Jump to content

Christian Mairoll

Emsisoft Employee
  • Posts

    1319
  • Joined

  • Days Won

    118

Posts posted by Christian Mairoll

  1.  

    The Emsi Software malware research team has discoverd a new outbreak for the Windows PC Defender adware. a-squared Anti-Malware detect this malware as Adware.Win32.WindowsPCDefender.

    Windows PC Defender is rogue security software that show false warning messages and show misleading scan results. The advertisement will state that you are infected and then prompt you to download Windows PC Defender to your computer. If you download and install Windows PC Defender, it will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

    The main program will extract several files to (the name of the files and directory for this rogue are random):

    %CommonAppData%b0cf5WPba6.exe
    %CommonAppData%WPCDSyswpcd.cfg
    %AppData%MicrosoftInternet ExplorerQuick LaunchWindows PC Defender.lnk
    %AppData%Windows PC DefenderInstructions.ini
    %UserProfile%Cookiesindex.dat
    %UserProfile%Cookiesvirus [email protected][1].txt
    %UserProfile%Desktop1587.mof
    %UserProfile%DesktopWindows PC Defender.lnk
    %UserProfile%DesktopWPCD.ico
    %UserProfile%DesktopBackUpHyperSnap-DX.lnk
    %UserProfile%DesktopWPCDSysvd952342.bd
    %UserProfile%RecentANTIGEN.tmp
    %UserProfile%Recentcb.dll
    %UserProfile%Recentcid.exe
    %UserProfile%Recentcid.sys
    %UserProfile%RecentCLSV.drv
    %UserProfile%Recentexec.drv
    %UserProfile%Recentfix.sys
    %UserProfile%Recentgrid.tmp
    %UserProfile%Recentkernel32.tmp
    %UserProfile%RecentPE.sys
    %UserProfile%RecentPE.tmp
    %UserProfile%Recentppal.drv
    %UserProfile%RecentSM.tmp
    %UserProfile%Recenttjd.sys
    %UserProfile%Recenttjd.tmp
    %UserProfile%Start MenuWindows PC Defender.lnk
    %UserProfile%Start MenuProgramsWindows PC Defender.lnk

    And create new registry entry:

    HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRunWindows PC Defender

    This rogue also try to modify hosts file:

