Do You Really Need To Run A Antitrojan Program With Kav?

Discussion in 'other anti-virus software' started by Mr2cents, Feb 24, 2005.

Thread Status:
Not open for further replies.
  1. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Some people say that running an antitrojan program is overkill with kav. Because kavs trojan detector rate is the best there is in anti virus products. This according to av-comparative.org

    I downloaded a trojan simulator that came in a zip file. I extracted it to another folder as the instructions said. I double clicked the folder the files were extracted to. As soon as I did, Boclean got it. See screenshot. Kav was running right there beside it, but boclean was the one that got the trojan.

    My question is this. If kav has the best detection rate of any antivirus in catching trojans, and kav missed this one. You may want to consider a layered protection :D Especially if your not running kav. Now kav may have snatched it after the computer was rebooted, and it may not have. This is a simulated trojan. However, that's the reason I believe in a layered approach.
     

    Attached Files:

  2. jmschwartz

    jmschwartz Guest

    Hello,

    Did you try the same experiment with BoClean off? Maybe KAV would have caught it, too. Both can't catch it simultaneously.

    Regards
     
  3. jmschwartz

    jmschwartz Guest

    As a followup, my KAV 5.0 Business Optimal for Windows Workstation caught the "riskware" before I could extract it from the zip file (that is TrojanSimulator.exe).

    I agree layering protection is a good practice, but don't short KAV :D
     
  4. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Hi jmschwartz. No I haven't tried it with boclean off. I will disable boclean, and redownload the file, and see how kav does. Give me a few minutes. I almost never got the screenshot uploaded in here, because I wanted to see how it looked in the test forum. It wouldn't let me upload the file in here because it said you have already uploaded this file in the test forum. I had to delete the file in the test forum before I could upload here.

    Give me a few minutes.lol
     
  5. jmschwartz

    jmschwartz Guest

    Hi Mr2cents,

    As I mentioned, KAV wouldn't even let me extract the files from the zipfile. It caught them immediately after I opened the zipfile and tried to extract them to a separate file folder.
     

    Attached Files:

  6. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Oh no, I'm not meaning anything bad about kav. I didn't word the post right. What I wanted to stress is kav is the best at catching trojans of any antivirus. My point is since kav is the best at trojan detection. What about everyone thats running a antivirus other than kav that thinks they need nothing more.
     
  7. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Can i ask what is the name of the site with the test trojan on as i have mcafee enterprise and my newly bought Trojan hunter 4.2 (amazing piece of software) running and i am curious how the would fare against this.

    Thanks
    Anthony
     
  8. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    "Riskware" is the proper term for this one, it appears to be the Trojan Simulator created by Magnus Mischel {author of TrojanHunter program}. I believe one needs to have the extended bases loaded in order to detect riskware. I use the normal bases myself. But yes you're right, KAV rivals dedicated ATs in its trojan detection, that is a fact. I test a lot of samples myself and can vouch for KAV, that it is that good. I usually test with KAV before I submit samples to NAV {SARC}. ;)
     
  9. jmschwartz

    jmschwartz Guest

    You're right . . . we all could practice safe "hex" with a little common sense as you've suggested.
     
  10. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    TH will catch it, Magnus the author of TH is the one who wrote it, and it is in the TH ruleset. ;)

    Edit: Here: http://www.misec.net/trojansimulator
     
  11. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Okay, I did the test with boclean disabled. kav missed it.
     

    Attached Files:

  12. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
  13. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I see that your kav version caught it. I'm just running kav 5.0 personal :(
     
  14. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
  15. Mem

    Mem Guest

    I've run this before on KAV Personal and the x-bases catch it but not the extended. I think it is due to the client/server application nature of the simulator. The same problem exists in TDS3 - by default the Client/Server check is not done but once it is checked, the simulator is marked.

    But, running in a limited user account gives a data file problem error on trying to run the application while still loading TSServe.exe in memory.
     
  16. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I just rebooted my computer. Boclean caught this trojan simulator on bootup. Kav was silent. Yep, I believe that I will stay with a layered approach. :rolleyes:
     
  17. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    A wise move ;)

    I am arriving a little late here as you have made a good decision already imho.
    But anyway I always recommend a seperate dedicated Trojan Remover seperate from AV. :) That is a fairly new avatar is it not looks real good there Mr2Cents :cool:
     
    Last edited: Feb 24, 2005
  18. subferno

    subferno Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    87
    For me, Kav missed it as well. Only after installation and execution did TrojanHunter caught it.
     
  19. Mem

    Mem Guest

    I remember when this app came out and many companies said they would not include it into thier databases for differing reasons. One was that it really didn't do harm, another was that it was from a competitor and another was that they weren't going to add every $%#@ demo that came around into their bases. :)

    KAV (and some other trojan apps used on this simulator) has done well in many other independent tests to show it is capable and I've not been too concerned with this result. Obviously I also run TDS3 and know where it showed similar results with the initial settings.
     
  20. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    Hi Mercurie. yep, I just put the avatar on the other night. Glad you like it. I usually don't use an avatar, but we have a new user who goes by "My2cents" I didn't want people to get us mixed up. :D I know now that I will definately be keeping boclean around :)
     
  21. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    By any chance, has anyone tried this with NOD32 and extra settings? I would but I am home on the family machine (my computer is at college).
     
  22. karll

    karll Guest

    by any chance can mcafee catch this trojan sim? Avast 4.6 can't....
     
  23. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    If your antivirus does catch this. It may be unable to get rid of it. See attachment, from trojanhunters website.
     

    Attached Files:

  24. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
    karll I have mcafee virusscan v9 and it didnt. Pestpatrol did though lol. And msantispyware didnt either.
     
  25. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    McAfee VS Enterprise detected it as TrojanSimul on download, with no action taken. Which I assume means it is in the optional "Unwanted Programs" umbrella, which I have on. I think the consumer verison also has this option, though not entirely sure.
     
Loading...
Thread Status:
Not open for further replies.