Review Trojan/Virus Reports « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » General discussion

[sticky]

Review Trojan/Virus Reports

(275 posts) (128 voices)

Started 4 years ago by Lee
Latest reply from Serina

« Previous 1…567…10 Next »

BuBBy

offline
Teh adnim

Welcome to the forums, hytah.

So you are saying you wouldn't recommend AVG free to protect your PC? :)

Preventing AVG from running - it probably did you a favour. (I am serious. Anyone reading this who is running AVG - you can do better. Visit http://free-av.com/ for something that is at least a little better)

I'd have a look at the download stats - but if there were conservatively 10,000 downloads of the same file - and you were the only one to get a trojan, that would be interesting.

I'd say it came from somewhere else - or it is a false positive. If I had that giveaway - I could at least test it myself, but I gave that giveaway a miss.

Perhaps investigate sending the infected files to http://virustotal.com - see what comes back.

Posted 2 years ago #
ants

offline
Member

Hello!
Posting this here, because comments are not moderated.
This is about the Gold Audio Suite, August 21, 2009

Hello, giveawayfans!

What do we get today? A virus or a false positive?

Someone here advised to disable security - not wise;
I have uploaded erdmpg4.dll to some sites doing a file scan.
ca 50% of scanners find it infected with something named 'induc'

clean, say: ArcaVir, A-Squared,AntiVir, CPSecure, Ikarus, NOD32, Panda,Quick Heal, VBA32, Comodo, eSafe, Jiangmin, K7AntiVirus, McAfee-GW, PCTools

infected, say: avast!, AVG, bitdefender, ClamAV, Dr.Web, F-Prot, F-Secure, GDATA, Kaspersky, Sophos, VirusBuster, Authentium, Microsoft, Norman, Prevx, Symantec, Trend micro, McAfee5715, Fortinet, Sunbelt

Went to Sophos site, they say:
" W32/Induc-A
Aliases Virus.Win32.Induc.a
Category Viruses and Spyware
Type Virus
................
W32/Induc-A is a virus that infects Delphi files at compile-time. As such, these files cannot be disinfected and need to be recompiled cleanly.
................
Because infected executables are produced at compile time by infected Delphi development environments,
we are seeing many cases of infected files coming from genuine software vendors.
These are not false positives.
Clients and software developers seeking to understand why their software is being detected as W32/Induc-A should
see this [http://www.sophos.com/blogs/sophoslabs/v/post/6195] blog article.
................
How it spreads

* Infected files

Affected operating systems Windows
Protection available since 18 August 2009 15:14:59 (GMT)
Last updated 20 August 2009 05:28:01 (GMT)
Detected by All Sophos products
..............."

Some information from eset - NOD32 site:
Thanks to ESET’s early warning system - ThreatSense.Net ,
the first 24 hours from the virus’s release, ESET has received over 30,000 unique infected samples,
where in many cases the original software was a legitimate application prior to infection.

According to Juraj Malcho, the Head of ESET Virus Lab,
“the concern is over the period during which the virus went undetected and was able to infect a large number of PCs,
resulting in the infiltrated software being distributed to users directly by their vendor.
To our dismay, often the reaction of the software vendor has been that the detection of a virus is a false-positive.
”It is likely that the first samples of the virus date back to April 2009.
The reason why the virus was left unnoticed for such a long time period is that Delphi code tends to be quite voluminous
and the virus body itself quite small.

......................

......................

This was written before post #11 in comments

Posted 2 years ago #
ants

offline
Member

Update!
After the Gold Audio Suite build has been updated no infection is detected.
The demo version at vendors site is not changed.

Posted 2 years ago #
Damian

offline
Member

Batch Image Resizer given away on August 14, 2009

Backdoor.Win32.Hupigon.htas

Please note the wrapper was removed for this scan to verify that it had nothing to do with the bundled Software Informer application.

http://www.virustotal.com/analisis/f2fb709f74ecf276846fffb5e0da1edc784bcf124b48b124958bda6892cbbe7d-1251589760

In fact out of the 9 offerings from SoftOrbits.com only 4 applications scanned 100% clean at VirusTotal, the rest scan as containing a trojan or adware.

