New eScan Free 4.5.1

Just made a new scan with this excellent KAV engined backup tool.

http://www.mwti.net/antivirus/free_utilities.asp

Surprise, it doesn't rename or delete at all those infected files that were detected, just report only. Very good backup just now. You can check your infected files after that with Jotti's multi online scan,

http://virusscan.jotti.dhs.org/

to confirm your findings.


Best regards,
Firefighter!

 

You want to be cautious using this tool from Microworld. The trouble is it messes about with your Registry without warning you what it is doing and without giving you the chance to make a backup or decline the deletions that it makes.

I recommend you look for the logfile it leaves in your Temp folder (assuming you have not deleted it!), and then go through it very carefully to see what it has done.

If you want to use a KAV engined product - use KAV!

 

This is what eScan found. I changed the extension from .exe to .ger and did a jotti scan. Kaspersky finds this same thing.
Googling around I didnt find much about CISVCS.
I asked about this file in june this year on this forum but there wasnt any answer.

guote:

Hi.

Can anyone explain to me what cisvcs.exe /7 in 04 "run once" means.
I never see it before.
TIA,

Gerard


Logfile of HijackThis v1.97.7
Scan saved at 3:52:10, on 29-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

O4 - HKLM\..\RunOnce: [CISVC] C:\WINDOWS\System32\CISVCS.EXE /7
unquote

 

To TopperID from Firefighter!

As I said, eScan Free 4.5.1 doesn't rename or delete any infected file nowadays, before it did.

Fri Oct 08 21:03:57 2004 => Total Files Scanned: 3008
Fri Oct 08 21:03:57 2004 => Total Virus(es) Found: 2879
Fri Oct 08 21:03:57 2004 => Total Disinfected Files: 0
Fri Oct 08 21:03:57 2004 => Total Files Renamed: 0
Fri Oct 08 21:03:57 2004 => Total Deleted Files: 0
Fri Oct 08 21:03:57 2004 => Total Errors: 0
Fri Oct 08 21:03:57 2004 => Time Elapsed: 00:07:33
Fri Oct 08 21:03:57 2004 => Virus Database Date: 2004/10/08
Fri Oct 08 21:03:57 2004 => Virus Database Count: 105092

Fri Oct 08 21:03:57 2004 => Scan Completed.

Agains't my former infected 3007 archived samples, the former eScan 4.4.7 scored at least as good as KAV 5.0.156 with EXTENDED database, original KAV found nothing that the eScan left behind.

Best regards,
Firefighter!

 

eScan uses KAV's extended database by defualt. That’s why you got identical results.


tECHNODROME

 

Forgive my ignorance, but whats the difference between the eScan utility and the eScan AV retail product?

 

To Firefighter from TopperID

Oops! I stand corrected. Last time I tried out this product it did some unofficial Registry cleaning for me - hence I never tried the new version!

 

The escan website says it cleans/disinfects - are these lines from escan website not true ?

quote:
D. The Utility can be added to the start up ensuring that the system is scanned and cleaned everytime it boots.
E. All the disinfections are reported in the form of a log file.
F. The utility is regularly updated on our servers ensuring that it can fight the nastiest attacks.
unquote

SKA

 

Flash G

Looks like the free utility has no updater, you need to download it afresh each week from mwti.net <g>

The retail AV has built in updater & key for valid updates for 1 year etc.

SKA

 

My concern relates to this thread: https://www.wilderssecurity.com/showthread.php?p=272575#post272575

Escan reported it found Backdoor.Win32.Rbot.gen - which no other scanner, intrusion protection, etc alerted me to. It also reported that I have to buy escan to remove the worm/trojan/whatever (my concern since rogue spyware apps follow same stategy). I ran KAV 4.5 and placed in "infected" folder.

 

lk

IMHO,as escan uses extended bases, there be many FPs- I guess your's
is one too. Win98SE's msconfig filesize 59,392 bytes - if yours be same,
I guess it's no problem. If you're on WinME it may be different size, maybe ne1 else can chime in.

