Jump to content

Recommended Posts

From what I can see, all he did was scan a folder full of samples. That is not a legitimate test.

BTW: We've already discussed Anvisoft Smart Defender, and none of us were very impressed. Perhaps it is different now that it is out of beta. I'll pull up a VM and take a look, but since it is a VM then obviously the test will not be absolute proof of the software's capabilities, since some malware will simply delete itself in a VM rather than run and infect the system.

Link to post
Share on other sites

From my reading of this test the results were woeful. 18 detections out of a possible 162 isn't very encouraging, even for a new product. Online scans are useful for checking if a file has malicious intent but worthless in preventing or removing infection. Why not do your own test?

http://virussign.com/downloads.html

Bear in mind that these samples contain a number of false positives and adware that MBAM would not consider worthy of inclusion.

I shouldn't have to remind you of the dangers of dealing with malware samples (even 'deactivated' ones such as these), so only do so if you know what you are doing ;)

Link to post
Share on other sites

OK, here's a quick rundown of what I did:

I pulled 10 samples off of S!Ri's VX Vault, and saved them on the desktop of my Windows XP Pro SP3 VM:

post-1983-0-23176300-1329672769.png

I scanned them with Anvi Smart Defender's cloud scanner, and here is the result (I don't see a way to save a log):

post-1983-0-19905900-1329672862.png

I ran a Quick Scan with Anvi Smart Defender, and here is the log (let me stress that, aside from the samples sitting on the desktop, the installation of Windows on this VM was completely clean):

*****************************************
Anvi Smart Defender - Report
ASD Version: 1.0 RC2
Database Version: 1001-1119-01
*****************************************


Malware.Generic,C:\WINDOWS\system32\commdlg.dll,FILE,463667
Malware.Generic,C:\WINDOWS\system32\dllcache\commdlg.dll,FILE,463667



-----------------------------------------
Anvisoft Corporation. All rights reserved.
Home Page: http://www.anvisoft.com

I installed and updated MBAM, and ran a Quick Scan:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GT500-9D2052302 [administrator]

2/19/2012 12:27:57 PM
mbam-log-scan-001

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 155858
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Documents and Settings\Administrator\Desktop\1-2.exe (Trojan.Agent.XVatGen) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\1.exe (Trojan.Agent.XVatGen) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\24.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\setup-2.exe (Trojan.FakeVLC) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\XvidSetup.exe (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOLV8HU7\24[1].txt (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NYFU67IF\25[1].txt (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XS8N8T8G\26[1].txt (Spyware.Zbot.VF) -> No action taken.

(end)

I then proceeded to run each one of those. The nastier bits automatically deleted themselves (as is typical with running samples like this in a VM).

Here was the only alert generated by Anvi Smart Defender during the process of installing all of that junk:

post-1983-0-49765100-1329673350.png

Unfortunately, I don't have time to run the final scans, as I need to leave. I have paused my VM for now, and will continue once I return this evening. ;)

Link to post
Share on other sites

hi all at malwarebytes

I see you have questions about out detection

well a always up for a round of detection

so here you go

ran smart defender against all exe samples form virussign.com package February 19, 2012

and was able to put all samples that were left after right click scan in the cloud scanner a total of 353 mb

I would like to see any other cloud scanner do the same !!!!

If you have any thought's that this test was not honest or proper

then I invite you to repeat it

result here

ho I as so ran malwarebytes against the same samples

if you would like to see how you did which was pretty good

Link to post
Share on other sites

Final logs from my tests:

Anvi Smart Defender:

*****************************************
Anvi Smart Defender - Report
ASD Version: 1.0 RC2
Database Version: 1001-1120-02
*****************************************


Malware.Generic,C:\WINDOWS\system32\commdlg.dll,FILE,463667
Malware.Generic,C:\WINDOWS\system32\dllcache\commdlg.dll,FILE,463667



