VirusTotal, Malwarebytes
in [Spyware]
|
From: David H. Lipman on 11 Jun 2010 21:54 From: "Lil' Abner" <blvstk(a)dogpatch.com> | It came from a binary newsgroup Bingo! :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: siljaline on 11 Jun 2010 22:30 David H. Lipman wrote: > From: "siljaline" <spam(a)uce.gov> > > | Lil' Abner wrote: > | <snip> > > | Report the Torrent to the tracker if you pulled the Warez off a site. > > The name of the file is a Socal Enginerering construct I am familiar weith and I doubt it > came from a Warez site. That naming convention is typical of the type of files I find > quite often in the Usenet binaries and I'll bet that is where it came from. Noted. Usenet for binaries, oi ! Silj -- "Arguing with anonymous strangers on the Internet is a sucker's game because they almost always turn out to be -- or to be indistinguishable from -- self-righteous sixteen-year-olds possessing infinite amounts of free time." - Neil Stephenson, _Cryptonomicon_
From: David H. Lipman on 11 Jun 2010 22:49 From: "siljaline" <spam(a)uce.gov> | David H. Lipman wrote: >> From: "siljaline" <spam(a)uce.gov> >> | Lil' Abner wrote: >> | <snip> >> | Report the Torrent to the tracker if you pulled the Warez off a site. >> The name of the file is a Socal Enginerering construct I am familiar weith and I doubt >> it >> came from a Warez site. That naming convention is typical of the type of files I find >> quite often in the Usenet binaries and I'll bet that is where it came from. | Noted. | Usenet for binaries, oi ! oi ^2 = Oy Vey ! :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: CiderScratter on 12 Jun 2010 04:37 On Fri, 11 Jun 2010 18:22:02 -0500, "Lil' Abner" <blvstk(a)dogpatch.com> wrote: >I downloaded >41.Yr.Virgin.Who.Knocked.Up.Sarah.Marshall;Felt.Superbad.LKRG136943.exe, >knowing, of course That it would be infected with *something*. Microsoft >Security Essentials liked it OK so I sent it to VirusTotal where it scored >zilch (0/43). >So I installed it on a throwaway copy of XP and actually had to kill the >installation file with task manager. And that still left a random exe file >running and eating up about 85% of the processor. So I killed that one too >and then ran MalwareBytes on it. >It found: > Trojan.Backdoor.Gen (4) > Trojan.Agent.Gen (5) > Trojan.Agent (1) > Bifrose.Trace (1) >MalwareBytes cleaned it up fine with a reboot. >IMO that saya quite a bit for MBAM and very little for 43 antivirus >companies. >At least it wasn't one of those rogue security apps that I usually get when >I play this game... :-) You details are very sparse to say the least and seem to indicate a big flaw in your testing process. Maybe you just did not document it too well. So why did you only have to kill the installation on the throwaway copy of XP? What about the PC where you tested it with MSE? Did you try the install here or just scan the 'original exe? What about the unpacked one with MSE? Have you sent the unpacked exe file to virustotal? Did Malwarebytes find it in a scan before you run the exe. A test is only fair if the exact same procedures are followed for each application being tested and your notes do not indicate this.
From: Lil' Abner on 12 Jun 2010 14:29 CiderScratter <cider-scratter(a)hotmail.invalid> wrote in news:rdh6165samves2n6sms0qqvba5qojg4bs7(a)4ax.com: > On Fri, 11 Jun 2010 18:22:02 -0500, "Lil' Abner" <blvstk(a)dogpatch.com> > wrote: > >>I downloaded >>41.Yr.Virgin.Who.Knocked.Up.Sarah.Marshall;Felt.Superbad.LKRG136943.exe >>, knowing, of course That it would be infected with *something*. >>Microsoft Security Essentials liked it OK so I sent it to VirusTotal >>where it scored zilch (0/43). >>So I installed it on a throwaway copy of XP and actually had to kill >>the installation file with task manager. And that still left a random >>exe file running and eating up about 85% of the processor. So I killed >>that one too and then ran MalwareBytes on it. >>It found: >> Trojan.Backdoor.Gen (4) >> Trojan.Agent.Gen (5) >> Trojan.Agent (1) >> Bifrose.Trace (1) >>MalwareBytes cleaned it up fine with a reboot. >>IMO that saya quite a bit for MBAM and very little for 43 antivirus >>companies. >>At least it wasn't one of those rogue security apps that I usually get >>when I play this game... :-) > > You details are very sparse to say the least and seem to indicate a > big flaw in your testing process. Maybe you just did not document it > too well. > > So why did you only have to kill the installation on the throwaway > copy of XP? Because it wasn't doing anything and it wouldn't quit running. > What about the PC where you tested it with MSE? It was actually a rar file. I un-rared it on the original computer and checked the exe with MSE. > Did you try the install here or just scan the 'original exe? No and yes. > What about the unpacked one with MSE? See above. > Have you sent the unpacked exe file to virustotal? Yes. Found nothing. > Did Malwarebytes find it in a scan before you run the exe. Didn't try that, but I see your point. I've still got it. I'll try it right now. OK. http://mewnlite.com/sample.gif - I had to help it a bit by putting it in the windows\system32 folder since the original was in a download folder on another drive and MBAM wouldn't have found it there. Anyway, thanks for prompting me to run it. It found some other stuff while it was there! > A test is only fair if the exact same procedures are followed for each > application being tested and your notes do not indicate this. OK, I have the paid version of MBAM but I haven't been running it in real time since a long time ago it was blocking a lot of legitimate IP addresses. I've turned it back on (temporarily) and will go back and find another one of those Debbie.Does.Dallas.in.the.treehouse23456.rar files and see if it'll catch it! -- --- Everybody has a right to my opinion. ---
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Simple hack to get $500 to your home Next: Need website that will display MAC address |