-
Posts
380 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by DragonMaster Jay
-
-
Sad to hear indeed. He worked on my site a bit, and I will say that he was a very hard worker.
Hope you all get through this.
-
The new CIS is a good one. Beat Kaspersky in Internet Security tests.
-
1 word: Comodo.
-
-
It can not be classified as "rogue" because...
1. There is no unsolicited intrusion/penetration into the system
2. There is no explicit enforcement/offering to buy a higher/pro version of the same program.
3. Detection of the mentioned program is based on behavior (such as registry changes)
4. Can not find any illegitimate advertisements/offers in program.
-
You seem to misunderstand the importance of this file, and what could happen if you change the internal assembly to a write code. If you add write features to this sample virus code, it will not be pretty to your OS. The fact that you can do an Assembly code analysis, as I did above, proves that the researchers whom designed it, were specifically aiming for what real virus code would look like.
If you do an analysis (if you know Assembly code) of this file, you will realize it has all that is needed to implement a real virus. It contains an instruction pointer, a stack pointer, a data string, DOS function, and two places where it changes its bytes to make it polymorphic. One of the worst type of viruses we deal with is polymorphic viruses. EICAR test file is still a good example virus and should still be used.
-
I've been told the reason AVs will detect it is for normal users to test the responsiveness of their real-time protection. Also, you can stick it in a zip folder or similar format, and see if the antivirus will still detect it, no matter if it is in a compressed file or not.
Dumped EICAR test file in debugger:
-
Hmm.. Can someone else try, or can TM be disabled temporarily.
That is expected behavior, it is supposed to freeze before it can be saved.
-
Place the string in to Notepad, press Save, choose Save as type.. All files, and name it eicar.com
Once saved, MBAM should recognize it immediately.
-
Any chance you can test with realtime real quick. I don't have the pro version anymore.
String: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
-
Good. Just the EICAR test file is a standard in AV software, and even though MBAM is not AV, I still think it should add the sig for the file.
-
Hello all
I realized today, MBAM failed to detect the EICAR test file. Was not sure if this was on purpose or not, but I figured it would be a good idea to detect it.
I also realize it is an antivirus test, but hey, why not add it anyway?
-
Happy B-Day!
-
Actually, you could install hpHosts for Linux. That might be easier than worrying about the IP block module.
-
I just wanted to comment on protection for Linux.
Linux is not bulletproof. But, it is much more secure, of course.
Linux operating systems have a team behind them that continually work to release security and software updates, as Linux is not vulnerability free. A particularly intelligent user will know that security updates for Linux are just as critical as they are for Windows.
The antivirus/antimalware for Linux users, that are currently available (Avira, AVG, avast!, F-Prot, Kaspersky, BitDefender, Trend Micro, McAfee, F-Secure, ESET, Symantec, Panda, Dr. Web, Sophos, etc.) are mainly for business workstations and personal users that need the feeling of being secure. When used in personal situations, it is more for the beginner user that is not aware of security updating.
The need for an antivirus is rather slim for Linux systems.
I could imagine a personal user wanting an antivirus to scan documents, pictures, movies, etc. that came from a Windows machine. Also, if any user has a fad to be into social sites, particularly ones that contain social engineering attacks, they too should have an antivirus for Linux. Linux machines are vulnerable to most social engineering attacks.
-
I have bought one computer for myself, and it was $499. Then, I added six custom upgrades totaling $500. So, the system is valued at $1000.
-
^^ I think he knows what quarters is if he uses paper money.
-
Wooo. that is funny stuff.
-
Did you contact Kaspersky about it using their free support service?
If not, then you might want to.
-
Launch KIS.
Enter the settings, and turn scheduled scanning off.
Then, open command prompt by clicking Start > Run (or use Start search in Vista/7)...type in CMD and hit OK.
Place the following line in:
dir c:\windows\tasks > log.txt && start log.txt
post back the log that launches.
-
Hello.
I will see fit for your improvement of Kaspersky products.
What version of KAV are you currently running?
-
Looks to be an infection in that area. Probably might want that checked out.
If CCleaner is freezing on that spot, then possibly an infection is avoiding interrogation or deletion.
-
Making users pay for an ineffective removal is ridiculous. Support teams that charge that much should be ashamed of themselves.
Luckily, online malware removal forums will not charge. No wonder why the online forums for malware removal are so popular. No point in paying for malware removal, if volunteers like to do it for free (and effective).
-
^^ Probably because Symantec owns PC Tools. lol
m.novelcamp.net pop up s
in Mobile Malware Removal Help & Support
Posted
Hi! Wanted to ask if you can also study the app "ai.type" - as I have collected information regarding it on my device.
It is popping up in a browser window sent through Linux browser (AKA the Android System Webview) during/after Google Play apps update; however, ai.type does not appear to be using Batmobi - even though they are sending analytics and ad association data 40-60 times/minute. They do use Adjust.io ad kit, however, and decided to communicate data with the server just before launching popup on test device.
They used spoofed app ID "com.apalon.myclockfree" with referrer from Mobobeat.biz, and utilized domain for callback URL, ".stats-location.com".
Would you check this app, ai.type, to reproduce, and see if it has integration with Batmobi? The registration in the XML data sent has 302 codes, which signals redirects similar to those already mentioned.
This is the same redirection scheme being used in "click302.h5mone.com" - therefore, I wanted to provide data I had gathered as well. Please get back to me soon.