New eScan Free 4.5.1

Discussion in 'other anti-virus software' started by Firefighter, Oct 8, 2004.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Just made a new scan with this excellent KAV engined backup tool.

    http://www.mwti.net/antivirus/free_utilities.asp

    Surprise, it doesn't rename or delete at all those infected files that were detected, just report only. Very good backup just now. You can check your infected files after that with Jotti's multi online scan,

    http://virusscan.jotti.dhs.org/

    to confirm your findings.


    Best regards,
    Firefighter!
     
    Last edited: Oct 8, 2004
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    You want to be cautious using this tool from Microworld. The trouble is it messes about with your Registry without warning you what it is doing and without giving you the chance to make a backup or decline the deletions that it makes.

    I recommend you look for the logfile it leaves in your Temp folder (assuming you have not deleted it!), and then go through it very carefully to see what it has done.

    If you want to use a KAV engined product - use KAV!
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    This is what eScan found. I changed the extension from .exe to .ger and did a jotti scan. Kaspersky finds this same thing.
    Googling around I didnt find much about CISVCS.
    I asked about this file in june this year on this forum but there wasnt any answer.

    guote:

    Hi.

    Can anyone explain to me what cisvcs.exe /7 in 04 "run once" means.
    I never see it before.
    TIA,

    Gerard


    Logfile of HijackThis v1.97.7
    Scan saved at 3:52:10, on 29-6-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    O4 - HKLM\..\RunOnce: [CISVC] C:\WINDOWS\System32\CISVCS.EXE /7
    unquote
     

    Attached Files:

  4. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To TopperID from Firefighter!

    As I said, eScan Free 4.5.1 doesn't rename or delete any infected file nowadays, before it did.

    Fri Oct 08 21:03:57 2004 => Total Files Scanned: 3008
    Fri Oct 08 21:03:57 2004 => Total Virus(es) Found: 2879
    Fri Oct 08 21:03:57 2004 => Total Disinfected Files: 0
    Fri Oct 08 21:03:57 2004 => Total Files Renamed: 0
    Fri Oct 08 21:03:57 2004 => Total Deleted Files: 0
    Fri Oct 08 21:03:57 2004 => Total Errors: 0
    Fri Oct 08 21:03:57 2004 => Time Elapsed: 00:07:33
    Fri Oct 08 21:03:57 2004 => Virus Database Date: 2004/10/08
    Fri Oct 08 21:03:57 2004 => Virus Database Count: 105092

    Fri Oct 08 21:03:57 2004 => Scan Completed.

    Agains't my former infected 3007 archived samples, the former eScan 4.4.7 scored at least as good as KAV 5.0.156 with EXTENDED database, original KAV found nothing that the eScan left behind.

    Best regards,
    Firefighter!
     
    Last edited: Oct 8, 2004
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    eScan uses KAV's extended database by defualt. That’s why you got identical results. ;)


    tECHNODROME
     
  6. FlashGordon

    FlashGordon Registered Member

    Joined:
    Jul 3, 2004
    Posts:
    27
    Forgive my ignorance, but whats the difference between the eScan utility and the eScan AV retail product?
     
  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    To Firefighter from TopperID

    Oops! I stand corrected. Last time I tried out this product it did some unofficial Registry cleaning for me - hence I never tried the new version!
     
  8. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    154
    The escan website says it cleans/disinfects - are these lines from escan website not true ?

    quote:
    D. The Utility can be added to the start up ensuring that the system is scanned and cleaned everytime it boots.
    E. All the disinfections are reported in the form of a log file.
    F. The utility is regularly updated on our servers ensuring that it can fight the nastiest attacks.
    unquote

    SKA
     
  9. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    154
    Flash G

    Looks like the free utility has no updater, you need to download it afresh each week from mwti.net <g>

    The retail AV has built in updater & key for valid updates for 1 year etc.

    SKA
     
  10. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    My concern relates to this thread: https://www.wilderssecurity.com/showthread.php?p=272575#post272575

    Escan reported it found Backdoor.Win32.Rbot.gen - which no other scanner, intrusion protection, etc alerted me to. It also reported that I have to buy escan to remove the worm/trojan/whatever (my concern since rogue spyware apps follow same stategy). I ran KAV 4.5 and placed in "infected" folder.
     
  11. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    154
    lk

    IMHO,as escan uses extended bases, there be many FPs- I guess your's
    is one too. Win98SE's msconfig filesize 59,392 bytes - if yours be same,
    I guess it's no problem. If you're on WinME it may be different size, maybe ne1 else can chime in.

