New Posts  All Forums:Forum Nav:

Antivirus testing - Page 2

post #11 of 57
3/26/11 at 2:19pm
Quote:
Originally Posted by {core2duo}werd View Post
I'm letting it fester over the weekend. I'll see if i can find a safe way to send them. they could still infect from a zip, but maybe if it had a password or if it were in a passworded rar...
As far as the rogue AVs are concerned (Security Tool, etc...) if you zip just the executable (C:\\Users\\<user>\\AppData\\Local (or locallow depending)) then it won't actually do anything to the system until it's pulled out of the zip and run by itself. The .exe will then create everything it needs on the host system to be self-sustained without user interaction - but again, if you zip just the executable then it is unable to do anything autonomously.
Hey you, come back with my wallet!
(13 items)
  		  
CPUMotherboardGraphicsRAM
Core i7 970 @ 4.0 GHz 1.22 Vcore Asus Rampage II Gene GTX 260 216SP G.SKILL PI 3x2gb DDR3 1600 @ 7-8-7-24 
Hard DriveOSMonitorPower
2x 500gb Seagates RAID 0, 1x 500gb non-RAID Windows 7 Professional x64 ASUS 24'' VH242H / Spectre 24'' WS Corsair 750TX 
Case
Xclio Wind Tunnel 
View all
  hide details  
Reply
Hey you, come back with my wallet!
(13 items)
  		  
CPUMotherboardGraphicsRAM
Core i7 970 @ 4.0 GHz 1.22 Vcore Asus Rampage II Gene GTX 260 216SP G.SKILL PI 3x2gb DDR3 1600 @ 7-8-7-24 
Hard DriveOSMonitorPower
2x 500gb Seagates RAID 0, 1x 500gb non-RAID Windows 7 Professional x64 ASUS 24'' VH242H / Spectre 24'' WS Corsair 750TX 
Case
Xclio Wind Tunnel 
View all
  hide details  
Reply
post #12 of 57
3/28/11 at 9:14am
Quote:
Originally Posted by TurboTurtle View Post
As far as the rogue AVs are concerned (Security Tool, etc...) if you zip just the executable (C:\\Users\\<user>\\AppData\\Local (or locallow depending)) then it won't actually do anything to the system until it's pulled out of the zip and run by itself. The .exe will then create everything it needs on the host system to be self-sustained without user interaction - but again, if you zip just the executable then it is unable to do anything autonomously.
Or rename to .werawerwarwser23424243243v
btw Pm please wen done
I`l give u my email.
AzuraChan
(13 items)
  		  
CPUMotherboardGraphicsRAM
Phenom II x6 1055T Asus M4A88TD-V Evo/Usb3 EVGA GTX460 1GB SC + 9800GT Phsyx 2x2GB Corsair 1333MHZ 
Hard DriveOSMonitorPower
6.8TB Total w7 + ubuntu 19" something Seasonic S12II 520W 
Case
modded antec 902 
View all
  hide details  
Reply
AzuraChan
(13 items)
  		  
CPUMotherboardGraphicsRAM
Phenom II x6 1055T Asus M4A88TD-V Evo/Usb3 EVGA GTX460 1GB SC + 9800GT Phsyx 2x2GB Corsair 1333MHZ 
Hard DriveOSMonitorPower
6.8TB Total w7 + ubuntu 19" something Seasonic S12II 520W 
Case
modded antec 902 
View all
  hide details  
Reply
post #13 of 57
3/28/11 at 9:18am
Not planning to test Trend Micro?
Mako Shark
(14 items)
  		  
