Ad-Aware 2007 Beta Is Out

Discussion in 'other anti-malware software' started by PaulBB, Mar 6, 2007.

Thread Status:
Not open for further replies.
  1. PaulBB

    PaulBB Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    708
    Download & Screenshots:
    http://www.neowin.net/index.php?act=view&id=38600

     
  2. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,052
    here are some screenshots,from neowin.net
     

    Attached Files:

    • a2.JPG
      a2.JPG
      File size:
      270.5 KB
      Views:
      104
  3. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
  4. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,124
    Location:
    Pennsylvania.
    WOW :blink: That looks GREAT a HUGE step up from the last version. I can't wait till the full version gets out. I'll download the personal use version.
     
  5. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    I wonder if it is any good. in my experience everything that adaware detects can be removed by deleting temp, cookies, etc.
     
  6. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Well they did put up an apb for all things CWS related which would suggest the target group just got bigger :)

    12+mb tho is somewhat catching up with some of the competition for bloat:rolleyes:
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Nothing special... :thumbd:
     
  8. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Well i'm currently hosed with CWS type infection c/o one of my regular sources(driveby at Keygen .XX)

    So this is not some archived test but very current testing as i type:thumb:

    Any new stuff/not widely detected is being uploaded to MIRT malware listserve as recovered/tested,already a few up there:D

    Niether software are expected to get 100% clearance since this is fresh of the malware servers but none the less a good guide is how much they can chew out of the infected PC:thumb:

    So tonight for a change i'm using 2 botkillers,my premier tool(SAS free) and Adaware Beta to clean as much of this infection and produce a comparison between the new software and a botkiller that i consider to be the field leader.

    All dropped files by the infection have been copied to a holding folder(Malware Samples) for further testing/uploading(MIRT/SAS) etc whilst the infection/dropped files remain in their dropped homes and are active/inactive as the infection depicts after a reboot.All relevent files have execution granted and software firewall has dropped the big iron down to stop anymore additional files being imported during this brief comparitive testing.

    Edit to follow with results as they are gained but the new kid is having first bite of the malware pie after laying down a non cleaning run with SAS free as benchmarking point:D

    http://img120.imageshack.us/img120/2756/sas1hc8.jpg

    At this point SAS is not allowed to feast so Adaware gets first bite :)

    http://img444.imageshack.us/img444/6727/lsadawaremk7.jpg

    Here is part of the report log generated of the hosed machine by the first Adaware scan.

    I allowed it to delete what it found and then rebooted to give it a second run.

    http://img248.imageshack.us/img248/3374/ad2ka9.jpg

    Unfortunetly there are still malwares present that are reinstalling the files that Adaware has cleaned on reboot and you can see the net result of this when the second scan redetects files that were deleted after the first run but have now been redeployed :(

    SAS free fist full detect and clean scan.
    http://img410.imageshack.us/img410/1853/sasfirstbz4.jpg

    SAS fee log from first run has been attached to the post

    2nd SAS free run after reboot draws a blank but something is still lurking since Explorerer is trying to connect out on port 80 after the ISP software has auto launched on bootup.(Bit of a give away y'know;) ).

    ProcessExplorer is reporting/showing no malware executables running,HiJackThis is clear of malware run entries so the culprit is hiding:'(

    Time to bring on my principal ARK forensic tool to see if anything is hiding away that has bypassed both softwares and is causing the system behaviour witnessed.

    http://img87.imageshack.us/img87/2842/rkumm3.jpg

    Using wipe file option of RKU and rebooting has now cured the autolaunch and outboud FW alert.So the culprit is nailed but fwiw i had already archived a copy of the file during the infection process to Malware Samples folder:D

    Interesting enough this line now appears in the HJT log when the tool is run

    O21 - SSODL: CDRecorder031 - {A3BC5E20-0235-1ABF-9CE1-00AA00512031} - D:\WINDOWS\System32\gpwujg32.dll (file missing)

    It was absent before so the .DLL is more than likely a standalone rootkit trojan and hiding its startup registry entry once it has loaded:ninja: but i leave that to the uber g33ks to decide:)

    Quicktrip to VT service confirms it as Trojan Backdoor.Nibu with a healthy rate of file identification but for the more clued up how many of those that identify the file at VT service would detect the file if it was loaded into memory during a full system scan on an infected machine....

    There are was thinking a complete exorcism was performed but only to find that i had a stubborn (12.tmp) file refusing to be deleted in local settings /temp folder .Rebooted and again delete failed and i know for sure it was malware related becuse i bagged a copy for archiving as it was imported during the initial infection.The hunt was on,no HJT start up entry so testing a theory that it might be registered as OS service i used one of my tools to check the services.

    http://img413.imageshack.us/img413/80/12we7.jpg

    Busted, it made it up onto ML as not widely detected:D
     

    Attached Files:

    Last edited: Mar 6, 2007
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    :D And a happy man i'll bet!
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK

    Sort of aspi trojan is barely known(SAS nuked it) but most of the bots have been doing the circa for a little while.I bagged Nibu when CC was under DDos for the first time and only Symantec were calling it back then.

    Being honest i'm sincerly hoping this was'nt the full extent of the Adaware threat database in use because most of the associated bots have already been uploaded to MIRT malware listserve over the past montho_O

    Its not very often you get a complete new infection(once in a blue moon)usually they slip the odd couple of repacks or the occaisional new thing in the main infections familiesor at least that is what i have experienced so far.