    SKA
     
  12. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    154
  13. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Yeah, but a FP for a windows file? *edit - apparently not a windows file but a file with it's name.

    I'm using xp pro and it's says 118kb

    **edit - I see the correct location for the file is; C:\WINDOWS\PCHEALTH\HELPCTR\Binaries - and is 154kb

    does anyone know how this file came to be? Did someone get into my PC and place it in there?
     
    Last edited: Oct 9, 2004
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    Just started eScan Free 4.4.7 downloaded on 5:th October 2004. After that in the main GUI, virus signature date 2004/10/09 and version 4.5.1? Is it capable to update?

    Best regards,
    Firefighter!
     

    Attached Files:

  15. frolo222

    frolo222 Guest

    Just use the kavupd.exe in your folder.
    It will put about 50 files in C:/bases, that you will all transfer to your folder where Escan is.
    In my case, it put also the same files in C:/downloads, I just delete all those files after I make the transfer above mentionned.
    Always the latest sigs if you proceed that way.
     
  16. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    154
    Oops ! My bad !!!!

    I am WRONG to say escan free utility can't be updated, it can via kavupd.exe
    as rightly said by frolo22.

    Then it may be that it cannot clean/disinfect,like FF says, but which conflicts with their webpage which says it does clean/disinfect. Maybe they mean clean/disinfect you must buy retail product, this free utility tho'updatable can only detect & not clean.

    Hope this makes sense,
    a rather peevish
    SKA
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    I tried to say that without any tricks, eScan Free seems to be able to update, only two clicks to the program "mwav.exe" file (downloaded on 5:th October 2004 and the version was 4.4.7) and the program shows the current update day and version 4.5.1.

    Best regards,
    Firefighter!
     

    Attached Files:

  18. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Is this an on demand scanner that I can use along with Panda, or is it real time?
     
  19. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Slovak from Firefighter!

    This eScan Free (KAV engine) is only on-demand scanner that is able to report infections only.

    Best regards,
    Firefighter!
     
  20. frolo222

    frolo222 Guest

    It's not true that it report infections only.
    Not in all cases.
    Last time it detected something, it deleted the "dangerous" file I wanted to keep without asking me first, very frustrating.
    So now, I only scan some system folders with it.
     
  21. darkknight

    darkknight Guest

    I agree with frolo222. The program would be MUCH more useful with a feature that allowed you to ignore certain files so they would not be deleted automatically if you didn't want them to be.
     
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Frolo222 from Firefighter!

    Why it's so hard to believe the REAL situation with eScan Free just now?

    Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Padobot.gen.zip
    Fri Oct 08 21:03:54 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Padobot.gen.zip infected by "Worm.Win32.Padobot.gen" Virus. Action Taken: No Action Taken.

    Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.c.zip
    Fri Oct 08 21:03:54 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.c.zip infected by "Worm.Win32.Sachiel.c" Virus. Action Taken: No Action Taken.

    Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.d.zip
    Fri Oct 08 21:03:54 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sachiel.d.zip infected by "Worm.Win32.Sachiel.d" Virus. Action Taken: No Action Taken.

    Fri Oct 08 21:03:54 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.a.zip
    Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.a.zip infected by "Worm.Win32.Sasser.a" Virus. Action Taken: No Action Taken.

    Fri Oct 08 21:03:55 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.b.zip
    Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.b.zip infected by "Worm.Win32.Sasser.a" Virus. Action Taken: No Action Taken.

    Fri Oct 08 21:03:55 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.c.zip
    Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Sasser.c.zip infected by "Worm.Win32.Sasser.c" Virus. Action Taken: No Action Taken.

    Fri Oct 08 21:03:55 2004 => Scanning File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Scorvan.zip
    Fri Oct 08 21:03:55 2004 => File D:\Check\Infected_3008\Virii_1058\Worm_700\Worm.Win32.Scorvan.zip infected by "Worm.Win32.Scorvan" Virus. Action Taken: No Action Taken.


    It's true that before, not so long time ago, it deleted all worms and deleted or renamed the other nasties, but not anymore. Only some riskware files were only just reported before.

    Best regards,
    Firefighter!
     
    Last edited: Oct 12, 2004
  23. freeborn

    freeborn Guest

    Hi can someone tell which of the seven links on the eScan download page has most recent version (looking for the version 4.5.1). Some of the download links have older version than others. Thanks very much.
     
  24. freeborn

    freeborn Guest

    Never mind it is link # 1. I stopped using that link because I thought it had an older version. Over and out.
     
  25. botzap

    botzap Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    18
    I just tried the link #7, it worked ok, it correctly renamed my viruses. :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.