Prevx only detects Eicar

Discussion in 'Prevx Releases' started by webster, Aug 7, 2009.

Thread Status:
Not open for further replies.
  1. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Downloaded af large collection of malware, about 17.000 files. Unpacked it, and scanned it with Prevx, and it doesn`t detect ANY of it o_O.

    If i upload the files to VT, most of them are detected. Eicar is detected, so i guess connection to the cloud is okay. I even disabled my firewall, but still no go.

    Any suggestions?

    Windows XP, A-Squared and Privatefirewall.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Can you give me a link to the archive to see what's wrong? Also, were all of the files unarchived (not in any zip/rar/etc.?)
     
  3. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Links sent. I just unpacked the main rar archives.
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I extracted a fragment of the first link and it found the maximum of 255 threats in one run o_O How did you scan the archive?
     
  5. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Right clicked it, and it scanned. No Threats detected o_O
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    How many files did it say it scanned/how long did it take? It shouldn't even get a fraction of the way through all of the files as it will stop once it reaches the infection count threshold.

    Also, it is possible that A2 is detecting the files while we're scanning, preventing us from reading the files - could you try with A2 disabled or uninstalled?
     
  7. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Just put one of the files which is detected on VT, on the desktop, disabled A-Squared guard, scanned one file and no detection.

    I will try to scan the archive again and check the count.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's surprising :doubt: I'm unfamiliar with Privatefirewall but its "possible" that it could be silently blocking communications, but you would have been receiving errors if that was the case.

    Out of curiosity, could you send me the specific file and let me know what OS you're on just to try and reproduce it here?
     
  9. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    File and firewall log sent.

    17.153 files scanned, 0 threats found.

    Win XP.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Well there is something fundamentally wrong here - that particular file (the one you sent) has been detected since October 24th, 2007. Would you be willing to have me remotely diagnose the problem to see what is going wrong? (We can schedule a time when you're available)
     
  11. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Uninstalled Privatefirewall and still no go. Uninstalled and reinstalled Prevx, and it detects the 255 and the one on the deskop. Don`t know what went wrong here o_O
     
  12. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    You`re welcome to take a look, but i guess there is nothing to see now.
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :doubt: Probably not.... that is quite odd. Did you reinstall Privatefirewall before reinstalling Prevx? It might be worth uninstalling Prevx, installing Privatefirewall, then reinstalling Prevx and see if that does anything different.
     
  14. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    I have tried both ways now, and detection is still working.

    But something else came up. I have an issue with a security center warning at boot, that Privatefirewall is disabled, but it`s not. If i reregister wbem, it goes away. I have to do this at every boot. Same thing happens with Outpost Free btw.

    But the strange thing is, that this warning appeared just when i reinstalled Prevx, and went away the same moment i uninstalled Prevx.

    Btw, in the process of this installing and reinstalling Private Firewall and Prevx, i had some issues with security center getting disabled.

    Prevx is off the machine now, and no problems with warnings and security center.
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Can you try installing Prevx again and not putting in your license? Prevx won't add itself to the security center until you put in your license so that would show what part isn't working properly.
     
  16. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Installed Prevx without activating, rebooted and no problems. Activated and rebooted twice, and still no problems. Everything is working now o_O
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Bizarre :doubt: Really not sure what would cause it, but I'll make a bug report and will see if we can reproduce any issue.
     
  18. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    It`s back :'(. The moment i clicked ok to uninstall Prevx, the warning dissapeared.
     
  19. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    It seems that Prevx unregister one or more wbem dll`s. When it/they are reregistered the warning goes away until next boot
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We don't unregister the libraries, but we do stop and restart the Security Center service when registering ourselves.

    I "believe" the update from Microsoft was for Vista and higher, but they recently made a major change to the security center (within the last couple weeks) - we're still working on getting the relevant information from them on how to integrate with it which will allow us to change our current method.

    Could you try running:

    sc start wscsvc

    with Prevx installed/registered and see if that corrects it?
     
  21. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    It said service already running, and it is.

    EDIT: It is back after second reboot, and goes away instantly when prevx says uninstall complete.
     
    Last edited: Aug 8, 2009
Thread Status:
Not open for further replies.