Sorry I didn't see this sooner,

Regards,
Damian

Posted 2 years ago #
Damian

offline
Member

VirusTotal scan of webgalery.exe from SoftOrbits HTML Web Gallery Creator given away on September 4, 2009

Trojan-Downloader.Win32.Adload.jot

http://www.virustotal.com/analisis/1d243e423585d8295a62d5d465644c66767c0a7b5454a12ea5cce3cc0e3691cf-1252275170

Posted 2 years ago #
gtoal

offline
Member

Today's signature update to McAfee just flagged the 22 Jan PDFZilla executable as "Generic.dx!fua" (and deleted it).

Posted 2 years ago #
prs

offline
Member

Todays offering by AnVir had my Kaspersky Internet Security crying foul. It is detected as a Trojan. I added AnVir to exclusions. Anyone else have this trouble ?

Posted 2 years ago #
notblocklox

offline
retired

No, my Kasper is quite happy with AnVir.

Posted 2 years ago #
prs

offline
Member

Today,s offer has rave reviews from the regulars. Would hate to let this go. I posted this in the comments section today and I find that my comment is "moderated" So here goes. Had this evaluated at virustotal and jotti.org. The result is 1/41 and 1/21 detecting Trojan. Kaspersky in those two lists is happy. Zone Alarm on my computer informs me that AnVir is trying to contact two particular destination IP. What does that mean ?

Posted 2 years ago #
watcher13

offline
Member

Not sure. It has a small AV module. Maybe it was checking for updates. As you probably saw, it also had links to other bundled software and "recommended" softwares. If you didn't deselect all that stuff, it might have been trying to contact one of them. Also, I haven't got around to installing yet, but I read over in the comments section that it still has nag screens to get you to upgrade. It may have been trying to download one of them. I'm thinking it's one or two of these annoying, but semi-harmless functions.

Posted 2 years ago #
leofelix

offline
Member

RegTidy is a misleading application, it will brings to false positive detection, more it can mess up you system.

http://www.emsisoft.com/en/malware/?Adware.Win32.RegTidy

http://www.mywot.com/en/scorecard/regtidy.com

I wonder GOTD team didn't check it

Posted 2 years ago #
perz

offline
Member

RegTidy trojan detected and identified by Avira AntiVir Premium:
Virus or unwanted program 'TR/Drop.arte.410624 [trojan]'
detected in file 'C:\Program Files\RegTidy 2009\RegTidy.dll.
Action performed: Deny access

Posted 2 years ago #
TeXaCo

offline
Member

After installing IOBIT 360 reported it the dll file as a trojan. Then after scanning my whole system, it came up with 15 other files from regtidy as a virus. As the program was taking me to (I'm assuming the software website). Avira blocked the website from being displayed saying it was known to be a malicious website and WOT also blocked it.

Now I know there have been false positives in the past but this seems to be too much to be false.

Posted 2 years ago #
Steve

offline
Member

http://www.giveawayoftheday.com/photo-stamp-remover/

OS = Windows XP Pro, sp3, IE8, all patches. Stamp Remover has been on this machine since the giveaway, although I don't think I ever used it after the giveaway.

SAV 9.0.7.1000, scan engine 91.2.1.10, virus definitions version 11/18/2009 rev. 3. auto-protect scan detected c:\program files\photo stamp remover\StampRemover.exe as a threat called "downloader". default action = clean (failed). backup action = quarantine (failed). final action taken by SAV = delete. The file was deleted successfully.

Very suspsicious if you ask me, especially since I wasn't even using the software. I was starting another software (radioget) at the time.

Posted 2 years ago #
nrshapiro

offline
Member

Norton Internet Security 2010 will not allow activate.exe to run. It won't allow it to stay either--deleting it. I could disable NAV of course, but then if activate.exe did contain a virus I'd be screwed, especially since it needs to be run with admin privileges. So I think GOTD needs to work this out with Norton.

Posted 2 years ago #
Mercurius

offline
Member

After starting the setup of today's game "Alien Terminator Deluxe" by the so called "Some Company" [= CCCP Games], a-squared Anti-Malware comes up with an alarm saying that setup.exe contains the trojan Win32.Chifrax.a!A2.

What's up with that? Something to scare about?
I honestly don't trust developers without any sort of homepage all too much.

Or just a false positive - once again - from an *award winning* anti-malware program?!

