Turkojan 3 - part II

Discussion in 'malware problems & news' started by Wolfe, Apr 21, 2006.

Thread Status:
Not open for further replies.
  1. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
  2. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    I shouldn't be bothering to do this, but since the bashing is off in earnest here, the one thing that stands out about ALL of these is that in each case the reference to BOClean is 4.12, which has been gone for a LONG while. BOClean 4.20 was around for over a year until last month when everybody got moved to 4.21 for free.

    Curious INDEED how none of those refer to the old 4.20 or to 4.21 ... you guys are really reaching here. :(
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    No one is bashing. I do honestly believe that BOClean might well be as good as (signature-based and behavior based) antitrojans get nowadays. What I do NOT believe is that people should overreach with claims about the near-infallibility of it (or any other similar product) without a real-world first-hand test of sorts with real trojans (and lots of them). Hell, the product is not even open source, so how anybody who did not do an extensive testing on would be able to claim how good it is is beyond me.
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    I'm not bashing, it's just meant to be a bit of fun.

    When someone lays down the gauntlet:
    you've got to have a go. Must admit, it was much harder than I'd anticipated.
     
  5. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Do any commercial products fit this constraint of open source? In a word, no.

    I agree that given the novice user tricks that are not only possible, but seemingly probable in many cases, finding a HJT log with or without mention of BOClean, or any other product for that matter, says little either way. If the objective is to demonstrate efficacy, it's a particularly uninformative metric. I'm sure that each of us could drag up some perfectly irrelevant application and challenge the masses to find a HJT log with an associated entry shown. We might even locate a "winner" or two. So what?

    Due to its design, one cannot run a simple file scan challenge to assess BOClean's detection efficacy. So that flavor of test is out as well. We are left with largely anecdotal information. My own experience falls into this category. It's appropriate to some current discussion since it was an earlier variant of Vundo that was missed by KAV (definitions were current and I had updating set for every 3 hours) on my son's PC. Yep, one story, believe it or not. It doesn't mean BOClean is objectively superior to KAV as a global solution. I take it to mean that some level of backup can be beneficial for some people, my son included. It's a form of backup that tends to be rather friendly to most competing/similar products, that's one reason I use it, there are others.

    Blue
     
  6. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Case solved!

    I had a corrupt regkey (not BOClean) that was pointing to "outer space". Thank you Kevin. :)
     
  7. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    Like I said in email ... Damndest thing I've ever seen ... we've seen a number of really messed up things after that Microsoft update last week - and it was SUCH a disaster they're promising to do an unheard of "RE-fix" this coming Tuesday ... the "known issues" from their own blog is that the April "security bandaid" messed up NVidia drivers, HP stuff AND the registry. So I'm really hoping that on Tuesday they fix this. I have a personal blog where I mentioned this but since I'm wearing my "company hat" (it's blue for anyone who cares) I can't mention it here as the blog is not appreciated by my wigs.

    But I'm willing to bet that might have had something to do with this. :(

    Invalid count, invalid entries and explorer.exe really doesn't like "null pointers." The KEY to it all though was the address calls in what you sent me from the diagnostics - two byte addresses are not legitimately "program space" so that entry in the registry had some powerful rocket fuel. =)
     
  8. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Don Pelotas

    Glad to hear you got it sorted out, and it wasn't anything to do with BOClean after all !

    Here's a nice little Free tool which might help on occasions with bent etc Reg keys and Nulls.

    . . .

    http://www.sysinternals.com/Utilities/RegDelNull.html


    StevieO
     
    Last edited by a moderator: Apr 23, 2006
  9. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    BLESS ya! I wasn't aware of that ... before answering him in email, first thing I did as always upon discovering what was wrong, was to hit google for something that would solve that for him. Absent that, suggested a couple of tricks to clear that manually, none of which worked. :(

    I'll keep that in mind the next time I see a similar problem ... we've only seen regsirty entries get hosed like that about four times now - once about a year ago and three this past week since that MS-Bandaid (tm) ... Unca Don's particular situation though was one of them most off the wall hosejobs of a registry key I've ever seen. And I've been around since Windows 1.0! :)
     
  10. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Thanks StevieO

    That might be a handy tool.

    I have done a DVD reinstall, i'm starting to wonder if it's the verclsid update from MS that caused it?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.