    74.125.45.100 4-open-davinci.com
    74.125.45.100 securitysoftwarepayments.com
    74.125.45.100 privatesecuredpayments.com
    74.125.45.100 secure.privatesecuredpayments.com
    74.125.45.100 getantivirusplusnow.com
    74.125.45.100 secure-plus-payments.com
    74.125.45.100 www.getantivirusplusnow.com
    74.125.45.100 www.secure-plus-payments.com
    74.125.45.100 www.getavplusnow.com
    74.125.45.100 www.securesoftwarebill.com
    74.125.45.100 secure.paysecuresystem.com
    74.125.45.100 paysoftbillsolution.com
    206.53.61.77 google.ae
    206.53.61.77 google.as
    206.53.61.77 google.at
    206.53.61.77 google.az
    206.53.61.77 google.ba
    206.53.61.77 google.be
    206.53.61.77 google.bg
    206.53.61.77 google.bs
    206.53.61.77 google.ca
    206.53.61.77 google.cd
    206.53.61.77 google.com.gh
    206.53.61.77 google.com.hk
    206.53.61.77 google.com.jm
    206.53.61.77 google.com.mx
    206.53.61.77 google.com.my
    206.53.61.77 google.com.na
    206.53.61.77 google.com.nf
    206.53.61.77 google.com.ng
    206.53.61.77 google.ch
    206.53.61.77 google.com.np
    206.53.61.77 google.com.pr
    206.53.61.77 google.com.qa
    206.53.61.77 google.com.sg
    206.53.61.77 google.com.tj
    206.53.61.77 google.com.tw
    206.53.61.77 google.dj
    206.53.61.77 google.de
    206.53.61.77 google.dk
    206.53.61.77 google.dm
    206.53.61.77 google.ee
    206.53.61.77 google.fi
    206.53.61.77 google.fm
    206.53.61.77 google.fr
    206.53.61.77 google.ge
    206.53.61.77 google.gg
    206.53.61.77 google.gm
    206.53.61.77 google.gr
    206.53.61.77 google.ht
    206.53.61.77 google.ie
    206.53.61.77 google.im
    206.53.61.77 google.in
    206.53.61.77 google.it
    206.53.61.77 google.ki
    206.53.61.77 google.la
    206.53.61.77 google.li
    206.53.61.77 google.lv
    206.53.61.77 google.ma
    206.53.61.77 google.ms
    206.53.61.77 google.mu
    206.53.61.77 google.mw
    206.53.61.77 google.nl
    206.53.61.77 google.no
    206.53.61.77 google.nr
    206.53.61.77 google.nu
    206.53.61.77 google.pl
    206.53.61.77 google.pn
    206.53.61.77 google.pt
    206.53.61.77 google.ro
    206.53.61.77 google.ru
    206.53.61.77 google.rw
    206.53.61.77 google.sc
    206.53.61.77 google.se
    206.53.61.77 google.sh
    206.53.61.77 google.si
    206.53.61.77 google.sm
    206.53.61.77 google.sn
    206.53.61.77 google.st
    206.53.61.77 google.tl
    206.53.61.77 google.tm
    206.53.61.77 google.tt
    206.53.61.77 google.us
    206.53.61.77 google.vu
    206.53.61.77 google.ws
    206.53.61.77 google.co.ck
    206.53.61.77 google.co.id
    206.53.61.77 google.co.il
    206.53.61.77 google.co.in
    206.53.61.77 google.co.jp
    206.53.61.77 google.co.kr
    206.53.61.77 google.co.ls
    206.53.61.77 google.co.ma
    206.53.61.77 google.co.nz
    206.53.61.77 google.co.tz
    206.53.61.77 google.co.ug
    206.53.61.77 google.co.uk
    206.53.61.77 google.co.za
    206.53.61.77 google.co.zm
    206.53.61.77 google.com
    206.53.61.77 google.com.af
    206.53.61.77 google.com.ag
    206.53.61.77 google.com.ar
    206.53.61.77 google.com.au
    206.53.61.77 google.com.bn
    206.53.61.77 google.com.br
    206.53.61.77 google.com.by
    206.53.61.77 google.com.bz
    206.53.61.77 google.com.cu
    206.53.61.77 google.com.ec
    206.53.61.77 google.com.fj
    206.53.61.77 www.google.ae
    206.53.61.77 www.google.as
    206.53.61.77 www.google.at
    206.53.61.77 www.google.az
    206.53.61.77 www.google.ba
    206.53.61.77 www.google.be
    206.53.61.77 www.google.bg
    206.53.61.77 www.google.bs
    206.53.61.77 www.google.ca
    206.53.61.77 www.google.cd
    206.53.61.77 www.google.com.gh
    206.53.61.77 www.google.com.hk
    206.53.61.77 www.google.com.jm
    206.53.61.77 www.google.com.mx
    206.53.61.77 www.google.com.my
    206.53.61.77 www.google.com.na
    206.53.61.77 www.google.com.nf
    206.53.61.77 www.google.com.ng
    206.53.61.77 www.google.ch
    206.53.61.77 www.google.com.np
    206.53.61.77 www.google.com.pr
    206.53.61.77 www.google.com.qa
    206.53.61.77 www.google.com.sg
    206.53.61.77 www.google.com.tj
    206.53.61.77 www.google.com.tw
    206.53.61.77 www.google.dj
    206.53.61.77 www.google.de
    206.53.61.77 www.google.dk
    206.53.61.77 www.google.dm
    206.53.61.77 www.google.ee
    206.53.61.77 www.google.fi
    206.53.61.77 www.google.fm
    206.53.61.77 www.google.fr
    206.53.61.77 www.google.ge
    206.53.61.77 www.google.gg
    206.53.61.77 www.google.gm
    206.53.61.77 www.google.gr
    206.53.61.77 www.google.ht
    206.53.61.77 www.google.ie
    206.53.61.77 www.google.im
    206.53.61.77 www.google.in
    206.53.61.77 www.google.it
    206.53.61.77 www.google.ki
    206.53.61.77 www.google.la
    206.53.61.77 www.google.li
    206.53.61.77 www.google.lv
    206.53.61.77 www.google.ma
    206.53.61.77 www.google.ms
    206.53.61.77 www.google.mu
    206.53.61.77 www.google.mw
    206.53.61.77 www.google.nl
    206.53.61.77 www.google.no
    206.53.61.77 www.google.nr
    206.53.61.77 www.google.nu
    206.53.61.77 www.google.pl
    206.53.61.77 www.google.pn
    206.53.61.77 www.google.pt
    206.53.61.77 www.google.ro
    206.53.61.77 www.google.ru
    206.53.61.77 www.google.rw
    206.53.61.77 www.google.sc
    206.53.61.77 www.google.se
    206.53.61.77 www.google.sh
    206.53.61.77 www.google.si
    206.53.61.77 www.google.sm
    206.53.61.77 www.google.sn
    206.53.61.77 www.google.st
    206.53.61.77 www.google.tl
    206.53.61.77 www.google.tm
    206.53.61.77 www.google.tt
    206.53.61.77 www.google.us
    206.53.61.77 www.google.vu
    206.53.61.77 www.google.ws
    206.53.61.77 www.google.co.ck
    206.53.61.77 www.google.co.id
    206.53.61.77 www.google.co.il
    206.53.61.77 www.google.co.in
    206.53.61.77 www.google.co.jp
    206.53.61.77 www.google.co.kr
    206.53.61.77 www.google.co.ls
    206.53.61.77 www.google.co.ma
    206.53.61.77 www.google.co.nz
    206.53.61.77 www.google.co.tz
    206.53.61.77 www.google.co.ug
    206.53.61.77 www.google.co.uk
    206.53.61.77 www.google.co.za
    206.53.61.77 www.google.co.zm
    206.53.61.77 www.google.com
    206.53.61.77 www.google.com.af
    206.53.61.77 www.google.com.ag
    206.53.61.77 www.google.com.ar
    206.53.61.77 www.google.com.au
    206.53.61.77 www.google.com.bn
    206.53.61.77 www.google.com.br
    206.53.61.77 www.google.com.by
    206.53.61.77 www.google.com.bz
    206.53.61.77 www.google.com.cu
    206.53.61.77 www.google.com.ec
    206.53.61.77 www.google.com.fj
    206.53.61.77 google.com
    206.53.61.77 www.google.com
    206.53.61.77 bing.com
    206.53.61.77 www.bing.com
    206.53.61.77 search.yahoo.com
    206.53.61.77 www.search.yahoo.com
    206.53.61.77 search.live.com
    206.53.61.77 search.msn.com

