Backup on-demand scan for Kaspersky

Discussion in 'other anti-virus software' started by richrf, Jul 16, 2005.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi guys,

    For the last few weeks I have been casually (and very unscientifically) been monitoring Jotti's to try to determine (in a most unscientific manner) which AV is most likely to catch an AV that is not detected by KAV. Not surprisingly, KAV very rarely misses on Jotti, but there have been those occassions. I would have thought that NOD32 would be the most likely candidate, but very surprisingly, it appears that BitDefender and VBA32 are the mostly likely. Now ... it could be that they are just giving false positives, but I do know that on one occassion, a BitDefender online scan did find some malware on my machine (it was relatively minor - but annoying) that both KAV and NOD32 missed.

    So maybe these two products are approaching scanning/detection in a manner that is quite complementary to KAV. I don't know. Has anyone had any direct - and possibly more scientific - experience or knowledge in this area?

    Thanks for any comments,
    Rich
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I take it you have seen the most recent retrospective test at Av-Comparatives?
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Hammer,

    Tough to say what two AVs complement each other the best. The heuristics of, let's say, AV-1 may be better than that of AV-2, but because of the nature of AV-2, it may be in fact a better complement for a product like KAV. I'm just sort of curiously watching things on Jotti and trying to juxtapose what I see on Jotti on my own personal experiences. And while intuitively it may seem like NOD32 (with its strong heuristics) may be a strong complement for KAV, it just appears that possibly VBA32 or BitDefender may in fact be a better complement. No way of knowing for sure, since my sample size is so small. But it could be that the best complement is the product I already have - which is Ewido. I guess it is all a guess anyway.

    Cya around,
    Rich
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I'm not nearly experienced enough to know myself, and I have never used Jotti's site. But the complaint has been made (and you probably have seen it) that NOD cannot be set up on that site using best possible settings. Are you using Jotti as the sole vehicle for testing your samples?
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Hammer,

    It is a good point. It's definitely not a good idea to use Jotti as a sole point of reference along with my own experiences, which is why I posted this message. It will probably remain one of those great mysteries in life, until someone actually does the tests to see which two AVs/ATs, in combination, catch the must malware. Personally, I am not holding my breath for this test. :)

    Cya around,
    Rich
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Virus Total has been mentioned as a second test site if you think they are ok.
    Bitdefender's heuristics are improving according to info on AV-Comparatives.
     
    Last edited: Jul 16, 2005
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Hammer,

    If I recollect, Virus Total doesn't disply the results of the tests to the public - only to the person who submitted the test. Thanks for the suggestion.

    Rich
     
    Last edited: Jul 17, 2005
  8. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Here are some, I noticed, that were missed by KAV but detected by other AVs on Jotti's site.

    I don't know if there is any value in this information?

    Last file scanned at least one scanner reported something about: Lop.E in Rule_Mp3.exe, detected by:

    Scanner Malware name
    AntiVir TR/Dldr.Swizzor.CO
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably a variant of Win32/TrojanDownloader.Swizzor
    Norman Virus Control Lop.E
    UNA X
    VBA32 X



    ----

    Last file scanned at least one scanner reported something about: W32/Suspicious_M.gen in v.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender Backdoor.SDBot.4B75DA01
    ClamAV Worm.Mytob.GH
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably unknown NewHeur_PE
    Norman Virus Control W32/Suspicious_M.gen
    UNA X
    VBA32 X


    ----

    Last file scanned at least one scanner reported something about: W32/Beastdoor.2_06D in 115F7576.upx.dll, detected by:

    Scanner Malware name
    AntiVir BDS/BeastDoor.205.D
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV Trojan.Beastdoor.206.3
    Dr.Web BackDoor.Beast.207
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control W32/Beastdoor.2_06D
    UNA X
    VBA32 X


    ---

    Last file scanned at least one scanner reported something about: Backdoor.Delphi.62 in unpack_esalas.EXE.aq, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web Trojan.MulDrop.1923
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control X
    UNA TrojanNotifier.Win32.Small
    VBA32 Backdoor.Delphi.62


    ---

    Last file scanned at least one scanner reported something about: a variant of Win32/TrojanDownloader.Zlob.G in vc1_05a.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus Dropper.Small.24.P
    BitDefender BehavesLike:Win32.ExplorerHijack
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 a variant of Win32/TrojanDownloader.Zlob.G
    Norman Virus Control X
    UNA X
    VBA32 X


    ---

    Last file scanned at least one scanner reported something about: BDS/SdBot.Gen.Plus in taskmon.exe, detected by:

    Scanner Malware name
    AntiVir BDS/SdBot.Gen.Plus
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender BehavesLike:Win32.ExplorerHijack
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably unknown NewHeur_PE
    Norman Virus Control Sandbox: W32/Backdoor
    UNA X
    VBA32 X


