New strong heuristics for updated Antivir PE !

Discussion in 'other anti-virus software' started by Big Mike, May 19, 2004.

Thread Status:
Not open for further replies.
  1. Big Mike

    Big Mike Guest

    Yes !

    it seems that finally the heuristics were included in the free version also !

    (included in big update)

    You can choose between 3 settings from weak to strong.

    It's availeble in the on-acess (guard) & on-demand scanner.

    Seems, that Antivir Pe is getting stronger day by day now....
     
  2. zorrozorrito

    zorrozorrito Guest

    Antivir, with heuristics included, could be better than eTrust v7?
    What do you think about it?
     
  3. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I think I would wait and see what others that use it say about it before relying on it as my only anti-virus, or switching over to it if you are already using another anti-virus.
     
  4. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
  5. vincevega

    vincevega Registered Member

    Joined:
    May 4, 2004
    Posts:
    41
    Is this the new version thats posted on the site? Looks to be.

    Program-Release 6.25.00.03
    VDF-Version 6.25.00.73
    Date (MM-DD-YYYY) 05-19-2004
    Time 13:54:04
    File name avwinsfx.exe
    File size 4,00 MByte
     
  6. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Yup, its the new version.

    I just downloaded it, and it has heuristics. I think I'm sold on this one. Should work very well combined with F-Prot. (You know, different rules for heuristic detection.)
     
  7. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    heuristics set to medium, so far so good ;) ;)
    no FP :D
     
  8. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    AntiVir generates a lot of false alarms even without its heuristics. i wonder what would happen with the heuristic set to maximum.
     
  9. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    I've never had any false alarms with AntiVir. I've also never detected anything, even with heuristics at maximum.

    And by the way, I believe that the heuristics work only for on-access scanning, not on-demand scanning. And, if I'm interpreting what I see correctly, the heuristics don't work for worms and trojans, so I would exactly call them "strong".

    Also, check out the program's entry on the Virus Bulletin website: Link

    Compare to other AVs, and you'll see that AntiVir has the worst performance by far. (The best, btw, is NOD32.)
     
  10. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    what makes you think the heuristics don't work for trojans and worms. please explain in detail. same in Panda the heuristics work only in on-demand.
     
  11. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Whoops, I think I did read wrong. Sorry 'bout that. :blink:
     
  12. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    sorry Pigman i was only asking honestly. i didn't test the latest AntiVir thats why i was curious. please don't think that i was challenging you.
     
  13. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    I didn't think that you were trying to irritate me.

    And btw, the on-demand scanning also has heuristic options. The help files say that the heuristics are "powerful", but I know better than to trust that - H+BEDV seems to have a habit of exaggerating what AntiVir will do.
     
  14. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    If you are missing the heuristic option in the main GUI, try downloading the entire install package. A bug was fixed and a new package was uploaded on May 21th. AVMain.exe should be dated to 11th of May 2005 and 643.112 bytes in size.

    The heuristic is having quite some false positives right now as it is in the process of being optimized. Known false positives are WinVNC, WinZIP32, WULOADER, ICSMGR, KLCONFIG.EXE and SPYBOT.EXE (1.0). If you find more false positives, please send to heuristik@antivir.de.

    Keep in mind that AntiVir has no PE EXE unpacking engine (not yet!) - this is limiting the heuristic detection somewhat.
     
  15. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    apart from those false positives it actually detects quite a few trojans.. unpacked trojans, that is..quite strong detection of irc trojans/bots, vb backdoors and web downloaders, to name a few

    this is definitely a move in the right direction,,,, just waiting for the unpacking engine... :D
     
  16. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Well,i have one.Antivir with or without heuristics recognizes a dll inside Panda antivirus as "NewloveA.vbs". Kaspersky says it's clean,Panda itself says the same,a2 and ewido idem.

    I even sent a mail with the dll in question zipped to Antivir , entitled "Probably false positive", asking them to cofirm that is a false positive.What i got back was an automatically generated mail saying "Warning,you sent us a virus,your computer maybe compromised ecc ecc".

    No further reply,Antivir keeps saying it's a virus... :rolleyes:
     
  17. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Ugghh. Strange. What OS? I'm on Win98, and, as I said before, never had one false positive.
     
  18. vincevega

    vincevega Registered Member

    Joined:
    May 4, 2004
    Posts:
    41
    I had this exact same problem. Antivir saw my panda online scan files as the "newlovea.vbs" virus. No doubt it's a false positive.
     
  19. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Win XP Home.It's getting annoying really.Every time i make a full scan i get the alarm twice,because "sees" this VbS once in the Panda's folder and once in the Panda's setup file ( i ll remove it from my pc with the first backup i ll do,so at least i ll get rid of the second alarm).

    Ah,thanks,now i m 100% sure too.Seems that can't stand Panda.Lol!Thank God forums like this exist,because if i were to wait for their reply(Antivir's),i 'd wither first.
     
  20. Delgado

    Delgado Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    131
    Reference false positives- Panda Antivirus are well known for not covering their Virus Definition Strings so that other Anti Virus Progs pick their strings up as viruses. I got this straight from Panda that their definitions are picked up by other AV Progs. This is nothing to worry about and is a false positive.
     
  21. controler

    controler Guest

    Hi

    Why is this Av impossiable to download?

