New Posts  All Forums:Forum Nav:

Antivirus testing - Page 2

post #11 of 57
Quote:
Originally Posted by {core2duo}werd View Post
I'm letting it fester over the weekend. I'll see if i can find a safe way to send them. they could still infect from a zip, but maybe if it had a password or if it were in a passworded rar...
As far as the rogue AVs are concerned (Security Tool, etc...) if you zip just the executable (C:\\Users\\<user>\\AppData\\Local (or locallow depending)) then it won't actually do anything to the system until it's pulled out of the zip and run by itself. The .exe will then create everything it needs on the host system to be self-sustained without user interaction - but again, if you zip just the executable then it is unable to do anything autonomously.
    
CPUMotherboardGraphicsRAM
Core i7 970 @ 4.0 GHz 1.22 Vcore Asus Rampage II Gene GTX 260 216SP G.SKILL PI 3x2gb DDR3 1600 @ 7-8-7-24 
Hard DriveOSMonitorPower
2x 500gb Seagates RAID 0, 1x 500gb non-RAID Windows 7 Professional x64 ASUS 24'' VH242H / Spectre 24'' WS Corsair 750TX 
Case
Corsair 300R 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 970 @ 4.0 GHz 1.22 Vcore Asus Rampage II Gene GTX 260 216SP G.SKILL PI 3x2gb DDR3 1600 @ 7-8-7-24 
Hard DriveOSMonitorPower
2x 500gb Seagates RAID 0, 1x 500gb non-RAID Windows 7 Professional x64 ASUS 24'' VH242H / Spectre 24'' WS Corsair 750TX 
Case
Corsair 300R 
  hide details  
Reply
post #12 of 57
Quote:
Originally Posted by TurboTurtle View Post
As far as the rogue AVs are concerned (Security Tool, etc...) if you zip just the executable (C:\\Users\\<user>\\AppData\\Local (or locallow depending)) then it won't actually do anything to the system until it's pulled out of the zip and run by itself. The .exe will then create everything it needs on the host system to be self-sustained without user interaction - but again, if you zip just the executable then it is unable to do anything autonomously.
Or rename to .werawerwarwser23424243243v
btw Pm please wen done
I`l give u my email.
AzuraChan
(13 items)
 
Haruna
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II x6 1055T Asus M4A88TD-V Evo/Usb3 EVGA GTX460 1GB SC + 9800GT Phsyx 2x2GB Corsair 1333MHZ 
Hard DriveOSMonitorPower
6.8TB Total w7 + ubuntu 19" something Seasonic S12II 520W 
Case
modded antec 902 
CPUGraphicsRAMHard Drive
I7 3630QM GTX660M 2GB + HD4000 8GB 1600Mhz 1TB  
Optical DriveOSCase
Blu Ray thing Win8 64bit Lenovo Y580 
  hide details  
Reply
AzuraChan
(13 items)
 
Haruna
(7 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II x6 1055T Asus M4A88TD-V Evo/Usb3 EVGA GTX460 1GB SC + 9800GT Phsyx 2x2GB Corsair 1333MHZ 
Hard DriveOSMonitorPower
6.8TB Total w7 + ubuntu 19" something Seasonic S12II 520W 
Case
modded antec 902 
CPUGraphicsRAMHard Drive
I7 3630QM GTX660M 2GB + HD4000 8GB 1600Mhz 1TB  
Optical DriveOSCase
Blu Ray thing Win8 64bit Lenovo Y580 
  hide details  
Reply
post #13 of 57
Not planning to test Trend Micro?
Sandy
(6 items)
 
XuperXeon
(17 items)
 