CPUMotherboardGraphicsRAM
Phenom II 980 BE 4.4Ghz MSI GD70 790FX Sapphire HD 7950 3GB 4GB OCZ Reaper 1333 @ 1500 6-7-6-20 
Hard DriveOptical DriveCoolingOS
OCZ Vertex 3 120GB, OCZ Vertex 60GB, Vraptor 15... Lite-On DVD-RW SATA Scythe Mugen II Win7 x64 Ultimate 
MonitorKeyboardPowerCase
Hanns G 27" 1920x1080 Razer Lycosa OCZ 850W Gold ZX Series Thermaltake Shark 
MouseMouse Pad
Razer Death Adder Xtrac Ripper 
View all
  hide details  
Reply
Mako Shark
(14 items)
  		  
CPUMotherboardGraphicsRAM
Phenom II 980 BE 4.4Ghz MSI GD70 790FX Sapphire HD 7950 3GB 4GB OCZ Reaper 1333 @ 1500 6-7-6-20 
Hard DriveOptical DriveCoolingOS
OCZ Vertex 3 120GB, OCZ Vertex 60GB, Vraptor 15... Lite-On DVD-RW SATA Scythe Mugen II Win7 x64 Ultimate 
MonitorKeyboardPowerCase
Hanns G 27" 1920x1080 Razer Lycosa OCZ 850W Gold ZX Series Thermaltake Shark 
MouseMouse Pad
Razer Death Adder Xtrac Ripper 
View all
  hide details  
Reply
post #14 of 57
3/28/11 at 10:39am
Thread Starter 
Quote:
Originally Posted by nukefission View Post
Or rename to .werawerwarwser23424243243v
btw Pm please wen done
I`l give u my email.
I'll figure it out and pm you.
Quote:
Originally Posted by FlawleZ View Post
Not planning to test Trend Micro?
I will if you want me to. that and CA antivirus.
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
post #15 of 57
3/28/11 at 12:39pm
I wouldn't mind seeing how Sunbelt's Vipre fared in the mix. I've been pleased with it thus far and it seems to score well in comparisons I've come across.

edit: ooh, and maybe Sophos. The institution I work for uses it on thousands of comps, and provides it to me for free but I've never tried it. Probably kinda late to start adding to your test. Looking forward to the results of your current candidates. edit: nvm, just tried sophos and it's a hog.
Edited by Otterclock - 3/28/11 at 2:16pm
Waiting for Godot Bridge
(18 items)
  		  
CPUMotherboardGraphicsRAM
3570k@4.7ghz 1.21v Gigabyte Sniper M3 Sapphire 6950 Samsung 8g1866 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Samsung F1 500 Crucial M4 64 (SRC) cpu:Noc NF-F12 / case:4x TY-141/gpu: 2x NB-Multi 
CoolingOSMonitorKeyboard
Venomous X, Accelero TT Win 7 64 Acer X213H Many 
PowerCaseMouse
Superflower 650 plat Arc Midi G500 
View all
  hide details  
Reply
Waiting for Godot Bridge
(18 items)
  		  
CPUMotherboardGraphicsRAM
3570k@4.7ghz 1.21v Gigabyte Sniper M3 Sapphire 6950 Samsung 8g1866 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Samsung F1 500 Crucial M4 64 (SRC) cpu:Noc NF-F12 / case:4x TY-141/gpu: 2x NB-Multi 
CoolingOSMonitorKeyboard
Venomous X, Accelero TT Win 7 64 Acer X213H Many 
PowerCaseMouse
Superflower 650 plat Arc Midi G500 
View all
  hide details  
Reply
post #16 of 57
3/28/11 at 1:33pm
Thread Starter 
after doing some testing I'm going to change how i rate them. Different programs tell you about the infections they cleaned differently, so instead of rating them on how many files/registry entries, they find, I'm rating them on how many infected items malware bytes finds after it's done cleaning, and how many i can find in a hijackthis log.