    Malware screenshots:

    WindowsPCDefender_1.png

    WindowsPCDefender_2.png

    WindowsPCDefender_3.png

    WindowsPCDefender_4.png

    WindowsPCDefender_5.png

    WindowsPCDefender_6.png

    WindowsPCDefender_7.png

    How to remove the infection of Adware.Win32.WindowsPCDefender?

    To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine



    View the full article
  2. The independent ProtectStar test lab makes detail reviews of security software solutions. Only a few selected products have been awarded with the ProtectStar Award during the last 5 years.

    a-squared Anti-Malware 4.5 was tested and won the coveted ProtectStar Award 2009!

    Please check out the full 6-page detail review of a-squared Anti-Malware 4.5.

    ProtectStar Award 2009 for a-squared Anti-Malware 4.5!



    View the full article
  3.  

    The Emsi Software malware research team has discoverd a new outbreak for the Adware.Win32.WindowsPolicePro.

    WindowsPolicePro is a rogue security program that:

    • Show False warning messages.
    • Show Misleading scan results.
    • Show fake Windows Security Center.
    • Show fake error svchost.exe.
    • And it’s Browser Helper Objects

    The main installer of this malware seem like packed with EXECryptor, and it extract several files to:

    %ProgramFiles%Windows Police Promsvcm80.dll
    %ProgramFiles%Windows Police Promsvcp80.dll
    %ProgramFiles%Windows Police Promsvcr80.dll
    %ProgramFiles%Windows Police Prowindows Police Pro.exe
    %ProgramFiles%Windows Police Protmpdbsinit.exe
    %ProgramFiles%Windows Police Protmpwispex.html
    %ProgramFiles%Windows Police Protmpimagesi1.gif
    %ProgramFiles%Windows Police Protmpimagesi2.gif
    %ProgramFiles%Windows Police Protmpimagesi3.gif
    %ProgramFiles%Windows Police Protmpimagesj1.gif
    %ProgramFiles%Windows Police Protmpimagesj2.gif
    %ProgramFiles%Windows Police Protmpimagesj3.gif
    %ProgramFiles%Windows Police Protmpimagesjj1.gif
    %ProgramFiles%Windows Police Protmpimagesjj2.gif
    %ProgramFiles%Windows Police Protmpimagesjj3.gif
    %ProgramFiles%Windows Police Protmpimagesl1.gif
    %ProgramFiles%Windows Police Protmpimagesl2.gif
    %ProgramFiles%Windows Police Protmpimagesl3.gif
    %ProgramFiles%Windows Police Protmpimagespix.gif
    %ProgramFiles%Windows Police Protmpimagest1.gif
    %ProgramFiles%Windows Police Protmpimagest2.gif
    %ProgramFiles%Windows Police Protmpimagesup1.gif
    %ProgramFiles%Windows Police Protmpimagesup2.gif
    %ProgramFiles%Windows Police Protmpimagesw1.gif
    %ProgramFiles%Windows Police Protmpimagesw11.gif
    %ProgramFiles%Windows Police Protmpimagesw2.gif
    %ProgramFiles%Windows Police Protmpimagesw3.gif
    %ProgramFiles%Windows Police Protmpimagesw3.jpg
    %ProgramFiles%Windows Police Protmpimageswt1.gif
    %ProgramFiles%Windows Police Protmpimageswt2.gif
    %ProgramFiles%Windows Police Protmpimageswt3.gif
    %SystemRoot%ppp3.dat
    %SystemRoot%ppp4.dat
    %SystemRoot%svchasts.exe
    %SystemRoot%system32bennuar.old
    %SystemRoot%system32dddesot.dll
    %SystemRoot%system32desote.exe
    %SystemRoot%system32sysnet.dat
    %UserProfile%DesktopPC_protect.exe
    %UserProfile%DesktopWindows Police Pro.lnk
    %UserProfile%Start MenuProgramsWindows Police ProWindows Police Pro.lnk

    And create new registry entries:

    HKEY_CURRENT_USERsoftwareWindows Police Pro
    HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police Pro
    HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police ProRegistration
    HKEY_CURRENT_USERsoftwareWindows Police Prowindows Police Prosetdata
    HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionUninstallWin Police Pro
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAntipPro2009_100
    HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}

    This malware also try to connect to core2634.newdomainagain.com.

