any bad experiences with bkav? from vietnam?

Discussion in 'other anti-virus software' started by brainiac, Oct 25, 2009.

Thread Status:
Not open for further replies.
  1. brainiac

    brainiac Registered Member

    Joined:
    Oct 25, 2009
    Posts:
    6
    In my search for a cheap/free virus scanner for my windows 2003 server (which i use for development) i found bkav. I installed it like back in July of 2009. It had a glowing review from cnet and I felt comfortable about using it.

    Long story short, my computer started acting funny about 3 weeks ago: not allowing me to use online virus scanners such as TrendMicro or Bitdefender etc..

    And then I started to discover error messages in my event log. Something was building and corrupting my system. I suspected I had a Trojan.

    After researching, I found an open source antivirus called ClamWin. Not the best interface in the world, but it caught what I suspected, a trojan called Trojan W32.Virtu.di in the bkav install directory. According to www.norman.com is a really nasty little Sh$% !. Read the description about it's "polymorphic" behavior here: http://www.norman.com/security_center/virus_description_archive/69284/it

    I don't want to cause undo alarm, but I felt confident in installing bkav because of its rave reviews from cnet a while back. Does anyone recall that article? Well, if it is so good, why can't you find it on their download site now?

    My suggestion, DO NOT TOUCH THIS PIECE OF sh%6 with a ten foot poll...the one I downloaded (disclamer: I may have downloaded an infected version :rolleyes: -- ;-) ah huh)

    And by all means DO NOT RUN THE EXECUTABLE IF YOU HAVE ALREADY DOWNLOADED IT AND THOUGHT like me, that YOU WERE GETTING A FREE LUNCH.

    If anyone has similar experiences with bkav please post a reply.
     
    Last edited: Oct 25, 2009
  2. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Top-notch Vietnamese software BKAV raises antivirus bar
    http://news.cnet.com/8301-17938_105-10109507-1.html

    FWIW I downloaded the setup and scanned the contents of BkavHomeSetup.exe

    NIS2010 - clean
    Hitman Pro 3.5.2 - GData detected it as a Trojan
    DrWeb CureIt - downloaded cureit 5 min ago and shows the file as clean
    Virustotal - 7/41 but no mention of Virut
     

    Attached Files:

    Last edited: Oct 25, 2009
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Thanks for sharing your experience. Here, for what it's worth, the same .exe file was found clean by Avira and MBAM.

    ~Unnecessary innuendo removed.~
     
    Last edited by a moderator: Oct 25, 2009
  4. brainiac

    brainiac Registered Member

    Joined:
    Oct 25, 2009
    Posts:
    6
    I believe I downloaded this from the link in that CNET article. Can't recall, and can't be for sure, but i "dink i did".

    Just run it on a virtual os and watch it...in looking in more detail at the behavior of this "Trojan" condum, it is unreal what it does. It shows behavior that one can only marvel at. Which begs the question, what is the BEST software to catch these threats that, IMO are supported by rouge states? Can someone on this site provide THE BEST and latest to catch these morphing, dynamic threats? Is there a thread on this site which discusses that? I'm new, just signed up today after ClamWin alerted me to its own quarantine file with this thing in it. Thanks....:cool:
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    brainiac, because you are a new member, please familiarize yourself with our Posting Policy Statement - Antivirus Software.

    Wilders is chock full of forum threads, describing all kinds of software that can provide an answer to your question, and we urge you to use the Search feature of this site.

    JR
     
  6. brainiac

    brainiac Registered Member

    Joined:
    Oct 25, 2009
    Posts:
    6
    Fair enough.

    But, don't you think it helpful to identify products that install malicious software when they purport to do the opposite? This was the intent of my original post and from what I understand now, I guess my bad luck??

    FYI, I just ran a scan with a product called A-SQUARED free and it identified BkavHomeUpdate.exe as PHISH.fraudTool.BachKhoa.A!IK and flagged it as "High Risk" and auomatically checked it for deletion.
     
    Last edited: Oct 25, 2009
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    brainiac, there is nothing wrong with your original post, and some members have offered their input to you, regarding that specific topic. And for as long as the discussion continues on that particular subject only, this thread lives on.

