my question

Discussion in 'malware problems & news' started by asiatrek, Dec 14, 2008.

Thread Status:
Not open for further replies.
  1. asiatrek

    asiatrek Registered Member

    Joined:
    Dec 14, 2008
    Posts:
    1
    since i am not sure which section to post in...
    i hope this one is ok...
    after reading a lot of the posts here in this forum
    after reading comments by the maker of Casir interacting with others...
    this is my question...

    it seems to me that rootkits or trojans are able to deactivate,
    or otherwise limit the usefulness of av software...
    on my notebook i currently do not have this problem
    i use Comodo Firewall Pro.. Boclean.. Avira free..
    along with Spybot teatimer.. Malware bytes.. Superantispyware...
    and i also use a2cmd..
    on my other notebook used for kids..
    originally i was not going to allow them to use it on the Net
    however, they did.. before i had installed Comodo and so on...

    also in a classroom where there is a Chinese WinXP / English Win XP
    there is a similar problem...

    i would guess that the notebook has enough embedded rootkits
    or trojans .. so that Avira is unable to delete or quarantine
    TR/Crypt.Xpack.Gen trojan
    which is C:\Windows\system32\jwedsfdo0.dll
    the dialog box will just continue to remain there...
    eventually i use the task manager
    and kill the avira process several times....

    C:\programfiles\Avira\....personal edition\preupd.exe
    which had a trojan but Avira was able to move it into
    quarantine...

    this was this morning...
    now while writing this post...
    Avira is able to deal with this trojan...

    according to the maker of Casir
    rootkits and trojans are able to modify
    Kaspersky or many other AV to limit their use...

    how can an end user know if their AV has been modified...
    and how do AV products deal with this situation?

    also i read from AV test.org or a related link
    that current AV products are suffering from rootkit
    or trojans .. not being able to remove them..
    or not being able to correct, restore the proper
    registry settings...

    from what i had read
    an AV product or Malware product
    detects and quarantines or removes a trojan
    but might not undo the damage done by the trojan

    daily .. or at least very often
    with the 13 computers that i manage
    explorer is unable to access usb flash disks
    or CD...
    to get around this situation
    i installed another file manager...
    instead of using Winrar...

    can a product such as Casir
    restore the proper settings of Windows...
    such as registry or other settings...?
    the maker does not wish to let the enduser
    know exactly what is happening
    due to his way of handling and dealing with malware
    i do not agree with this approach
    but he has the choice to do this...

    spending $$$ for a product
    over free products might have good benefit
    but i wonder...

    if rootkits and trojans are able to disable
    or make it appear that the AV product is
    working but actually it is not...
    it troubling to me...

    as a poster who prefers AVG
    and is a reseller..
    i concur with his comments
    using what (seems - my addition) to work
    is to be preferred...

    although i am a fan of Comodo
    and i continue to hope that Boclean
    really does contribute useful protection
    i have not noticed much...
    which is either good news or not so good news...

    for me...
    i like to learn from the msg that i see
    on the screen from Comodo...
    i am continually surprised at how many
    settings or registry entries or processes
    that many software products are involved with
    this at least can make me more informed...

    long post...
    rambling thoughts...

    but back to my main point

    how does an enduser
    know whether or not their AV product
    has been compromised or modified?

    Which, if any, products are able to restore
    the original settings after detecting and quarantine
    rootkits or trojans?

    I have used Malwarebytes for some time...
    and Spybot and Superantispyware also...

    however, after installing a2cmd and Avira
    i noticed that there were quite a number of
    malware? trojans or viruses that were detected
    as i quarantine them...

    i know after reading a lot of forum posts
    that there is not any AV product that is able
    to provide 100% protection...
    in spite of the enthusiastic fans for each product

    to me it seems that currently
    surfing on the Net brings a high probability
    of too many rootkits, trojans and other malware...

    excuse me for the long post...
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You can check if your AV detects the EICAR test virus.
     
Loading...
Thread Status:
Not open for further replies.