KAV 6.0 PDM vs very_bad_rootkit

Hi.

I have downloaded KAV 6.0 to check detection of rootkits.

The movie: http://www.gmer.net/kav6.wmv ( Windows Media Video 9 codec )

http://forum.kaspersky.com/index.php?showtopic=13895

Regards.

 

Can you upload it to virustotal so we can see how other softwares deal with it?

 

Code:

STATUS: FINISHED
Complete scanning result of "very_bad_rootkit.zip", received in VirusTotal at 05.16.2006, 07:07:56 (CET).

Antivirus   Version   Update   Result  
AntiVir   6.34.1.27   05.15.2006   no virus found 
Avast   4.6.695.0   05.15.2006   no virus found 
AVG   386   05.15.2006   no virus found 
BitDefender   7.2   05.16.2006   no virus found 
CAT-QuickHeal   8.00   05.15.2006   no virus found 
ClamAV   devel-20060426   05.15.2006   no virus found 
DrWeb   4.33   05.16.2006   no virus found 
eTrust-InoculateIT   23.72.9   05.16.2006   no virus found 
eTrust-Vet   12.4.2209   05.15.2006   no virus found 
Ewido   3.5   05.15.2006   no virus found 
Fortinet   2.76.0.0   05.16.2006   no virus found 
F-Prot   3.16c   05.15.2006   no virus found 
Ikarus   0.2.65.0   05.15.2006   no virus found 
Kaspersky   4.0.2.24   05.16.2006   no virus found 
McAfee   4762   05.15.2006   no virus found 
Microsoft   1.1372   05.16.2006   no virus found 
NOD32v2   1.1539   05.15.2006   no virus found 
Norman   5.90.17   05.15.2006   no virus found 
Panda   9.0.0.4   05.15.2006   no virus found 
Sophos   4.05.0   05.16.2006   no virus found 
Symantec   8.0   05.16.2006   no virus found 
TheHacker   5.9.7.143   05.15.2006   no virus found 
UNA   1.83   05.15.2006   no virus found 
VBA32   3.11.0   05.15.2006   no virus found

Aditional Information  
File size: 1317 bytes 
MD5: f6bb3570fdab9b35d461c9bd7618fee3 
SHA1: bae0cb076e6efdfbc8e443a38d49d89855978fd6   

Regards

 

VirusTotal will not be a good comparison at all.
You tested KAV6 locally and this one remotely therough VT.
Panda could detect rootkit with TruPrevent, but it can't since it's not even active on VT (it must be on-access, not on-demand).
Just a thought.

 

Gmer can you test that with NOD32, DrWeb and VBA32 the same way as you did with KAV?

 

??

 

I will probably. Does trial version of NOD32 detects rootkits ?

As you saw it was enough for KAV .
This rootkit is very simple.

Regards

 

I think it does, retail has proactive rootkit detection.
You could download & install it, and tell us the version number (found under NOD32 System Tools > Information)

 

Oh and current retal version is 2.51.26

 

I think you should submit it to all AV vendors who do not detect it for analysis to make sure that the file should actually be detected.

 

Indeed, that skull animation is something I used many many years ago.
Looking old here, but whatever.

 

It was just a simple test how strong is new KAV + PDM .
Now I now .

 

Donno for sure, but to my knowledge, PDM Anti-Rootkit part module says it checks for rootkits every 20 minutes...

http://img352.imageshack.us/img352/7674/kavrootkit9jc.png

 

Very nice period .

 

Well, in a way, I agree... 20 minutes? What's the point? 20 seconds I understand, heck, even 2 minutes... but 20 minutes?

 

This is a beta version...

 

Release version of KAV ( 6.0.0.299 ) has the same problem .

Mr Sobko is product developer.

 

Yes, but ever though about overhead made with 20 second intervals?

 

gmer, this is the first version of 6.0, it is at the start of it's development and things will be added as it gets moving, new things will be added and the features already there will be improved. I'm at this point perhaps struggling a bit to see what you hope to gain by all these post here, there and everywhere.

We have listened to you, sobko has responded to you in the thread (he's ill btw and not working 100% ATM), if you really want to help improve the rootkit detection of the PDM, then why not join the beta program instead of posting the same over & over again in different

 

I have made the test, thats all.
I wrote about this because I think its better to know.

You can always write to moderator to delete my post ( in Poland it was called communism )

 

Why would i write to the moderator, thats silly.