-----------------------------------------
Anvisoft Corporation. All rights reserved.
Home Page: http://www.anvisoft.com

MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GT500-9D2052302 [administrator]

2/20/2012 3:20:00 PM
mbam-log-scan-002.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 156876
Time elapsed: 5 minute(s),

Memory Processes Detected: 2
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> 3544 -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> 3228 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{5CBCEC47-1C60-AD41-B6B9-297EA7230A6C} (Spyware.Zbot.VF) -> Data: "C:\Documents and Settings\Administrator\Application Data\Idrio\pyab.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Documents and Settings\Administrator\Desktop\25.exe (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\26.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\Idrio\pyab.exe (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\babylonSK108714.exe (Adware.Dropper.SFX) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\setup-2.exe (Trojan.FakeVLC) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\XvidSetup.exe (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LOLV8HU7\24[1].txt (Spyware.Zbot.VF) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NYFU67IF\25[1].txt (Trojan.Spam) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XS8N8T8G\26[1].txt (Spyware.Zbot.VF) -> No action taken.

(end)

I could also run ComboFix for good measure, but I have work to do, and not enough time for playing with malware samples. I will try to remember to do some more tests after I manage to build a new PC, and turn this old one into a dedicated test rig. That should be sometime early to mid March. ;)

Link to post
Share on other sites

  • 2 weeks later...

Okay here are my results.I ran the test in a Windows XP Pro SP3 vm(Windows XP Mode) and tested against the most recent MalwareDomain List listings to see how well they are keeping up. The listings were from that day(27th) and had some nasty ones like blackhole exploit kit. Malwarebytes' detected everything and blocked all the sites with the ip blocker to the point I had to shut it off as it was getting in the way. Anvi Smart Defender didn't do anything. The only thing it did was warn and block one registry change twice. The cloud feature didn't even warn or ask to upload the file requesting the changes.

Malwarebytes' protection log.

2012/02/28 14:20:57 -0600	VIRTUALXP-53643	XPMUser	MESSAGE	Starting protection
2012/02/28 14:21:02 -0600 VIRTUALXP-53643 XPMUser MESSAGE Protection started successfully
2012/02/28 14:21:06 -0600 VIRTUALXP-53643 XPMUser MESSAGE Starting IP protection
2012/02/28 14:21:07 -0600 VIRTUALXP-53643 XPMUser MESSAGE IP Protection started successfully
2012/02/28 14:21:39 -0600 VIRTUALXP-53643 XPMUser IP-BLOCK 46.166.152.163 (Type: outgoing)
2012/02/28 14:21:42 -0600 VIRTUALXP-53643 XPMUser IP-BLOCK 46.166.152.163 (Type: outgoing)
2012/02/28 14:21:46 -0600 VIRTUALXP-53643 XPMUser MESSAGE Stopping IP protection
2012/02/28 14:21:46 -0600 VIRTUALXP-53643 XPMUser MESSAGE IP Protection stopped
2012/02/28 14:26:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe Trojan.FakeMS ALLOW
2012/02/28 14:26:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe Trojan.FakeMS ALLOW
2012/02/28 14:26:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe Trojan.FakeMS ALLOW
2012/02/28 14:27:20 -0600 VIRTUALXP-53643 XPMUser MESSAGE Executing scheduled update: Daily
2012/02/28 14:27:21 -0600 VIRTUALXP-53643 XPMUser MESSAGE Database already up-to-date
2012/02/28 14:34:36 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe Backdoor.Bot ALLOW
2012/02/28 14:34:36 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe Backdoor.Bot ALLOW
2012/02/28 14:34:37 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Desktop\etTcMs.exe Backdoor.Bot ALLOW
2012/02/28 14:34:38 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe Backdoor.Bot ALLOW
2012/02/28 14:38:05 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temp\tmpab8b5ac1\file.exe Trojan.Hosts ALLOW
2012/02/28 14:38:08 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Local Settings\Temp\tmpab8b5ac1\file.exe Trojan.Hosts ALLOW
2012/02/28 14:40:37 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe Spyware.Password ALLOW
2012/02/28 14:40:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe Spyware.Password ALLOW
2012/02/28 14:40:43 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe Spyware.Password ALLOW
2012/02/28 14:41:16 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:18 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:18 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:18 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:19 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:19 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:19 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:23 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:23 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:23 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:30 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:30 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:41:31 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 14:48:20 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:05:41 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:05:42 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:14:00 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:14:00 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:18:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:18:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:20:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:20:56 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 15:21:44 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:05:04 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:05:04 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:05:34 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:21 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:45 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:45 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:52 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW
2012/02/28 16:06:52 -0600 VIRTUALXP-53643 XPMUser DETECTION C:\Documents and Settings\XPMUser\Application Data\dplayx.dll Trojan.QHost.BG ALLOW

