On Fri, 11 Jun 2010 18:22:02 -0500, "Lil' Abner" <blvstk@dogpatch.com>
wrote:

>I downloaded
>41.Yr.Virgin.Who.Knocked.Up.Sarah.Marshall;Felt.S uperbad.LKRG136943.exe,
>knowing, of course That it would be infected with *something*. Microsoft
>Security Essentials liked it OK so I sent it to VirusTotal where it scored
>zilch (0/43).
>So I installed it on a throwaway copy of XP and actually had to kill the
>installation file with task manager. And that still left a random exe file
>running and eating up about 85% of the processor. So I killed that one too
>and then ran MalwareBytes on it.
>It found:
> Trojan.Backdoor.Gen (4)
> Trojan.Agent.Gen (5)
> Trojan.Agent (1)
> Bifrose.Trace (1)
>MalwareBytes cleaned it up fine with a reboot.
>IMO that saya quite a bit for MBAM and very little for 43 antivirus
>companies.
>At least it wasn't one of those rogue security apps that I usually get when
>I play this game... :-)

You details are very sparse to say the least and seem to indicate a big
flaw in your testing process. Maybe you just did not document it too
well.

So why did you only have to kill the installation on the throwaway copy
of XP?
What about the PC where you tested it with MSE? Did you try the install
here or just scan the 'original exe? What about the unpacked one with
MSE?

Have you sent the unpacked exe file to virustotal?
Did Malwarebytes find it in a scan before you run the exe.

A test is only fair if the exact same procedures are followed for each
application being tested and your notes do not indicate this.