IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> KAV 5.0.527 does not detect malware such as...
mrizos
post 6.04.2006 21:36
Post #1


Newbie
*

Group: Members
Posts: 4
Joined: 6.04.2006




I just bought KAV 5.0.527 Personal to clean up my sisters high infested computer. Kav found and deleted 81 trojans/viruses/adware/spyware, but left some very obvious adware intact (and yes, I have the extened database enabled):

SurfSideKick 3....does not even detect it
Spyware Sheriff....does not detect it
Spyware Quake....not here either
ClkOptimizer....not detected
WebHancer...not detected

I would say the virus detection is strong, but the adware/spyware detection is super weak.

Spyware Doctor detected over 1405 infections after my full KAV scan with the latest def's. Now granted KAV does not scan the registry (and who really cares anyway...im only after binaries), but Spyware Doctor found 2 malware processes running and many files that were indeed malware (and very much intact)

Any Ideas? Comments?
Go to the top of the page
 
+Quote Post
Lucian Bara
post 6.04.2006 21:38
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




If you still have the files, you can send them to newvirus@kasperskycom for analysys.
Go to the top of the page
 
+Quote Post
mrizos
post 6.04.2006 21:52
Post #3


Newbie
*

Group: Members
Posts: 4
Joined: 6.04.2006




QUOTE(lucianbara @ Apr 6 2006, 11:38 AM)
If you still have the files, you can send them  to newvirus@kasperskycom for analysys.
*


Nah, they are gone. But I do have some Virtual Machines for av testing...those should have the SurfSideKick binaries.

I think SurfSideKick has been around for at least a few months though.

I own a business that helps home users with Malware and other computer related issues (www.compuworkz.com) and we just really want to standardize on one app that does it all. Kaspersky had the highest kill rate on viruses and trojans. I will be emailing/posting any malware that it misses, I'd really like to help grow this app into THE solution for ALL malware.
Go to the top of the page
 
+Quote Post
Don Pelotas
post 6.04.2006 22:36
Post #4


Global Moderator
****************

Group: Global moderators

Posts: 28880
Joined: 7.04.2005




Malware samples submitted is always appreciated, Kaspersky does detect some of the worst adware, but will (& should not IMO) detect all adware altough it would be nice. It should and does detect the important stuff trojans, worms, rootkits, adware pales in comparison with these in how important it is to detect/remove them.


--------------------
Go to the top of the page
 
+Quote Post
mrizos
post 6.04.2006 22:58
Post #5


Newbie
*

Group: Members
Posts: 4
Joined: 6.04.2006




QUOTE(Don Pelotas @ Apr 6 2006, 12:36 PM)
Malware samples submitted is always appreciated, Kaspersky does detect some of the worst adware, but will (& should not IMO) detect all adware altough it would be nice. It should and does detect the important stuff trojans, worms, rootkits, adware pales in comparison with these in how important it is to detect/remove them.
*


Yeah, I agree, Kaspersky does get rid of the worst of the worst. I'll continue to submit adware samples to them (which I need to do tonight).
Go to the top of the page
 
+Quote Post
BlackHawk
post 6.04.2006 23:25
Post #6


Advanced Member I
***

Group: Members
Posts: 71
Joined: 6.04.2006




mrizos,

My experience is the same as yours. I think when it comes to viruses and trojans Kaspersky is #1. I tell everyone how good it is. But, when it comes to spyware and adware, I have to agree with you... it is weak. IME, it needs a lot of improvement. I've found that Dr. Web and BitDefender are doing a better job with spyware and adware, but they aren't quite as good with viruses and trojans as Kaspersky is. Your idea is nice... a standardize one app that does it all, but I'm not sure that is possible. I think Kaspersky could be an app that takes care of the majority of things, but I don't think any 1 app can do it all. I would like to see Kaspersky put more effort into detecting spyware and adware. I also wish they would promote their products more. It truly is a great antivirus program, but I think more needs to be done to get the word out to the masses. Most people have Norton and McAfee beat into their heads. Kaspersky needs to target that audience. I try to do my part by telling people how good it is.

