Hey Gang,

I ran an online virusscan with Panda last night. It uncovered 6 trojans that AVG paid version didn't find.

Question: Does this mean that Panda is better than AVG or does it mean that my installation of AVG was corrupted by the recent virus attack it suffered last week.

I thought my AVG installation was repaired. I make sure it is updated every day but I didn't reinstall it after the attack :confused: .

Aren't "trojans" a fuzzy area for some AV companies? Not strictly a virus, and yet ...

Yes, an anti-virus package may or may not concern itself much with trojans, likewise spyware and other types of malware. An antivirus can be expected to concentrate its energy on self-replicating code that will actively spread infection, trojan detection could be regarded as a "bonus".

In the same way that it's wise to scan for spyware, dedicated trojan checking is a better option than relying on an anti-virus.

Aren't "trojans" a fuzzy area for some AV companies? Not strictly a virus, and yet ...
:thumbs: ...

'Malware' is viruses, worms & trojans ...

3 things, 3 bits of s/w that do those well or 1 bit that does all 'fair' ? ... mmmm ! but its better than 1 bit doing 3 jobs & probably not 2 of them at all ! :eek2: :D

The moral of the story: switch to NAV!

The moral of the story: switch to NAV!
I think that's one bit ... 'going fair' :p :devil: & some might say that's 'nice'!

They all suck. ALL OF EM!!!

Even my precious F-Secure is dropping the ball. If you install Fsecure and certain Firewalls like Sygate or Zone Alarm, Fsecure sometimes blows up the system. WTF!

They all suck. ALL OF EM!!!
NAV 8 Corporate rocks! You can't say it sux until you see how it works. Our company has had NAV for years, yet no infection at all. However the home version is another story...

See here http://www.virusbtn.com/vb100/archives/products.xml?avg.xml Not exactly the best track record.

See here http://www.virusbtn.com/vb100/archives/products.xml?avg.xml Not exactly the best track record.

Thanks Hud,
That's an eye-opener...

Result summary: 3 passes / 19 fails :confused:

BTW, what does VB say IS the best AV?

Result summary: 3 passes / 19 fails :confused:


For the free version of avg !! ;) (6! Orange if you pay you have 7 !) this goes back to 98 ! ... historically they were terrible, but figured it out this year :thumbs: -for free its pretty damn good.

Who the bloomin 'eck are these virus testing guys -some magazine ?

Thanks Hud,
That's an eye-opener...

Result summary: 3 passes / 19 fails :confused:

BTW, what does VB say IS the best AV?

Hard to say, as they grade everything pass/fail. Plus, false positives also fail a product, and they don't differentiate between those and failure to detect. As -ed rightly notes, some of the fails go back a ways. Even so, some of the products seem to have more consistent records. If you look here http://www.virusbtn.com/vb100/archives/index.xml you can look up the results by date or by vendor.

You can also look here http://www.icsalabs.com/html/communities/antivirus/index.shtml and here http://www.av-test.org/

For the free version of avg !! ;) (6! Orange if you pay you have 7 !) this goes back to 98 ! ... historically they were terrible, but figured it out this year :thumbs: -for free its pretty damn good.

Who the bloomin 'eck are these virus testing guys -some magazine ?But in this case -ed, Punkinhead was the tester. He had AVG Pro on his system all up do date when he was taken down by alll those virus'es. I think three altogether. Orange, go get the link to the thread and show him....ah I guess I will....

EDIT
Yeah, here it is, just as an FYI to the forum:
http://forums.windrivers.com/showthread.php?t=54871

It all depends on what you want to call a virus a trojan or a worm as to how good any of these are !:p

& who actually says whats any good or not ? - I don't know what you might call an 'authorative' NET guide on this subject, as anyone who expresses an opinion seems to have some involvement with a vendor ! :eek2:

I have a friend who is a security officer for a footsie 100 'financial' company, he spends most of his life testing them ... his wise words are 'nothing can stop them, completely, because new ones appear daily' he also has 'many mutterings' on the subject of 'test viruses' ... I'll clean that up & say 'Virus vendors please stop publishing 'test viruses' as you show new ways to the silly people who write them' ... (there were a lot of Fs in his answer :D) - he says the most effective way to limit 'net nasties' is just limit where you go in cyberspace, which seems pretty damn good advice.

