SAS not detcting Sub7??

Discussion in 'other anti-malware software' started by ChrisP, May 30, 2008.

Thread Status:
Not open for further replies.
  1. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    if one was to do some searching on sub7 they would see that AV was and still is whats recommended to stop it not AM people have just jump the gun and laying blaming on apps that are not evan recommended to stop it. {a idiot I maybe but I'm a informed idiot};) :argh:
     
  2. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Agreed, well done Kaspersky, F-Secure etc...
     
  3. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    Absolutely. I meant all those guys out there working to fight the bad guys. They all bring something to the arena, and each individual contributes something unique.
     
  4. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    A couple of OT and generally useless posts removed. Let's keep it civil folks.

    Blue
     
  5. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    ok 1st you say it's AM place to stop it and not AV than you attack people with pm's:cautious: and on the board when they tell you it's always been detected with AV/FW and than give Hi5 to AV for detecting ito_O when they alway have. Sub7 is a (back door trojan) a 2 part trojan at that. the victim has to d/l something first hints why AV stops it than the controller [remote user] can do there thing hints why a FW can stop it. and to why AM do not include it is because it's old for 1 and AV have always detected it and a FW will stop it. there is nothing to be lost about the information is there on the net!! just look for it.
     
  6. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Again, you have lost me - explain to me, why SAS, a dedicated AM / AT scanner fails to find this? Forget everything else, explain why it does not detect it when all AVs do.
     
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    560
    Location:
    Cummington MA USA
    http://www.castlecops.com/p1094317-pLEASE_HELP_ME.html

    You can see MBAM here finding and correcting both the current clock hijack and ID hijack .

    AV and FW have 0 ability to handle this sort of damage , that is why antimalware is needed .

    If any other scanner has a fully automated fix for this I would love to hear about it .
     
  8. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,788
    Do you use an AV?
     
  9. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    lol there is nothing to explain AV are what detects it they have the sig in there data bank and evidently it has some virus property's do to it being used mostly by script kitty's and i'm not saying no AM/AT scanners do not detect it just some do not included it in there data bank but that's not saying they do include all the variants of it. Sub7 is old i would rather be protected from the new malware that AV do not detect than be protected from old trojans that AV do detect.and if my FW can stop the remote part of Sub7 i have nothing to worry about.
     
    Last edited: May 30, 2008
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,402
    Location:
    U.S.A. (South)

    Hi ChrisP

    As a former specialist in helping global users in a security forum for a number of years track down innumerous types of from the easy to most notorious malware ever conceived, i truly sympathize with your utter frustration.

    I would like to offer you an alternative you may or may not be interested in but i can guarantee that it would go a long way in helping you stave off anything that either AS's miss or AV's, and thats a good quality dependable HIPS.

    The only drawback is they require some personal attention to fine tune and set to monitor areas of potential intrusions, the good part is they STOP! ANYTHING DEAD IN THEIR TRACKS by aborting their intentions UNTILL YOU FIRST have had a chance to conduct a Google Search on what that file is whether it be offending, possibly dirupting, or safe enough to allow you to let it then proceed as normal or not.

    Another alternative is Faronic's Anti-Executable that stops executables in their tracks too. I use both as a security net along with Returnil but i am on the same page as you, i want and expect a combination to intercept and dismiss anything that can prove disrupting to your good machine.

    EASTER
     
  11. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    The problem is that anti-malware developers deliberately don't add old malware samples to there database because they don't feel these old malwares are a security risk to the mainstream user.

    So one might say that the longer an anti-malware vendor is on the market, the more definitions they have = the safer you will be from getting infected.
     
  12. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    560
    Location:
    Cummington MA USA
    Malware does not have a time machine so once where it comes from dies or has changed enough that old definitions cant detect it any more those defs do nothing to protect you .

    Why would detecting something that does not exist protect you ?
     
  13. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Although I agree with you to some degree, I'm also having a hard to figure out who must have the final decision in determining if a certain piece of malware is obsolete or not.

    Also you mentioned adding definitions based on the day to day surfing habits of current internet users.... but not all users browse and use the internet in the same way. And just because certain malware may be old, that doesn't mean there is a 100% change that it will not cause any problems for current internet users.

    But I do understand your statement that the smaller anti-malware companies have limited manpower, and that this manpower is better used to add protection for currently spreading malware.
     
  14. HuHitsU

    HuHitsU Registered Member

    Joined:
    May 28, 2008
    Posts:
    5
    I'm chiming in awfully late... But from my (brief) reading of this thread this is what I'm gathering (from the vendor's viewpoint)...

    1) Old/Obsolete/Non-Widespread malware does not affect a majority of users.
    2) New/Widespread malware does (or has the potential to) affect a majority of users.
    3) Therefore, the focus will be in what can/will affect the majority of users.

    It would seem to me that the vendor is not looking so much at completeness as much as it is looking for relevance to *today's* threats. And yes, yesterday's threats can become today's threats... But when/if that happens I'm sure it'll be taken care of.
     
  15. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    560
    Location:
    Cummington MA USA
    If it has the ability to infect a computer today then it is current .

    If there is nothing you can do to catch it other than download an old malware archive intentionally then its old .



    You are not understanding my definition of old , it has nothing to do with when the malware came into existence . Old only refers to when the malware STOPPED existing as in no matter what you download , where you surf and what you share you wont come into contact with it .
     
  16. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    560
    Location:
    Cummington MA USA
    Correct .

    There is a LOT of research involved with this and if something long dead were to come back to life it would be current .


    We maintain a dead list that is checked a few times a week , just in case .
     
  17. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Oke, if you look at it that way, then I guess you have a point.

    The moment old malware becomes current again, you add it to the database.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.