Great Trojan Hunter 4.6

Discussion in 'other anti-trojan software' started by ahinterl, Jun 1, 2007.

Thread Status:
Not open for further replies.
  1. ahinterl

    ahinterl Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    31
    Though many speak of Trojan Hunter as an old program and one has the impression that it seems a dying one with many rivals around, I did the test myself by intentionally catching a Trojan and trying to get rid of it.

    I tested my favourites SuperAntiSpyware (SAS), AVG Anti Spyware (AVGAS) and Trojan Hunter (TH).

    While all detected spyware, SAS found completely different spyware and missed the "real" one.
    AVGAS was not able to remove the trojan though it said so, only TH deleted it without problems.

    Seems TH is not that bad, and compared to the other tools, why should I buy something like AVGAS that gives me constant warnings but cannot clean a trojan. So, I'll buy TH...

    Andreas
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I have never used TrojanHunter but it is supposed to be one of the better AT's.

    However, I would not base a possible purchase decision on the detection/cleaning abilities of malware based on a test-bed of one. Therefore, IMHO, the word "Great" in this context may need a little more support.

    But if you like TH and it runs well on your machine it may very well be a good choice for you.
     
  3. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I'm thrilled with TrojanHunter knowing that the best Trojan analyst in the business (Gavin) stands behind it.
     
  4. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    I to have had it for afew years and love it
     
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    On the contrary, I have seen SAS detect and remove trojans that are not detected by Trojan Hunter. Nothing is perfect, but in the end SAS free has the same detection as the pay version, and it updates more frequently than TH. My advice would be to send the missed sample(s) to samples -a-t- superantispyware.com
     
  6. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    You'll pardon me but that's ridiculous! TrojanHunter has daily updates and Gavin adds hundreds of signatures weekly.

    It's very probable that what SAS detected and not TH are scrap files or FP's
     
  7. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    The only thing that is ridiculous is your fanboism. :doubt: You keep stressing that TH is the best, and then proceed to link to 3-4 year old reviews. It kind of reminds me of the BOClean fanatics. :p
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Well I am sure that TH will die soon or engulfed by a big fish in the bussiness.
    Bitter but true. Better to be the part of a big fish rather than disappearing totally. It,s infact the fate of many standalone software, Ewido, BOClean, TDS, etc etc

    PS: No offence pls, as I am advocate of neither of these scanners nor I am against them though I believe to use one or two of them.
     
    Last edited: Jun 3, 2007
  9. azumi21

    azumi21 Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    129
    TH is far from great.

    Any of the top 15 AVs can catch far more trojans.
     
  10. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I'm sure you can back up that statement and therefore request for the sake of the forum to bring us your proofs. Thank you.

    By the way, we'd also like to see if your top 15 AVd can clean these viruses successfully.

    Looking forward to your response or clarification and apology.
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Lol, this might be true in some cases, I remember times when anyone could add signatures to TH and read all signatures made by TH, I also remember the time when TH lost these capabilities, due to exploitation of this great possibility.

    But I am not sure if this funny tool is up-to-date, maybe a matter of time when it´ll disappear.

    Hm, this violates the License of UPX,

    - We grant you special permission to freely use and distribute all UPX
    compressed programs. But any modification of the UPX stub (such as,
    but not limited to, removing our copyright string or making your
    program non-decompressible) will immediately revoke your right to
    use and distribute a UPX compressed program.

    - UPX is not a software protection tool; by requiring that you use
    the unmodified UPX version for your proprietary programs we
    make sure that any user can decompress your program. This protects
    both you and your users as nobody can hide malicious code -
    any program that cannot be decompressed is highly suspicious
    by definition.

    Seems to be quite common to violate upx license, mcafee too. Who are the bad guys now, that is the real question, this seems to be stepless.
     
    Last edited: Jun 3, 2007
  12. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    What exactly was found and missed? Do you have scan logs from both products you can post here?
     
  13. azumi21

    azumi21 Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    129
    Read up:

    https://www.wilderssecurity.com/showthread.php?t=125205&highlight=trojan hunter results

    Sum it up, various anti-trojan/malware programs tested were against the same Trojan section of the test bed used for the AV-Comparatives. TH results were so poor that they didn't want them published. Fill in the blanks.

    Since then all AVs have gotten much better at detecting Trojans.
    There is no need for a separate AT, especially not TH.

    You're welcome for the enlightenment.
     
  14. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    azumi21, I sense that one111's reply will be "....but that was before Gavin came aboard." :p Until AV-Comparatives, or other reputable lab, performs another AT review we will have to keep wondering just how good BOClean and TH really are. In the end several top AV's offer outstanding trojan detection and removal so it's a moot point IMO.

    The fact of the matter is that anti-Trojans are a thing of the past. :isay:
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya, in my opinion I don,t need a dedicated AT in the presence of a good AV on my system.
     
  16. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I'll start with the answer given already in the forum:
    " The test bed was tainted with a lot of spywares that are not really
    classed as trojans. TH was originally developed as a strong detector of
    trojans, not spyware. Magnus has changed this direction since he brought Gavin on board in Dec 2005. If you look at the number of new rulesets added since mid December-2005, you will see that Gavin has increased the detection by more than 100% (39000 to over 78500 as of today)"

    My addition:

    Those tests are out of date a relic from the past. Today TH is the best available. It's still required by the way, even though trojan protection has improved with the major AV programs, but they can't clean or remove them as has been mentioned a number of times in the forum. This is the forte of TrojanHunter
     
    Last edited: Jun 4, 2007
  17. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Again, please provide current data to show that TH is the best available. It may be the best on your system, but clearly you are in the minority. It's common for us to defend the apps we use on our own systems because in our eyes they are the best. It would be nice to see a reputable lab do a current review on TH, BOClean, a-squared, and AGVAS.
     
