On Demand scan failure

Discussion in 'Prevx Releases' started by CloneRanger, May 6, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Downloaded the latest Rootkit TDL 3 (alias TDSS, Alureon) to test for detection.

    Describes itself as, Favorites manager published by CNN :D

    dr.gif

    Right clicked on it with Prevx v3.0.5.130 and it did not launch. Also tried a few other files with the same result.

    Is this a known problem, or something at my end ?

    If it's the first this is a heads up, if it's the second ?
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Install the new RC it works very well! And Right Click Scans doesn't do much try a Regular scan to see if it is detected! Or just upload to VT!

    TH
     
    Last edited: May 6, 2010
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @Triple Helix

    Prefer to wait for the final release thanks.

    Just tried a full scan via sc.gif

    It didn't launch ? I think it must be something here :(

    I already knew it was a nasty, just wanted to test my AV and Prevx for detection.
     
  4. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Well it sounds like it's broken :( Try a reboot if that doesn't work try a Reinstall that's all I can suggest for now! Or again use the new RC as it works well or Prevx would not of released it!

    HTH,

    TH
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Just clicked on Config Mon

    w.gif

    Checked task manager and it's NOT scanning :(

    Oh dear ?
     
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Reboot! As I had a jam yesterday and all I could do was reboot but after it was fine!

    TH
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @Triple Helix

    Could be ?

    Off to do that right now, see ya soon, i hope :D

    Thanks :thumb:
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @Triple Helix

    You did, did ya :D so it's not just me.

    Rebooted came online and was able to right click scan that rootkit. But it took a lot longer than normal for a single file that size ?

    no.gif

    Did a full comp scan

    no2.gif

    Funnily enough, the full scan took 16 seconds less than the one small file on demand. Hello :D

    I know you downloaded and scanned the rootkit from the link i gave you, and your Prevx detected it. So i'm not quite sure what's happening, or not, at my end with Prevx ? Maybe Joe etc might know ?
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Look in your Detection Overrides under settings to see if it is there? And yes mine detected it with both Right Click scan and a Regular scan!
    Previously Detected Files: [BP] c:\users\daniel\downloads\dr.exe [PX5: 766D7A6C007B1B96CE4300776ABEED00935B17DA] Malware Group: Medium Risk Malware


    TH
     

    Attached Files:

    Last edited: May 6, 2010
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    No sir, but i would had to have manually exclude it, for it to be in there, which i didn't.

    cln.gif

    Worth a check though :thumb:

    Can you go and wake Joe up, he's gone AWAL :D
     
    Last edited: May 6, 2010
  11. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Yes we will have to wait for Joe to reply! But show a picture of Detection Overrides under settings to see if it is there?

    TH
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Had a look in Detection Overrides before posted the last pic, it's not there, but didn't expect it would be as it didn't detect it, nor did i exclude it as it wasn't found.

    Thanks
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Very strange! :doubt:

    TH
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you please send me a scan log to report@prevxresearch.com? That should shed some light as to what is going on :)

    Thanks!
     
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @PrevxHelp

    Thanks log sent
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.