Malwarebytes let me down

Discussion in 'other anti-malware software' started by XenMan, May 24, 2019.

  1. XenMan

    XenMan Registered Member

    Joined:
    May 8, 2018
    Posts:
    130
    Location:
    Australia
    Leaving out the long story, I installed PirateMatryoshka into a sandbox yesterday out of ignorance and curiosity, which WFC blocked irsetup.exe, but I let through.

    It asked for a Piratebay login which I didn't have and I closed it.

    I ran Malwarebytes through the sandbox and it missed zernvo.exe.

    https://www.virustotal.com/gui/file/95d45e83d2328d280dea2f9f56aac67579b4c150a4ad5a5226160d50cc0b5dad/detection

    I'm kind of disappointed it missed it and anything else malignant that was installed. When I have time I will browse the sandbox to see if anything else was done and missed.
     
  2. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    976
    But look at the other vendors that missed it also. That's why it's always important to have a few 2nd opinion scanners on hand. No 1 program is perfect.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,673
    Location:
    Hawaii
    I don't blame you for being disappointed. Why not let a tiger loose in your sandbox -- namely, Norton Power Eraser (NPE)? NPE is free & it's one of THE most aggressive scanners around.
     
  4. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,561
    where there's user interaction, there's always room for failure. that's why user dependent security sw is unreliable (hips, bb, anti-exe etc.), unless the user knows what they're doing.
     
  5. XenMan

    XenMan Registered Member

    Joined:
    May 8, 2018
    Posts:
    130
    Location:
    Australia
    If in doubt, stick it in a box to see what it does...
     
  6. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,561
    nah, don't like boxes. would rather go with vm.
     
  7. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,147
    To be fair only 3 major engines detected this threat with signatures at the time (4 if you count Dr Web); Avast/AVG, Kaspersky and Microsoft.

    Ps: ZoneAlarm is using Kaspersky SDK.
    Ps2: Now that Kaspersky and Microsoft are detecting, expect a huge increase in detection (copycats adding a definition automatically).
     
    Last edited: May 24, 2019
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,361
    Location:
    U.S.A. (South)
    Whenever I would drop a wild tiger malware or ransomware from the zoo into my box it first is within SandboxIE while in ShadowMode with SD. Always useful to like mentioned and suggested, keep a tiger by the tail and use some secondary scanners to examine the specimen more than a few times. There's some cleverly crafted wiles out there that can wiggle their was through nearly anything.
     
  9. XenMan

    XenMan Registered Member

    Joined:
    May 8, 2018
    Posts:
    130
    Location:
    Australia
    Old laptop, needed a program at work.

    Nothing escapes Sandboxie, other things in the box and was hoping MB would clean it.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,673
    Location:
    Hawaii
    "SDK" ... huh? Do you know whether ZA is only using Kaspersky's sigs, or does ZA use Kaspersky's HIPS as well?
     
  11. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,147
    I think ZA uses in-house technology for HIPS and Firewall along with Kaspersky's antivirus engine + cloud + anti-phishing feeds.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.