 
CPUMotherboardGraphicsHard Drive
i7 3970X Asus Rampage IV Extreme Sapphire R9 Fury Samsung 850 Pro 
OSPower
Windows 7 Pro x64 OCZ Gold 850W 
CPUMotherboardGraphicsRAM
Intel Xeon X5675 @ 4.6Ghz Asus Sabertooth X58 AMD Radeon R9 Fury Corsair XMS DDR3  
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 2 OCZ Vertex WD VelociRaptor LiteOn DVD/RW 
CoolingOSMonitorKeyboard
Corsair H100i GTX Windows 7 Ultimate x64 Hanns-G 27" LED Razer BlackWidow Ultimate 
PowerCaseMouseMouse Pad
OCZ 850W ZX Series Thermaltake Level 10 GT Razer DeathAdder 3500dpi Xtrac Ripper 
Audio
Creative Soundblaster X-Fi 
  hide details  
Reply
Sandy
(6 items)
 
XuperXeon
(17 items)
 
 
CPUMotherboardGraphicsHard Drive
i7 3970X Asus Rampage IV Extreme Sapphire R9 Fury Samsung 850 Pro 
OSPower
Windows 7 Pro x64 OCZ Gold 850W 
CPUMotherboardGraphicsRAM
Intel Xeon X5675 @ 4.6Ghz Asus Sabertooth X58 AMD Radeon R9 Fury Corsair XMS DDR3  
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 2 OCZ Vertex WD VelociRaptor LiteOn DVD/RW 
CoolingOSMonitorKeyboard
Corsair H100i GTX Windows 7 Ultimate x64 Hanns-G 27" LED Razer BlackWidow Ultimate 
PowerCaseMouseMouse Pad
OCZ 850W ZX Series Thermaltake Level 10 GT Razer DeathAdder 3500dpi Xtrac Ripper 
Audio
Creative Soundblaster X-Fi 
  hide details  
Reply
post #14 of 57
Thread Starter 
Quote:
Originally Posted by nukefission View Post
Or rename to .werawerwarwser23424243243v
btw Pm please wen done
I`l give u my email.
I'll figure it out and pm you.
Quote:
Originally Posted by FlawleZ View Post
Not planning to test Trend Micro?
I will if you want me to. that and CA antivirus.
post #15 of 57
I wouldn't mind seeing how Sunbelt's Vipre fared in the mix. I've been pleased with it thus far and it seems to score well in comparisons I've come across.

edit: ooh, and maybe Sophos. The institution I work for uses it on thousands of comps, and provides it to me for free but I've never tried it. Probably kinda late to start adding to your test. Looking forward to the results of your current candidates. edit: nvm, just tried sophos and it's a hog.
Edited by Otterclock - 3/28/11 at 2:16pm
    
CPUMotherboardGraphicsRAM
3570k@4.5ghz 1.21v Gigabyte Sniper M3 Sapphire 6950 Samsung 8g1866 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Samsung F1 500 Crucial M4 64 (SRC) cpu:Noc NF-F12 / case:4x TY-141/gpu: 2x NB-Multi 
CoolingOSMonitorKeyboard
Venomous X, Accelero TT Win 7 64 Acer X213H Saitek Eclipse 
PowerCaseMouse
Superflower 650 plat Fractal Arc Midi G500 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
3570k@4.5ghz 1.21v Gigabyte Sniper M3 Sapphire 6950 Samsung 8g1866 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Samsung F1 500 Crucial M4 64 (SRC) cpu:Noc NF-F12 / case:4x TY-141/gpu: 2x NB-Multi 
CoolingOSMonitorKeyboard
Venomous X, Accelero TT Win 7 64 Acer X213H Saitek Eclipse 
PowerCaseMouse
Superflower 650 plat Fractal Arc Midi G500 
  hide details  
Reply
post #16 of 57
Thread Starter 
after doing some testing I'm going to change how i rate them. Different programs tell you about the infections they cleaned differently, so instead of rating them on how many files/registry entries, they find, I'm rating them on how many infected items malware bytes finds after it's done cleaning, and how many i can find in a hijackthis log.

