|
Posted by =?Utf-8?B?UGFuZGFfbWFu?= on January 5, 2006, 3:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
as dangerous operation which tries to modify host files...
Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
positives/...
Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://free.hit.bg/fightmalware/homepage_en.htm
"David H. Lipman" wrote:
>
> | Visit the Windows Live Safety Center and use the Complete Scan option
> | to check for and remove malicious software that takes advantage of this
> | vulnerability.
> |
> | Windows Live Safety center
> | http://safety.live.com/site/en-US/default.htm
> |
>
> Carey:
>
> Please /* STOP */ suggesting that web site !
>
> It is a Beta and has the lowest catch rate in the AV industry.
>
> Yesterday I placed three WMF-Exploit file in a folder and scanned the PC.
They were
> detected but NOT deleted.
>
> I gave it a Zoo and it had a 22% catch rate. I have been continually testing
Windows Live
> Safety and the results are poor to bad. I have been providing feedback to
Randy Treit,
> Microsoft, and it was based upon my feedback that the lastest version now
allows you to scan
> a particular location and not just all hard disks. However you STILL can't
save or capture
> a log of was was performed or found. You can't even copy and paste from the
web site.
>
> Just for this post, I tested a Zoo of infectors. 74 EXE only files. I made
it *very*
> simple and none were installed into the OS, all are just sitting in a folder
and I scanned
> that folder. ALL of these EXE's have been submitted to Microsoft via the
submission email
> address prior to this test.
>
> In this test it found oly 43 of the 74 known to be infectors were found.thats
only 58% !
> If you are infected with the one of the infectors NOT recognized by the web
site you are
> screwed.
>
> I ten took that same zoo of EXE file and scanned with the Kaspersky module in
my Multi AV
> Scanning Tool and the Kaspersky web based scanner. The results were 89% of
the files were
> deleted ! 8 were left. of those eight that were left, Kaspersky had their
infections
> detected BUT the file was not removed for some reason such as...
>
> C:\CMDINST.EXE archive: Inno
> C:\CMDINST.EXE/data0001 packed: UPX
> C:\CMDINST.EXE/data0001 infected: not-a-virus:AdWare.Win32.CommAd.a
> C:\CMDINST.EXE/data0001 disinfection failed:
not-a-virus:AdWare.Win32.CommAd.a
> C:\CMDINST.EXE disinfection failed: not-a-virus:AdWare.Win32.CommAd.a
> C:\DH9013.EXE archive: NSIS
> C:\DH9013.EXE/data0002 infected: Trojan-Clicker.Win32.Small.jf
> C:\DH9013.EXE/data0002 disinfection failed: Trojan-Clicker.Win32.Small.jf
> C:\DH9013.EXE disinfection failed: Trojan-Clicker.Win32.Small.jf
> C:\MOMSON~1.EXE/bpkhk.dll infected: not-a-virus:Monitor.Win32.Perflogger.g
> C:\MOMSON~1.EXE/bpkhk.dll disinfection failed:
not-a-virus:Monitor.Win32.Perflogger.g
> C:\MOMSON~1.EXE disinfection failed: not-a-virus:Monitor.Win32.Perflogger.g
>
> Scanning the system using the McAfee and Sophos modules in my Multi AV
Scanning tool removed
> those remaining 8 files !
>
> I know that you are a MS MVP. That does not mean that you HAVE TO only
provide Microsoft
> based solutions. If someone has a problem, and it is security related, please
suppl the
> BEST solution and not just a Microsoft solution.
>
> If you are going to give out web sites of online anti virus scanners here is a
list of tried
> an true, well exstabled, anti virus vendors..
>
> Kaspersky:
> http://www.kaspersky.com/de/scanforvirus
>
> Trend:
> http://housecall.antivirus.com
> http://housecall.trendmicro.com
>
> Symantec:
> http://security.symantec.com/
>
> F-Secure:
> http://support.f-secure.com/enu/home/ols.shtml
>
> McAfee:
> http://www.mcafee.com/myapps/mfs/default.asp
>
> BitDefender:
> http://www.bitdefender.com/scan/license.php
>
> Freedom Online scanner:
> http://www.freedom.net/viruscenter/index.html
>
> Panda ActiveScan:
> http://http://www.activescan.com/
>
> Computer Associates:
> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
>
> You can choose to go to each menu item and just download the needed files or
you can
> download the files and perform a scan in Normal Mode. Once you have downloaded
the files
> needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to
run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus
| 
XML site map