Panda Failure

Discussion in 'other anti-virus software' started by Gasp, Apr 4, 2010.

Thread Status:
Not open for further replies.
  1. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    I've just been round to fix my friends computer after he reported it was playing up. When checking it, it was pretty obvious why he was experiencing so many problems. The computer was rammed with Malware, ss you'll see from the MBAM Log.

    Interestingly the computer was running Panda Cloud AntiVirus & ThreatFire. After checking the ThreatFire log, it did pickup some suspicious files but they were allowed by the user. However Panda didn't detect anything. I even scanned some of the trojans directly with Panda and no results. And yes, the computer was online.

    Some of the nasties:
    Trojan.Vundo
    Trojan.Hiloti
    Trojan.Fraudpack
    Trojan.Dropper
    Worm.Allaple
    Backdoor.Bot
    Rootkit.Agent
    Rootkit.TDSS
    Malware.Trace
    Spyware.Zbot
    Rogue.YourProtection
    Rogue.SpywareBot
    Rogue.PrivacyConductor
    Rogue.SecurePCCleaner
    Rogue.RegistrySmart
    Rogue.Multiple
    Adware.MyWebSearch
    Adware.180Solutions
    Adware.Seekmo
    Adware.ShopperReports
    Adware.Zango

    All the above were removed with MBAM and the computer booted fine. :thumb: :thumb:
    When later uninstalled Panda only to find after rebooting a wall of BSODs. :thumbd: :thumbd:

    I think a format / reinstall is going to be the fatest solution here now.
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    There may be more to this than is posted here, so I can't say much about Panda, but ouch. TDSS I can understand, as the last I checked VERY few apps caught this. 180Solutions, Zango, Vundo, these should be detected by a lot of apps by now. 180Solutions was being detected by Spybot when people still loved that app, so I don't know what to think of that.
     
  3. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    PCA is still young, version 1.1 soon will be beta will ofter alot more protection.

    a BB, self protection, auto updates, etc.
     
  4. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    Yes but it should have got something surely? Plus, when I uninstalled it, it ~Snip~ the system up totally so a format is necessary anyway now.
     
    Last edited by a moderator: Apr 4, 2010
  5. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Honestly, the system seemed to be quite ~Snip~ by the user:

    You don't catch all this at Wikipedia.
     
    Last edited by a moderator: Apr 4, 2010
  6. PC__Gamer

    PC__Gamer Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    526
    well, forgive me if im wrong, but this all seems a little theatre-like,

    like its been acted out to show Panda's failings in these particular infections.

    :rolleyes:
     
  7. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    i agree, all those infections, i mean they must be going to some shady sites.
     
  8. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,173
    Location:
    Spain
    I'm sorry but I find this a little hard to believe. Please send me the samples that were not detected by Panda in order to verify this claim.
     
  9. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    if he does post the results here please for all of to see.

    thanks
    Pbust :thumb:
     
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it would be interesting but somehow doubtful they will be forthcoming ;)
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah, he already stated he deleted them with MBAM xD
     
  12. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    @PC__Gamer
    theatre-like sites lol! He did say that he'd been looking at those "theatre-like" sites prior to the issues. Although I'd be suprised if they were all from pr0n sites.

    @pbust
    All the malware has been Quarantined and deleted successfully by MBAM so I don't think I am able to send this now. For future reference, how do you want me to submit the malware to you?

    I un-installed Panda hoping to download and re-install a newer version but after doing the uninstall the computer BSODs at boot. Any ideas what caused this?
     
  13. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i have been testing panda cloud and to be honest its not that bad. if it really did miss all of those imo there may have been a more underlying cause for it. yes panda cloud does miss some things but no way is it that bad.
     
  14. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    If we assume something was blocking the internet connection that might explain part of it??
     
  15. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    well PCA does use a offline cache, but still all of those not even been seen by PCA its hard to believe.
     
  16. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    If the computer is offline and one of the trojans corrupted the signature files, would that knock off the panda protection?
     
  17. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Are you 100% sure Panda Cloud was running? Maybe some of the malware killed the protection service.
     
  18. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,173
    Location:
    Spain
    Gasp, do you know if the malware was on the system *before* Panda Cloud AV was installed? It could be any one of those you mentioned crippled the connection and/or prevented PCA from accessing its scanning servers. Did you run a full scan with PCA? If so, can you post the results? Also you mentioned the malware was quarantined by MBAM. Can you restore it and send it to me?
     
  19. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    Panda Cloud was installed on a new clean build of XP so no malware then. I am very sure Panda was running when I last checked. The system was running on spoof name servers which could explain a loss in connection to Panda Cloud.

    The system isn't bootable or restorable its completely wrecked now with the BSODs.
     
  20. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    My friend (or maybe its his kids) has a history of opening unknown files on the internet and infecting his PC with all sorts of crap. Like I said the ThreatFire log confirmed that he had allowed some of the malware. I think what happened here is he's had a 0day drive-by download on a "theatre-like" site which he has allowed and run. This has either blocked his internet and corrupt the Panda signatures, or downloaded another app which has done this.

    I am upgrading him to Windows 7 tomorrow so we can review his security. What would you recommend for someone which opens everything? I am tempted to use something like Returnil to return his system back to normal after every reboot. Or should I go for a free HIPs instead?

    Limited User Account - This will stop him or his kids installing new apps/files.
    Microsoft Security Essentials - Its free and very easy to use.
    Malware Bytes - On-demand malware scanning.
    SAS - On-demand malware scanning.
    Comodo Time Machine - For when it all goes wrong again.
     
    Last edited: Apr 4, 2010
  21. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Gasp.
    I'd go with Returnil to save your friend from himself.It does seem that he managed to get an extraordinary amount of malware onto his system.It's no mean feat to get yourself that infected as I found out when running a VM without any security software to test CTM a while ago.

    It seems unlikely that Panda (and Threatfire too) would fail so dramatically during normal usage,there must be more to it.
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    If you HAVE to go to a deny/allow approach, do it through LUA. HIPs in the hands of the less knowledgeable and/or uncaring is just as dangerous as malware itself.
     
  23. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    no conficker? :D
     
  24. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    No why ?
     
  25. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    How about if we went with Sandboxie or Geswall instead of the strong hips?
     
Loading...
Thread Status:
Not open for further replies.