    ----

    Last file scanned at least one scanner reported something about: Lop.E in Support_Proc.exe, detected by:

    Scanner Malware name
    AntiVir TR/Dldr.Swizzor.CO
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably a variant of Win32/TrojanDownloader.Swizzor
    Norman Virus Control Lop.E
    UNA X
    VBA32 X




    ----

    .exe, detected by:

    Scanner Malware name
    AntiVir Worm/Dasodt
    ArcaVir Trojan.Mosucker.S
    Avast Win32:MoSucker-005
    AVG Antivirus X
    BitDefender Backdoor.Mosucker.N
    ClamAV Trojan.Mosucker-5
    Dr.Web BackDoor.Mosv
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably unknown NewHeur_PE
    Norman Virus Control X
    UNA X
    VBA32 X


    ----

    Last file scanned at least one scanner reported something about: Heuristic/Trojan.Downloader in server.exe, detected by:

    Scanner Malware name
    AntiVir Heuristic/Trojan.Downloader
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender BehavesLike:Win32.ExplorerHijack
    ClamAV X
    Dr.Web Trojan.DownLoader.3217
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably unknown NewHeur_PE
    Norman Virus Control Sandbox: W32/Downloader
    UNA X
    VBA32 X




    ----

    Last file scanned at least one scanner reported something about: BackDoor.Wojass in Nowy folder.rar, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web BackDoor.Wojass
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control X
    UNA Backdoor.Wojass
    VBA32 BackDoor.Wojass


    ---

    Last file scanned at least one scanner reported something about: a variant of Win32/Adware.MediaTickets application in osoa.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 a variant of Win32/Adware.MediaTickets application
    Norman Virus Control X
    UNA X
    VBA32 X


    -----

    Last file scanned at least one scanner reported something about: Win32/Adware.HotBar application in wzhjgzyl.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 Win32/Adware.HotBar application
    Norman Virus Control X
    UNA X
    VBA32 X



    ----

    Last file scanned at least one scanner reported something about: AdWare.Lop.m in mhioiott.exe, detected by:

    Scanner Malware name
    AntiVir TR/Dldr.Swizzor.CO
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 Win32/Adware.Lop application
    Norman Virus Control Lop.E
    UNA X
    VBA32 AdWare.Lop.m

    ---

    Last file scanned at least one scanner reported something about: a variant of Win32/TrojanDownloader.IstBar in iinstall.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV Trojan.Downloader.Istbar-145
    Dr.Web Trojan.DownLoader.3316
    F-Prot Antivirus X
    Fortinet Adware/IstBar
    Kaspersky Anti-Virus X
    NOD32 a variant of Win32/TrojanDownloader.IstBar
    Norman Virus Control X
    UNA X
    VBA32 X


    ----

    Last file scanned at least one scanner reported something about: Trojan.Win32.Agent.bi in appbr.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 Win32/TrojanDownloader.Agent.BQ
    Norman Virus Control X
    UNA X
    VBA32 Trojan.Win32.Agent.bi


    ---
    Last file scanned at least one scanner reported something about: Backdoor.Win32.Bifrose.d in chess_fritz77_patch.exe, detected by:

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender BehavesLike:Win32.ExplorerHijack
    ClamAV X
    Dr.Web X
    F-Prot Antivirus unknown virus
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 a variant of Win32/Bifrose
    Norman Virus Control Bifrose.D
    VBA32 Backdoor.Win32.Bifrose.d
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Stan999, why do you keep on posting these taken-out-of-context, and by your own admission (previously) meaningless screenshoots?

    And why do you never include this rather important info directly beneth the "Last file scanned"?:

    You're free to (mis)interpret these automated, flawed statistics at your own discretion.
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    Hmmm ... it appears that the best solution may be to add "behavior" monitoring software as I have - e.g. ProcessGuard, SnS, RegDefend, unless I want to run NOD32 and VBA32 as backup scans - which is possible. Thanks for the help guys.

    Rich
     
  11. Anon

    Anon Guest

    Isn't the question 'which backup scanner you should run'? The presence of HIPS systems is a given. I have decided on a Bitdefender + Nod32 combo after some research and discussion with a knowledgable source.
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Anon,

    After looking over some of the published results and my own casual data gathering, it appears even two scanners are not sufficient. In my case, it would appear KAV+NOD32 or KAV+VBA32 would be a possible solution. This is not entirely surprising.

    My guess is that for this combination to be at all effective, I would have to run the backup scans pretty regularly, since probably within a very short period of time KAV would have its database updated with the necessary signatures thereby making the backup scan a moot point. Of course, the best situation would be to be able to run both AVs in real-time, but this solution appears to have its own technical problems. For example, I tried installing the lastest version of NOD32 on my system, and I could not after several attempts. There must be some new conflict with KAV on my system that did not exist before.

    Rich
     
Loading...
Thread Status:
Not open for further replies.