Sign In
Create Account
1forums.anvisoft.com/viewtopic-9-236-0.html
#1
Posted 18 February 2012 - 07:36 PM
-
- Honorary Members
-
- 167 posts
Advanced Member
- Gender:Male
for such a new product wow,
Back to top
#2
Posted 19 February 2012 - 11:59 AM
-
- Trusted Advisors
-
- 6,016 posts
Mostly Cantankerous
- Gender:Male
- Location:Fortville, IN
From what I can see, all he did was scan a folder full of samples. That is not a legitimate test.
BTW: We've already discussed Anvisoft Smart Defender, and none of us were very impressed. Perhaps it is different now that it is out of beta. I'll pull up a VM and take a look, but since it is a VM then obviously the test will not be absolute proof of the software's capabilities, since some malware will simply delete itself in a VM rather than run and infect the system.
BTW: We've already discussed Anvisoft Smart Defender, and none of us were very impressed. Perhaps it is different now that it is out of beta. I'll pull up a VM and take a look, but since it is a VM then obviously the test will not be absolute proof of the software's capabilities, since some malware will simply delete itself in a VM rather than run and infect the system.
Quote
For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...
#3
Posted 19 February 2012 - 12:35 PM
-
- Malware Hunters
-
- 1,778 posts
Iconoclast
- Gender:Male
- Location:London & Lincoln
From my reading of this test the results were woeful. 18 detections out of a possible 162 isn't very encouraging, even for a new product. Online scans are useful for checking if a file has malicious intent but worthless in preventing or removing infection. Why not do your own test?
http://virussign.com/downloads.html
Bear in mind that these samples contain a number of false positives and adware that MBAM would not consider worthy of inclusion.
I shouldn't have to remind you of the dangers of dealing with malware samples (even 'deactivated' ones such as these), so only do so if you know what you are doing
http://virussign.com/downloads.html
Bear in mind that these samples contain a number of false positives and adware that MBAM would not consider worthy of inclusion.
I shouldn't have to remind you of the dangers of dealing with malware samples (even 'deactivated' ones such as these), so only do so if you know what you are doing
#4
Posted 19 February 2012 - 12:43 PM
-
- Trusted Advisors
-
- 6,016 posts
Mostly Cantankerous
- Gender:Male
- Location:Fortville, IN
OK, here's a quick rundown of what I did:
I pulled 10 samples off of S!Ri's VX Vault, and saved them on the desktop of my Windows XP Pro SP3 VM:
10_samples_for_anvisoft.png 1.34MB
1 downloads
I scanned them with Anvi Smart Defender's cloud scanner, and here is the result (I don't see a way to save a log):
cloud_scanner_results.png 45.85K
0 downloads
I ran a Quick Scan with Anvi Smart Defender, and here is the log (let me stress that, aside from the samples sitting on the desktop, the installation of Windows on this VM was completely clean):
I installed and updated MBAM, and ran a Quick Scan:
I then proceeded to run each one of those. The nastier bits automatically deleted themselves (as is typical with running samples like this in a VM).
Here was the only alert generated by Anvi Smart Defender during the process of installing all of that junk:
anvisoft_alert_001.png 31.98K
0 downloads
Unfortunately, I don't have time to run the final scans, as I need to leave. I have paused my VM for now, and will continue once I return this evening.
I pulled 10 samples off of S!Ri's VX Vault, and saved them on the desktop of my Windows XP Pro SP3 VM:
10_samples_for_anvisoft.png 1.34MB
1 downloadsI scanned them with Anvi Smart Defender's cloud scanner, and here is the result (I don't see a way to save a log):
cloud_scanner_results.png 45.85K
0 downloadsI ran a Quick Scan with Anvi Smart Defender, and here is the log (let me stress that, aside from the samples sitting on the desktop, the installation of Windows on this VM was completely clean):
***************************************** Anvi Smart Defender - Report ASD Version: 1.0 RC2 Database Version: 1001-1119-01 ***************************************** Malware.Generic,C:\WINDOWS\system32\commdlg.dll,FILE,463667 Malware.Generic,C:\WINDOWS\system32\dllcache\commdlg.dll,FILE,463667 ----------------------------------------- Anvisoft Corporation. All rights reserved. Home Page: http://www.anvisoft.com
I installed and updated MBAM, and ran a Quick Scan:
Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: GT500-9D2052302 [administrator] 2/19/2012 12:27:57 PM mbam-log-scan-001 Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 155858 Time elapsed: 2 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\Documents and Settings\Administrator\Desktop\1-2.exe (Trojan.Agent.XVatGen) -> No action taken. C:\Documents and Settings\Administrator\Desktop\1.exe (Trojan.Agent.XVatGen) -> No action taken. C:\Documents and Settings\Administrator\Desktop\24.exe (Spyware.Zbot.VF) -> No action taken. C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> No action taken. C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> No action taken. C:\Documents and Settings\Administrator\Desktop\setup-2.exe (Trojan.FakeVLC) -> No action taken. C:\Documents and Settings\Administrator\Desktop\XvidSetup.exe (Adware.Hotbar) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOLV8HU7\24[1].txt (Spyware.Zbot.VF) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NYFU67IF\25[1].txt (Trojan.Spam) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XS8N8T8G\26[1].txt (Spyware.Zbot.VF) -> No action taken. (end)
I then proceeded to run each one of those. The nastier bits automatically deleted themselves (as is typical with running samples like this in a VM).
