Discussion in 'other anti-virus software' started by Meriadoc, May 6, 2008.
Don't be sorry. You've just mixed up a warm thing with a soft one.
Are you saying that since it was hard for DrWeb to find the samples it should not be too easy for the others either? If you could say it straight, I think I could accept it.
In addition to what Einsturzende said in reply to this... where does it say it specifically bypassed the above list?
Also, some very interesting points there Wordmonger
I see something in post no.20 at that forum...
I see KIS 2009. What does it say about it. I can't speak or read rusian or whatever it is. Tell us please
here is the best I can do.
Had nicely fun yesterday)
Dear Алиса, without insults certainly, for васм, you should understand, that our work demanded observance of the certain norms of behaviour of separately taken community And certainly the company the Doctor the Web and its PR to a department it is still far up to you with yours одрайверенными руткитами громозонами, ends Интронета and other firm delirium
I certainly would explain to public from Kaspersky's laboratory why their antivirus is not capable to find out this руткит any version, but I am afraid, nobody will estimate my outpourings and me after similar there and then забанят However against the last I do not object and right now as personally I with you already have nothing to do more
You not only have not spoiled a holiday, but also to put it mildly roughly being expressed you not in a theme, because have shown that that you запостили is not Rustock. C, and only, by import, intermediate version A-B. And that the doctor it sees a web how many does not reproach merits of this antivirus and the collective, managed to unpack such powerful криптор, as that that on Rustock. C
All that hysterics that is observed now at forums of type virusinfo.info, wilderssecurity, rootkits pleases an eye.
It is compelled to afflict those who now nervously bites elbows (smiling thus on public) and tries to give out everything, that there is for PR a course of laboratory Dr. A web helplessly rending the air, throwing one idiotic applications behind others. Certainly the share of PR is present at clause, but it is healthy PR, and it is looked where more fairly than than Kaspersky's Laboratory so likes to stuff minds of the users. Without insults, simply ascertaining of the facts That that is visible in a broad gully online of the scanner anybody speaks that except for Др. The web really does not detect this руткит. Those two недопродукта which there have groped something сыпят фалзе positives on many that else besides. In additives any of them is not capable (and hardly can sometime in the long term) something to make with it руткитом. I shall repeat for those who in the tank - any antivirus except for DrWeb at present time is not capable to find and neutralize this руткит. Even the most paranoid products. Moreover I hasten to afflict fans of proactive protection and model хуканья is more rigid - дропер it руткита perfectly bypasses such products as OSS 2008, KIS 2009, DW, SSM 2.4, starts руткит and after that all possible struggle against it at these products comes to an end. More we did not test, because it was elementary влом to prevent unnecessary insinuations, I do not work on company Dr. A web.
It is necessary to expect only occurrence of messages about аффтарстве руткита Др. A web. To enter with you polemic to me it is uninteresting, no less than to explain or prove to you something. I hope, that now when all have seen, about what we spoke in 2006, the anti-virus companies will find a little time and instead of senseless PR and сотрясания air including here will add detecting and removal of it руткита which represents where greater threat, than that you so like to scan on your arranged tests
Here actually and a screenshot руткита Search for the Lord and add детект instead of employment пустозвонством and мерянья результами in the paid and underpaid foolish marketing tests.
Ring0 - the source of inspiration
Ur to computer viruses!
translated, OK it's a bit stilted.
Thanks for the translation BlueZanetti and trjam
The topic about this subject has been closed on the Kaspersky forum for some reason
If it can bypass CFP(latest) on installation phase I will eat little finger on my foot , I tested many Costrats against CFP and no one bypassed it...
Remember SQL 386? Drive by download? Infected webside? Leaky Browser?
Lowest Level Phase? Full kernel level unhook?
Its was discussed and was slowly getting out of hand and off topic. Also, KL knows about it and OP's questions were answered.
Closed as KAV can,t detect it, otherwise they might not close it. It,s hard for any one to publically accept the facts.
That is one problem of human nature.
I don't think that "Kaspy" really "knows" it, detection lacks... and if we ask EP_X0FF, PD and HIPS of it doesn't understand it very well.
edit: Im not so fast
If they accept they will not loose any thing. Rather they will earn a respect of professionalism. But ....
I have been following this thread for a bit and would like to simply state that we all may not agree with Dr. Spin, but that is their marketing department and if they feel they are justified great! I can say that I have access to a newer Rustock dropper and the detection is 9/31 @ VT(note this is meaningless). Dr.Spin is not one of the nine, so they have to rely on the actual infection detection(TM).
Ps. No I will not give it to you! It has been submitted to the Vendors list and the respective labs will have at it soon.
Urmmmm... We know according to VT, it was not detected by Kaspersky. the link to VT is in the thread which showed Kaspersky didn't detect it and no attempt has been made to hide or obscure it.
Kaspersky can accept the fact that it was not detected, or else the link would have been removed or hidden
I don,t expect them to be so much ...
So Kaspersky will detect dropper only?
As I mentioned there, even if it is true, it will be fixed as soon as I get a loader sample. So, if anyone has it's loader- please, PM me.
IMO, X detect the malware since dd.mm.yy while Y does not still detect it after xx.... brings us no where...
Its clear that X invested time and resources into it while Y not. The same may apply (reversed) for other malware threads.
I didn't say or imply in any way Kaspersky will detect it.
Read my post again.
I was just saying Kaspersky's forum is not attempting to hide the fact that at the time fatdcuk made the post, Kaspersky did not detect the sample which was uploaded to VT and that fact is not hidden and has not been obscured in any way in Kaspersky's forum (as some users thought this was the reason to why the thread was closed).
The thread at kaspersky labs has been closed because a user called fatdcuk has given the right anwer. The update will come soon. Why are you all getting against Kaspersky now that it doesn't detect a threat? Have you forgot the days when YOUR antivirus didn't find something? All antiviruses will detect a few threats faster than others. And what about Dr.Web? Haha, aren't you showing off too much? Because of a single detection? Haven't you though of what it misses before of what it finds?
Anyway, since the sample has been spread, even if Kaspersky doesn't find it for a while, other anti rootkits will do it. And don't forget that after getting the samples, they have to figure out the correct way to CLEAN the rootkit out of the system file, because deleting it will cause the system to screw itself up.
yep, it's not. they use Kaspie AV, you know.
Since when do you close a thread for the correct answer.