Posted 2 years ago #
notblocklox

offline
retired

Hi, Mercurius,

thanks for your post. I didn't download this game, so I can not scan it. If there would be a Trojan in the programme, some more users would have written about it.
A-squared is a good programme but also known for lots of false positives.
To get a better picture, you should make an online scan. Here are three links to fast and secure scanners:

http://www.virustotal.com/
http://www.malwarehash.com/submit-file.php
http://scanner.novirusthanks.org/

graylox

Posted 2 years ago #
MSC

offline
Member

Not sure if this is considered a virus, but it is certainly malware. After installing the FILEminimizer Pictures, a program called Explorer Context Menu Platinum is installed and is now telling me everytime i right click on any program and tell it to, say, "Run as Administrator", a program comes up saying "Explorer Context Menu Platinum-UNREGISTERED and then counts down and tells to either register or continue trial and neither option do anything. This program was installed as part of the FILEminimizer Pictures and is not a separate file. I have had to uninstall the program to solve the problem.

Posted 2 years ago #
alhall

offline
Member

Avira flagged Air Bandits as a trojan too. I submitted it to their website as a suspected false-positive and they returned to me that it has been determined to be 'MALWARE'. Our analysts named the threat TR/Spy.2334720. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.

Posted 2 years ago #
Mercurius

offline
Member

Some days ago I had my anti-virus software do a complete scan. For reassurance I uploaded the files that were said to be infected to virustotal.com. The results yielded by virustotal.com kind of resemble a "Horror picture show" - to my outmost regret (and dismay) GOTD included. I have to confess that from this moment on my belief in the integrity of GOTD has been irreversibly shaken! No "official" statement whatsoever will ever make me believe again in that there is no deliberate insertion of genuine malware in programs or games offered here.
The majority of the companies involved won't make it sure as death onto my HD any more.
Have a look for yourself:

Binerus Icon Commander (7/7/2009): Setup.exe

Virus Total: 18/41 (43.91%)

a-squared - Virus.Win32.Induc!IK
Avast - Win32:Induc
BitDefender - Trojan.Generic.2378440
Comodo - UnclassifiedMalware
DrWeb - Trojan.DownLoad.40229
F-Secure - Trojan.Generic.2378440
GData - Trojan.Generic.2378440
Ikarus - Virus.Win32.Induc
Kaspersky - Virus.Win32.Induc.a
McAfee+Artemis - Artemis!82B22BEB73AF
Microsoft - Virus:Win32/Induc.A
NOD32 - Win32/Induc
Panda - Trj/CI.A
PCTools - Virus.Induc.a
Prevx - Medium Risk Malware
Rising - Win32.Induc.a
Sophos - W32/Induc-A
VirusBuster - Win32.Induc

DG Music Making for MS Word (5/8/2009): MagicScoreServer6.dll

Virus Total: 35/41 (85.37%)

a-squared - Virus.Win32.Induc!IK
AhnLab - Win32/Induc
AntiVir - W32/Induc.Gen Antiy-
AVL - Virus/Win32.Induc.gen
Authentium - W32/Induc.A
Avast - Win32:Induc
AVG - Win32/Induc
BitDefender - Win32.Induc.A
CAT-QuickHeal - W32.Induc.A
ClamAV - Virus.Induc-2
DrWeb - Win32.Induc
eTrust-Vet - Win32/Induc.A
F-Prot - W32/Induc.A
F-Secure - Win32.Induc.A
Fortinet - W32/Induc.A
GData - Win32.Induc.A
Ikarus - Virus.Win32.Induc
Jiangmin - Win32/Induc.a
Kaspersky - Virus.Win32.Induc.a
McAfee - W32/Induc
McAfee+Artemis - W32/Induc
McAfee-GW-Edition - Win32.Induc.Gen
Microsoft - Virus:Win32/Induc.A
NOD32 - Win32/Induc
Norman - W32/Induc.A
nProtect - Virus/W32.Induc
Panda - W32/Induc.A
PCTools - Malware.Induc
Rising - Win32.Indcu.a
Sophos - W32/Induc-A
Sunbelt - Virus.Win32.Induc.a (v)
Symantec - W32.Induc.A
TrendMicro - PE_INDUC.A
VBA32 - Virus.Win32.Induc.c
ViRobot - Win32.Induc.A

