anybody see this detection rate on Smart Defender

[laserjet]

for such a new product wow,

forums.anvisoft.com/viewtopic-9-236-0.html

[GT500]

From what I can see, all he did was scan a folder full of samples. That is not a legitimate test.

BTW: We've already discussed Anvisoft Smart Defender, and none of us were very impressed. Perhaps it is different now that it is out of beta. I'll pull up a VM and take a look, but since it is a VM then obviously the test will not be absolute proof of the software's capabilities, since some malware will simply delete itself in a VM rather than run and infect the system.

[BornSlippy]

From my reading of this test the results were woeful. 18 detections out of a possible 162 isn't very encouraging, even for a new product. Online scans are useful for checking if a file has malicious intent but worthless in preventing or removing infection. Why not do your own test?

http://virussign.com/downloads.html

Bear in mind that these samples contain a number of false positives and adware that MBAM would not consider worthy of inclusion.

I shouldn't have to remind you of the dangers of dealing with malware samples (even 'deactivated' ones such as these), so only do so if you know what you are doing

[GT500]

OK, here's a quick rundown of what I did:

I pulled 10 samples off of S!Ri's VX Vault, and saved them on the desktop of my Windows XP Pro SP3 VM:

I scanned them with Anvi Smart Defender's cloud scanner, and here is the result (I don't see a way to save a log):

I ran a Quick Scan with Anvi Smart Defender, and here is the log (let me stress that, aside from the samples sitting on the desktop, the installation of Windows on this VM was completely clean):

*****************************************
Anvi Smart Defender - Report
ASD Version:        1.0 RC2
Database Version:   1001-1119-01
*****************************************


Malware.Generic,C:\WINDOWS\system32\commdlg.dll,FILE,463667
Malware.Generic,C:\WINDOWS\system32\dllcache\commdlg.dll,FILE,463667



-----------------------------------------
Anvisoft Corporation. All rights reserved.
Home Page: http://www.anvisoft.com

I installed and updated MBAM, and ran a Quick Scan:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GT500-9D2052302 [administrator]

2/19/2012 12:27:57 PM
mbam-log-scan-001

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 155858
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Documents and Settings\Administrator\Desktop\1-2.exe (Trojan.Agent.XVatGen) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\1.exe (Trojan.Agent.XVatGen) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\24.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\setup-2.exe (Trojan.FakeVLC) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\XvidSetup.exe (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOLV8HU7\24[1].txt (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NYFU67IF\25[1].txt (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XS8N8T8G\26[1].txt (Spyware.Zbot.VF) -> No action taken.

(end)

I then proceeded to run each one of those. The nastier bits automatically deleted themselves (as is typical with running samples like this in a VM).

Here was the only alert generated by Anvi Smart Defender during the process of installing all of that junk:

Unfortunately, I don't have time to run the final scans, as I need to leave. I have paused my VM for now, and will continue once I return this evening.

[laserjet]

well i see you ran some testing thanks. It just seemed a bit to good to be true those number comparisons at that link but the topic is not the same topic related but not the same just bringing it to mbam's attention. thank you for your reply appreciate it

[Rats]

hi all at malwarebytes

I see you have questions about out detection

well a always up for a round of detection

so here you go

ran smart defender against all exe samples form virussign.com package February 19, 2012

and was able to put all samples that were left after right click scan in the cloud scanner a total of 353 mb

I would like to see any other cloud scanner do the same !!!!

