatfire, for example, detect all of the samples).
     
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'll analyze this sample shortly but any legitimate software company, let alone an "AV", which packs its files with Themida is doing something very, very wrong :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.