    WindowsPolicePro graphical user interface

    WindowsPolicePro price

    Show fake Windows Security Center

    Show fake error svchost.exe

    User must register to enable removal feature.

     

    How to remove the infection of Adware.Win32.WindowsPolicePro?

    To delete this malware infection, please download and install a-squared
    Anti-Malware
    . Run a full scan on all drives and move all detected items
    to the quarantine



    View the full article
  4. Great news!

    a-squared Anti-Malware was nominated for the Epsilon software award 2009. This award is given to the best software during the European Software Conference event, which is held once a year in Berlin, Germany.

    The voting period just began and lasts until October 27, 2009, so please give us your vote!

    We need your help to win! Please go to the voting website, scroll down to the bottom and click the Next button. Then select a-squared Anti-Malware from the list and submit your vote.

    Thank you very much!

     



    View the full article
  5. Issue 10/2009 of the German com! magazine published a big comparative of 10 freeware antivirus tools. The testing was executed by www.av-test.org. The In-the-wild test included 3200 of the most spread malwares. For the testing of the specific malware categories, they have used about 480,000 unique malware samples.

    The following programs were tested:

    - Avira Antivir Personal Free Antivirus 9.0
    - Antivirus Software BitDefender 10
    - Panda Cloud Antivirus Beta
    - Microsoft Security Essentials 1.0
    - Alwil Avast Antivirus Home 4.8
    - AVG Anti-Virus Free Edition 8.5
    - Emsi Software a-squared Free 4.5
    - Comodo Internet Security 3.10
    - PC Tools Antivirus Free Edition 6.0
    - Clamwin Free Antivirus 0.95

    The detection test results for a-squared Free:

    - Wildlist-Malware on Demand: 100% detected – best in test!
    - Worms: 99.99% detected – best in test!
    - Backdoors: 99.98% detected – best in test!
    - Bots: 99.81% detected – best in test!
    - Trojans: 99.95% detected – best in test!
    - 5 active nasties: 100% detected – best in test!
    - Heuristic (1 week without updates): 63.56% detected – best in test!
    - Heuristic (2 weeks without updates): 52.72% detected – number 2 in test
    - Ad- and Spyware: 99.57% detected – best in test!

     



    View the full article
  6. Softpedia.com is similar to Download.com a high quality software directory. They published a very detailed review of a-squared Anti-Malware 4.5.

    Full quote of their conclusion:

    The Good

    Although it brings to the table a plethora of options and fine tuning settings, a-squared is easy to manage by any average user. Its detection rate was over 98% and the flexibility in letting you decide upon online threats is to be fully appreciated.

    The initial wizard can help you set up the entire application while the main screen gives way to fine tuning options in order to customize the way it protects your system. For each app on the computer you can create rules to restrict their performance or receive alerts when suspicious behavior is detected.

    The various layers of protection can be enabled/disabled at will and all a-squared activity is logged for later reference. Scheduling system is very well thought, offering the chance to plan scans at specific times, dates and with a certain frequency, as well as define a start and end interval.

    In order to reduce the amount of alerts, community knowledge can kick in and decide for you, according to your pre-configuration.

    The Bad

    Surf Protection alerts can be quite annoying, especially if you’re in the habit of roaming the less-known paths of the web. If tracking cookies are okay to block, with hosts things are different and many users may feel the urge to disable surf protection.

    The Truth

    a-squared managed to score high in our tests and prove that it can be a great ally against the cyber threats. It is easy to handle and the help file thoroughly explains every option in the program.

    Background Guard can easily help you monitor any application for suspicious activity, as well as deflect malware-like activities on your computer.

    Each program launched on the system can be scanned upon execution in order to make sure that its activity is benign. Alert system is flexible enough to let you automatically create a rule for the notifications you receive and thus reduce the amount of pop-up messages displayed.

    EDITOR’S RATINGS:
    User Interface: softpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gif
    Features: softpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gif
    Ease of use: softpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gif
    Pricing/Value: softpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gif
    Overall: softpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gifsoftpedia_star.gif
    a-squared Anti-Malware review by softpedia download portal

     



    View the full article
  7. The independent testing organization Malware Research Group spent much efforts in creating a close to real world needs test environment.

    Methodology:

    The MRG testers have installed and tested 25 different security solutions to see if they can prevent virus infections. From pure antivirus over firewalls with antivirus features to full internet security suites. To make the test as representative as possible, they have executed 60 different nasties. All samples of malware used in this test came from infected machines, samples were collected in August 2009.

