VirusTotal, Malwarebytes

Lil' Abner · 06-12-2010, 01:29 PM

CiderScratter <cider-scratter@hotmail.invalid> wrote in
news:rdh6165samves2n6sms0qqvba5qojg4bs7@4ax.com:

> On Fri, 11 Jun 2010 18:22:02 -0500, "Lil' Abner" <blvstk@dogpatch.com>
> wrote:
>
>>I downloaded
>>41.Yr.Virgin.Who.Knocked.Up.Sarah.Marshall;Felt. Superbad.LKRG136943.exe
>>, knowing, of course That it would be infected with *something*.
>>Microsoft Security Essentials liked it OK so I sent it to VirusTotal
>>where it scored zilch (0/43).
>>So I installed it on a throwaway copy of XP and actually had to kill
>>the installation file with task manager. And that still left a random
>>exe file running and eating up about 85% of the processor. So I killed
>>that one too and then ran MalwareBytes on it.
>>It found:
>> Trojan.Backdoor.Gen (4)
>> Trojan.Agent.Gen (5)
>> Trojan.Agent (1)
>> Bifrose.Trace (1)
>>MalwareBytes cleaned it up fine with a reboot.
>>IMO that saya quite a bit for MBAM and very little for 43 antivirus
>>companies.
>>At least it wasn't one of those rogue security apps that I usually get
>>when I play this game... :-)
>
> You details are very sparse to say the least and seem to indicate a
> big flaw in your testing process. Maybe you just did not document it
> too well.
>
> So why did you only have to kill the installation on the throwaway
> copy of XP?

Because it wasn't doing anything and it wouldn't quit running.

> What about the PC where you tested it with MSE?

It was actually a rar file. I un-rared it on the original computer and
checked the exe with MSE.

> Did you try the install here or just scan the 'original exe?

No and yes.

> What about the unpacked one with MSE?

See above.

> Have you sent the unpacked exe file to virustotal?

Yes. Found nothing.

> Did Malwarebytes find it in a scan before you run the exe.

Didn't try that, but I see your point. I've still got it. I'll try it right
now. OK. http://mewnlite.com/sample.gif - I had to help it a bit by putting
it in the windows\system32 folder since the original was in a download
folder on another drive and MBAM wouldn't have found it there. Anyway,
thanks for prompting me to run it. It found some other stuff while it was
there!

> A test is only fair if the exact same procedures are followed for each
> application being tested and your notes do not indicate this.

OK, I have the paid version of MBAM but I haven't been running it in real
time since a long time ago it was blocking a lot of legitimate IP
addresses. I've turned it back on (temporarily) and will go back and find
another one of those Debbie.Does.Dallas.in.the.treehouse23456.rar files and
see if it'll catch it!

--
--- Everybody has a right to my opinion. ---

Thread: VirusTotal, Malwarebytes

Thread Tools

Display

Threaded View

Re: VirusTotal, Malwarebytes

Thread Information

Users Browsing this Thread

Posting Permissions