I use a lot of stuff... HiJackThis, Ad-Aware SE Personal, ADSSpy, CWShredder, eTrust PestPatrol, Ewido anti-malware, FSecure Blacklight, HiddenFinder, Microsoft AntiSpyware, RootkitRevealer, Webroot Spy Sweeper, Spybot Search & Destroy, Spyware Doctor, UnHackMe, WinPatrol, Ghost Security Regdefend and DiamondCS ProcessGuard to name a few. smile.gif

Each program has it's niche and some are better in their area than others. When it comes to spyware I think Webroot SpySweeper is the best overall. It's not often, but at times I've found that others app that are in the same class can find things that SpySweeper misses. That's why I think you have to use many apps to be sure a computer is clean. Believe me, I wish 1 app did it all, but I don't think that's possible.

Long story short... As far as submitting spyware and adware samples go... I once sent a sample to Kaspersky that was most definately a threat and I was told it was not a threat. Many other AV programs detected that sample as a legitimate threat yet for some reason Kaspersky blew it off. I got the impression it wasn't a priority. That is one time I was disappointed. Why shouldn't Kaspersky detect as much spyware and adware as possible? It seems to me every day that more AV programs are concentrating on these things so why shouldn't Kaspersky do the same? The spyware and adware issue will only get worse and I think it is very imprtant to detect those things.

mrizos... I think users like yourself help with submitting these things. I applaud you!
Go to the top of the page
 
+Quote Post
Don Pelotas
post 7.04.2006 00:16
Post #7


Global Moderator
****************

Group: Global moderators

Posts: 28880
Joined: 7.04.2005




Blackhawk, if you only knew how many times i've heard something like "I once sent a sample that was most definately a threat and I was told it was not a threat."......that wasn't a threat in the end. The fact that other AV's detected your sample doesn't mean it's malware, i have personally seen samples 5-6 AV's detected as malware, but was in fact just FP's and got corrected later wink.gif

Also there a growing number of what some call greyware, not strictly speaking virus, i would also like my AV to detect everything, but think it is not really possible unless you wish to see a scanner with 1000000 signatures in a few years (2-3 years), i know i don't. Much better to have specialized adware scanners for the majority of adware of lesser importance and have Kaspersky detect the heavy stuff that is very difficult to remove (can be).

Btw. Kaspersky have doubled their extendedbases in the last year, so most likely we will see this trend in the future too. smile.gif


--------------------
Go to the top of the page
 
+Quote Post
saso
post 7.04.2006 01:16
Post #8


Professional II
************

Group: Gold beta testers
Posts: 3111
Joined: 10.04.2005
From: ljubljana, slovenia




to mrizos and everyone else sending in the samples i can say only thank you. it does not matter how good the engine is or how advance is the heuristics and other technologies if the signature database is "empty". i even don't mind if you sent the samples also to other vendors (actually i encourage you to do it) just send them in smile.gif

i almost get an headache every time a user comes to the forum and writes that kav is not detecting something but that he has deleted all the samples and is not able to send them in. i mean in such case users are "complaining" about something that they had all the power in their hands to fix it and didn't do it.

This post has been edited by saso: 7.04.2006 01:22


--------------------
Go to the top of the page
 
+Quote Post
BlackHawk
post 7.04.2006 04:53
Post #9


Advanced Member I
***

Group: Members
Posts: 71
Joined: 6.04.2006




Don,

I understand... I know where you are coming from, but I don't believe that to be the case here. Long story short... this was a website/bookmark detected as... "Application.Adware.Istbar.LNK"

It is still being detected that way by other AV apps. I could be wrong, but if it was a FP I think by now the other AV apps would have made the correction. I think you will agree that on the flip side... no AV in the world will catch everything all the time. For example...

I know for a FACT that on 12-08-05 trojan "Edepol-B" was 1st found by Microsoft Antispyware of all things... Kaspersky, BitDefender, Sophos, McAfee, Dr. Web, NOD32 and a slew of other AV could not detect it period.

