Rising PC doctor "test", again

Discussion in 'other anti-malware software' started by ako, Aug 7, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I "tested" Rising PC doctor again.

    First trojan went straight through. Second one killed and corructed it totally (did not work even after cleaning, perhaps the malware was from China?), and installed a nasty rootkit. System was cleaned by Hitman pro, but the cleaning process needed the install cd. Hitman also found a suspicios file which was indeed part of the infection.

    I guess I will not test Rising again.... Hitman seems very powerful!
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Hitman Pro is indeed a very useful utility but with you talking about the cleanup requiring the Windows CD,does that mean you tested this malware on your real system ? :eek:
     
  3. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    No. Hitman needed to replace an infected system file. I just wonder what happens with OEM-windows owners? Will it work for them too (I mean: is OEM-recovery disk enough)
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I doubt an OEM recovery disk would be any use since the Windows installation files are usually stored on a hidden partition,it's rare for them to provide an actual Windows cd.I'm not sure how Hitman manages in that scenarioo_O
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,031
    Location:
    Hengelo, The Netherlands
    It will work with any CD/DVD disk that has the original Windows system file on it.

    When Hitman Pro needs to clean an infected system file (hence, it is a system file and thus is cannot be deleted as it would cause an unstable system) then Hitman Pro can only restore that file to an original version.

    Hitman Pro first searches specific folders on the disk to find a white listed variant of the file (Hitman Pro has a white list of all Windows files, stored in the EXE). If the file cannot be found on the system then it prompts for the original CD/DVD.

    Most AV products do not have this unique feature and just keep the infected system file on the machine.

    In the near future we plan to add an option for the infected file to be cleaned by one of our partners, resulting in a cleaned file coming from the Scan Cloud.
     
  6. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    What is a result of this? Is the malware despite of this neutralized?

    Joe, what would Prevx do here?
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx 3.0 takes a different approach because most users don't have the original install disks these days (thanks to hardware vendors cutting costs apparently) and most malware is now also searching for copies of the legitimate components and replacing them locally on the system.

    This is indeed a major and growing problem so we've developed an entire system to handle it, called "System File Replacement" (or "File Replacement Therapy as we like to call it internally :)). If we identify that a file is a critical system component and is infected or patched, we download the exact correct copy from our centralized repository. We match the OS, service pack, hotfix level, and language to get the precise file to prevent any OS incompatibilities.

    This also applies to registry entries - if a system registry entry has been changed or removed, we can replace it (and we have generic routines in place to correct malicious HOSTs file entries and malicious LSP chain entries as well).

    Let me know if you have any questions with this - system file replacement is one of the many features that we frequently forget to mention :oops:
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,031
    Location:
    Hengelo, The Netherlands
    During the creation of Hitman Pro 3.5 we also had the idea of serving original Windows files from the cloud for system file replacement. But due to possible legal issues we decided to go with the 'search for replacement on local disk and CD/DVD' approach.

    The idea of serving original replacement files from the cloud sounds like the perfect approach but we just do not have the guts (yet :doubt:) to distribute original Windows files to our users due to possible legal issues.
     
    Last edited: Aug 10, 2009
Loading...
Thread Status:
Not open for further replies.