    Maybe if Lavasoft were serious about CWS bots they might want to go to MIRT and pickup around 75% of my uploads there since November06:)
     
  11. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
  12. EASTER.2010

    EASTER.2010 Guest

    That is been the same old scenario of Ad-Aware all along so looks like nothing at all is changed except the "HYPE" which is really the only driving force anymore with it.

    I suggested months ago they could do themselves and users/customers plus the security community a huge service if they would at least throw in a HIPS or other behavior blocking capability because AAW is never been able to eradicate fully formidable malware and their accomplices. That's why they always have a HijackThis Forum. That program is still resting on it's previous morals which continue to prove grossly ineffective and outdated.

     
    Last edited by a moderator: Mar 6, 2007
  13. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,052
    for those who care,adware 2007 beta-2 has been released,

    What's new in beta 2

    Graphic User Interface

    * Lost connection to service when Windows hibernates is fixed.
    * Ad-Aware 2007 “lost connection” dialog message is fixed and only launches with lost connection to the service.
    * Removed memory leak after closing Ad-Aware.
    * The “Windows Start-up Scan” setting can now be implemented from the Settings menu.
    * Screensavers cannot be activated during scanning (Smart, Full and Custom Scans) in order to prevent a “Lost connection” error to the Ad-Aware service.
    * Improvements to GUI speed on select tabs.
    * “Scanner is busy” error message removed when “Start-Up Scan” mode is set to Smart or Full Scan in the Settings menu.
    * Multiple minor corrections made in response to forum submissions.

    Program

    * Database now displays the date of the last incremental update as the database date (core engine).
    * Tweaked callback for preparing file hash scan.
    * A template bug used for standard windows directories (%temp%, %appdir% etc) is fixed (core engine).
    * The service now registers its own failure actions, instead of relying on sc.exe during the installation process which does not work on Win2k.
    * Now able to stop process during “preparing GUID scan.”
    * Now able to stop process during “preparing File hash scan.”
    * Added shortcuts to Ad-Aware and Ad-Watch to the desktop.
    * Removed the call to sc.exe during installation in response to installation problems concerning Win2K.

    Coming Attractions

    * Browser hijack detection in Opera and Firefox
    * Ad-Watch Connect
    ------------------------------------------------------------------------------
    Download:http://beta2007.download.lavasoft.com/public/aaw2007beta/2/aaw2007beta.msi
     
  14. EASTER.2010

    EASTER.2010 Guest

    You'll excuse me if i'm wrong but doesn't a lot of the added improvements above more or less really address AAW SE's previous shortcomings on a more cosmetic side than adding some real teeth to removing malware without choke sessions?

    I'm all ears, or in this case, eyes.
     
  15. EASTER.2010

    EASTER.2010 Guest

    My very first run with AAW 2007 [beta] produces this:

    Service error:6000 has occured.
    Description:Lost connection with
    Ad-Aware service
    Terminating gracefully....


    The more things change the more they stay the same. :thumbd:
     
  16. coolbluewater

    coolbluewater Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    268
    Location:
    next door to Redmond

    Seconded :thumbd:
    What's (almost) funny is after the 4-day (!) eval period, 2 out of the 3 buttons say "order" .. like they expect people to pony up for a beta :D
     
  17. EASTER.2010

    EASTER.2010 Guest

    The NDA i agreed to when i was with them doesn't apply to my personal opinions so long as i don't devulge the efforts or activities when i was actively testing SE, but i take a very disappointing stance with them as to why they don't try to go beyond the very obvious. Yes the GUI looks better of course and they added what i always considered a very valuable feature in setting a restore point in case of some error in judgement on the users end.

    The main sticking point still remains IMO, and that is for the like of me why wouldn't they emulate the advantages of making AAW 2007 ride the same wave as some other AS's and at the very least offer some form of application firewalling combined with their detection capabilities? They as well as users have everything to gain in protection as opposed to continually fighting an endless battle of how to unlodge some deeply embedded malware that no doubt will exploit a weakness and prevent a complete removal. A HIPS feature would greatly curtail that annoyance plus free up plenty of time to perfect an even better design that would make it more difficult for malware to circumvent those defenses.

    A scanner just for the sake of scaning can only go so far and if it was tops in detections, a user needs the confidence that a program will also REMOVE most if not all offending intruders making it innumerably simpler to cope with and driving interest in AAW 2007 beyond it's former limitations.

    Am i so far off base in this asumption you think, or only wishful thinking because this thing doesn't get any easier overnight when dealing with potential PC threats not to mention time lost on a seek and find mission all the time.
     
  18. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,052
    i don't know either,i have forwarded this info from neowin.net,and for your info i haven't tried any ad-aware version in years including this beta........so i am in no position to either support or counter your argument.
     
  19. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    ...And the realtime security part of this this new 2007 version is where...:rolleyes:

    Is there going to be one for the paid versions? :blink:

    What does Adwatch do for you that is different? Anybody know?
     
    Last edited: Mar 13, 2007
  20. EASTER.2010

    EASTER.2010 Guest

    Thats about the only preventitive measure AAW ever offered besides simple detections and the occasional try to unload the process?

    I see nothing offensive in their development of this but the same old defensive stance it's always had. One thing positive for AAW users though is at least AAW sets them a restore point. Wooopee, now they add one.
     
Loading...
Thread Status:
Not open for further replies.