Moyea FLV to Video Converter (6/9/2007): Setup.exe

Virus Total: 15/41 (36.59%)

a-squared - Adware.Win32.AdMoke.agg!A2
AntiVir - DR/AdMoke.agg.2
Avast - Win32:Adware-gen
Comodo - Backdoor.Win32.Sheldor.aw
Fortinet - Adware/AdMoke
GData - Win32:Adware-gen
Kaspersky - not-a-virus:AdWare.Win32.AdMoke.agg
McAfee+Artemis - potentially unwanted program Artemis!B67E7B63778F
McAfee-GW-Edition - Trojan.Dropper.AdMoke.agg.2
Microsoft - PWS:Win32/Prast!rts
NOD32 - probably a variant of Win32/Adware.Agent
Panda - Suspicious file
Sunbelt - Adware.Admoke
VBA - AdWare.Win32.AdMoke.agg
ViRobot - Adware.AdMoke.10098789

Alawar AstroFury (10/30/2007): AstroFury.wrp

Virus Total: 10/41 (24.4%)

a-squared - Gen.Trojan!IK
CAT-QuickHeal - (Suspicious)–DNAScan
eSafe - SuspiciousR-Mytob3
F-Secure - Suspicious:W32/Riskware!Online
Ikarus - Gen.Trojan
McAfee-GW-Edition - Heuristic.LooksLike.Win32.SuspiciousPE.C
PCTools - Trojan.Generic
Prevx - High Risk Worm
Sophos - Sus/UnkPack-C
Symantec - Trojan Horse

Firstborn SeeSoar (1/16/2008): SeeSoar.exe

Virus Total: 9/41 (21.96%)

a-squared - Virus.Win32.Trojan!IK
AntiVir - SPR/Constructor.3737671
ClamAV - PUA.Packed.ASPack212
F-Secure - Suspicious:W32/Riskware!Online
Ikarus - Virus.Win32.Trojan
Jiangmin - Constructor.IDL.b
K7AntiVirus - Trojan.Win32.Malware.4
McAfee+Artemis - Artemis!CEBBD4807C09
McAfee-GW-Edition - Riskware.Constructor.3737671

Insofta Air Bandits (12/26/2009): AirBandits.exe

Virus Total: 5/41 (12.2%)

a-squared - Gen.Trojan!IK
CAT-QuickHeal - Trojan.Agent.ATV
ESafe - Win32.TRSpy
Ikarus - Gen.Trojan
McAfee+Artemis - Artemis!8037963830C5

Meridian'93 Flowers Story (6/1/2007): mtrial_sm.dll

Virus Total: 26/41 (63.42%)

a-squared - Trojan.Win32.Genome!IK
AhnLab - Win-Trojan/Genome.89088.D
AntiVir - TR/Genome.bzwk
Avast - Win32:Oliga
AVG - Generic15.AXHN
BitDefender - Trojan.Generic.IS.593499
CAT-QuickHeal - Trojan.Genome.bzwk
F-Secure - Trojan.Generic.IS.593499
GData - Trojan.Generic.IS.593499
Ikarus - Trojan.Win32.Genome
Jiangmin - Trojan/Genome.hmm
K7AntiVirus - Trojan.Win32.Malware.1
Kaspersky - Trojan.Win32.Genome.bzwk
McAfee - Generic.dx!gry
McAfee+Artemis - Generic.dx!gry
McAfee-GW-Edition - Trojan.Genome.bzwk
NOD32 - probably a variant of Win32/Spy.Agent
Norman - W32/Suspicious_Gen.BTWR
Panda - Generic Malware
PCTools - Trojan-PSW.Gampass
Prevx - High Risk Worm
Rising - Trojan.Win32.Generic.51F5474F
Sophos - Sus/UnkPack-C
Symantec - Infostealer.Gampass
TrendMicro - TROJ_Gen.8V400
VirusBuster - Trojan.Genome.TQG