Here was the only alert generated by Anvi Smart Defender during the process of installing all of that junk:
anvisoft_alert_001.png 31.98K
0 downloadsUnfortunately, I don't have time to run the final scans, as I need to leave. I have paused my VM for now, and will continue once I return this evening.
Quote
For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...
#5
Posted 19 February 2012 - 12:52 PM
-
- Honorary Members
-
- 167 posts
Advanced Member
- Gender:Male
well i see you ran some testing thanks. It just seemed a bit to good to be true those number comparisons at that link but the topic is not the same topic related but not the same just bringing it to mbam's attention. thank you for your reply appreciate it
#6
Posted 19 February 2012 - 10:10 PM
-
- Members
-
- 8 posts
New Member
hi all at malwarebytes
I see you have questions about out detection
well a always up for a round of detection
so here you go
ran smart defender against all exe samples form virussign.com package February 19, 2012
and was able to put all samples that were left after right click scan in the cloud scanner a total of 353 mb
I would like to see any other cloud scanner do the same !!!!
If you have any thought's that this test was not honest or proper
then I invite you to repeat it
result here
ho I as so ran malwarebytes against the same samples
if you would like to see how you did which was pretty good
I see you have questions about out detection
well a always up for a round of detection
so here you go
ran smart defender against all exe samples form virussign.com package February 19, 2012
and was able to put all samples that were left after right click scan in the cloud scanner a total of 353 mb
I would like to see any other cloud scanner do the same !!!!
If you have any thought's that this test was not honest or proper
then I invite you to repeat it
result here
ho I as so ran malwarebytes against the same samples
if you would like to see how you did which was pretty good
#8
Posted 19 February 2012 - 10:49 PM
-
- Honorary Members
-
- 167 posts
Advanced Member
- Gender:Male
sorry i need to see more testing done by an outside independant source. looks impressive though
#9
Posted 20 February 2012 - 09:06 AM
-
- Malware Hunters
-
- 1,778 posts
Iconoclast
- Gender:Male
- Location:London & Lincoln
#10
Posted 20 February 2012 - 11:28 AM
-
- Members
-
- 8 posts
New Member
Thank you Bornslippy. it also detects Version: 6.0.811 Date: Feb. 14, 2012 as well
files sent to staff
files sent to staff
#11
Posted 20 February 2012 - 11:49 AM
-
- Malware Hunters
-
- 1,778 posts
Iconoclast
- Gender:Male
- Location:London & Lincoln
Good, 'cause ScreenHunter is capable of capturing all sort of info on your pc, especially from the desktop 
#12
Posted 20 February 2012 - 03:31 PM
-
- Trusted Advisors
-
- 6,016 posts
Mostly Cantankerous
- Gender:Male
- Location:Fortville, IN
Final logs from my tests:
Anvi Smart Defender:
MBAM:
I could also run ComboFix for good measure, but I have work to do, and not enough time for playing with malware samples. I will try to remember to do some more tests after I manage to build a new PC, and turn this old one into a dedicated test rig. That should be sometime early to mid March.
Anvi Smart Defender:
***************************************** Anvi Smart Defender - Report ASD Version: 1.0 RC2 Database Version: 1001-1120-02 ***************************************** Malware.Generic,C:\WINDOWS\system32\commdlg.dll,FILE,463667 Malware.Generic,C:\WINDOWS\system32\dllcache\commdlg.dll,FILE,463667 ----------------------------------------- Anvisoft Corporation. All rights reserved. Home Page: http://www.anvisoft.com
MBAM:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.20.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GT500-9D2052302 [administrator]
2/20/2012 3:20:00 PM
mbam-log-scan-002.txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 156876
Time elapsed: 5 minute(s),
Memory Processes Detected: 2
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> 3544 -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> 3228 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5CBCEC47-1C60-AD41-B6B9-297EA7230A6C} (Spyware.Zbot.VF) -> Data: "C:\Documents and Settings\Administrator\Application Data\Idrio\pyab.exe" -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Idrio\pyab.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\babylonSK108714.exe (Adware.Dropper.SFX) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\setup-2.exe (Trojan.FakeVLC) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\XvidSetup.exe (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOLV8HU7\24[1].txt (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NYFU67IF\25[1].txt (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XS8N8T8G\26[1].txt (Spyware.Zbot.VF) -> No action taken.