I guess my point is... these things go both ways.



QUOTE(Don Pelotas @ Apr 6 2006, 03:16 PM)
Blackhawk, if you only knew how many times i've heard something like "I once sent a sample that was most definately a threat and I was told it was not a threat."......that wasn't a threat in the end. The fact that other AV's detected your sample doesn't mean it's malware, i have personally seen samples 5-6 AV's detected as malware, but was in fact just FP's and got corrected later wink.gif

Also there a growing number of what some call greyware, not strictly speaking virus, i would also like my AV to detect everything, but think it is not really possible unless you wish to see a scanner with 1000000 signatures in a few years (2-3 years), i know i don't. Much better to have specialized adware scanners for the majority of adware of lesser importance and have Kaspersky detect the heavy stuff that is very difficult to remove (can be).

Btw. Kaspersky have doubled their extendedbases in the last year, so most likely we will see this trend in the future too. smile.gif
*
Go to the top of the page
 
+Quote Post
mrizos
post 7.04.2006 06:09
Post #10


Newbie
*

Group: Members
Posts: 4
Joined: 6.04.2006




QUOTE(BlackHawk @ Apr 6 2006, 06:53 PM)
Don,

I understand... I know where you are coming from, but I don't believe that to be the case here. Long story short... this was a website/bookmark detected as... "Application.Adware.Istbar.LNK"

It is still being detected that way by other AV apps. I could be wrong, but if it was a FP I think by now the other AV apps would have made the correction. I think you will agree that on the flip side... no AV in the world will catch everything all the time. For example...

I know for a FACT that on 12-08-05 trojan "Edepol-B" was 1st found by Microsoft Antispyware of all things... Kaspersky, BitDefender, Sophos, McAfee, Dr. Web, NOD32 and a slew of other AV could not detect it period.

I guess my point is... these things go both ways.
*


Well at this point we are choosing Kaspersky as our AV solution and Spyware Doctor as our anti-spyware/adware solution.

We typlically use about 10 app's when supporting our clients...we're just trying to narrow it down a bit.

Also, do you guys feel the adware/spyware industry is getting...how shall we say...weaker?
Go to the top of the page
 
+Quote Post
Lucian Bara
post 7.04.2006 08:51
Post #11


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




QUOTE(saso @ Apr 6 2006, 11:16 PM)
to mrizos and everyone else sending in the samples i can say only thank you. it does not matter how good the engine is or how advance is the heuristics and other technologies if the signature database is "empty". i even don't mind if you sent the samples also to other vendors (actually i encourage you to do it) just send them in smile.gif

i almost get an headache every time a user comes to the forum and writes that kav is not detecting something but that he has deleted all the samples and is not able to send them in. i mean in such case users are "complaining" about something that they had all the power in their hands to fix it and didn't do it.
*

I can only complain about one thing, i sent a few smples to kl a few days back but i didn't get a reply:it's clean, it's infected, even an automated message that the file has arrived.
Two days ago, i sent another files, and this time i got confirmation that it was clean.
Now i sent the first samples again (yesterday night), and still haven't got a reply. sad.gif
Go to the top of the page
 
+Quote Post
Leo Max
post 7.04.2006 09:57
Post #12


Kaspersky Fan I
********

Group: Gold beta testers
Posts: 1363
Joined: 26.05.2005
From: California, USA




QUOTE(lucianbara @ Apr 6 2006, 08:51 PM)
I can only complain about one thing, i sent a few smples to kl a few days back but i didn't get a reply:it's clean, it's infected, even an automated message that the file has arrived.
Two days ago, i sent another files, and this time i got confirmation that it was clean.
Now i sent the first samples again (yesterday night), and still haven't got a reply. sad.gif
*


I always get replays. If not then the file is clean. Last two files I sent they were infected with Trojan.Downloader.

Best Regards, Leo
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 26.10.2014 02:49