    However, asking for the Best and Latest, will turn this thread into an A vs B debate, ultimately closing the thread altogether, as per the Policy I mentioned.
     
  8. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Until you can provide proof that bkav is truly malicious in nature all you have is an assumption. FWIW I just scanned the latest version of Combofix on VirusTotal and 8/41 flag it as malicious. Is it? No. What scans dirty now may scan clean tomorrow, especially when some scanners are unable to determine the legitimacy of some applications/files.
     
  9. brainiac

    brainiac Registered Member

    Joined:
    Oct 25, 2009
    Posts:
    6
    Would you use it? Is anyone using it?

    Is it ok if I send you the aforemetioned file so you can run it around your tools to give me a ya or nay? Probably not o_O .

    But if you are brave, PM your email and I'll send it to you. Again, just open it using a virtual OS. And we can settle this.
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Look, we don't play "let's trade malware" here, so let's drop that thought here and now. In addition, I highly doubt that this is malware if you downloaded the application from a reputable site.

    Second, from what you state, you're using this on Server 2003 which you use for development. I wasn't aware this application was offered for use on server based systems.
    If you want to settle this, contact the vendor or dig into the application on your own if you're so inclined and report back. Otherwise simply move on.

    Blue
     
  11. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    A-Squared AntiMalware includes the Ikarus AV engine which is known for having one of the best detection rates among top AV vendors (however it also triggers a relatively high number of FP's unfortunately). You might want to ask them for checking the .exe file carefully before drawing any conclusions: support[at]ikarus.at You may want to try asking other AV vendors too.
     
  12. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    BKAV was a pretty good antivirus in Vietnam, back in 90s. Back then its size was quite small (about 2MB) so it was often used in VN for quick removal of viruses. BKAV stands for Bach Khoa AntiVirus: Bach Khoa stands for Polytechnic University of Ha Noi, where Nguyen Tu Quang (BKAV's creator) worked as a Math teacher.

    Unfortunately it's not that good anymore. BKAV 2008 still uses the old 2006 engine. The FREE version (for home use only) doesn't offer live update. Live update means that you have to download the whole new version of the program - similar to dr.web cureit! - which explains why BKAV isn't that useful anymore, as its size is growing larger and larger (>20MB).

    Besides, incompatibility problems with other antiviruses are often reported by users in VN. Kaspersky, for example, always flags BKAV as a trojan or something, the geeks at BKIS (BKAV's HQ) then adviced their users to install only BKAV as the main antivirus on their PCs, which, usually, leads to mass system re-installations (don't know why, maybe because BKAV often removes infected system files on system reboot without user's awareness).

    That is the old story of BKAV. Recently BKAV has released BKIS 2009 (Bach Khoa Internet Security 2009), which is a totally-rewrited program. It claims to offer better protection than their long-lasted previous one. BKIS 2009 doesn't offer free version.

    So I wouldn't recommend BKAV for regular uses. There are another FREE antivirus currently available in VN, CMC Antivirus - the descendant of MoonSecure Antivirus (an old program, quite famous among free antiviruses back then) - which I think you would find interesting to test.

    Download link (English-supported) and more info available at:
    Code:
    http://cmcinfosec.com/download.php
    Sorry, my English sucks, especially when I have to write long text messages.
     

    Attached Files:

  13. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    Actually your English was not bad at all.. Thanks for the info. :thumb:
     
  14. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    just my take on this:-this software has been around for ages,if it did contain malware I think other users would have had problems and reported it long ago,which due to the nature of the internet wouldn't have remained unheard of till now
     
  15. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    If the glowing review that you read on cnet was a user review, it was a mistake to take it seriously.

    If you look around this forum, you can find some sensible, credible reviews on programs of all kinds.

    That av may not be malware, it's probably just not that effective.
     
  16. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,924
    Location:
    U.S.A.
    Removed an Off-Topic post as per our TOS Policy.

    Let's keep the focus on the subject at hand. Thanks!

    JR
     
  17. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
  18. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    Crashes because of bkav antivirus:
    Code:
    https://bugzilla.mozilla.org/show_bug.cgi?id=472008
     
Loading...
Thread Status:
Not open for further replies.