Meridian'93 Key Words (1/24/2009): KeyWords.exe

Virus Total: 23/41 (56.1%)

a-squared - Trojan.Crypt.ULPM!IK
AhnLab - Win-Trojan/Genome.814592
AntiVir - TR/Crypt.ULPM.Gen
Avast - Win32:Trojan-gen
AVG - Generic15.CIBG
BitDefender - Trojan.Generic.1714494
CAT-QuickHeal - (Suspicious)–DNAScan
F-Secure - Trojan.Generic.1714494
GData - Trojan.Generic.1714494
Ikarus - Trojan.Crypt.ULPM
Jiangmin - Trojan/Genome.piy
K7AntiVirus - Trojan.Win32.Malware.1
Kaspersky - Trojan.Win32.Genome.ckoh
McAfee - Generic.dx!hou
McAfee+Artemis - Generic.dx!hou
McAfee-GW-Edition - Trojan.Crypt.ULPM.Gen
Norman - W32/Smalltroj.SREZ
Panda - Generic Trojan
PCTools - Trojan.Generic
Rising - Packer.Win32.UnkPacker.a
Sophos - Sus/UnkPack-C
Sunbelt - Trojan.Win32.Generic!BT
Symantec - Trojan Horse

Meridian'93 Numericon (1/26/2008): numericon.exe

Virus Total: 8/40 (20%)

a-squared - Virus.Win32.Oliga!IK
CAT-QuickHeal - (Suspicious)–DNAScan
F-Secure - Suspicious:W32/Riskware!Online
Ikarus - Virus.Win32.Oliga
K7AntiVirus - Trojan.Win32.Malware.1
McAfee+Artemis - Artemis!45E806D4B782
Rising - Packer.Win32.UnkPacker.b
Sophos - Sus/UnkPack-C

Posted 2 years ago #
Violet4714

offline
Member

hi, Mercurius...

a couple of those programs have been discussed before...

the Binerus program:
http://www.giveawayoftheday.com/forums/topic/6009
the thread is two pages, but if you read thru it you'll find the information about a virus in a programming language that had infected many developers pc's...i am not an expert, but the developer came to the forums, apologized, & later offered another giveaway when the problem was fixed...

DG Music Making for MS Word: this may be related...the dates are close, and the programmers with the problem were infected with "Win32/Induc"...again, i am not an expert...

Air Bandits: http://www.giveawayoftheday.com/forums/topic/6816
the poster above you also reported this, as did others...the file was apparently submitted to Avira again by another community member, & the report back was clean...my guess would be they re-examined & determined it was safe...

a little over a year ago after a definition update, McAfee decided that i had several virus, trojan, etc., in programs that had been on my pc for literally years!...the next month a few more, then a few more!...most found thru "heuristics"...some GOTD, some not...another community member (sukibabe) reported the same thing with McAfee:
http://www.giveawayoftheday.com/forums/topic/4767 (page 2 is where i ranted off-topic)...

eventually, i was able to restore most of the damage after McAfee updated again & had determined the false positives...Webroot SpySweeper now says that one of my operating system .exe files is a trojan (XPSP2, MCE, pc that is five years old, & a "new" system file is a trojan?)...

i mention this because some of the program dates you listed are a couple years old...either 1) your anti-virus, anti-spyware, etc., missed them for years, 2) a definition update is now flagging them & a later one may change it to a false positive (as mine did), or 3) you've had all of these trojan, virus, etc., for a couple years with no pc problems & no other security problems (stolen passwords, accounts broken into, etc.)...some things to think about...

you also reported a trojan earlier in this thread in "Alien Terminator Deluxe", but not in the last post...did you delete the program, write the developer, your A/V company?...i am curious if that was resolved...

i have the Binerus programs, Air Bandits, Alien Terminator Deluxe...and in addition to my comment in the Air Bandits thread, i run other on-demand scans...yes, i am paranoid!...and have had no problems...i am not familiar with everything you listed...

i was a GOTD "lurker" for a while before joining the forum & my reason for joining was, yes, concern over a flagged program...i sent a PM to former Mod, Lee, who was quite patient in answering my questions & concerns...he was a big help, & also honest: if you aren't comfortable with the program, the answers you receive, or that it is a false positive (verified or not), don't install the program (or delete it)...

i've stayed, expressed concerns privately & publicly, and complained both ways as well...and overall remain really happy to have found the site...sorry to have rambled on, but i do hope you check things out a bit more & your comfort level with GOTD comes back...

