any bad experiences with bkav? from vietnam?

In my search for a cheap/free virus scanner for my windows 2003 server (which i use for development) i found bkav. I installed it like back in July of 2009. It had a glowing review from cnet and I felt comfortable about using it.

Long story short, my computer started acting funny about 3 weeks ago: not allowing me to use online virus scanners such as TrendMicro or Bitdefender etc..

And then I started to discover error messages in my event log. Something was building and corrupting my system. I suspected I had a Trojan.

After researching, I found an open source antivirus called ClamWin. Not the best interface in the world, but it caught what I suspected, a trojan called Trojan W32.Virtu.di in the bkav install directory. According to www.norman.com is a really nasty little Sh$% !. Read the description about it's "polymorphic" behavior here: http://www.norman.com/security_center/virus_description_archive/69284/it

I don't want to cause undo alarm, but I felt confident in installing bkav because of its rave reviews from cnet a while back. Does anyone recall that article? Well, if it is so good, why can't you find it on their download site now?

My suggestion, DO NOT TOUCH THIS PIECE OF sh%6 with a ten foot poll...the one I downloaded (disclamer: I may have downloaded an infected version -- ;-) ah huh)

And by all means DO NOT RUN THE EXECUTABLE IF YOU HAVE ALREADY DOWNLOADED IT AND THOUGHT like me, that YOU WERE GETTING A FREE LUNCH.

If anyone has similar experiences with bkav please post a reply.

 

Top-notch Vietnamese software BKAV raises antivirus bar
http://news.cnet.com/8301-17938_105-10109507-1.html

FWIW I downloaded the setup and scanned the contents of BkavHomeSetup.exe

NIS2010 - clean
Hitman Pro 3.5.2 - GData detected it as a Trojan
DrWeb CureIt - downloaded cureit 5 min ago and shows the file as clean
Virustotal - 7/41 but no mention of Virut

 

Thanks for sharing your experience. Here, for what it's worth, the same .exe file was found clean by Avira and MBAM.

~Unnecessary innuendo removed.~

 

I believe I downloaded this from the link in that CNET article. Can't recall, and can't be for sure, but i "dink i did".

Just run it on a virtual os and watch it...in looking in more detail at the behavior of this "Trojan" condum, it is unreal what it does. It shows behavior that one can only marvel at. Which begs the question, what is the BEST software to catch these threats that, IMO are supported by rouge states? Can someone on this site provide THE BEST and latest to catch these morphing, dynamic threats? Is there a thread on this site which discusses that? I'm new, just signed up today after ClamWin alerted me to its own quarantine file with this thing in it. Thanks....

 

Fair enough.

But, don't you think it helpful to identify products that install malicious software when they purport to do the opposite? This was the intent of my original post and from what I understand now, I guess my bad luck??

FYI, I just ran a scan with a product called A-SQUARED free and it identified BkavHomeUpdate.exe as PHISH.fraudTool.BachKhoa.A!IK and flagged it as "High Risk" and auomatically checked it for deletion.

 

Until you can provide proof that bkav is truly malicious in nature all you have is an assumption. FWIW I just scanned the latest version of Combofix on VirusTotal and 8/41 flag it as malicious. Is it? No. What scans dirty now may scan clean tomorrow, especially when some scanners are unable to determine the legitimacy of some applications/files.

 

Would you use it? Is anyone using it?

Is it ok if I send you the aforemetioned file so you can run it around your tools to give me a ya or nay? Probably not .

But if you are brave, PM your email and I'll send it to you. Again, just open it using a virtual OS. And we can settle this.

 

Look, we don't play "let's trade malware" here, so let's drop that thought here and now. In addition, I highly doubt that this is malware if you downloaded the application from a reputable site.

Second, from what you state, you're using this on Server 2003 which you use for development. I wasn't aware this application was offered for use on server based systems.

If you want to settle this, contact the vendor or dig into the application on your own if you're so inclined and report back. Otherwise simply move on.

Blue

 

A-Squared AntiMalware includes the Ikarus AV engine which is known for having one of the best detection rates among top AV vendors (however it also triggers a relatively high number of FP's unfortunately). You might want to ask them for checking the .exe file carefully before drawing any conclusions: support[at]ikarus.at You may want to try asking other AV vendors too.

 

BKAV was a pretty good antivirus in Vietnam, back in 90s. Back then its size was quite small (about 2MB) so it was often used in VN for quick removal of viruses. BKAV stands for Bach Khoa AntiVirus: Bach Khoa stands for Polytechnic University of Ha Noi, where Nguyen Tu Quang (BKAV's creator) worked as a Math teacher.

Unfortunately it's not that good anymore. BKAV 2008 still uses the old 2006 engine. The FREE version (for home use only) doesn't offer live update. Live update means that you have to download the whole new version of the program - similar to dr.web cureit! - which explains why BKAV isn't that useful anymore, as its size is growing larger and larger (>20MB).

Besides, incompatibility problems with other antiviruses are often reported by users in VN. Kaspersky, for example, always flags BKAV as a trojan or something, the geeks at BKIS (BKAV's HQ) then adviced their users to install only BKAV as the main antivirus on their PCs, which, usually, leads to mass system re-installations (don't know why, maybe because BKAV often removes infected system files on system reboot without user's awareness).

That is the old story of BKAV. Recently BKAV has released BKIS 2009 (Bach Khoa Internet Security 2009), which is a totally-rewrited program. It claims to offer better protection than their long-lasted previous one. BKIS 2009 doesn't offer free version.

So I wouldn't recommend BKAV for regular uses. There are another FREE antivirus currently available in VN, CMC Antivirus - the descendant of MoonSecure Antivirus (an old program, quite famous among free antiviruses back then) - which I think you would find interesting to test.

Download link (English-supported) and more info available at:

Code:

http://cmcinfosec.com/download.php

Sorry, my English sucks, especially when I have to write long text messages.

 

Actually your English was not bad at all.. Thanks for the info.

 

just my take on this:-this software has been around for ages,if it did contain malware I think other users would have had problems and reported it long ago,which due to the nature of the internet wouldn't have remained unheard of till now

 

If the glowing review that you read on cnet was a user review, it was a mistake to take it seriously.

If you look around this forum, you can find some sensible, credible reviews on programs of all kinds.

That av may not be malware, it's probably just not that effective.

 

BKAV is not a rogue. It's falsely detected because of the packer used to compress its installer. Old thread below,

https://www.wilderssecurity.com/showthread.php?t=226833

Thank you quanzi for the additional info.

 

Crashes because of bkav antivirus:

Code:

https://bugzilla.mozilla.org/show_bug.cgi?id=472008