Cloaked Malware-Windows Defender and Prevx Edge

Discussion in 'other anti-malware software' started by Dark Shadow, Feb 8, 2009.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I Was reaserching some Auto Mechanical Info that had a you tube video and ran it but that required to run another executable.So I took some restriction off sandboxie to let it install inside.I already had a feeling where it was leading and To my suprise windows Defender actualy does somthing,Well almost something it warned of a trojan but was allowed to run on my system tray anyways with a security alert of the fake culprit on my task bar.Also prevx edge had detected as Cloaked Malware and perhaps would have blocked it if it was paid version.I used Defensewalls 1 click stop attack which forced browser close and the little bugger was sitting in the tray even after sandboxie deleted contents but when I hovered the mouse over it vanished.I do not remember the link but going to search again to see If I can locate it N of course just for some further testing not for links being posted.Need to do some scanning now first but pretty confident sandboxie handled it just fine.Some screen to show of what I was seeing.
     

    Attached Files:

  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    And here.
     

    Attached Files:

  3. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Cool! The more products that actually do what we think (wish? hope?) they do, the better. :)
     
    Last edited: Feb 8, 2009
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    O M F G, an actual detection from windows defender, that is actually the first detection ive ever personally seen from it...
     
  5. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    You know, I think you are right-the last thing I saw from Windows Defender was probably when I still had XP-maybe 3 years ago or so. Maybe those big updates lately are doing some good. :)
     
    Last edited: Feb 8, 2009
  6. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    That is typical Windows behavior, happens to a lot of programs on my Vista when they are terminated, unsandboxed or not, do not worry :)

    Windows Defender is alive. :argh:
     
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Ok back and malwarebytes, SAS, Nod32, and re scan with Prevx say clean,Going to search for link now.
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    ROFL, I usualy refer Defender as DCS (Doesn't catch ****) So I am very suprised as you have said, I Have not seen anything outside of adware with WD but not bad here.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Normal user account? Power user account (the so called admin. account)? Or the admin. account (true admin account)?

    UAC on/off?
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    how is prevx againts youtube malware?i mean malware attach in videos?
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    This is encouraging news, indeed. WD actually seems to have improved the performance of my machines, but that might simply be the removal of ThreatFire. Whatever, I'm happy with it, and glad that it DCS (Does Catch ****). ;)
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Prevx Edge did good as detection but can't say as for cleaning, only paid would have done that How good can't say for sure.It started as a youtube but the play when executed I was required to run another something tube,I guess I was not paying to much attention the exe but I knew what was comming so for testing purpose I guess I did a happy clicker move did not read nothing just let rip LOL.I even spent hours trying to replicate it and could not find the darn link.I would have tried to send to the AV vendors.
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    cool;)
     
  14. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
    I find that the Yellow Shield tray notification for the WD definition updates lag behind the actual daily updates, so awhile back, I bookmarked a page I found in the Wilders Security Software update alerts section. I always save the file, then install it prior to my 10 am. daily scan. Here's the link: Install the latest Windows Defender definition updates.
     
  15. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Actually, I always have WD on and a couple of times it catched something the KAV with the most recent database has failed to detect :)
     
  16. wat0114

    wat0114 Guest

    Why did you do that? Couldn't you have just retricted its installation to within the sandbox?
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    It was in Sandboxie at all times but I Keep start/run restriction there for the Executable would fail to intialize.I intentionally wanted to run it, would not happen with executable lockdown of nothing allowed to run other then my browser for example.Nothing was recovered outside there for nothing touched My Drive.
     
    Last edited: Feb 9, 2009
  18. wat0114

    wat0114 Guest

    Okay, I see. That makes perfect sense :)
     
Loading...
Thread Status:
Not open for further replies.