Wuzzup from BugBopper: What do you think of it?

Exactly .

Thank you for the explanation .

 

What about malware that purposely mutates itself at regular intervals in order to evade detection?

 

Okay, fine. BUT "removal" is a grossly insufficient incentive as the singular or main reason for buying a non-free version of Wuzzup. Or any other security software, for that matter.

Reason? Now that disk imaging is readily available AND EASILY UNDERSTOOD by the masses, why worry about "removal" by conventional methods? Just hit "Restore" and POOF! -- all is forgiven. Eradicated. Never happened!

Sigs (whether cloud-based or not) & removal algorithms? Not worth paying for any more IMO.

My $$$ goes for more & better detection/protection via non-signature methods - Heuristics -- Behavior blocking -- Sandboxing - Emulation - Reputation analysis. Etc etc etc.

Removal as an incentive to buy? Bah, humbug!

 

This would be an interesting experiment. I think that BugBopper would find it. But I've not tried this. Do you have a sample we can play with?

 

No, unfortunately. Maybe this case isn't so important though, because even the original file should hopefully have been classified as malware.

 

Let's revisit the previous statement about file infectors. Consider the malware described at http://www.symantec.com/connect/blogs/tidserv-and-ms10-015:

A fairly recent example of infection of \windows\explorer.exe is discussed at http://forum.avast.com/index.php?topic=51859.0.

It seems that system file infectors are still around.

 

I didn't mean to say that there are no file viruses. But they were very rare back in the days of hype, when Michelangelo and Brain stalked the earth. And I think that file viruses remain rare, particularly in contrast to the boatloads of other stuff that is clogging the world.

You might be amused by prevalence "science" in our early days here.

 

Some nonetheless might find an option to recheck files previously scanned useful.

 

From https://www.wilderssecurity.com/showpost.php?p=1734368&postcount=2089:

 

Concerning

Right now, we detect 1,084 named variants of Trojan-Dropper.Win32.Drooptroop., and should detect many additional variants in the next 24 hours. But removal is another story. This is not a virus, but it is a clever Trojan that disables System Restore and injects %appdata%\Windows Server\etcsdb.dll into all running processes. We'll all need to band together on this one.

 

The thread has become a buddy board for 2 people. Other posts are largely ignored.

I hope you two have fun.

 

We both agree that prevention is very important, and if it works, we don't need to fret about removal. But the world is full of people with machines that are full of malware and that have never been backed up. For some of those folks, a cheap product that can safely remove their troubles would be worth buying, right?

 

My theory may be flawed. I've seen folks who claimed that their defenses were superduper, that they were using THEBESTPRODUCTINTHEWORLD, and then when they scanned with some other product... Such folks will either conclude that their original product is flawed, or that the new product has false alarmed. But this is an opportunity to convince them that the new product might be worth buying -- especially if they don't want to remove the malware with their bare hands.

But while we'll get some sales of BugBopper just because it can remove, I agree with you that a vendor wants to give more than they get. So we're working on features that will only be available through BugBopper. The first is a registry tool that will assist with disaster prevention and recovery. I'm open to more ideas.

 

I am nearly agreed. We almost have that now. BugBopper is ready to be the free scanner, with payment needed only when the user wants the extra features (right now, that consists of removal, but we're working on more.) Wuzzup could easily go away, now that we have a grip on BugBopper. A narrower focus would help us concentrate our energy.

 

Great! Once the final version of Bugbopper with free scanning is released I will download and try it

 

The registry tool sound interesting.

As for suggestions, take a look at Tiny Watcher. Good, fast integrity scanners, with good defaults (covering key registry items & system files), are excellent adjuncts to sig-based scanners & heuristics/emulaters.

 

Thanks for calling my attention to Tiny Watcher. It offers some useful functions that we might also bundle into a future version.

Do you have any recommended integrity scanner? Is it faster than BugBopper?

 

Good Evening ! MSR BugBopper Guy...just completed a scan with version 108 and at scans end received the following window...Program Error 2123-125 EF Create Error. Wuzzzz...Happennin ! Sincerely...Securon

 

TW is the best integrity scanner I have found for home users. Another one to look at is Sentinel. It used to be non-free but is now free.

Finally, there is ADINF. It isn't free but they offer a 90-day free trial. I have linked to their FAQ but that page has links to their home page & downloads etc. The FAQ is very instructive concerning integrity checkers used in conjunction with AV scanners. Their home page gives a link to a very lengthy Wilders thread by FanJ that is a superb tutorial for ADINF.

 

I think that this error occurred when BugBopper tried to update its ini file, and failed because you'd not run it as Administrator in Vista or Windows 7. There is no consequence, except that settings were not saved.

 

I clicked BugBopper's GUI's "News" tab hoping to read about NEW stuff in the security field plus updates as to when BB will be enhanced & what enhancements are in the works.

Instead I found old-hat stuff about malware plus blurbs that mainly amount to advertisements for BB. In fact that tab hasn't changed since I installed BB. Not very newsy IMO.

 

Sorry. Here's some news:

In the past week we've been shifting to a Kaspersky-like naming system, with that sort of precision in naming. Also in the past week: we've added 261,000 named detections, and created or revised 2,020,652 pages in our malware encyclopedia. Each day, we've harvested and analyzed about 40 Mb of new malware from Internet sites. The next release of BugBopper is about to ship, incorporating an all-files scanning option and context-sensitive help. With our detection rate, naming precision, and speed, the new BugBopper should be handy for reviewing malware collections.

 

What's the maximum file size for http://bugbopper.com/SubmitAFile.asp?

 

It is currently configured for a max of 800 Kb. If you think it should be larger, please let me know -- it is a simple change.

- David

 

800 KB or 800 MB? I just uploaded a 2 MB file, which is bigger than 800 KB.