MSE fails these SIMPLE programs

[jimbo45]

Hi all
Whilst I'm not usually keen on most av software it should actually do "what it says on the tin".

I thought I'd test MSE on a VM with a deliberately infected popup hijacker.

MSE gave it a clean bill of health.

The free version of Malwarebytes Anti malware (we call it "Animalware") correctly identified the offending software and registry keys

here's the log (MSE failed to find anything).

Malwarebytes' Anti-Malware 1.41
Database version: 3065
Windows 6.1.7600
31/10/2009 10:21:40
mbam-log-2009-10-31 (10-21-40).txt
Scan type: Quick Scan
Objects scanned: 93221
Time elapsed: 2 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


So OK this test is not exhaustive but it looks like MSE needs a bit more work on it.

I've totally wiped the infected VM -- VM's are great for this type of testing - I would recommend DO NOT install VIRUSES for testing purposes on ANY machine connected to your LAN -- use a STAND ALONE machine with no Internet access then you should be quite safe testing these things.

Also use a dedicated CD/DVD RW for installing the software so you can completely wipe it with a COMPLETE ERASE (write binary zeros to every track) before loading new "malicious" software for testing. -- sometime USB sticks get infected and can load viruses on to CLEAN machines if you play around with this type of stuff.

Cheers
jimbo

 

[gamepro127]

Could you try:
Norton 360 V4 BETA. You haft to give them some info but its a very good product.
For download, go here:

Spyware Free Protection ? Norton 360 v4 Beta Free Registration

 

[jimbo45]

Hi there

Maybe later

BTW MSE DID find these successfully (as did Malwarebytes).

CAREFUL if you install these for trialling how good your AV software is -- Keep away from other machines in the LAN if you play around testing.

enc snapshot.

Cheers
jimbo

 

[Dinesh]

I m confused. In your 1st post, you said that MSE gave a clean bill of health. Now you are saying that MSE was able to detect these items. ???

 

[Thisislaw]

I m confused. In your 1st post, you said that MSE gave a clean bill of health. Now you are saying that MSE was able to detect these items. ???

I am also confused about this.
I would just like to say MSE is amazing and saved me so many times.
The best anti-virus I have used. Been using it since beta and have been quite surprised.

 

[Jacee]

No Anti-virus or Anti-spyware software program is 100% correct in their detections and definitions.
This is one of the reasons we urge people to run 'online' scans as well as keeping their personal 'Anti-malware' and vulnerable software programs up to date.

I won't dispute that MSE could have missed this {Vundo} infection, but I've also seen other Antivirus apps missed it too.

Vundo/Virtumond is getting really nasty ... and it changes all the time. We see rootkits, Backdoor Trojans --> = thiefware (critical information stolen and sold) downloaded with this particular fake codec, fake anti-spyware/virus, infected web page/banner scripts, etc...

What SIMPLE programs did you download :sarc: