Bye bye NOD32...

KAV does detect these that the scan at Virustotal says it doesn't.
180 Solutions - msbb.exe
powerscan.exe

It's just that KAV has them in it's extended bases. Obviously the scanner at Virustotal does not include the extended bases. Here's what they are listed as in KAV's database.
not-a-virus:AdWare.PowerScan.a
not-a-virus:AdWare.PowerScan.b
not-a-virus:AdWare.180Solutions

muf

 

Yes, they could also be installed as a result of the expoit described there, but in my case as I already told all of these files were created/downloaded after I manually started a single executable file I have manually downloaded. I could not comprehend how could this be in any connection with IE exploits. It was an exploit of the human mind. Do you have Service Packs for Human Mind 1.0?
I know that there are several different protection layers which could have decreased the damage, but what I aiming at is to see which *antivirus* software could have recognized these specific malwares created/executed on my machine, by file signatures. As you can see some antivirus applications are capable of recognizing these files, so the need/idea is not entirely unjustified.

Thanks for this info. I repeated the scan of 180Solutions at http://virusscan.jotti.dhs.org/ and KAV picked it up. I guess they are using the more complete definition databases.
-hojtsy-

 

Much better results for KAV at http://virusscan.jotti.dhs.org/.

1. 180 Solutions - msbb.exe
2. BookedSpace - polall1m.exe
3. optimize.exe
4. powerscan.exe
5. VX2 - alcem.exe
................1........2.......3.......4........5
Antivir........ + ...... + ..... + ..... - ...... +
Avast.......... + ...... + ..... - ..... - ...... +
BitDefender.... + ...... + ..... + ..... + ...... +
ClamAV......... + ...... + ..... + ..... + ...... +
drWeb.......... - ...... + ..... + ..... - ...... +
F-Prot......... - ...... + ..... + ..... - ...... +
Kaspersky...... + ...... + ..... + ..... + ...... +
mks_vir........ + ...... + ..... + ..... + ...... +
NOD............ - ...... - ..... - ..... - ...... +
Norman......... + ...... + ..... - ..... - ...... +

180solutions:
AntiVir TR/Spy.180Solutions (0.14 seconds taken)
Avast Win32:Trojan-gen. (1.52 seconds taken)
BitDefender Application.Adware.180solutions.A (0.70 seconds taken)
ClamAV Trojan.Spy.Small-1 (0.33 seconds taken)
Dr.Web No viruses found (0.52 seconds taken)
F-Prot Antivirus No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus not-a-virus:AdWare.180Solutions (0.62 seconds taken)
mks_vir .Ncase180 (0.21 seconds taken)
NOD32 No viruses found (0.40 seconds taken)
Norman Virus Control W32/Ncase.E (0.12 seconds taken)

BookedSpace - polall1m.exe
AntiVir Worm/Rbot.IQ.03 (0.14 seconds taken)
Avast Win32:Trojan-gen. {Other} (1.51 seconds taken)
BitDefender Trojan.Downloader.Agent.AE (0.32 seconds taken)
ClamAV Trojan.Downloader.Agent.AE-2 (0.32 seconds taken)
Dr.Web Trojan.DownLoader.560 (0.48 seconds taken)
F-Prot Antivirus security risk or a "backdoor" program (0.06 seconds taken)
Kaspersky Anti-Virus TrojanDownloader.Win32.Agent.ae (0.59 seconds taken)
mks_vir Trojan.Downloader.Agent.Ae (0.19 seconds taken)
NOD32 No viruses found (0.36 seconds taken)
Norman Virus Control W32/DLoader.BG (0.12 seconds taken)

optimize.exe
AntiVir TR/Dldr.Dyfuca.BH.2 (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender Adware.Opti.A (0.48 seconds taken)
ClamAV Trojan.Dyfuca-20 (0.34 seconds taken)
Dr.Web Trojan.Dyfuca (0.51 seconds taken)
F-Prot Antivirus W32/Dyfuca.DF@dl (0.06 seconds taken)
Kaspersky Anti-Virus Trojan-Downloader.Win32.Dyfuca.dk (0.60 seconds taken)
mks_vir Trojan.Trojan-downloader.Dyfuca.Dk (0.19 seconds taken)
NOD32 No viruses found (0.35 seconds taken)
Norman Virus Control No viruses found (1.61 seconds taken)

powerscan.exe
AntiVir No viruses found (0.93 seconds taken)
Avast No viruses found (3.36 seconds taken)
BitDefender Adware.PowerScan.B (0.30 seconds taken)
ClamAV Adware.Powerscan-1 (0.30 seconds taken)
Dr.Web No viruses found (0.46 seconds taken)
F-Prot Antivirus No viruses found (0.11 seconds taken)
Kaspersky Anti-Virus not-a-virus:AdWare.PowerScan.b (0.57 seconds taken)
mks_vir .Powerscan (0.19 seconds taken)
NOD32 No viruses found (0.36 seconds taken)
Norman Virus Control No viruses found (0.65 seconds taken)

VX2 - alchem.exe
AntiVir TR/Dldr.Alchemic (0.14 seconds taken)
Avast Win32:Trojan-gen. {VC} (1.51 seconds taken)
BitDefender Trojan.Downloader.Alchemic.A (0.31 seconds taken)
ClamAV Trojan.Alchem (0.33 seconds taken)
Dr.Web Trojan.Alchem (0.49 seconds taken)
F-Prot Antivirus security risk or a "backdoor" program (0.06 seconds taken)
Kaspersky Anti-Virus TrojanDownloader.Win32.Alchemic (0.59 seconds taken)
mks_vir Trojan.Trojandownloader.Alchemic (0.20 seconds taken)
NOD32 Win32/TrojanDownloader.Alchemic.A (0.35 seconds taken)
Norman Virus Control W32/Alchemic.A (0.12 seconds taken)

Hmm sorry for the long post.
-hojtsy-

 

I have been forced to move to NOD32 by that PC eating piece of trash called TruPrevent that Pandasoftware added to their (used to be excelent) AV products.

While I have to say that NOD's on demmand scanner is one fo the best, I must admit that it's resident scanner doesn't fill me with as much confidence. It does seem to be a bit more "lax" than Panda's equivelent (pre TruPrevent) and lets a lot more Malware and Spyware through, relying in it's great on demmand scanner to clean the system up afterwards. This observation is backed up by the fact that after doing a full system scan NOD32 has found one or two things that it's resident scanner let through.

Personally I would much rather the resident scanner did it's job properly, then the on demmand scanner could just be ran once a week to double check my system. As it is I now feel the need to run a full system scan before shutting my PC down for the day, everyday. (I just don't trust Amon); Something that wasn't needed with Panda Titanium.

Don't get me wrong, I think NOD is a great AV package, I just think it's resident scanner needs a little more work.

 

Personaly I do not expect from an AV or AT tool to deal with spywares. There are other tools specialized for that. I'd rather prefer touse the best of breed policy.

That was my point. It is also true that Panda and BitDefender got most of the virus that NOD32 does through its On Demand scanner. Just try their online scans and you'll see by yourself. I also found that they both do scan more files that NOD32 does. BitDefender being the one which scans more files.

 

Jotti's site uses the extended KAV bases, whereas perhaps VirusTotal uses their standard bases. Plus VirusTotal uses windows versions of the AVs and Jotti use Linux versions, so there would be slight differences there. Good to see ClamAV/ClamWin doing okay.. but again, it's only one series of tests.

Cheers,

Steve

 

as the spyware authors are more and more using virus/trojan/backdoor code and methods in their work i find it is good that they have started to detect spyware..also the difference between viruses/trojans and spyware seems to be nonexistent now

the av companies are big, even huge if you compare them to vendors like lavasoft

also spyware authors are utilising advanced packers etc to battle av detection..

one other thing: a simple scanner is not anymore enough to detect these new spyware variants.. av companies have their super advanced scanning engines, they only need spyware signatures added and their av's transform into a superb spyware detectors.. if only they'd get the removal to be as good as the detection

cheers !

 

Remove or update the poorly-designed third-party software you use.

You installed a service pack without creating a full backup first?

That's so they don't have to deal with the support calls, not because it is actually sound advice to the user.

You mean the several vulnerabilities that have surfaced recently, which affect SP-1 but not SP-2, aren't good news enough?