If you have any thought's that this test was not honest or proper

then I invite you to repeat it

result here

ho I as so ran malwarebytes against the same samples

if you would like to see how you did which was pretty good

[Rats]

http://forums.anvisoft.com/viewtopic.php?f=29&t=310

since link in post dose not seem to work

[laserjet]

sorry i need to see more testing done by an outside independant source. looks impressive though

[BornSlippy]

Well, it detected something MBAM missed

[Rats]

Thank you Bornslippy. it also detects Version: 6.0.811 Date: Feb. 14, 2012 as well

files sent to staff

[BornSlippy]

Good, 'cause ScreenHunter is capable of capturing all sort of info on your pc, especially from the desktop

[GT500]

Final logs from my tests:

Anvi Smart Defender:

*****************************************
Anvi Smart Defender - Report
ASD Version:        1.0 RC2
Database Version:   1001-1120-02
*****************************************


Malware.Generic,C:\WINDOWS\system32\commdlg.dll,FILE,463667
Malware.Generic,C:\WINDOWS\system32\dllcache\commdlg.dll,FILE,463667



-----------------------------------------
Anvisoft Corporation. All rights reserved.
Home Page: http://www.anvisoft.com

MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GT500-9D2052302 [administrator]

2/20/2012 3:20:00 PM
mbam-log-scan-002.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 156876
Time elapsed: 5 minute(s), 

Memory Processes Detected: 2
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> 3544 -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> 3228 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5CBCEC47-1C60-AD41-B6B9-297EA7230A6C} (Spyware.Zbot.VF) -> Data: "C:\Documents and Settings\Administrator\Application Data\Idrio\pyab.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Idrio\pyab.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\babylonSK108714.exe (Adware.Dropper.SFX) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\setup-2.exe (Trojan.FakeVLC) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\XvidSetup.exe (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOLV8HU7\24[1].txt (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NYFU67IF\25[1].txt (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XS8N8T8G\26[1].txt (Spyware.Zbot.VF) -> No action taken.

(end)

I could also run ComboFix for good measure, but I have work to do, and not enough time for playing with malware samples. I will try to remember to do some more tests after I manage to build a new PC, and turn this old one into a dedicated test rig. That should be sometime early to mid March.

[DarkSnakeKobra]

I'll be testing this myself shortly as I'm very interested in how wel it performs. Post the results when done.

[wildman424]

Good, 'cause ScreenHunter is capable of capturing all sort of info on your pc, especially from the desktop

[laserjet]

BornSlippy and wildman424 Double LOL!!!!

[DarkSnakeKobra]

Okay here are my results.I ran the test in a Windows XP Pro SP3 vm(Windows XP Mode) and tested against the most recent MalwareDomain List listings to see how well they are keeping up. The listings were from that day(27th) and had some nasty ones like blackhole exploit kit. Malwarebytes' detected everything and blocked all the sites with the ip blocker to the point I had to shut it off as it was getting in the way. Anvi Smart Defender didn't do anything. The only thing it did was warn and block one registry change twice. The cloud feature didn't even warn or ask to upload the file requesting the changes.

Malwarebytes' protection log.

2012/02/28 14:20:57 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Starting protection
2012/02/28 14:21:02 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Protection started successfully
2012/02/28 14:21:06 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Starting IP protection
2012/02/28 14:21:07 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	IP Protection started successfully
2012/02/28 14:21:39 -0600	VIRTUALXP-53643	XPMUser	IP-BLOCK	46.166.152.163 (Type: outgoing)
2012/02/28 14:21:42 -0600	VIRTUALXP-53643	XPMUser	IP-BLOCK	46.166.152.163 (Type: outgoing)
2012/02/28 14:21:46 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Stopping IP protection
2012/02/28 14:21:46 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	IP Protection stopped
2012/02/28 14:26:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe	Trojan.FakeMS	ALLOW
2012/02/28 14:26:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe	Trojan.FakeMS	ALLOW
2012/02/28 14:26:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe	Trojan.FakeMS	ALLOW
2012/02/28 14:27:20 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Executing scheduled update:  Daily
2012/02/28 14:27:21 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Database already up-to-date
2012/02/28 14:34:36 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe	Backdoor.Bot	ALLOW
2012/02/28 14:34:36 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe	Backdoor.Bot	ALLOW
2012/02/28 14:34:37 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe	Backdoor.Bot	ALLOW
2012/02/28 14:34:38 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe	Backdoor.Bot	ALLOW
2012/02/28 14:38:05 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Local Settings\Temp\tmpab8b5ac1\file.exe	Trojan.Hosts	ALLOW
2012/02/28 14:38:08 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Local Settings\Temp\tmpab8b5ac1\file.exe	Trojan.Hosts	ALLOW
2012/02/28 14:40:37 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe	Spyware.Password	ALLOW
2012/02/28 14:40:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe	Spyware.Password	ALLOW
2012/02/28 14:40:43 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe	Spyware.Password	ALLOW
2012/02/28 14:41:16 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:18 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:18 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:18 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:19 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:19 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:19 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:23 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:23 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:23 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:30 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:30 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:41:31 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:48:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:48:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:48:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:48:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:48:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 14:48:20 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:05:41 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:05:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:05:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:05:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:05:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:05:42 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:14:00 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:14:00 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:18:56 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:18:56 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:20:56 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:20:56 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:21:44 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:21:44 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:21:44 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 15:21:44 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:05:04 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:05:04 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:05:34 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:05:34 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:05:34 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:05:34 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:21 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:45 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:45 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:52 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW
2012/02/28 16:06:52 -0600	VIRTUALXP-53643	XPMUser	DETECTION	C:\Documents and Settings\XPMUser\Application Data\dplayx.dll	Trojan.QHost.BG	ALLOW