SKA

 

Maybe this old stuff to you gurus, but here's what I found new on escan
site- a list of file exts to be excluded :

http://mwti.net/antivirus/hotfix/speed_fix6.asp

http://mwti.net/antivirus/hotfix/speed_fix7.asp

http://mwti.net/antivirus/hotfix/speed_fix8.asp

Excluding win386.swp is a new idea for me - ne1 tried this ? Does it help improve slowdowns with KAV/escan?

SKA

 

Yeah, but a FP for a windows file? *edit - apparently not a windows file but a file with it's name.

I'm using xp pro and it's says 118kb

**edit - I see the correct location for the file is; C:\WINDOWS\PCHEALTH\HELPCTR\Binaries - and is 154kb

does anyone know how this file came to be? Did someone get into my PC and place it in there?

 

To everyone from Firefighter!

Just started eScan Free 4.4.7 downloaded on 5:th October 2004. After that in the main GUI, virus signature date 2004/10/09 and version 4.5.1? Is it capable to update?

Best regards,
Firefighter!

 

Just use the kavupd.exe in your folder.
It will put about 50 files in C:/bases, that you will all transfer to your folder where Escan is.
In my case, it put also the same files in C:/downloads, I just delete all those files after I make the transfer above mentionned.
Always the latest sigs if you proceed that way.

 

Oops ! My bad !!!!

I am WRONG to say escan free utility can't be updated, it can via kavupd.exe
as rightly said by frolo22.

Then it may be that it cannot clean/disinfect,like FF says, but which conflicts with their webpage which says it does clean/disinfect. Maybe they mean clean/disinfect you must buy retail product, this free utility tho'updatable can only detect & not clean.

Hope this makes sense,
a rather peevish
SKA

 

To everyone from Firefighter!

I tried to say that without any tricks, eScan Free seems to be able to update, only two clicks to the program "mwav.exe" file (downloaded on 5:th October 2004 and the version was 4.4.7) and the program shows the current update day and version 4.5.1.

Best regards,
Firefighter!

 

Is this an on demand scanner that I can use along with Panda, or is it real time?

 

To Slovak from Firefighter!

This eScan Free (KAV engine) is only on-demand scanner that is able to report infections only.

Best regards,
Firefighter!

 

It's not true that it report infections only.
Not in all cases.
Last time it detected something, it deleted the "dangerous" file I wanted to keep without asking me first, very frustrating.
So now, I only scan some system folders with it.

 

I agree with frolo222. The program would be MUCH more useful with a feature that allowed you to ignore certain files so they would not be deleted automatically if you didn't want them to be.

 

To Frolo222 from Firefighter!

Why it's so hard to believe the REAL situation with eScan Free just now?

Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Padobot.gen.zip
Fri Oct 08 21:03:54 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Padobot.gen.zip infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.

Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.c.zip
Fri Oct 08 21:03:54 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.c.zip infected by "Worm.Win32.Sachiel.c" Virus. Action Taken: No Action Taken.

Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.d.zip
Fri Oct 08 21:03:54 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.d.zip infected by "Worm.Win32.Sachiel.d" Virus. Action Taken: No Action Taken.

Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.a.zip
Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.a.zip infected by "Worm.Win32.Sasser.a" Virus. Action Taken: No Action Taken.

Fri Oct 08 21:03:55 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.b.zip
Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.b.zip infected by "Worm.Win32.Sasser.a" Virus. Action Taken: No Action Taken.

Fri Oct 08 21:03:55 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.c.zip
Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.c.zip infected by "Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken.

Fri Oct 08 21:03:55 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Scorvan.zip
Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Scorvan.zip infected by "Worm.Win32.Scorvan" Virus. Action Taken: No Action Taken.


It's true that before, not so long time ago, it deleted all worms and deleted or renamed the other nasties, but not anymore. Only some riskware files were only just reported before.

Best regards,
Firefighter!

 

Hi can someone tell which of the seven links on the eScan download page has most recent version (looking for the version 4.5.1). Some of the download links have older version than others. Thanks very much.

 

Never mind it is link # 1. I stopped using that link because I thought it had an older version. Over and out.

 

I just tried the link #7, it worked ok, it correctly renamed my viruses.