 

Comparative tests of antivirus programs

Rank​

​

1. Kaspersky Personal Pro version 4.5.0.58 - 99.09%​

2. F-Secure 2004 version 4.71.5 - 98.77%​

3. Extendia AVK Pro version 11.0.4 - 98.68%​

4. AVK version 14.0.7 - 98.50%​

5. Kaspersky Personal version 5.0.149 - 97.88%​

6. eScan 2003 Virus Control version 2.6.484.8 - 96.75%​

7. McAfee version 8.0.41 - 93.59%​

8. Norton version 2004 Professional - 93.38%​

9. RAV version 8.6.105 - 93.14%​

10. F-Prot version 3.15 - 91.85%​

11. Command version 4.90 - 91.41%​

12. Panda Titanium version 3.02.00 - 91.38%​

13. Norton Corporate version 9.0.0.338 - 90.29%​

14. Panda Platinum version 7.05.04 - 89.97%​

15. MKS_VIR 2004 version 2.0 - 89.45%​

16. Virus Chaser version 5.0 - 89.07%​

17. BitDefender version 7.2 - 88.52%​

18. BullGuard version 4.5 - 87.26%​

19. Dr. Web version 4.31b - 85.35%​

20. PC-Cillin 2004 version 11.00.1253 - 84.80%​

21. Nod32 version 2.0.0.9 database 1.840 - 82.68%​

22. Sophos Sweep version 3.84 - 81.31%​

23. Avast version 4.1.418 - 80.55%​

24. AntiVir version 6.27.00.01 - 79.57%​

25. Vexira version 2.14.00.01 - 79.50%​

26. AVG version 7.0.262 - 72.50%​

27. Norman version 5.70.14 - 67.72%​

28. UNA version 1.83 - 62.85% ​

29. Solo 2.5 version 2.6.3 - 61.08%​

30. ZoneAlarm with VET Antivirus version 5.0.590.015 - 60.82%​

31. Fire version 2.7 - 60.52%​

32. E-Trust version 6.2.0.28 - 58.48%​

33. V-Buster Pro - 57.61%​

34. Protector Plus version 7.2.F04 - 51.28%​

35. VirScan Plus version 14.091 - 48.36%​

36. ClamWin version 0.35 - 48.08%​

37. ViRobot Expert version 4.0 - 45.68%​

38. MR2S version 1.47 - 44.36%​

39. V3Pro 2002 Deluxe version SP2 - 42.33%​

40. RHBVS version 4.13.656 - 41.99%​

41. Digital Patrol version 5.00.08 - 38.52%​

42. Quick Heal version 7.01 - 30.13%​

43. Wave version 2.0 - 22.07%​

44. TDS version 3.2.0 - 16.67%​

45. PestPatrol version 4.4.3.24 - 15.34%​

46. A Squared 2 - 15.05%​

47. AntiTrojan Shield version 1.4.0.9 - 11.82%​

48. PC Door Guard version 3.0.0.14- 11.77%​

49. Trojan Hunter version 3.9.807 - 6.76%​

50. The Cleaner version 4.1.42.52 - 6.34%​

51. Trojan Remover version 6.2.8 - 5.62%​

52. Tauscan version 1.6.1024 - 4.82%​

53. Hacker Eliminator version 1.2 - 3.38%​

54. IP Armor version 5.46.0703 - 2.87%​

55. Anti-Hacker & Trojan Expert 2003 version 1.6 - 0%​

​

More info on http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

 

This test says not all. Looking at AV-comparatives you see that their test differs and I think that they test better than our Greek friend.

AV-C will have their new test somewhere on Wednesday in the coming week published, I guess. Because than it's December

 

As it says, it is a test and info only. Interpratation is yours.

 

Fellow Creatures,
Interesting thread. Discussion of these issues is always good. May I just step in and state an observation based on research and not my use of a bunch of different AV programs. I do listen carefully to those who do (such as BigC) and respect them and taken their advice. But my research indicates KAV and NOD are both very good products. But they are AV products if they get a trojan good job, but I do not expect them to capture or kill trojans or spyware. Get products that are designed to go after those. We discuss those here at the Wilders too. As someone said "best of breed." Just my 2 cents worth.

 

Oh I disagree - anti-trojans should be used as backups IMO. And because many people don't think about ATs, an AV should do a decent job of detecting trojans. At least the common trojans.

 

It would have been helpful if you had disclosed the fact that these data have been previously reported & discussed umpteen other times in this forum, & that the tests were dated 8/04, & that several of the versions tested were outdated versions from 2003 or early 2004.