after microsoft security essentials was done cleaning there were still bits of the virus left over. the background was still messed up, there were still links to infected files on the desktop, and in the start menu.
I scanned with MBAM, and it found 18 additional infected items. After that, I ran hijackthis, and the log was clean.
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
post #17 of 57
3/28/11 at 3:00pm
Most Anti-Viruses are going to pick up any unencrypted or old/crappy encrypted files.
CASTLE GRAYSKULL
(15 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i7-3960X Extreme Edition MSI X79 Big Bang X-Power II EVGA GeForce GTX670 G.SKILL Ripjaws X 16GB 4x4GB DDR3 1333 
Hard DriveHard DriveOSMonitor
Segate Barracuda ES Crucial M4  Windows 7 Ultimate x64 23” Dell™ UltraSharp U2312HM x2 
MonitorKeyboardPowerCase
27" Yamakasi Catleap Q270 OC CM Storm Trigger MX Green SeaSonic Platinum-1000 CaseLabs MAGNUM TH10 Case 
MouseAudio
Razer Naga ASUS Xonar Essence STX 
View all
  hide details  
Reply
CASTLE GRAYSKULL
(15 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i7-3960X Extreme Edition MSI X79 Big Bang X-Power II EVGA GeForce GTX670 G.SKILL Ripjaws X 16GB 4x4GB DDR3 1333 
Hard DriveHard DriveOSMonitor
Segate Barracuda ES Crucial M4  Windows 7 Ultimate x64 23” Dell™ UltraSharp U2312HM x2 
MonitorKeyboardPowerCase
27" Yamakasi Catleap Q270 OC CM Storm Trigger MX Green SeaSonic Platinum-1000 CaseLabs MAGNUM TH10 Case 
MouseAudio
Razer Naga ASUS Xonar Essence STX 
View all
  hide details  
Reply
post #18 of 57
3/28/11 at 4:30pm
If it's not too late, could you please add Rising AntiVirus to the list? www.freerav.com

I've used it for a couple of years, and it seems like the recent version is really lacking in both its active monitoring and scanning engines.

I look forward to your results with this.

Big Baby
(13 items)
  		  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi MSI 9800 GTX+ 512Mb OC'd 810/1944/1278 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
View all
  hide details  
Reply
Big Baby
(13 items)
  		  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi MSI 9800 GTX+ 512Mb OC'd 810/1944/1278 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
View all
  hide details  
Reply
post #19 of 57
3/29/11 at 6:21am
Thread Starter 
ok... so my image got corrupted, and I'm going to have to start over again... This time i'm just going to do this in a virtual machine, and make a copy of the virtual disk.
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
post #20 of 57
3/29/11 at 6:37pm
Thread Starter 
I put the same virus files on the virtual machine, but got a different result, so new results for microsoft security essentials...
after mse cleaned everything up malware bytes found 4 additional infected items, and a hijackthis log contained 3 infections.

Then i tested McAfee: After it scanned and cleaned MBAM found 14 additional infections, then i found one more in the hijackthis log.

Then I tested Norton, and the virus disabled it right off the bat. as soon as it detected norton on the system, it put in a registry entry which made it ask you what program you want to use to open exe files. Also somehow it disabled the on access scanner, live update, etc so when you clicked on the taskbar icon no menu popped up, and the UI didn't open. I replicated the same problem multiple times with norton, but not with the one's i had tested before it. I had to use the norton power eraser to remove part of the virus, then remove the rest with the regular UI. Interestingly enough once I did that, norton only left behind one infected file for MBAM, and 2 infected entries in the hijackthis log. That's the best so far.

I also tested Avast, which has a great UI, and is snappy. unfortunately it had the same problem as norton where it made the exe registry entry. It ran when you selected run as administrator, but left 10 infected files for malware bytes, and 1 hijackthis entry. it also didn't remove the exe registry entry, while Norton did, and didn't change the common proxy entry that keeps you from getting to the internet by telling it to use the loopback address as a proxy server.
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
i5 build
(9 items)
  		  
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Z68 Pro4 Gen4 Intel HD Graphics 4000 (GT2) G.skill ares 
RAMHard DriveCoolingOS
G.skill ares Corsair Force GT 128 GB SSD Custom WC loop Win8 pro 
Case
antec 1200 
View all
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security