most AV's disabled

How can it be that these AV's CIS, NIS, AVAST are dissabled by a new threat( gotnewupdate0005.....exe) I downloaded from MDL?
I would have thought that they deploy differnt forms of self protecion.
I haven't tried other products, except for BufferZone which was unefected.

EDIT: I forgot to mention that the AV's faild to start after rebooting.

 

Probably because the authors of that rogue have made sure that it isn't detected by most AV's before releasing it.

Once most AV's start detecting the installer then they release a new morphed undetected version.

While Antimalware Doctor was up and running I tried out Safe Returner against it and it killed the rogue's process and the rogue was inactive after reboot.

gotnewupdate005002.exe - Result: 13/41 (31.71%)

 

Which one inactive? Rogue or Safe returner?

 

I'm sure the AV's will update shortly.
On another note, CIS was the only AV enabling me to send them a smple of this malware.
It captured by the sandbox, the sandbox on the other hand failed in preventing it's execution, allowing changes to the real system.

 

The rogue was inactive. Safe Returner kicked it's butt as did Malwarebytes.

 

Well done by Safe returner... Is it better that Norton Power Eraser?

 

Sorry, haven't tried Norton Power Eraser.

 

Ok, I have heard that does a lots of FP. Safe returner did any FP?

 

Only when selecting Advanced it did show some FP's but it does give a warning when going to Advanced mode.

Best if we keep any future talk on Safe Returner in the Safe Returner thread.

 

Ohh sure..