Posted 2 years ago #
Violet4714

offline
Member

in my quest to install 365 GOTD programs per year, i did install Key Words...
: /

i just ran the KeyWords.exe thru VirusTotal (0/41):
http://www.virustotal.com/analisis/65633268cac308688fc289c5dec779653926c7f2604830ae72053e514cf67932-1263264115

and Jotti (0/20):
http://virusscan.jotti.org/en/scanresult/1e3431711e1fbd5ceec861c01c966d2600a5fd76

i've never copy-and-pasted a link to a scan before, so hope it works, as the scan to the .exe in my program file shows clean on both...

Posted 2 years ago #
watcher13

offline
Member

I understand why you might be upset, Mercurius, but I have some difficulties swallowing all this whole. Not that I doubt your sincerity, but, on the other end I have to try and put the pieces together, and....

You just recently did a scan and just now discovered that you have GOTDs that you may have acquired as long ago as 2 years (?) that are infected? Is this the first time you've run a scan? Or is this the result of installing a new scanner? Should we draw the conclusion that all your previous scans were insufficient or that your new scanner is very prone to false hits or that you've never scanned before?

Some things in what you posted do have some explanation. Many of the hits, like the Binerus Icon Commander mention Win32.Induc. I did some of the research in the thread that Violet cited on this (thanks, Vi) and this particular Virus actually came from a couple of respected sources in Germany. The problem with narrowing this down to a GOTD is that this particular virus infects almost all programs written in the fairly common Borland Delphi language. So, just because the GOTD contains the infection, doesn't mean it's the source of the infection. Although, as Violet said, it could have been Binerus because they did catch it and put up a new, clean version of it as soon as they did. Binerus probably got it from either of the respected German sites: Computer Bild or the German version of Chip magazine. Those two didn't catch it, Binerus didn't catch it, and GOTD didn't catch it, because nobody caught it. It was a couple months before any of the virus research sites identified it. When the truth came out, it was widely spread throughout the world, including in some of the world's banks. It appear clear now that it was spread by "white" hackers. Hackers who get their jollies by writing harmless viruses whose only purpose is to point out major holes in major software, or programming languages like Delphi, in this case. The world's security experts determined at the time that it had no malicious behavior. As Kaspersky put it in their press release: "The virus is not currently a threat – there is no destructive behavior apart from infection."

Also, notice that many of your hits use the word generic (or abbreviation gen). The virus companies use this to identify hits by their heuristics - routines that attempt to find undiscovered viruses by identifying "suspicious" behavior. It's a good technology, but produces MANY false hits. Two stories: I got a generic Trojan notice from Avira on my AT&T home page for almost 2 months before the problem was resolved. My guess is that AT&T changed the scripting routines for some of their ads and it wasn't resolved until AT&T changed their routines or Avira revised their definitions. Every time I got the warning, one of the ad boxes remained empty (not so bad, considering).

Also, I got the Air Bandits hit about a week after I started using it. One of the nice things about Avira is that every virus alert gives you a direct link to that virus definition in the database. So I hit the link and the description was completely empty. No description of the virus behavior, no threat level, no infection level, nothing. I'm sure this was what I call a "working" definition. A definition they send down every time their generics hit on something just in case it's something new, just to be safe. When they find out it's real, they add the info. in their database, when they find it's false, they repeal it. Air Bandits is not a new program. It's likely this definition will go away. Like Violet says, they've told at least one of our members it's a false hit.

One of the things I recommend whenever you get a hit is to go to your AV's database, if it even has one, and look at the actual definition. If it contains no information, it's VERY unlikely that it's a real virus. If it's a real virus, they'll already have at least some of the details.

You may have found one or two real problems, in which case, thanks! If you can narrow it down further, please post. You should also note however, that even Virus Total and Jotti state on their websites that you will occasionally get false hits from some of the scanners, so files that only get a few hits, like the 5 on Air Bandits are often false hits. The whole thing needs to be looked into further.

Posted 2 years ago #
BuBBy

offline
Teh adnim

I get asked from time to time "what is a good antivirus" - and it is difficult to answer because there are several (generally each for different reasons).

the website av-comparatives.org have announced the "winners" as a result of all the testing they did last year. The results can be downloaded as a PDF from HERE

To summarize their colorful chart and pages of summary text I have scored their results simply with the following scores.