  18. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    one111, as much as you try to discredit AV-comparatives you cannot escape the fact that Magnus withdrew from the test after getting the results, you can be damn sure that he would have proudly used the test result in commercials etc if they were good, please also note that the test showed no one of the tested programs to be very good.............but they had the guts to let them get published anyway.

    Who made Gavin Coe the "best Trojan analyst in the business" btw................you? :)
     
  19. ahinterl

    ahinterl Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    31
    To do some more testing, I infected the virtual machine with the Trojan again (unfortunately don't know which 'cause all programs that are able to detect it report it under different names) and tried to get rid of it.

    This time, I used trial versions of AVG Anti Spyware (AVGAS), PestPatrol (PP), Trojan Remover (TR), SuperAntiSpyware (SAS) and A-Squared (A2). I couldn't install SpywareFighter for some reason, but since this is the same engine AVGAS uses as well as some have written I let it be.

    SAS and TR didn't find the trojan at all - very bad.

    PP was not really usable, it didn't find anything as well but to do more in depth scans the program would need to be licensed I guess.

    A2 and AVGAS were the only 2 which detected the trojan with AVGAS showing some additional findings.

    I first told A2 to remove the trojan, a subsequent scan with A2 showed no more infection with the particular trojan, but instead a new and different infection was reported (!).

    Then I re-scanned with AVGAS: it detected the same trojans it detected before, so A2 seemed to have cleaned nothing.

    So, I told AVGAS to clean the malware, it demanded a reboot. Then I re-scanned, AVGAS had no more findings, so this time, I seem to be lucky and AVGAS could really delete the malware.

    Just for a check, I scanned with Trojan Hunter, and even this showed no more infection.

    Since I don't think my test trojan is extraordinarily harmful or sophisticated or brand new, I was disappointed that the only usable program to detect and delete trojans for me are AVGAS and Trojan Hunter.

    I didn't test other programs either because I read very bad comments about them (e.g. Digital Patrol) or the signatures are updated rarely so I wouldn't feel really safe or I had the impression that the software was more the result of a one man show with an uncertain future.

    In the end, I can only recommend AGVAS, but then again, the recent history of that former Ewido project leaves me unclear about the further development of this program, maybe it's days are counted already...

    Andreas
     
  20. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    lool, lool.
     
  21. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Thanks for posting your mini review. :) You mentioned TH, but did you use it to scan initially when the trojan was "active"? In your comments it sounds like you only used it after the trojan was removed.
     
  22. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I'm not trying to discredit AV-comparatives and I don't where you conjured up such an idea. I consider them one of the best and most reliable around.

    I don't know why you're so determined to besmirch Magnus. What is your point? What are you trying to convey?
    I feel Magnus had valid reasons and I presented some of them already.

    Who made Gavin the best? His reputation and speaks for itself. Are you going to start criticizing him now?
     
  23. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    1. I'm not trying to "besmirch Magnus", i'm just posting a fact which is not going down too well with you it seems..................again, do you think Magnus would have said those things if lets say TH had scored 95% and come out on top in that test by AV-comparatives "tainted with a lot of spywares that are not really classed as trojans." or do you think he would have not said a word about his opinion regarding the test eventhough it was "tainted" and used the results for marketing?

    2. I'm not criticizing Gavin at all, he may very well be the best i sure don't know him well enough from reading about him in the forum, but you said he was "the best Trojan analyst in the business" and again now "His reputation and speaks for itself.", so i just asked from where did you get the info regarding his skils?'

    3. TH might be the best AT (if there is such thing nowadays), but it sends a really really bad signal (IMO) when you withdraw from a test where the other AT's participate despite getting reasonably poor results, don't you think? :)
     
  24. ahinterl

    ahinterl Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    31
    In the former tests I did, TH detected the trojan under a different name, but it detected it and cleaned it perfectly.

    Nevertheless, I think the absolutely best Anti Trojan at the moment is AVGAS, I updated to the new version yesterday and all my previous update problems are history now.

    Though AVGAS may not be able to remove trojans on the first attempt, chances are good that after some tries it can remove them.

    The problem I have with the other scanners/programs is that most of them don't detected my trojan at all and have a much, much lesser detection rate than AVGAS.

    Interesting that so many swear on SuperAntiSpyware, a really bad performer IMHO...

    Andreas
     
  25. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    While I do not have the necessary experience with TH to make a qualified analysis of its abilities, I will comment on this:

    Plain, pure nonsense because the samples are analyzed by behaviour and then categorized into various types of malware. If I assume right, then majority of the industry would detect these samples as trojans (most likely it is also confirmed by actual analysis by AV-comparatives). Hence, TrojanHunter calling many of these samples as spyware makes it an oddball. Hence this comment cannot be relied on, because if that was the case, we'd have every vendor who failed AV-C's tests saying that there was a defect in this category and that category and the categorization was flawed.

    The fact is that TrojanHunter did not score as well as expected back then. Whether it applies today is unknown. IMO the only two ATs worth considering today are AVG AS and SuperAntiSpyware...but this is just my opinion.

    BTW, @ahinterl: I've noticed that the malware names reported by Ewido are quite close to Kaspersky in many cases. Maybe you should use the Ewido detection as reference when you are going to name some malware. :)
     
Thread Status:
Not open for further replies.