    :oops:

    will try again with my DSL connection later and see what happens.

    controler
     
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    I'm positively surprised of the worm detection of new AntiVir. First time in my own tests AntiVir was better against worms and trojans & backdoors than Avast 4.1 Home.

    The heuristics were able to detect 17 worms from my 364 worms collection and AntiVir was equal with Panda Platinum 7.0 and only one archived worm sample behind BitDefender 7.2 Free. Most of those worms were classified as worms by KAV 5.0.121 and eScan 4.2.2 Free (KAV engine), some of those were classified as worms by BitDefender 7.2 Free, Panda Platinum 7.0, NOD32, Avast 4.1 Home, RAV and DrWeb 4.31b. Clearly behind AntiVir were Avast 4.1 Home and NOD32 with Advanced Heuristics. Here are those worms that AntiVir was able to detect with heuristics.

    AntiVir v6.25.0.74 Scan Engine 6.25.059 heuristics detected:

    I-Worm.LunarStorm.b.zip --> rage_worm_b.exe
    [DETECTION] This file contains suspicious code Heuristic/Trojan.Win32.PWS
    I-Worm.LunarStorm.c.zip --> rage_worm_a.exe
    [DETECTION] This file contains suspicious code Heuristic/Trojan.Win32.PWS
    I-Worm.LunarStorm.zip --> rage_worm_c.exe
    [DETECTION] This file contains suspicious code Heuristic/Trojan.Win32.PWS
    I-Worm.Wozer.f.zip --> worm_wozerb.exe
    [DETECTION] This file contains suspicious code Heuristic/Trojan.Win32.Downldr
    IRC-Worm.Allegro.a.zip --> IRC-Worm.Allegro.a
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCScript
    IRC-Worm.Bunny.zip --> IRC-Worm.Bunny
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCDropper
    IRC-Worm.ClickIt.a.zip --> IRC-Worm.ClickIt.a
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCDropper
    IRC-Worm.ClickIt.f.zip --> IRC-Worm.ClickIt.f
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCDropper
    IRC-Worm.Crack.b.zip --> IRC-Worm.Crack.b
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCDropper
    IRC-Worm.Kia.zip --> IRC-Worm.Kia
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCScript
    IRC-Worm.Lamirc.b.zip --> IRC-Worm.Lamirc.b
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCDropper
    IRC-Worm.Lucky.c.zip --> IRC-Worm.Lucky.c
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCDropper
    IRC-Worm.Metak.b.zip --> IRC-Worm.Metak.b
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCScript
    IRC-Worm.Tiny.e.zip --> IRC-Worm.Tiny.e
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCScript
    IRC-Worm.Tiny.f.zip --> IRC-Worm.Tiny.f
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCScript
    IRC-Worm.Wonder.zip --> IRC-Worm.Wonder
    [DETECTION] This file contains suspicious code Heuristic/Worm.IRCScript
    Worm.Shorm.12.zip --> Worm.Shorm.12
    [DETECTION] This file contains suspicious code Heuristic/Trojan.Win32.PWS

    Here are those worms that NOD32 was able to detect only with Advanced Heuristics.

    Detected with AH only:

    D:\Worms_364\I-Worm.Ainjo.zip > ZIP > I-Worm.Ainjo.h - probably unknown NewHeur_PE virus
    D:\Worms_364\I-Worm.Cholera.zip > ZIP > I-Worm.Cholera - probably unknown NewHeur_PE virus
    D:\Worms_364\I-Worm.Petik.ZIP > ZIP > RINS.EXE - probably unknown NewHeur_PE virus
    D:\Worms_364\Worm.Furby.A.zip > ZIP > Furby.exe - probably unknown NewHeur_PE virus

    AntiVir deserves to be my backup scanner to KAV, because it was the best to detect those infected files that eScan missed from my 1228 all sort of infected archives collection - 2 infected archived files more than DrWeb 4.31b.

    Best regards,
    Firefighter!
     
  23. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Without an unpacking engine, why bother?

    This thing didn't recognize a known trojan packer, with 2-3 other trojans inside it, and if you click it, its too late.

    Sorry but no matter HOW good the scanner if, it doesn't have exceptionally good unpacking and rebase detect, its quite useless to me.. Especially since the last few trojans i've run into, are packed or rebased.
     
  24. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Kobra from Firefighter!

    Why an unpacker engine with AntiVir, when I am using KAV as my resident scanner plus BOClean as my Anti-Trojan?

    Even KAV is capable to miss something. I have 92 potentially infected archives that were missed by KAV but some other AV:s were capable to detect most of those! The rest that were missed by all my scanned AV:s, I still believe that they were infected because most of those were downloaded from virii collection sites. Of those other AV:s, AntiVir detected eScan (and KAV 5.0.121 too) missed files better than AVG 6.0, Avast 4.1 Home, BitDefender 7.2 Free, DrWeb 4.31b, NOD32 with Advanced Heuristics and Panda Platinum 7.0, what more to say?

    Best regards,
    Firefighter!
     
  25. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Sorry if im getting something wrong here.
    As far as I know packed and compressed malware are harmless until unpacked or decompressed, and then the residentscanner hopefully will nail it.
    Please correct me if im wrong :)
     
Loading...
Thread Status:
Not open for further replies.