Malwarebytes' scan log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.28.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XPMUser :: VIRTUALXP-53643 [administrator]

Protection: Enabled

2/28/2012 3:06:23 PM
mbam-log-2012-02-28 (16-04-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195511
Time elapsed: 53 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\XPMUser\Application Data\dplayx.dll (Trojan.QHost.BG) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{6E7C7E8C-0AD3-AD41-84E7-4AB396FC69A1} (Backdoor.Bot) -> Data: "C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\XPMUser\Application Data\Ukhuh\caajk.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\XPMUser\Application Data\dplaysvr.exe (Spyware.Password) -> No action taken.
C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\GZ4NQ96L\info[1].exe (Trojan.FakeMS) -> No action taken.
C:\Documents and Settings\XPMUser\Local Settings\Temporary Internet Files\Content.IE5\QTMNSHIB\etTcMs[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\XPMUser\Application Data\dplayx.dll (Trojan.QHost.BG) -> No action taken.

(end)

Unfortunately I didn't quite figure out how to save logs right away(have to click the number by Threats Found for window that offers it) so I just took a screenshot rather then going back and rescanning.

They didn't perform well at all. The alerts were unclear and didn't contain enough info for the user to make a choice. They also need to provide a more direct option for log saving rather then have the user figure it out as they likely wouldn't have.

post-21530-0-70178700-1330565823.jpg

Link to post
Share on other sites

VM. :)Windows XP Mode is an installation package for Windows Virtual PC that installs Windows XP Professional SP3 for Windows 7 Professional/Business/Ultimate/Enterprise users. :) I did test it against the spycar test files so it has basic protection at the very least, but I felt like it was doing absolutely nothing.

Link to post
Share on other sites

VM. :)

Being a VM, some samples will delete themselves when you run them, so it wasn't a proper test (just like the one I conducted wasn't proper), however it still shows that the protection in Anvi Smart Defender is rather lacking...

Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.

Link to post
Share on other sites

Being a VM, some samples will delete themselves when you run them, so it wasn't a proper test (just like the one I conducted wasn't proper), however it still shows that the protection in Anvi Smart Defender is rather lacking...

Of course, when it came to most of the samples I would find, MSE was the only thing that detected most of them. Even MBAM would fail on a lot of them.

Yep. Mostly it was to show they appear to be armatures and lacking in experience or knowledge when it comes to malware. They certainly are making poor products that don't do anything at all other then waste space on a users hard drive. I recommend they go and receive some training first before releasing a product as they are just making themselves look bad with a wannabe program. Just my two cents. ;)

Link to post
Share on other sites

  • 3 weeks later...

Thanks for letting us know Rats.

I never was able to do proper testing of Anvisoft's Smart Defender (I did build my new system, however I didn't have the money for hard drives, so the hard drives from the old system had to be recycled in the new system). I still hope to be able to do the test, along with MBAM and Emsisoft Anti-Malware (that last one is being tested more for fun than anything else), however it will have to wait until after taxes and possibly after I pay medical expenses.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.