If you did this courteous thing, it might help people avoid wasting time by visiting the link in the mistaken belief that you had posted new & fresh information when, in fact, it is old hat.

 

Bellgamin, when it has been done is not very important, especially when it is in August this year, the key IMHO is the program versions. Except apps like NAV or NOD32 and maybe few others that released new version after september, most of them are version which are running today.
I also do not believe because you released a new version n+0.1 (which are not even real releases) that you will move from the bottom to the top of the rank. Most of the time, engines are the same, companies just add few extra stuff which are usually more marketing than technical changes. At least that's what I think.

But in order to please you, a friend of mine just sent me this link. Made in October 2004. Enough fresh? No offense just teasing

[size=-1]

[/size][size=-1]1 McAfee Viruscan Enterprise 8 [/size]
[size=-1]2 Kaspersky Anti-Virus Personalhttp://www.lduhtrp.net/l0102h48x20MVSOOVWMUPNNWNQ[/size]
[size=-1]3 Extendia AVK Pro11[/size]
[size=-1]4 Antivir PE[/size]
[size=-1]5 F-Secure 2004[/size]
[size=-1]6 Bitdefender free 7[/size]
[size=-1]7 Trend Micro PcCillin 2004[/size][size=-1][/size]
[size=-1]8 Panda Antivirus Platinum[/size]
[size=-1]9 [/size]McAfee Viruscan Pro 9
[size=-1]10 Norton Antivirus 2005[/size]
11 Symantec Antivirus Corporate
12 Ez Trust Antivirus
[size=-1]13 ClamWin[/size]
[size=-1]14 Avast! Home free[/size]
[size=-1]15 F-Prot 3.15[/size]
[size=-1]16 NOD32[/size]
[size=-1]17 AVG Pro 7[/size]

More Info on: http://www.10ts.com/reviews/antivirus-test.htm

As you can see KAV, F-Secure or AVK are still in the Top 5.

 

A884126

Having harmless (virus) files on one's hard drive is not anything to worry about if one has an Anti-Virus application that can stop any malicious virus files from executing on one's computer. If some malware does not execute and cannot execute than so what? You did not say NOD32 did not prevent some virus from executing.

Your body has some malicious bacteria in it but you may not be diseased or sick. Why? You have an immune system that prevents the baddies (malware) from attacking (executing). If you absolutely got rid of all the baddies in you than you also would not have any good bacteria either. Granted this is not a perfect example but hopefully you can see the picture. [Yes - a "perfect" AV app would not get rid of any good files.]

 

You bet Q or should I say Doc . I like the analogy

Cheers

 

.

 

Wow, so AntiVir PE is as good as KAV, and even ClamWin is better than NOD32?

 

Great Information....Thank you,

My PERSONAL Opinion had been that McAfee 8i is the better option over Kaspersky but this forum all time is talking about: Dr.Web, Kaspersky and F.Prot but McAfee is The great AV.....

 

Regarding the results at www.virus.gr you must also understand their testing methodology. A cut and paste from THEIR rules;

The 76556 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, RAV, Nod32, Dr.Web, Sweep, BitDefender, E-Trust and McAfee antivirus programs. Each virus sample was unique by virus name, meaning that AT LEAST 1 antivirus program detected it as a new virus.

By new they mean a heuristic detection so in other words a Heuristic false positive by ONE AV counts AGAINST all the other AVs as a miss, not very scientific or fair IMO.

 

These personal AV tests should not be used by themselves to judge the effectiveness of a particular scanner.

Although it shows that, as usual, Kaspersky-engined AV's are near the top of the pile, the results of other well-known scanners are shall we say a little strange!!!!

 

Maybe so that you said, or is it simply because of this,

http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2

the list of problematic programs shown in my link above may continue forever, but only the ink had runned out from the writer's laser printer?

Best regards,
Firefighter!

 

someone may say that some of these programs have fixes available... BUT as an example... Nero's fix is ~28 MB... Do you think that 100+ MB of updates should be done AFTER you install SP2, then go through the harrowing baseline-config process that many firewalls use is justified when most of the browser exploits are blocked easily by Kye-U's config. pack for Proxomitron?

 

eScan 2003 Virus Control is pretty good as well