A test scoring STD (Standard) will gain 2 points, ADV (Advanced) will gain 4 points, and ADV+ will gain 6 points. Failure to participate or complete the tests scores nothing.

Symantec = 44
Kaspersky = 44
ESET NOD32 = 42
--------------------
BitDefender = 40
F-Secure = 40
--------------------
avast = 36
Microsoft = 36
AVIRA = 36
eScan = 36
--------------------
McAfee = 32
TrustPort = 26
AVG = 26
Sophos = 22
--------------------
Kingsoft = 10
Norman = 10

So for 2009 the AVComparatives testing winners were.

1st - Symantec
2nd - Kaspersky
3rd - NOD32

Also note that the "Free" antivirus packages (AVG etc) are not tested. AVComparatives tests the paid (professional?) versions. If you are using one of the free Antivirus Programs, make of that what you will.

My only suggestion would be for people using AVG to consider looking at AVAST or AVIRA as both appear to be superior products to AVG.

Finally when getting 'positive' hits on scans when going to Jotti or VirusTotal - take note of which virus scan engines (products) came back positive. If all the "big guns" (top ranked/respected products) are missing - that probably should affect your view on the results. It is rare when all the top products can't detect it - yet one of the 'no name' products is the only one that correctly identifies a threat.

Posted 2 years ago #
Inas

offline
Member

Ten (10) More Ways To Detect Computer Malware

Posted 2 years ago #
Mercurius

offline
Member

@ Violet4714
Thanks a lot for so many valuable words. I’ll try to clarify some things – which isn’t all that easy in a language different from my native one.
You write „a virus in a programming language that had infected many developers pc's“. Hm, honestly, doesn’t that sound like a rather flimsy excuse?! If I were a developer and a majority of well recognized anti-virus would flag a virus in my software, believe me or not, claiming to be a victim myself would cross my mind right away. Look at the following evidence and watch the term „not harmful virus“ (sokol7, Music Making, DG Software) http://www.musicaleditor.com/en/forum/phpBB2/viewtopic.php?t=164 Everone may draw her or his own conclusions ... I cannot deny that there may be cases of wide-spread viri able to get onto a company’s HDs but then my question would be why haven’t they been detected (and removed) in time by internal routine security scans?

You are right in assuming some of the program dates I listed are a couple years old. It was mid December 2006 when I first came over to this site. It wasn’t like me never doing a virus scan ever since, not at all. I continously got all sorts of virus alerts about GOTD progs and games I scanned. BUT before now I never loaded a file allegedly infected up to virustotal.com or jotti and used to believe that one single anti-virus (Kaspersky or a² in my case) cannot be 100% precise so I dismissed those findings every time as a false positive. In April 2007 my pc heavily crashed but of course GOTD cannot be held responsible for that. I cannot report big security problems that were no doubt related to GOTD.
What’s making the difference here and now is that instead of a single anti-virus a whole bunch of 41 AV-warriors were in action. And is it that silly to believe that leading commercial anti-virus software combined at virustotal.com in their majority are made at the latest „state of the art“?

Thanks, as well, for linking your V.T. scan of KeyWords.exe. That’s really interesting to me because it shows that there has been some change (to the better) as your file having been tested clean must belong to the latest giveaway (GOTD from 1/24/09) whereas my file dates from 3/10/07. That makes 22 months in between.

As to your question concerning „Alien Terminator Deluxe“, I didn’t install the game after hearing about the threat. No, I did not write to „No Company“ or CCCP Games which can be a hard task keeping in mind the total lack of a proper website. :-)
So, keep on „rambling“, Violet4714. You’re welcome!

@ watcher13
Thanks for giving quite helpful insights. Perhaps I’ll recur to them some day after I have reason to believe that I got a clue of anti-virus expertise. Keep on sharing your profound knowledge to the benefit of the GOTD community!

@ BuBBy
The av-comparatives.org list you’re recommending to us as a guideline, for sure is meant to be helpful but I doubt very much it is that trustworthy.
A-squared Anti-Malware which runs on my pc (an earlier giveaway) and on presumably some millions of other pc must be a „no name“ product if we'd follow this ranking, and all statements on the a² website about awards they got just „hot air“!?