Malwarebytes' scan log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.28.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XPMUser :: VIRTUALXP-53643 [administrator]

Protection: Enabled

2/28/2012 3:06:23 PM
mbam-log-2012-02-28 (16-04-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195511
Time elapsed: 53 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\XPMUser\Application Data\dplayx.dll (Trojan.QHost.BG) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{6E7C7E8C-0AD3-AD41-84E7-4AB396FC69A1} (Backdoor.Bot) -> Data: "C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe (Spyware.Password) -> No action taken.
C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe (Trojan.FakeMS) -> No action taken.
C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\QTMNSHIB\etTcMs[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\XPMUser\Application Data\dplayx.dll (Trojan.QHost.BG) -> No action taken.

(end)

Unfortunately I didn't quite figure out how to save logs right away(have to click the number by Threats Found for window that offers it) so I just took a screenshot rather then going back and rescanning.

They didn't perform well at all. The alerts were unclear and didn't contain enough info for the user to make a choice. They also need to provide a more direct option for log saving rather then have the user figure it out as they likely wouldn't have.

[GT500]

Buttons, was that a VM or a live test box?

[DarkSnakeKobra]

VM. Windows XP Mode is an installation package for Windows Virtual PC that installs Windows XP Professional SP3 for Windows 7 Professional/Business/Ultimate/Enterprise users. I did test it against the spycar test files so it has basic protection at the very least, but I felt like it was doing absolutely nothing.

[GT500]

VM.

Being a VM, some samples will delete themselves when you run them, so it wasn't a proper test (just like the one I conducted wasn't proper), however it still shows that the protection in Anvi Smart Defender is rather lacking...

Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.

[DarkSnakeKobra]

Being a VM, some samples will delete themselves when you run them, so it wasn't a proper test (just like the one I conducted wasn't proper), however it still shows that the protection in Anvi Smart Defender is rather lacking...

Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.

Yep. Mostly it was to show they appear to be armatures and lacking in experience or knowledge when it comes to malware. They certainly are making poor products that don't do anything at all other then waste space on a users hard drive. I recommend they go and receive some training first before releasing a product as they are just making themselves look bad with a wannabe program. Just my two cents.

[GT500]

They also need to learn about things such as MDL, VX Vault, etc.

[Rats]

Hi all

due to professional reasons I will be no longer supporting Anvisoft

or their products,

As me and Anvisoft have now parted ways

[GT500]

Thanks for letting us know Rats.

I never was able to do proper testing of Anvisoft's Smart Defender (I did build my new system, however I didn't have the money for hard drives, so the hard drives from the old system had to be recycled in the new system). I still hope to be able to do the test, along with MBAM and Emsisoft Anti-Malware (that last one is being tested more for fun than anything else), however it will have to wait until after taxes and possibly after I pay medical expenses.