On Demand scan failure

Discussion in 'Prevx Releases' started by CloneRanger, May 6, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Downloaded the latest Rootkit TDL 3 (alias TDSS, Alureon) to test for detection.

    Describes itself as, Favorites manager published by CNN :D

    dr.gif

    Right clicked on it with Prevx v3.0.5.130 and it did not launch. Also tried a few other files with the same result.

    Is this a known problem, or something at my end ?

    If it's the first this is a heads up, if it's the second ?
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    Install the new RC it works very well! And Right Click Scans doesn't do much try a Regular scan to see if it is detected! Or just upload to VT!

    TH
     
    Last edited: May 6, 2010
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Triple Helix

    Prefer to wait for the final release thanks.

    Just tried a full scan via sc.gif

    It didn't launch ? I think it must be something here :(

    I already knew it was a nasty, just wanted to test my AV and Prevx for detection.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    Well it sounds like it's broken :( Try a reboot if that doesn't work try a Reinstall that's all I can suggest for now! Or again use the new RC as it works well or Prevx would not of released it!

    HTH,

    TH
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Just clicked on Config Mon

    w.gif

    Checked task manager and it's NOT scanning :(

    Oh dear ?
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    Reboot! As I had a jam yesterday and all I could do was reboot but after it was fine!

    TH
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Triple Helix

    Could be ?

    Off to do that right now, see ya soon, i hope :D

    Thanks :thumb:
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Triple Helix

    You did, did ya :D so it's not just me.

    Rebooted came online and was able to right click scan that rootkit. But it took a lot longer than normal for a single file that size ?

    no.gif

    Did a full comp scan

    no2.gif

    Funnily enough, the full scan took 16 seconds less than the one small file on demand. Hello :D

    I know you downloaded and scanned the rootkit from the link i gave you, and your Prevx detected it. So i'm not quite sure what's happening, or not, at my end with Prevx ? Maybe Joe etc might know ?
     
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    Look in your Detection Overrides under settings to see if it is there? And yes mine detected it with both Right Click scan and a Regular scan!
    Previously Detected Files: [BP] c:\users\daniel\downloads\dr.exe [PX5: 766D7A6C007B1B96CE4300776ABEED00935B17DA] Malware Group: Medium Risk Malware


    TH
     

    Attached Files:

    Last edited: May 6, 2010
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    No sir, but i would had to have manually exclude it, for it to be in there, which i didn't.

    cln.gif

    Worth a check though :thumb:

    Can you go and wake Joe up, he's gone AWAL :D
     
    Last edited: May 6, 2010
  11. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    Yes we will have to wait for Joe to reply! But show a picture of Detection Overrides under settings to see if it is there?

    TH
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Had a look in Detection Overrides before posted the last pic, it's not there, but didn't expect it would be as it didn't detect it, nor did i exclude it as it wasn't found.

    Thanks
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,013
    Location:
    Ontario, Canada
    Very strange! :doubt:

    TH
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you please send me a scan log to report@prevxresearch.com? That should shed some light as to what is going on :)

    Thanks!
     
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @PrevxHelp

    Thanks log sent
     
Thread Status:
Not open for further replies.