(end)
I could also run ComboFix for good measure, but I have work to do, and not enough time for playing with malware samples. I will try to remember to do some more tests after I manage to build a new PC, and turn this old one into a dedicated test rig. That should be sometime early to mid March.
Quote
For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...
#13
Posted 20 February 2012 - 03:42 PM
-
- Honorary Members
-
- 5,128 posts
Love thyself and thy penguin
- Gender:Male
- Location:USA
- Interests:Security, scripting, Linux, fishing, camping
I'll be testing this myself shortly as I'm very interested in how wel it performs. Post the results when done. 
Post the results when done.
Computer Specs given when asked.
Bleeping Computer Malware Study Hall Junior
#14
Posted 20 February 2012 - 07:30 PM
-
- Malware Hunters
-
- 1,648 posts
Forum Deity
- Gender:Male
- Location:USA
BornSlippy, on 20 February 2012 - 11:49 AM, said:
Good, 'cause ScreenHunter is capable of capturing all sort of info on your pc, especially from the desktop
Wildman424
malware fighter
malware fighter
#16
Posted 29 February 2012 - 08:41 PM
-
- Honorary Members
-
- 5,128 posts
Love thyself and thy penguin
- Gender:Male
- Location:USA
- Interests:Security, scripting, Linux, fishing, camping
Okay here are my results.I ran the test in a Windows XP Pro SP3 vm(Windows XP Mode) and tested against the most recent MalwareDomain List listings to see how well they are keeping up. The listings were from that day(27th) and had some nasty ones like blackhole exploit kit. Malwarebytes' detected everything and blocked all the sites with the ip blocker to the point I had to shut it off as it was getting in the way. Anvi Smart Defender didn't do anything. The only thing it did was warn and block one registry change twice. The cloud feature didn't even warn or ask to upload the file requesting the changes.
Malwarebytes' protection log.
Malwarebytes' scan log
Unfortunately I didn't quite figure out how to save logs right away(have to click the number by Threats Found for window that offers it) so I just took a screenshot rather then going back and rescanning.
They didn't perform well at all. The alerts were unclear and didn't contain enough info for the user to make a choice. They also need to provide a more direct option for log saving rather then have the user figure it out as they likely wouldn't have.
Malwarebytes' protection log.
2012/02/28 14:20:57 -0600 VIRTUALXP-53643 XPMUser MESSAGE Starting protection 2012/02/28 14:21:02 -0600 VIRTUALXP-53643 XPMUser MESSAGE Protection started successfully 2012/02/28 14:21:06 -0600 VIRTUALXP-53643 XPMUser MESSAGE Starting IP protection 2012/02/28 14:21:07 -0600 VIRTUALXP-53643 XPMUser MESSAGE IP Protection started successfully 2012/02/28 14:21:39 -0600 VIRTUALXP-53643 XPMUser IP-BLOCK 46.166.152.163 (Type: outgoing) 2012/02/28 14:21:42 -0600 VIRTUALXP-53643 XPMUser IP-BLOCK 46.166.152.163 (Type: outgoing) 2012/02/28 14:21:46 -0600 VIRTUALXP-53643 XPMUser MESSAGE Stopping IP protection 2012/02/28 14:21:46 -0600 VIRTUALXP-53643 XPMUser MESSAGE IP Protection stopped 2012/02/28 14:26:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe Trojan.FakeMS ALLOW 2012/02/28 14:26:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe Trojan.FakeMS ALLOW 2012/02/28 14:26:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe Trojan.FakeMS ALLOW 2012/02/28 14:27:20 -0600 VIRTUALXP-53643 XPMUser MESSAGE Executing scheduled update: Daily 2012/02/28 14:27:21 -0600 VIRTUALXP-53643 XPMUser MESSAGE Database already up-to-date 2012/02/28 14:34:36 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe Backdoor.Bot ALLOW 2012/02/28 14:34:36 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe Backdoor.Bot ALLOW 2012/02/28 14:34:37 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe Backdoor.Bot ALLOW 2012/02/28 14:34:38 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe Backdoor.Bot ALLOW 2012/02/28 14:38:05 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temp\tmpab8b5ac1\file.exe Trojan.Hosts ALLOW 2012/02/28 14:38:08 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temp\tmpab8b5ac1\file.exe Trojan.Hosts ALLOW 2012/02/28 14:40:37 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe Spyware.Password ALLOW 2012/02/28 14:40:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe Spyware.Password ALLOW 2012/02/28 14:40:43 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe Spyware.Password ALLOW 2012/02/28 14:41:16 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:18 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:18 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:18 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:19 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:19 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:19 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:23 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:23 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:23 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:30 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:30 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:41:31 