who uses BOClean? effective program?

Hi controler,

I believe you missed the "as" after avg in farmerlee's post. I suppose that running BOTH BOclean AND AVG "Anti-Spyware" resident is open for debate....

as for this, though, you make a good point

 

Controller - you are correct.
From personal correspondence with the BoClean folks:
"Your antivirus gets the things we don't, and we get the things your AV doesn't. Spambots are one recently widely seen example. They tend to get past the AV, and BOClean nails them. For optimal protection you need both. BOClean is designed to work with an AV, not against it."

 

dholiday,

you need to RE-READ farmerlee's quote!

He is NOT referring to AVG "ANTI-VIRUS"....he's referring to the ANTI-SPYWARE!

I'm sure that controler will own up to this slight oversite and mistake as soon as he reads it.....but dholiday, you just tried to reinforce controler's mistake here....

 

I actually bypassed BoClean a year ago in favour of Ewido when looking for a real time monitor of malware, because I didn't really understand the differences and BoClean can come across as complicated to the not-so-great computer user (comme moi ). Following the takeover of Ewido by AVG, I felt obliged to look at BoClean again, in particular reading up on some of the excellent explanatory posts made by the McAleaveys in forums. Now I'm a confirmed BoClean user (and dumped Ewido) and wonder why I overlooked it in the first place; and the Support is top notch.

 

Didn't read "avg as" as referring to AVG-AS.

 

I never noticed that either since some post English the best they can when their first language is something else. I guess when referring to a product we need to capitalize the abbreviation LOL
I thought the poster meant AVG Antivirus also.


controler

 

Bo Clean should drop their price to $19.99. I would bet to wager they would see a huge jump in sales at a time when other products are starting to add features and/or protection that Bo Clean offers.

 

The price has dropped considerably from the 4.11 days when I first discovered\bought it. I still have the receipt somewhere. Believe I paid $49.00 U.S.D. Must add though that they have been more then fair with their upgrade policy as they have provided the newest versions without hesitation when provided with the original purchase order number.

 

That would be an extremely stupid move on their part, mostly because the anti-trojan market is very small...and most vendors will not be there in 2 years & thrieving............they should instead introduce a yearly fee to survive, i know not what we want to hear, but do we want to keep an effective program or just a cheap, but not very efficient AT, all AT's are being beaten on response times etc by the bigger AV's, it's not like 2-3 years ago when some AV's arrogantly stated "X AV is not an anti-trojan" when asked why they didn't cover a particular trojan, so to keep their customers they need analysts/programmers to keep a high detectionrate and they are not cheap at all.

 

Bingo, I would gladly pay a yearly fee to keep BoClean a top notch AT.

 

As always Don, you are correct. I didnt think about it that way. But it is true. Thank you my friend.

 

Absolutely WRONG, please do not speculate, do you have test results ? brand new malware tested constantly against every AV and AT's - the topic one BOClean as well as TH, to see when it got detected ?

We fill a gap, personally I LOOK for a) new stuff and b) undetected stuff. I WILL grant you that there are BIG malware items which we do leave to the AV's.

I beat them daily not just one AV and not just one trojan. I cannot waste valuable analysis time trying to post proof of scan results etc, when I feel I do not have to prove it. Anyone with the time is free to gather brand new samples and test them daily against every scanner for up to 30 days.

An example would be the very useful MIRT list from CastleCops, sometimes within minutes of coming in we have detection added for LiveUpdate. Lots of ordinary users also send in files. Often at least the day it comes in.. still undetected to many AV ?

NO program detects everything. A good amount of the TH database is undetected by many top AV programs. On a side note, I recommend NOD32, KAV, and have a newfound respect for BitDefender

 

Please see the attached image for a 'new' submission.

I first received a couple of these about 6 months ago. 6 months of non detection for at least KAV seen in the image, 6 months protection for TH users from a little key stealer

VB dropper. It drops a legit program, plus the 2nd EXE.

Seen here are many things.

In hex, top right, see the VB dropper clearly being a dropper.. no detection on this or similar files sent to many AV that long ago, it may have simply been overlooked ! highlighted are some OLD AV / AS programs.. shows how much this attacker has to bother updating his KILL list.. all he has done is recompiled this VB file to be different. Less than a minute work and more infections..

KAV incidentally detected EXE-File attached to the dropper, scanned it, said PE-PATCH.UPX, yet didn't alarm a bit !

Here's the bodged UPX file, both in an editor at the OEP, and up pops THGuard detecting it once unpacked - it was that long ago I added this detection it isn't funny ! Think its maybe a FP ? look at the other hex viewer..

 

Note also the dropped MSI filename and hence this droppers EXE is clearly in view for all to see. Helpers will recognise this filename as something they have had to submit.

 

Hi Gavin,
Good to see you back, what's happened with DCS and Processgaurd, no one from there will talk to us, can you throw any light on the situation.

 

Sorry I do not know, I do not work for DiamondCS. I'm sure something will shed some light for you sooner or later I hope this screenshot is a little enlightenment

Another point to remember is that anti detection work goes towards AV moreso, especially with the professional attackers. They know what the popular AV's are. A file I once analysed included "kisses to McAfee" and "kisses to TrojanHunter" in plaintext.. but this was some time ago. I'd guess the most checked for detection by attackers (and then modified) are AVG and Norton, but that would take a massive study in itself to determine..

