Big Problem with Threatfire

Discussion in 'other anti-malware software' started by cet, Oct 27, 2008.

Thread Status:
Not open for further replies.
  1. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    I wanted to test threatfire with the trojan simulator.I disabled Antivir real time guard and downloaded the trojan simulator using Opera.I run the file and threatfire gave the alert as expected.But the alert was:known threat quarantined and you have to restart your computer.
    I restarted and what: there was no Opera.It deleted my opera browser.I uninstalled threatfire and installed Opera again.
    I wanted to share my experience.
     
  2. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    maybe u pressed open file instead of save to a dir and the file was still in teh cache when it was quarantined hence the opera installation damage...a restore of your quarantined file and ccleaner(or mere cache clearing) would have saved ya the hustle.
     
  3. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    A similar thing happened to me last year with the Sleipnir Browser. You should've been able to restore it from quarantine although that didn't work in my case.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    YEP,

    ThreatFire takes along the parent process in some instances. Therefore ALWAYS choose to set a RESTORE point before quarantaine

    Cheers Kees
     
  5. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    Hm...wasn't aware it did...anyway,if you create a restore point for every prompt u get from TF u'd better go for a 2Tb HDD.
     
Thread Status:
Not open for further replies.