MSE fails these SIMPLE programs


  1. Posts : 5,941
    Linux CENTOS 7 / various Windows OS'es and servers
       #1

    MSE fails these SIMPLE programs


    Hi all
    Whilst I'm not usually keen on most av software it should actually do "what it says on the tin".

    I thought I'd test MSE on a VM with a deliberately infected popup hijacker.

    MSE gave it a clean bill of health.

    The free version of Malwarebytes Anti malware (we call it "Animalware") correctly identified the offending software and registry keys

    here's the log (MSE failed to find anything).

    Malwarebytes' Anti-Malware 1.41
    Database version: 3065
    Windows 6.1.7600
    31/10/2009 10:21:40
    mbam-log-2009-10-31 (10-21-40).txt
    Scan type: Quick Scan
    Objects scanned: 93221
    Time elapsed: 2 minute(s), 45 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 2
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


    So OK this test is not exhaustive but it looks like MSE needs a bit more work on it.

    I've totally wiped the infected VM -- VM's are great for this type of testing - I would recommend DO NOT install VIRUSES for testing purposes on ANY machine connected to your LAN -- use a STAND ALONE machine with no Internet access then you should be quite safe testing these things.

    Also use a dedicated CD/DVD RW for installing the software so you can completely wipe it with a COMPLETE ERASE (write binary zeros to every track) before loading new "malicious" software for testing. -- sometime USB sticks get infected and can load viruses on to CLEAN machines if you play around with this type of stuff.

    Cheers
    jimbo
      My Computer


  2. Posts : 271
    Windows 7 Enterprise x64
       #2

    Could you try:
    Norton 360 V4 BETA. You haft to give them some info but its a very good product.
    For download, go here:

    Spyware Free Protection ? Norton 360 v4 Beta Free Registration
      My Computer


  3. Posts : 5,941
    Linux CENTOS 7 / various Windows OS'es and servers
    Thread Starter
       #3

    Hi there

    Maybe later

    BTW MSE DID find these successfully (as did Malwarebytes).

    CAREFUL if you install these for trialling how good your AV software is -- Keep away from other machines in the LAN if you play around testing.

    enc snapshot.

    Cheers
    jimbo
    Attached Thumbnails Attached Thumbnails MSE  fails these SIMPLE programs-virus.png  
      My Computer


  4. Posts : 8,476
    Windows® 8 Pro (64-bit)
       #4

    I m confused. In your 1st post, you said that MSE gave a clean bill of health. Now you are saying that MSE was able to detect these items. ???
      My Computer


  5. Posts : 29
    Windows 7 Ultimate x64
       #5

    Dinesh said:
    I m confused. In your 1st post, you said that MSE gave a clean bill of health. Now you are saying that MSE was able to detect these items. ???
    I am also confused about this.
    I would just like to say MSE is amazing and saved me so many times.
    The best anti-virus I have used. Been using it since beta and have been quite surprised.
      My Computer


  6. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #6

    No Anti-virus or Anti-spyware software program is 100% correct in their detections and definitions.
    This is one of the reasons we urge people to run 'online' scans as well as keeping their personal 'Anti-malware' and vulnerable software programs up to date.

    I won't dispute that MSE could have missed this {Vundo} infection, but I've also seen other Antivirus apps missed it too.

    Vundo/Virtumond is getting really nasty ... and it changes all the time. We see rootkits, Backdoor Trojans --> = thiefware (critical information stolen and sold) downloaded with this particular fake codec, fake anti-spyware/virus, infected web page/banner scripts, etc...

    What SIMPLE programs did you download
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:38.
Find Us