 

No I know you don't work there now, but you did and I see your still in Perth so I thought you might have heard something on the grapevine

 

1) the VB dropper.. granted that it will have changed a lot in some ways, its still the same dropper. Badly detected overall my scan didn't finish but hey:

Service is stopped in this moments. Scanning of your sample has not been finalized and results has been lost. If you wish to scan it, please send it again.

Antivirus Version Update Result
AntiVir 7.3.1.34 02.02.2007 TR/Agent.YC.1
Authentium 4.93.8 02.01.2007 no virus found
Avast 4.7.936.0 02.01.2007 no virus found
AVG 386 02.01.2007 no virus found
BitDefender 7.2 02.02.2007 no virus found
CAT-QuickHeal 9.00 02.01.2007 no virus found
ClamAV devel-20060426 02.02.2007 no virus found
DrWeb 4.33 02.02.2007 Trojan.FWB
eSafe 7.0.14.0 02.01.2007 no virus found
eTrust-InoculateIT 30.4.3364 02.02.2007 no virus found
eTrust-Vet 30.4.3364 02.02.2007 no virus found
Ewido 4.0 02.01.2007 no virus found
Fortinet 2.85.0.0 02.02.2007 no virus found
F-Prot 4.2.1.29 02.01.2007 no virus found
Ikarus T3.1.0.31 02.02.2007 no virus found
Kaspersky 4.0.2.24 02.02.2007 no virus found
McAfee 4954 02.01.2007 no virus found
Microsoft 1.2101 02.02.2007 no virus found
NOD32v2 2029 02.02.2007 no virus found
Norman 5.80.02 02.02.2007 no virus found
Panda 9.0.0.4 02.02.2007 no virus found

 

2) the actual problem, the dropped trojan ! better detection, but months later and no detection by many. Not a zoo sample this is well and truly in use out there.

Complete scanning result of "drop2.exe", received in VirusTotal at 02.02.2007, 10:36:01 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.34 02.02.2007 TR/Agent.YC.1
Authentium 4.93.8 02.01.2007 no virus found
Avast 4.7.936.0 02.01.2007 Win32:Trojan-gen. {Other}
AVG 386 02.01.2007 no virus found
BitDefender 7.2 02.02.2007 Trojan.Agent.YC
CAT-QuickHeal 9.00 02.01.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.02.2007 no virus found
DrWeb 4.33 02.02.2007 Trojan.FWB
eSafe 7.0.14.0 02.01.2007 suspicious Trojan/Worm
eTrust-InoculateIT 30.4.3364 02.02.2007 no virus found
eTrust-Vet 30.4.3364 02.02.2007 no virus found
Ewido 4.0 02.01.2007 no virus found
Fortinet 2.85.0.0 02.02.2007 suspicious
F-Prot 4.2.1.29 02.01.2007 no virus found
Ikarus T3.1.0.31 02.02.2007 no virus found
Kaspersky 4.0.2.24 02.02.2007 no virus found
McAfee 4954 02.01.2007 no virus found
Microsoft 1.2101 02.02.2007 no virus found
NOD32v2 2029 02.02.2007 no virus found
Norman 5.80.02 02.02.2007 W32/Malware.IAF
Panda 9.0.0.4 02.02.2007 Suspicious file
Prevx1 V2 02.02.2007 no virus found
Sophos 4.13.0 01.31.2007 no virus found
Sunbelt 2.2.907.0 02.01.2007 no virus found
Symantec 10 02.02.2007 Trojan Horse
TheHacker 6.0.3.162 02.02.2007 no virus found
UNA 1.83 02.01.2007 no virus found
VBA32 3.11.2 02.01.2007 no virus found
VirusBuster 4.3.19:9 02.01.2007 no virus found

Aditional Information
File size: 25454 bytes
MD5: 6ad87eedbd0d7c562678dfcd380435dc
SHA1: 3d44967fc2256778010bca164736be97183797f6
packers: UPX
packers: UPX
packers: UPX


yes.. sorry I cannot help

 

Another happy Boclean user here. Run it with Kav 5.0 antivirus. They play well together. I think I've been using Boclean for 3 years, possibly 4.

Is it effective? Definately. Kills trojans as easily as "Matt Dillon" Kills cowboys on gunsmoke show.

 

Why TH is not included on Virustotal so we can compare?

 

I am not sure if they allow a Windows version - Jotti does not and needs a *nix scanner port hence being better used for improving TH

 

As I know VirusTotal is on Windows platform.

 

I wouldn't touch BoClean with a ten-foot pole.





Not.

Only Joking of course. Bo Clean loyals are many and i have read nothing but sparkling reviews on it for years now and am amazed at it's longetivity. Guess that speaks volumes for it's publisher eh?

I sometimes wish that i also could reap some of that joy many others of you experience with it but since i selected other apps to cover those duties back then i tend to stick with what i'm used to.

BoClean does have a very long-lasting following and satified customers from all the reports that i've reviewed then and even now.