after microsoft security essentials was done cleaning there were still bits of the virus left over. the background was still messed up, there were still links to infected files on the desktop, and in the start menu.
I scanned with MBAM, and it found 18 additional infected items. After that, I ran hijackthis, and the log was clean.
post #17 of 57
Most Anti-Viruses are going to pick up any unencrypted or old/crappy encrypted files.
CASTLE GRAYSKULL
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD RYZEN 7 1700 3.93 GHz GIGABYTE AORUS GA-AX370-Gaming K7 EVGA GeForce GTX 980 4GB K|NGP|N G.SKILL TridentZ Series F4-3200C14D-16GTZSK  
Hard DriveHard DriveCoolingOS
WD Black 4 TB WD4001FAEX Intel SSD DC P3600 1.6TB EKWB EK-XLC Predator 360 Windows 10 Pro x64 
MonitorMonitorKeyboardPower
23” Dell™ UltraSharp U2312HM x2 27" Yamakasi Catleap Q270 OC Corsair Gaming K95 RGB SeaSonic Platinum-1000 
CaseMouseMouse PadAudio
EVGA DG-86 Dream Machines DM1 Pro Glorious XXL Extended ASUS Xonar Essence STX 
  hide details  
Reply
CASTLE GRAYSKULL
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD RYZEN 7 1700 3.93 GHz GIGABYTE AORUS GA-AX370-Gaming K7 EVGA GeForce GTX 980 4GB K|NGP|N G.SKILL TridentZ Series F4-3200C14D-16GTZSK  
Hard DriveHard DriveCoolingOS
WD Black 4 TB WD4001FAEX Intel SSD DC P3600 1.6TB EKWB EK-XLC Predator 360 Windows 10 Pro x64 
MonitorMonitorKeyboardPower
23” Dell™ UltraSharp U2312HM x2 27" Yamakasi Catleap Q270 OC Corsair Gaming K95 RGB SeaSonic Platinum-1000 
CaseMouseMouse PadAudio
EVGA DG-86 Dream Machines DM1 Pro Glorious XXL Extended ASUS Xonar Essence STX 
  hide details  
Reply
post #18 of 57
If it's not too late, could you please add Rising AntiVirus to the list? www.freerav.com

I've used it for a couple of years, and it seems like the recent version is really lacking in both its active monitoring and scanning engines.

I look forward to your results with this.

Big Baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi 460 GTX 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
  hide details  
Reply
Big Baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi 460 GTX 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
  hide details  
Reply
post #19 of 57
Thread Starter 
ok... so my image got corrupted, and I'm going to have to start over again... This time i'm just going to do this in a virtual machine, and make a copy of the virtual disk.
post #20 of 57
Thread Starter 
I put the same virus files on the virtual machine, but got a different result, so new results for microsoft security essentials...
after mse cleaned everything up malware bytes found 4 additional infected items, and a hijackthis log contained 3 infections.

Then i tested McAfee: After it scanned and cleaned MBAM found 14 additional infections, then i found one more in the hijackthis log.

Then I tested Norton, and the virus disabled it right off the bat. as soon as it detected norton on the system, it put in a registry entry which made it ask you what program you want to use to open exe files. Also somehow it disabled the on access scanner, live update, etc so when you clicked on the taskbar icon no menu popped up, and the UI didn't open. I replicated the same problem multiple times with norton, but not with the one's i had tested before it. I had to use the norton power eraser to remove part of the virus, then remove the rest with the regular UI. Interestingly enough once I did that, norton only left behind one infected file for MBAM, and 2 infected entries in the hijackthis log. That's the best so far.

I also tested Avast, which has a great UI, and is snappy. unfortunately it had the same problem as norton where it made the exe registry entry. It ran when you selected run as administrator, but left 10 infected files for malware bytes, and 1 hijackthis entry. it also didn't remove the exe registry entry, while Norton did, and didn't change the common proxy entry that keeps you from getting to the internet by telling it to use the loopback address as a proxy server.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security