    The test results:

    Only less than 50% of the tested security products were able to protect the test system.

    a-squared Anti-Malware has detected all malware samples!

    On request, MRG told us that a-squared Anti-Malware was the only product which was able to detect all samples purely based on signature detection. The behavior blocker part was not even needed to prevent the infections.

    a-squared Anti-Malware has been able to protect the test computer

    The tables shows: Program tested, Amount of samples blocked, Amount of Samples missed, Passed or Failed the test.

    Program Blocked Missed MRG Project#20
    a-squared 60 0 Passed
    Avast 58 2 Failed
    AVG 59 1 Failed
    AVIRA 60 0 Passed
    BitDefender 53 7 Failed
    Dr.Web 57 3 Failed
    eScan 52 8 Failed
    F-Prot 46 14 Failed
    Ikarus 60 0 Passed
    Kaspersky 60 0 Passed
    Microsoft (BETA) 57 3 Failed
    Nod32 58 2 Failed
    Norman 50 10 Failed
    Norton 58 2 Failed
    Panda 60 0 Passed
    Panda Cloud 60 0 Passed
    Prevx 60 0 Passed
    Spy Emergency 44 16 Failed
    Twister 58 2 Failed
    VIPRE 60 0 Passed
    COMODO 60 0 Passed
    F-Secure 60 0 Passed
    G DATA 60 0 Passed
    McAfee 59 1 Failed
    Online Armor++ 60 0 Passed

     



    View the full article
  8. PC Security Labs, a new but well established antivirus testing agency, published the July 2009 test.

    Key facts:

    • 23 well known antivirus products in test.
    • 3132 Malware samples to be scanned.

    Test results:

    a-squared Anti-Malware and Online Armor ++ best in PCSL test - July 2009!



    View the full article
  9. Malware Research Group did the first realtime protection test, executing 22 wide spread malware samples to see which security solutions are able to block them effectively (which is the most imporant fact on any antivirus program actually).

    These were the candidates:

    - Avira AntiVir Premium Version: 9.0.0.441
    - a-squared Anti-Malware Version: 4.5.0.19
    - avast! Professiona Edition Version: 4.8.1335
    - Kaspersky Anti-Virus 2010 Version: 9.0.0.463
    - G Data AntiVirus 2010 Version: 20.0.1.1
    - COMODO Internet Security Version: 3.10.102363.531
    - ESET NOD32 Antivirus System Version: 4.0.437
    - Norton AntiVirus 2009 Version: 16.5.0.134
    - AVG Anti-Virus Professional Edition: 8.5.406/1617
    - Dr.Web anti-virus Version: 5.00.1.08030

    Only 2 of 10 candidates passed the test:

    a-squared Anti-Malware and Avira AntiVir!

    Please check out the MRG website for more details: http://malwareresearchgroup.com/forum/viewtopic.php?f=20&t=47

     

    Additional note:

    On request of Emsi Software, they have tested Mamutu 2.0 using the same samples. The result is stunning:

    Even without any Malware signatures, Mamutu 2.0 blocked all samples too!

     



    View the full article
  10. The German COM! computer magazine has published an extended product test for a-squared Anti-Malware 4.5 in their July 2009 issue.

    They wrote:

    - 100% detection on the In-The-Wild test.

    - Very good detection on less known viruses and trojans.

    - Selfprotection is working efficiently.

    - False alert rate is significantly lower compared with previous versions.

    Conclusion:

    (+) Very high detection rate

    (+) Little false alerts

    (+) Good self protection

    (-) The user has to decide by himself on alert windows

    The tool has been improved significantly, works 100% as it should and proves best detection.

    On a scale from 1 (best) to 6 (worst), a-squared Anti-Malware was rated with a very good 2.0!

    COM! Magazin Einzeltest a-squared Anti-Malaware 4.5 - Note 2.0

     



    View the full article
  11. MalwareResearchGroup did a major scanner test, using a massive set of malware samples. They used 626,424 different malware files to compare the scanner capabilities of 19 well known antivirus solutions.

    Trojans/Backdoors – 468,850
    Windows Viruses - 12,134
    Worms – 64,358
    Adware/Spyware – 58,224
    Rootkits/Exploits – 11,058
    Other Malware – 24,800

    Samples were gatherered between 2008 and 2009 and represent a typical spread ratio of each individual malware group.

    Testresults

    The table shows the program tested, the amount of malware samples (all of the categories above) that were detected and removed.

    Program Detection Rate (%)
    a-squared 99.7%
    Avira 99.5%
    G DATA 99.4%
    Kaspersky 98.8%
    Avast 98.7%
    BitDefender 98.6%
    eScan 98.5%
    Norton 98.2%
    Nod32 97.4%
    COMODO 97.1%
    McAfee 96.8%
    F-Secure 96.4%
    AVG 96.2%
    Norman 95.4%
    Twister 94.6%
    Sophos 93.5%
    Spy Emergency 82.4%
    ClamAV 82.3%
    Dr.Web 79.5%

    a-squared Anti-Malware test results on MRG comparison



    View the full article
  12. PC Security Labs has finished a new bi-monthly test of 19 major antivirus products. The testset contained 3,601 different malicious samples of March and April 2009, representing a typical scenario today:

    - 61.7% Trojans
    - 22.9% Backdoors
    - 14.2% Worms
    - 0.7% Rootkits
    - 0.5% Viruses

    In static testing (found by the disk scanner), a-squared Anti-Malware 4.5 missed 6 samples, which means a detection rate of 99.83%.

