New
#1
MSE fails these SIMPLE programs
Hi all
Whilst I'm not usually keen on most av software it should actually do "what it says on the tin".
I thought I'd test MSE on a VM with a deliberately infected popup hijacker.
MSE gave it a clean bill of health.
The free version of Malwarebytes Anti malware (we call it "Animalware") correctly identified the offending software and registry keys
here's the log (MSE failed to find anything).
Malwarebytes' Anti-Malware 1.41
Database version: 3065
Windows 6.1.7600
31/10/2009 10:21:40
mbam-log-2009-10-31 (10-21-40).txt
Scan type: Quick Scan
Objects scanned: 93221
Time elapsed: 2 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
So OK this test is not exhaustive but it looks like MSE needs a bit more work on it.
I've totally wiped the infected VM -- VM's are great for this type of testing - I would recommend DO NOT install VIRUSES for testing purposes on ANY machine connected to your LAN -- use a STAND ALONE machine with no Internet access then you should be quite safe testing these things.
Also use a dedicated CD/DVD RW for installing the software so you can completely wipe it with a COMPLETE ERASE (write binary zeros to every track) before loading new "malicious" software for testing. -- sometime USB sticks get infected and can load viruses on to CLEAN machines if you play around with this type of stuff.
Cheers
jimbo