Avira Antivir vs. Panda Questions

Discussion in 'other anti-virus software' started by jgs000, Oct 23, 2006.

Thread Status:
Not open for further replies.
  1. jgs000

    jgs000 Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    4
    Hi All;
    I have been running Antivir on my home PC for years now, and its been fantastic!

    We have Panda antivirus at work. Recently, our ISP from work called and stated we may have a virus on our network, so I ran the Panda Software, and did find a couple viruses on the network. Well, I am not sure how I feel about Panda, so I decided to DL Antivir on one the PC's at work and scan it With Antivir, to be sure.

    Antivir found 1 virus, and it seems to be recurring. Antivir calls it Micro-128(C), and its in one of the Panda Antivirus .dll files. location is C/Program files/Panda Software/AVTC/pavdll.dll.

    The AVGuard for Antivir pops up every so often and reports this virus. I sent the .dll to Avira and they replied that it was a variant of FRISK #2 virus.

    My thought is that this is a false positive from Antivir. I am guessing that the .dll is a valid file and is just setting off the Antivir virus guard. the Panda install is a forced network deployment, so i get the Panda files i need regardless of what I actually want, and if Antivir deletes the .dll, Panda Agent just forces it back to me.
    I guess my only question is : Am i correct? running both Antivir and Panda together is giving me a false detection on this PC? Or, can anyone tell me wether I really still have a virus on this machine or not?
    Thanks for any help :)
     
    Last edited: Oct 23, 2006
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    and?

    the results were................



    ---------------------------------------------------------------
    if panda found viruses, why the need to try antivir aswell.
     
  3. jgs000

    jgs000 Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    4
    Sorry, noob can't figure out how to post, edited above to finish story. :oops:

    Antivir log entry:
    C:\Program Files\Panda Software\AVTC\Pavdll.dll
    [DETECTION] Contains signature of the Micro-128 (C) virus
    [WARNING] The file could not be deleted!
     
    Last edited: Oct 23, 2006
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    have you tried uploading the 'so called infected file to www.virustotal.com

    it will scan the file using a numerous amount of different companys for antivirus and give you the result, let us know the result. :D
     
  5. jgs000

    jgs000 Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    4
    here is the result:

    Antivirus Version Update Result
    AntiVir 7.2.0.32 10.23.2006 W95/Bumble
    Authentium 4.93.8 10.23.2006 no virus found
    Avast 4.7.892.0 10.22.2006 Win32:Kuang2
    AVG 386 10.23.2006 no virus found
    BitDefender 7.2 10.23.2006 no virus found
    CAT-QuickHeal 8.00 10.23.2006 no virus found
    ClamAV devel-20060426 10.23.2006 Sirius.Annihilator.272
    DrWeb 4.33 10.23.2006 no virus found
    eTrust-InoculateIT 23.73.33 10.23.2006 no virus found
    eTrust-Vet 30.3.3152 10.23.2006 no virus found
    Ewido 4.0 10.23.2006 no virus found
    Fortinet 2.82.0.0 10.23.2006 suspicious
    F-Prot 3.16f 10.23.2006 no virus found
    F-Prot4 4.2.1.29 10.23.2006 no virus found
    Ikarus 0.2.65.0 10.23.2006 no virus found
    Kaspersky 4.0.2.24 10.23.2006 no virus found
    McAfee 4878 10.20.2006 no virus found
    Microsoft 1.1603 10.23.2006 no virus found
    NOD32v2 1.1826 10.23.2006 no virus found
    Norman 5.80.02 10.23.2006 no virus found
    Panda 9.0.0.4 10.22.2006 no virus found
    Sophos 4.10.0 10.23.2006 W95/CIH-10xx
    TheHacker 6.0.1.103 10.23.2006 no virus found
    UNA 1.83 10.23.2006 no virus found
    VBA32 3.11.1 10.23.2006 no virus found
    VirusBuster 4.3.7:9 10.23.2006 no virus found
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    if only antivir / avast / sophos and clamav (free) found this... it does look like a false positive, but you never know.

    make your own mind up i suppose, maybe send the sample to another av company who didnt find it and see how they see it.

    send the sample to f-secure or nod32 for analysis
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Looks to me like a false positive. It's highly unlikely that all the most famous antivirus programs would miss an old Win95 virus.
     
  8. jgs000

    jgs000 Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    4
    that was my thought,too. I guess i will hold off, i don't want to go deleting Panda .dll's unless i have to. If the ISP calls us back and says we still are infected, i will come back to it. I think I am OK.
    Thanks for the epinions, guys I appreciate the help.
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep exactly what i was thinking.... antivir is known for quite a few false positives.
     