    PCSL tested the missed 6 samples by starting them to see how much of them can be blocked by the a-squared Anti-Malware Guard. The result:

    a-squared Anti-Malware missed only 1 malware sample!!!

    That means the best total detection rate of 19 antivirus products!

    pcsl_excellent0907_160.png

    Total detection rate results in detail: 

     antivirustest_pcsl_090609.jpg



    View the full article
  13. Anti-Malware test performed by Malware Research Group in April 2009:

    Project details: On Demand scan test

    Operating System used in this test: Windows XP Professional Service Pack 3

    Total number of programs used in this test: 18

    Malware samples used in this test: 395.844

     

    Malware categories used in this test and the amount of samples in each category :

    Windows/Macro Viruses- 18.696

    Trojans/Backdoors- 243.811

    Worms/Rootkits- 86.634

    Adware/Spyware- 46.703

    The table shows the program tested, the amount of malware samples (all of the categories above) that were detected and removed.

    Program Detection Rate (%)
    a-squared 99.6%
    Avira 99.6%
    G DATA 99.4%
    Avast 99.2%
    Norton 99.0%
    Kaspersky 98.8%
    BitDefender 98.7%
    eScan 98.5%
    F-Secure 98.3%
    McAfee 98.1%
    Nod32 97.6%
    AVG 96.9%
    COMODO 96.2%
    Twister 95.7%
    Sophos 93.5%
    Norman 93.2%
    Dr.Web 86.3%
    ClamAV 85.7%

     All details can be reviewed here: Test #18



    View the full article
  14. Here is another anti malware challenge performed by SSUpdater Team (quoted):

    This is the first Anti-Malware test performed by SSUpdater.com in 2009. but the long wait was worth it, in this test we used a total of 754.650 malware samples, and we concentrated only on the samples from the past 16 months.
     
    In this test we wanted to use as many known variants of all the famous names in the world of malware as possible, to name a few: Zlob, Monder, Conficker, Virtumonde, FraudPack, Renos, TDSS, AutoRun, Virut, Delf, FraudLoad, AutoIt, Inject, Kolab, Kolabc, Buzus, Poison, Bifrose, Palevo, Obfuscated, Adload, Zbot, Rbot, IFrame, Small, FakeAV, KillAV, Hupigon, Rukap, MyDNS, DNSChanger, Sinowal, Banker, Monderb, Sality, Midgare, Cinmus, Vanti, Stuh, Iksmas, Iroffer, OneStep, BlackHole, Magania, OnLineGames, Swizzor, Singu, Mudrop, Ciadoor, Qhost ……………………
     
    The malware categories used in this test: Windows Viruses, Trojans, Backdoors, Worms, Spyware, Adware, Rootkits, Exploits, Keyloggers, Hacking Tools, Malicious Scripts and other malware
    No unknown malware samples were used in this test.
     
    The test was conducted in virtual environment using Microsoft’s Windows XP SP3 with all the latest updates. We used a total of 25 programs.
    All the programs used in this test were set to their maximum detection capabilities which include heuristic detection of unknown variants.
     
    The Results:
    (Program name, Detection Rate)


    1. Avira AntiVir Personal Edition Premium – 99.43%

    2. a-squared Anti-Malware – 99.37%
    3. G DATA Antivirus – 99.18%
    4. avast! Professional Edition – 98.95%
    5. Kaspersky Antivirus – 98.64%
    6. Norton Antivirus – 98.58%
    7. BitDefender Antivirus – 98.49%
    8. ZoneAlarm Security Suite – 98.36%
    9. F-Secure Antivirus – 98.16%
    10. Nod32 Antivirus – 97.83%
    11. McAfee Antivirus Plus – 97.51%
    12. Comodo Internet Security – 96.93%
    13. AVG Antivirus – 96.65%
    14. Panda Antivirus – 96.22%
    15. Rising Antivirus – 95.78%
    16. Sophos Antivirus – 94.86%
    17. F-Prot Antivirus – 93.47%
    18. Outpost Security Suite – 92.58%
    19. VIPRE Antivirus + Antispyware – 92.49%
    20. VirusKeeper – 91.31%
    21. Spy Emergency – 73.62%
    22. Dr.Web – 71.05%
    23. CA Antivirus – 68.84%
    24. BullGuard Internet Security – DNF
    25. Malwarebytes Anti-Malware – DNF

    *Note: Both BullGuard and Malwarebytes were unable to complete the scan therefore they classified as Did Not Finish.