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:05:41 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:14:00 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:14:00 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:18:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:18:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:20:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:20:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:05:04 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:05:04 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:45 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:45 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:52 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW 2012/02/28 16:06:52 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
Malwarebytes' scan log
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.28.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XPMUser :: VIRTUALXP-53643 [administrator]
Protection: Enabled
2/28/2012 3:06:23 PM
mbam-log-2012-02-28 (16-04-55).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195511
Time elapsed: 53 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Documents and Settings\XPMUser\Application Data\dplayx.dll (Trojan.QHost.BG) -> No action taken.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{6E7C7E8C-0AD3-AD41-84E7-4AB396FC69A1} (Backdoor.Bot) -> Data: "C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe" -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe (Spyware.Password) -> No action taken.
C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe (Trojan.FakeMS) -> No action taken.
C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\QTMNSHIB\etTcMs[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\XPMUser\Application Data\dplayx.dll (Trojan.QHost.BG) -> No action taken.
(end)
Unfortunately I didn't quite figure out how to save logs right away(have to click the number by Threats Found for window that offers it) so I just took a screenshot rather then going back and rescanning.
They didn't perform well at all. The alerts were unclear and didn't contain enough info for the user to make a choice. They also need to provide a more direct option for log saving rather then have the user figure it out as they likely wouldn't have.
Attached Files
-
anvisd.jpg 50.72K
0 downloads
Computer Specs given when asked.
Bleeping Computer Malware Study Hall Junior
#17
Posted 01 March 2012 - 12:53 AM
-
- Trusted Advisors
-
- 6,016 posts
Mostly Cantankerous
- Gender:Male
- Location:Fortville, IN
Buttons, was that a VM or a live test box?
Quote
For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...
#18
Posted 01 March 2012 - 10:35 AM
-
- Honorary Members
-
- 5,128 posts
Love thyself and thy penguin
- Gender:Male
- Location:USA
- Interests:Security, scripting, Linux, fishing, camping
VM. Windows XP Mode is an installation package for Windows Virtual PC that installs Windows XP Professional SP3 for Windows 7 Professional/Business/Ultimate/Enterprise users. I did test it against the spycar test files so it has basic protection at the very least, but I felt like it was doing absolutely nothing.
Windows XP Mode is an installation package for Windows Virtual PC that installs Windows XP Professional SP3 for Windows 7 Professional/Business/Ultimate/Enterprise users. I did test it against the spycar test files so it has basic protection at the very least, but I felt like it was doing absolutely nothing.
Computer Specs given when asked.
Bleeping Computer Malware Study Hall Junior
#19
Posted 01 March 2012 - 05:51 PM
-
- Trusted Advisors
-
- 6,016 posts
Mostly Cantankerous
- Gender:Male
- Location:Fortville, IN
Buttons said:
VM.
Being a VM, some samples will delete themselves when you run them, so it wasn't a proper test (just like the one I conducted wasn't proper), however it still shows that the protection in Anvi Smart Defender is rather lacking...
Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.
Quote
For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...
#20
Posted 01 March 2012 - 07:52 PM
-
- Honorary Members
-
- 5,128 posts
Love thyself and thy penguin
- Gender:Male
- Location:USA
- Interests:Security, scripting, Linux, fishing, camping
GT500, on 01 March 2012 - 05:51 PM, said:
Being a VM, some samples will delete themselves when you run them, so it wasn't a proper test (just like the one I conducted wasn't proper), however it still shows that the protection in Anvi Smart Defender is rather lacking...
Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.
Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.
Yep. Mostly it was to show they appear to be armatures and lacking in experience or knowledge when it comes to malware. They certainly are making poor products that don't do anything at all other then waste space on a users hard drive. I recommend they go and receive some training first before releasing a product as they are just making themselves look bad with a wannabe program. Just my two cents.
Computer Specs given when asked.
Bleeping Computer Malware Study Hall Junior
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
