Microsoft Security Essentials detect&cure TDL3

Discussion in 'other anti-virus software' started by Meriadoc, Jul 1, 2010.

Thread Status:
Not open for further replies.
  1. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    kernelmodedotinfo or here.
     
    Last edited: Jul 1, 2010
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    That is very good. Thanks
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    for free, wow. It just keeps making it harder to justify paying for software.
     
  4. Matthijs5nl

    Matthijs5nl Guest

    MSE always did well on rootkits. But this is really quite a breakthrough: the first antivirus which can cure an the latest version in active mode. Only Hitman Pro and TDSSKiller and some other specific tools did the job.
    Microsoft is the bomb :D.
     
  5. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    That's actually pretty impressive, in my humble opinion. On the other hand, would I be wrong if I guessed that the malware is just going to terminate MSE anyway, before it ever gets a chance at removal? I can't recall MSE's self-protection being too wonderful, and we can't really count LUA here, because the rootkit probably wouldn't have infected the system in the first place if the user was LUA.
     
  6. sportsfan7700

    sportsfan7700 Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    495
    Location:
    Fort Worth, Texas USA "Where the West Begins"
    I agree, this is very impressive.
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    and I will bet leave no remnants behind. So for all of you that complain about sometimes slowness in opening something, tough. A free AV that can detect this rootkit and clean it. I would say top that.
     
  8. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Looking at AV Comparatives tests, and this I wonder why I use anything else? Whoever is developing MSE is obviously top notch.
    Regards,
    Jerry
     
  9. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Since there are so many variants of TDL3 I don't see how you could bet w/ confidence that MSE will clean up every trace of the infections.

    In my experience MSE on XP can become extremely sluggish. Vista and 7 do not seem to be affected as much. Let's not forget the update issues with MSE. IMO PCAV + HMP would be a more viable option.
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    well, now that is true, but it is a solid showing. Looks like Dr Web and MSE will be the best at rootkits.
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Meriadoc

    Thanks for posting :thumb:

    EP_X0FF posted the info, and as he now works for Microsoft, i'm wondering if he was involved in coding the Defs for TDL. Or at least had a hand in doing so ? I wouldn't be surprised to learn he did ;)

    @EliteKiller

    It does say

    So ? We'll soon know when people test it against them :D

    *

    More TDL/TDSS RK etc info in here https://www.wilderssecurity.com/showthread.php?t=276152
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    MSE won the AV-C cleanup test, so this doesn't surprise me.
     
  13. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    Anyone care to expand on: "on XP can become extremely sluggish". Avast free is working fine but all the accolades for MSE here, plus the reg fix for the updates, had me tempted to install on the XP desktop. I'll wait until I read more about this. Thank You!
     
  14. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I'll expand on it being run in XP or Win 7. It ain't happening on my setup. Once again for the fourth time, I assumed this version would be better. I made a snapshot, uninstalled Avast 5 and cleaned up left overs. I installed MSE's latest but it's the same ole thing. Massive CPU for both MSE processes plus an additional MSE process which runs every now then, cant remember what it was but it was something like mpmruncmd or other. I went through and added exclusions for other security app processes along with the Explorer.exe. I added the user and registry.pol along with recomended stuff in SoftwareDistribution. Re-booted with high CPU/Memory which lasts for about forty five minutes after startup. Granted that may not be very long but it makes everything else on the laptop way too slow during this time. Long story short, I rolled back to what I had previous.
     
  15. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    Thank you for the heads up! If it ain't broke...I'll stay with A5!
     
  16. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    MSE also detected some avast! leftover as adware.
    AvastMSE.PNG
     
  17. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Avast quarantine files?
     
  18. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    There were no quarantined files in avast!. It was just installed for a few hours for checking the performance of the latest build.
     
  19. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    If you can, disable MSE and restore the files from quarantine. Hit up https://www.microsoft.com/security/portal/Submission/Submit.aspx and upload the files, be sure to tick the "False Positive" box. Also give them a good description, "files from avast" or something but a little more detail.
     
  20. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    Will do
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Those leftover files also appeared for me when testing Immunet. Avast unpacks files there to be scanned and deleted, but Immunet interferes and claims to detect it. Immunet itself can't scan packed files.

    The Avast notification doesn't appear and those files became leftovers, which many on-demand scanners detect. Some kind of hooking conflict.

    Now they've added the directory in Immunet's exclusions by default.
     
  22. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    does mse have uninstaller,remover tool just in case?
     
  23. YanK33

    YanK33 Registered Member

    Joined:
    Jan 30, 2010
    Posts:
    195
    in my PC MSE have a very small CPU usage, very small so maybe something is wrong in your set up
     
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Most likely some software at fault on your end. Runs smooth on two of my XP machines (32-bit) as well as three of my Win 7 machines (both 32-bit and x64). You are one of very, very few who experience this, which is something that could happen to anyone with any AV due to software issues.
     
  25. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    I also experienced the high CPU usage 45 min's after boot also, that was the one main reason that made me switch antivirus products.
     
Loading...
Thread Status:
Not open for further replies.