     

    Read all details on SSUpdater.com



    View the full article
  15. Project details: Infected System Rescue test

    Operating System used in this test: Windows XP Professional Service Pack 3

    Total number of programs used in this test: 18

    Malware samples used in this test: 30

    All the samples used should be detected by all the participants in this test.

    All the samples used are wide spread and no “unknown” variants have been used.

    List of Malware samples used in this test:

    Adware.Win32.Cinmus.hen
    Adware.Win32.Virtumonde.qpm
    Backdoor.Win32.Bifrose.zbx
    Backdoor.Win32.BlackHole.d
    Backdoor.Win32.Hupigon.efjs
    Backdoor.Win32.Poison.oo
    Backdoor.Win32.Singu.bt
    Backdoor.Win32.Sinowal.bq
    FraudTool.Win32.Agent.b
    Hoax.Win32.Renos.vark
    Net.Worm.Win32.Kolab.baq
    Rootkit.Win32.Clbd.kr
    Trojan.Win32.Buzus.jio
    Trojan.Win32.Delf.hjd
    Trojan.Win32.Inject.afm
    Trojan.Win32.Midgare.gga
    Trojan.Win32.Monder.dtn
    Trojan.Win32.Monderb.hrf
    Trojan.Win32.Qhost.kng
    Trojan.Win32.VB.jiq
    Trojan.Clicker.Win32.Small.kj
    TrojanDownloader.FakeAlert.wr
    TrojanDownloader.Win32.Agent.bbkf
    TrojanDownloader.Win32.CodecPack.ml
    TrojanDownloader.Win32.Zlob.wg
    TrojanDropper.Win32.Mudrop.cy
    TrojanSpy.Win32.Delf.dq
    TrojanSpy.Win32.Zbot.dmz
    TrojanSpy.Win32.VB.axg
    Virus.Win32.Virut.bv
     

    The Table shows the name of the program used,
    how many points the program got and the final result.

    Product Points Result
    a-squared 30 System Rescued
    Avast 30 System Rescued
    Avira 30 System Rescued
    AVG 30 System Rescued
    BitDefender 30 System Rescued
    COMODO 30 System Rescued
    ClamAV 26 Failed
    Dr.Web 23 Failed
    eScan 30 System Rescued
    F-Secure 30 System Rescued
    G DATA 30 System Rescued
    Kaspersky 30 System Rescued
    McAfee 28 Failed
    NOD32 24 Failed
    Norman 27 Failed
    Norton 30 System Rescued
    Sophos 29 Failed
    Twister 28 Failed

     

    Read on here for testing methodology and details.



    View the full article
  16. a-squared Free is rated as best free trojan scanner/trojan remover by techsupportalert.com.

    Quote:

    a-squared Free is a good choice to scan and remove malware, especially trojans, from your PC. It removes reliably the trojans containing backdoors, keyloggers, dialers and other destructive pests which make it dangerous to surf the web. 

    techsupportalert_toppick_120x134.png



    View the full article
  17. The SSUpdater Team did their first freeware antimalware competition.

    From the SSUpdater Forum:

    In this test we have used a total of 18 freeware programs and 4 full version programs, the full version programs were tested so they can show you how the freeware programs compare to them.
     
    The test was conducted in a virtual environment using fully updated Windows XP SP3, identical clones were created for every program tested, the programs used were set to their maximum capabilities and used the latest signature database/program build.
    In total we used 303.200 malware samples including all the latest malware samples that were found until the testing began. We have used the flowing malware categories: Windows Viruses, Trojans, Backdoors, Worms, Spyware, Adware, Rootkits, Exploits, Keyloggers, Hacking Tools, Malicious Scripts and other types of malware.
     
    We have measured the amount of memory that was used by all programs tested, the amount that you will see is only the memory used by the scanning process.
    The Results:
    (Detection Rate/Average Memory Used)

    1. a-squared Anti-Malware 4.0 Free Edition – 99.48% (90.000k)

    2. AntiVir Personal Edition – 98.74% (50.000k)

    3. Avast! Home Edition – 98.71% (58.000k)

    4. BitDefender Free Edition – 96.81% (31.000k)

    5. McAfee by AOL – 95.58% (96.000k)

    6. Comodo Internet Security – 94.85% (26.000k)

    7. DriveSentry – 93.66% (15.000k)

    8. AVZ Antiviral Toolkit 4 – 92.36% (20.000k)

    9. Rising Antivirus Free Edition – 92.18% (65.000k)

    10. Blink Personal Edition – 91.08% (110.000k)

    11. AVG Antivirus Free Edition – 89.22% (51.000k)

    12. Moon Secure Antivirus Beta – 88.47% (82.000k)

    13. PC Tools Antivirus Free Edition – 87.69% (20.000k)

    14. a-squared Anti-Malware 3.5 – 85.39% (48.000k)