What’s more, this ranking list does not seem to deprive the virus reports I got from Virus Total of any credibility! It rather supports them since for every program or game I reported as being flagged at least 1 anti-virus amongst the top three ranking groups (36-44 pts) can be found.
Icon Commander 2/2/2 ; Music Making for MS Word 3/2/2 ; Moyea FLV to Video Converter 2/0/2 ; AstroFury 1/1/1 ; SeeSoar 0/1/0 ; Air Bandits 0/0/1 ; Flowers Story 3/2/1 ; Key Words 2/2/1 ; Numericon 0/1/0

Nonetheless, you are doing a great job, Sir! Have a good day.

Posted 2 years ago #
Violet4714

offline
Member

hello again, Mercurius...

thank you for posting back...i'd completely forgotten about the "no website games"! (the game today is also a no-site giveaway)...

i still have "Alien Terminator Deluxe", so i uploaded the .exe file:
VirusTotal (0/41): http://www.virustotal.com/analisis/9d0b9cd13e35406fd9e8b3edcf10d61c52b02a38e0df0ae275448039327c8142-1263779492

Jotti (0/20): http://virusscan.jotti.org/en/scanresult/94c44d09c74624f78e9b8e148e57ec56f037bc45

a-squared is on my pc for on-demand scans, so i updated it & scanned the file...still nothing (you may have used Kaspersky at the time of detection?)...

i also thank you for your words, & giving me a different view to consider...that's always a good thing...

when concerns are raised i frequently state that community members would speak up about any problem, and i appreciate you doing so...the GOTD comments are always a big help to me...

some programs are deleted from my pc as well, but they are usually giveaways that try to access the internet for an unknown reason...maybe it's as simple as an auto-update check, but if there is no option to turn it off, it usually is gone...just my preference...

(we complain if we have a "Special GOTD Build", we complain if we receive the paid version with auto-update included...lol...)

i hope i was able to help a bit...and still hope your comfort level with GOTD comes back...

p.s. "a language different from my native one"?...i'm from south florida (miami area), & everyone here tells me i "talk like an american from hialeah"...i'm not even certain what my native language is!...i am certain you can explain yourself well in at least two! : )

Posted 2 years ago #
minnnin15

offline
Member

RipTiger definitely has some problems with virus's. It never worked from the second i installed it, and BitDefender picked up a generic Trojan. I tried to Google facts on it to see if it was a false positive.but my explorer closed before it started. I tried Google Chrome, IE8, Opera, Firefox 3.6RC, and Safari. All of these explorers were effected by this program.

Conclusion:DO NOT DOWNLOAD RipTiger.

Posted 2 years ago #
icerabbit

offline
Member

I was requested to also post here about a problem with a hijacker we experienced, installed with the GOTD from 2/2/10 YouTube MP3 Converter

Not sure if I should copy/paste my whole post, or not, so please see my forum post here :

YouTubeMP3 hijacker - googlebreak
http://www.giveawayoftheday.com/forums/topic/7013

Posted 1 year ago #
SeniorCitizen

offline
Member

I rarely download software from Internet, with exception of giveawayoftheday. NOTE: I am NOT blaming my problems on giveaway! I'm what my screen says - I'm old, and not very computer savvy. I do, however, know most of the things in my registry and my C-drive. I'm a 'list keeper'. Everyday I try to learn something new. Oh, I use Windows 2000 professional.

Until yesterday virus protector I used was Avira. Without going into particulars, for the past few days the slowness of my computer was exhaustive. And the "Congratulations" pop-up were never-ending.

The following are NEW to my C:\Winnt\system32\... whatever.
giwawawo . dll (put spaces in on purpose)
gigiweme . dll
giwawawo . dll
fatopoze . exe
.. and then some.

Checked google and learned they are "trojans".

Question: If I do a full re-install of Windows 2000 with the disk will this remove whatever it is that's screwed up my computer?

Question: There are many software 'protectors' for viruses, malware, and spyware. Is there any ONE software that handles all of these things? If not, what would you consider the BEST virus protector because apparently the one I was using did not work.

I will send myself this link so I will know if there is a response. Thank you in advance for any help anyone can provide. -- Linda

Posted 1 year ago #

RSS feed for this topic

« Previous 1…567…10 Next »

Reply »

You must log in to post.