Dr Web cure it & List of malware detected

Discussion in 'other anti-virus software' started by beethoven, May 10, 2008.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    A friend just discovered two trojans on his system - alerted by Spybot:
    1) smitfraud-c.gp and 2) ctfmun.exe (win32.agent.cs).
    Strange thing is that Norton AV 2006 did not notice anything.

    I suggested downloading the good doctor on a usb and perhaps Superantispyware and run these. I am wondering if there is any way to check what malware the good doctor can deal with? Is there a comprehensive list you can check against the two alerts above?
     
  2. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Re: Dr Web cure ti & List of malware detected

    I guess you can check it here -> http://updates.drweb.com/

    The problem is that every anti-malware program uses different names to identify a threat, so you probably won't find anything :(
     
  3. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Re: Dr Web cure ti & List of malware detected

    Yeah, strange:rolleyes:

    Anyway, if you are not sure whether Dr.Web detects the threats, you can try uploading to virustotal to see if it detects them. If it doesn't, check if Ewido detects them, so if it does you can use the portable Ewido Micro Scanner to remove the threats.
     
  4. DjMaligno

    DjMaligno Hispasec/VirusTotal

    Joined:
    Feb 22, 2005
    Posts:
    63
    Location:
    Spain
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    Re: Dr Web cure ti & List of malware detected

    make sure you write down the norton license code before you go any further.
    uninstall norton 2006 run the symantec removal tool link
    norton 2008 is out and will accept your current license code.
    it wont have the same technology that norton 2008 has.
    download the 15 day trial link
    and put in your license details.
     
  6. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Re: Dr Web cure ti & List of malware detected

    thanks guys - we now ran scans with cure it and SuperAntispyware and neither found anything but tracking cookies and old trojans in norton quarantine. At this point I can't help but suspect that Spybot is throwing a hissy fit and there is not really anything wrong. Will have a look at their forum to see if anybody else is getting any FP
     
  7. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Re: Dr Web cure ti & List of malware detected

    I noticed today that in Spybot's updates there were some False positive fixes, try to update and run a scan again with spybot.
     
  8. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Re: Dr Web cure ti & List of malware detected

    I just checked the forum and can't find anything specific there yet but further googling discovered this from F-Secure
    Spybot is referencing this in their scan as win32.agent.cs and includes it under definitions since 7. May. Since F-Secure detects this since 2005 :p , I still find it hard to believe that it not only passed undetected by Norton but even now gets by Norton, Cureit and Superantispyware.
     
  9. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Re: Dr Web cure ti & List of malware detected

    According to this virustotal scan, Symantec doesn't find the threat indeed

    ~Link to VirusTotal results removed per Policy. - Ron~

    You'd better submit the sample if you want it added to their database.
     
    Last edited by a moderator: May 10, 2008
  10. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Can you send these files to samples AT superantispyware.com (and submit to other vendors) so we can process them and update our database?
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    spybot is useless, i wouldn't trust any detection by that.

    ~snip~
     
    Last edited by a moderator: May 10, 2008
  12. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    @ Nick - I emailed the samples from the Spybot recovery folder.

    @ CSJ - what took you so long to respond :D
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,803
    Location:
    Texas
  14. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    thanks Ronjor - just did it. Still in doubt as I have found various files in the sp recovery folder some with the reference to win32.agent and some smitfraud
     
  15. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543

    I'm not sure why you say that spybot is useless?
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,803
    Location:
    Texas
    There is no basis for a "useless" statement like that. Opinions are just opinions unless backed up with verifiable statistics.

    At any rate, it is off topic for the thread and I would suggest a personal message to posters that make such statements for further discussion.
     
  17. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Can you PM me the passwords to the .ZIP files?
     
Loading...
Thread Status:
Not open for further replies.