    15. My Free Antivirus – 83.87% (58.000k)

    16. Spyware Terminator with ClamAV – 79.62% (156.000k)

    17. ClamWin Antivirus – 74.48% (25.000k)

    18. Malwarebytes Anti-Malware – 3.71% (28.000k)

    Full Versions:

    1. Avira AntiVir Premium – 98.83% (50.000k)

    2. Kaspersky Antivirus – 98.28% (41.000k)

    3. Norton Antivirus – 96.94% (125.000k)

    4. Nod32 4.0 beta – 89.79% (48.000k)

     

    Read all details on SSUpdater.com



    View the full article
  18. PC Security Labs, a new antivirus testing organization, did a scanner comparative test of 6 antivirus products:

    a-squared Anti-Malware 4.0.0.14
    Ikarus virus.utilities T3 1001034
    Kaspersky Internet Security 2009 8.0.0.454(a,b)
    Kingsoft Internet Security 2008 2008.9.8.18
    Trend Micro AntiVirus plus AntiSpyware 2008 8.910-1002
    Twister Anti-TrojanVirus V7 R3 7.3.1.23211

    Total Detection Summary: 1979 Malware Samples

    1. a-squared: 1970: 99.56%
    2. Ikarus: 1968: 99.44%
    3. Kaspersky: 1948: 98.43%
    4. Twister: 1917: 96.87% 
    5. Trend Micro: 1823: 92.12%
    6. Kingsoft: 1686: 85.19%

    Read all details about this antivirus test here.



    View the full article
  19. From Calender Of Updates forum:
    Rogue Detections: Old, Not So Old and New Threats

    Quote:
    The number of misleading applications (aka rogue products) have escalated and there are now hundreds of rogue software floating around the net. Users need protection not only from common threats (such as viruses etc) but also from rogue software. Luckily, the trustworthy malware scanners have added detections of rogue products.
     
    Total samples: 70 rogue applications
    To complete the test we gathered some old (2 years ago), not so old (last year) and new (this year) rogue samples.

    Some misleading applications in this test were picked-up by searching the internet using keywords that is similar to non-misleading and popular software. (Example: AntivirProtect is similar to Antivir by AVIRA, SpyBlaster is similar to SpywareBlaster by Javacool). Others were picked by visiting websites that offer database of software (free downloads website). Some were picked by directly going to rogue software vendor’s website.

    Note: There are rogue products in these test that were not picked but was offered by existing rogue software e.g. PCTurboPro offers another rogue software: WinAntivirus 2007 Pro.

    We selected most of the samples not by risk level but by it’s age level. Please read on to find out why it is IMPORTANT that age level (old, not so old, new threats) is important to be detected especially if the method to get the samples is easy as searching the internet, using a search engine or by going to any website that is offering free downloads.

    We’ve run the test by scanning the system with the following free antispyware/antimalware applications:

    A-Squared by Emsisoft (A2)
    Ad-Aware 2007 by Lavasoft (AAW)
    Malwarebytes Anti-Malware by Malwarebytes (MBAM)
    RogueRemover by Malwarebytes (RR)
    SUPERAntispyware by Superantispyware.com (SAS)
    Spyware Doctor Starter Edition by PC Tools (SD)
    Spybot Search & Destroy by Safer Networking (SSD)
    Windows Defender by Microsoft (WD)

    Please note that it is IMPORTANT that a scanner to be able to detect not only the newer threats but also old threats because these threats are still in the wild and are available through different distributions (email, website, ads, phishing etc).

     

    Results

    1. A-Squared: 91.4%
    2. Malwarebytes Anti-Malware: 65.7%
    2. RogueRemover: 65.7%
    4. Ad-Aware: 61.4%
    5. Spybot Search & Destroy: 58.6%
    6. SUPERAntispyware: 54.3%
    7. Windows Defender: 42.9%
    8. Spyware Doctor Starter Edition: 40.0%
     

    Analysis

    1. It goes without saying, but we’ll say it, anyway, a perfect malware scanner does not exist.
    2. Of the scanners tested, a-squared by Emisoft performed significantly better than the others. It only failed to detect six items. This product performed equally well detecting the old, not so old and new threats.
    3. Malwarebytes’ Anti-Malware and RogueRemover both performed well on the tests. RogueRemover failed to detect 24 rogue samples and Malwarebytes’ Anti-Malware, concidentally, also failed to detect 24 rogue samples. It should be noted that the failed samples were not the same items on both scanners. When scanned with both of scanners, the total number of samples missed was only ten. This is important to note since it clearly displays the benefit of using multiple scanners. One succeeds where the other fail, but both used together failed on a much smaller group of samples.
    4. Ad-aware, Spyware Doctor, Spybot S&D, Windows Defender and SUPERAntispyware all performed very poorly. As this test clearly indicates, there are other scanners available that did a better job detecting threats. If you are currently using any of the scanners in this group, you should consider using the other scanners highlighted in this test either in addition to, or instead of, this group.

    Donna, thanks for testing these products!



    View the full article
×
×
  • Create New...