He says the best av product is sophos, & he says the measure to beat is VeriTest analysis, but I'm not so sure I believe even that (as of course they sell anti-virus stuff too ;))

But if you want a really cynical approach (i'm usually good for that !) ... all the need for anti-malware approaches means is that windows is completely insecure ! Now why ain't that a surprise !?! :D

But in this case -ed, Punkinhead was the tester. He had AVG Pro on his system all up do date when he was taken down by alll those virus'es. I think three altogether. Orange, go get the link to the thread and show him....ah I guess I will....

EDIT
Yeah, here it is, just as an FYI to the forum:
http://forums.windrivers.com/showthread.php?t=54871

Yep,

That was the original post that was the beginning of my problem. If I had sense enough to figure it out I would have suspected something immediatley. Any time there is a sudden growth in a single file that isn't supposed to grow, maybe its a virus.

Heuristic scan should have gotten it but it didn't.

Anyway, I am still in the dark as to the best. I've heard AVG, then Panda, Now Sophos. I guess its not a question of finding out which one it is an buying it.

It kind of take me back to an earlier post about a lady who went 5 years without a virus. Somebody mentioned the best protection against viruses is intelligence - like staying away from file sharing sites.

Anyway, that's another forum....and I've learned my lesson...:D

Well I've just done an interesting test on a Win2000 system that came to me very cranky, with 100% CPU usage & several instances of SVCHOST.EXE, so of course you think Nachi.

System ran Vet, owner admitted probably not up-to-date. NTFS, so as my own system is 98/ME, commandeered another 2000 system in for attention, whacked the hard drive out of the other system in.

Ran AVG6 Free, fully updated.

Found eight Trojan infected files, with Downloader.Stubby.A , Secthought.B , BackDoor.Adbreak.B , Dropper.Swicer.A , all successfully cleaned.

Did Panda Online, found Downloader.L in one file, successfully repaired.

Did Trend Housecall, found 6 files with ADW_RULEDOR.C and TROJ_POPMON.A , uncleanable. Two deleted, four currently quarantined.

Ran Stinger, there was the W32/Nachi in SVCHOST.EXE, deleted.

Who can you believe? Is the system clear yet...? Sigh...

I was going to try the new a squared 2 on it ( see here: http://forums.windrivers.com/showthread.php?t=54767 ) but when I installed it on the system, requests for connection to megaprovider.nl started, so it's out for the moment.

Edit: more scans on the same system just for reference:

Sygate wouldn't download...

Trojanscan.com couldn't scan memory, system came up clear, database was late 2003.

Bit Defender found the Ruledor in the re-named files (Trend didn't once they were re-named) but didn't notice Popmon. Heuristics seem to be OK, it found a joke FakeFormat file not reported by anything else, and flagged it as not a virus. Others may have identified it too, but just not reported anything...

CWShredder found nothing.

I'll pass the system as cleared.

crap...

crap...

???

My post?
This thread?
AVG?
Viruses & trojans?

:)


One thing I do observe about AVG, since the update system was changed to small incremental files, updates can sometimes be very frequent. Twice including just now I've updated when I've gone online, then checked before the end of the 4 hour session and there's been another update.

www.anti-trojan.net
Even pulled a trojan out of a zip file.

www.anti-trojan.net
Even pulled a trojan out of a zip file.

Quote from above site:

"Anti-Trojan 5.5 discontinued
The very successful product Anti-Trojan will not be continued any longer due to personal reasons. Customers, who bought Anti-Trojan can get a free unlock code for Anti-Trojan here to be able to use it. The software is therefore freeware now. But no signature updates will be published for Anti-Trojan in the future. Therefore it is recommended to switch to the successor product a² personal of Emsi Software GmbH to stay secure. a² personal is much more powerful than Anti-Trojan 5.5. For more details please read the a² product page."

I'll pass the system as cleared.

Nope, more stuff kept coming up, so I nuked it...