  10. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    The first of three False Positives (AntiVir's HUER's set to High) was last January on a PandaScan.dll. A Google search showed that quite a few AV's reacted to Panda's files, Avast had published a detailed article on the fact that it had to do with the method Panda uses to pack the Signatures and they could not prevent those False Positives.
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    cannot prevent those false positives?, all the other major av companys did not detect it as a virus, it either is one or isnt, surely if they can prevent it, others can too.

    as for antivir being on high heuristics, isnt this the setting most users are going to select for detection and security?

    i tend to believe an antivirus when it says "this is a virus" and delete the file, if this happens on high setting, no thanks... i could end up deleting something i use.
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    True, it also helps if your antivirus can even detect viruses to. Hmm, let me go check those ratings. 91.55 Standard, yep, give me a few FPs.
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    ohhhh, slagging off avg because i have it as my avatar, and because i wrote something bad about the antivir,
    bit lame of you i must say, to come back at me with that.

    i dont think anyone should count the scores till IBK brings out the new ones for proactive and on demand.

    IBK has clearly stated a big improvment with avg, and i dont remember avg giving loads of false positives, look on the main screen near the top ... someone else with a thread about another antivir false positive.

    -----------
    to keep on topic, this thread started about antivir finding yet another false positive, something im seeing quite a bit of actually, so i stated that.

    nobody is denying the detection rate of the last av comparatives test is good, but false positives do count aswell.

    norton had about a percent less in detection with ZERO false positives, surely a better choice.
    also kaspersky / nod / f-secure had excellent detection rates, but all with FEW false positives.

    it does count, it does matter
     
    Last edited: Oct 23, 2006
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    trjam report on avg antispyware?

    lodore
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Just messing with you my friend. I cant argue your points either. I would go with Antivir over Panda though. Lodore, its Ewido and it has always gone good with Nod.:D

    Again, Panda is ok, but if you set your hueristics with Antivir to medium instead of high, you will get less FPs and still better protection then Panda.
     
  16. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep avg has improved its heuristics and detection, clearly stated.

    now add ewido anti trjoan and all their detection rates, and surely dont knock the results till they are out, but im pretty sure it will suprise people with its detection, especially on the previous result on avg.
     
  17. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Nope!
    Anyone familiar with the default settings will notice that they are set at medium.
    If you are talking about average users,they probably don't know what heuristics are and don't care.
     
  18. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    By default, heuristics aren't enabled at all! Only heuristics enabled by default are macro heuristics. Kinda lame decision though...
     
  19. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    You are right.On both counts IMO.
    The Win32 file heuristics have to be enabled by the user.
     
  20. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    ideal. i think nod32 is the best bet for me its always worked well for me during testing just install with the config and install batch file and thats it. and that way you get a desktop shortcut for scanning.

    avg antispyware is light realtime isnt it?
    and good against spyware and trojans?

    is ewido micro scanner using the new engine?
     
    Last edited: Oct 23, 2006
  21. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Actually, this hour lodore, its the Antivir Suite and Prevx1 since I am one of the few that found out how to get them to love each other. Regardless, the Antivir Suite is nice. I was also at a time, looking at the Panda suite with Tru-Prevent. I still think it is very good but slowed most down. for malware protection, for the thread orginator, Antivir cant be beat. Not by Panda, not by AVG.
     
  22. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    true,

    but, these av comparative results can change sooo frequently though , look at AntiVir, one good result, the rest before them were 'average' and quite poor to the good results were they not?

    all antivirus companys improve, some will even fall in quality, but if AntiVir can improve from the last test soooo much, others can, also can antivir keep it up, we shall see. :D
     
  23. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    nod32=light as a feather+ fast as sonic the hedge hog+the bite of a lion!

    antivir is good to thou but quite a few Fp's
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Actually Antivir shows me a steady improvement. I have no doubt the FPs will be many, but they have spent a lot of time improving that of late. The funny thing is their malware detecting is better then Nods, which isnt that good, but I think is to about get better real quick. Also Lodore, during this same time Antivir has been working on their FPs, Eset has been working on their malware detection. One is toning down, while one is toning up. AVG, well we will see. This is just my 2 cents.
     
  25. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    both are great products no doubt and I know antivir is working hard to get rid of the fp's.

    nod32 still has a great detection rate and working on the server issues and improving detection. while kaspersky are trying to fix a few bugs in the upcoming MP1.

    every av has its weakness.

    NOD32 needs a bit better trojan detection
    DR WEBneeds faster scanning and is getting it and a better interface.
    KASPERSKY needs to iron out all the bugs in its suite.
    AVG needs to update its interface it still looks to old and needs more options in the real time scanner and antispyware scanner and improve on detection.
    PANDA needs to be lighter on resourses.
    BITDEFENDER needs to iron out the bugs in bd 10 and make it lighter.
    ANTIVIR need to iron out the bugs in the beta before it comes out and not come out to soon and do have alot bugs when it comes out like kav6 and bitdefender10.
    f-secure needs to be lighter and stop using ad aware for antispyware.
    norton 2007 needs to work on there EULA and there interface and have more options for power users who like to tweak there av's.

    nothing can beat layered protection.


    I think i have outlined most of the products
    I do like antivir alot to thou. but I prefer separates generally speaking.
     
    Last edited: Oct 23, 2006
Loading...
Thread Status:
Not open for further replies.