mrizos

KAV 5.0.527 does not detect malware such as...

12 posts in this topic

I just bought KAV 5.0.527 Personal to clean up my sisters high infested computer. Kav found and deleted 81 trojans/viruses/adware/spyware, but left some very obvious adware intact (and yes, I have the extened database enabled):

 

SurfSideKick 3....does not even detect it

Spyware Sheriff....does not detect it

Spyware Quake....not here either

ClkOptimizer....not detected

WebHancer...not detected

 

I would say the virus detection is strong, but the adware/spyware detection is super weak.

 

Spyware Doctor detected over 1405 infections after my full KAV scan with the latest def's. Now granted KAV does not scan the registry (and who really cares anyway...im only after binaries), but Spyware Doctor found 2 malware processes running and many files that were indeed malware (and very much intact)

 

Any Ideas? Comments?

Share this post


Link to post
Share on other sites

If you still have the files, you can send them to newvirus@kasperskycom for analysys.

Share this post


Link to post
Share on other sites
If you still have the files, you can send them  to newvirus@kasperskycom for analysys.

 

Nah, they are gone. But I do have some Virtual Machines for av testing...those should have the SurfSideKick binaries.

 

I think SurfSideKick has been around for at least a few months though.

 

I own a business that helps home users with Malware and other computer related issues (www.compuworkz.com) and we just really want to standardize on one app that does it all. Kaspersky had the highest kill rate on viruses and trojans. I will be emailing/posting any malware that it misses, I'd really like to help grow this app into THE solution for ALL malware.

Share this post


Link to post
Share on other sites

Malware samples submitted is always appreciated, Kaspersky does detect some of the worst adware, but will (& should not IMO) detect all adware altough it would be nice. It should and does detect the important stuff trojans, worms, rootkits, adware pales in comparison with these in how important it is to detect/remove them.

Share this post


Link to post
Share on other sites
Malware samples submitted is always appreciated, Kaspersky does detect some of the worst adware, but will (& should not IMO) detect all adware altough it would be nice. It should and does detect the important stuff trojans, worms, rootkits, adware pales in comparison with these in how important it is to detect/remove them.

 

Yeah, I agree, Kaspersky does get rid of the worst of the worst. I'll continue to submit adware samples to them (which I need to do tonight).

Share this post


Link to post
Share on other sites

mrizos,

 

My experience is the same as yours. I think when it comes to viruses and trojans Kaspersky is #1. I tell everyone how good it is. But, when it comes to spyware and adware, I have to agree with you... it is weak. IME, it needs a lot of improvement. I've found that Dr. Web and BitDefender are doing a better job with spyware and adware, but they aren't quite as good with viruses and trojans as Kaspersky is. Your idea is nice... a standardize one app that does it all, but I'm not sure that is possible. I think Kaspersky could be an app that takes care of the majority of things, but I don't think any 1 app can do it all. I would like to see Kaspersky put more effort into detecting spyware and adware. I also wish they would promote their products more. It truly is a great antivirus program, but I think more needs to be done to get the word out to the masses. Most people have Norton and McAfee beat into their heads. Kaspersky needs to target that audience. I try to do my part by telling people how good it is.

 

I use a lot of stuff... HiJackThis, Ad-Aware SE Personal, ADSSpy, CWShredder, eTrust PestPatrol, Ewido anti-malware, FSecure Blacklight, HiddenFinder, Microsoft AntiSpyware, RootkitRevealer, Webroot Spy Sweeper, Spybot Search & Destroy, Spyware Doctor, UnHackMe, WinPatrol, Ghost Security Regdefend and DiamondCS ProcessGuard to name a few. :)

 

Each program has it's niche and some are better in their area than others. When it comes to spyware I think Webroot SpySweeper is the best overall. It's not often, but at times I've found that others app that are in the same class can find things that SpySweeper misses. That's why I think you have to use many apps to be sure a computer is clean. Believe me, I wish 1 app did it all, but I don't think that's possible.

 

Long story short... As far as submitting spyware and adware samples go... I once sent a sample to Kaspersky that was most definately a threat and I was told it was not a threat. Many other AV programs detected that sample as a legitimate threat yet for some reason Kaspersky blew it off. I got the impression it wasn't a priority. That is one time I was disappointed. Why shouldn't Kaspersky detect as much spyware and adware as possible? It seems to me every day that more AV programs are concentrating on these things so why shouldn't Kaspersky do the same? The spyware and adware issue will only get worse and I think it is very imprtant to detect those things.

 

mrizos... I think users like yourself help with submitting these things. I applaud you!

Share this post


Link to post
Share on other sites

Blackhawk, if you only knew how many times i've heard something like "I once sent a sample that was most definately a threat and I was told it was not a threat."......that wasn't a threat in the end. The fact that other AV's detected your sample doesn't mean it's malware, i have personally seen samples 5-6 AV's detected as malware, but was in fact just FP's and got corrected later ;)

 

Also there a growing number of what some call greyware, not strictly speaking virus, i would also like my AV to detect everything, but think it is not really possible unless you wish to see a scanner with 1000000 signatures in a few years (2-3 years), i know i don't. Much better to have specialized adware scanners for the majority of adware of lesser importance and have Kaspersky detect the heavy stuff that is very difficult to remove (can be).

 

Btw. Kaspersky have doubled their extendedbases in the last year, so most likely we will see this trend in the future too. :)

Share this post


Link to post
Share on other sites

to mrizos and everyone else sending in the samples i can say only thank you. it does not matter how good the engine is or how advance is the heuristics and other technologies if the signature database is "empty". i even don't mind if you sent the samples also to other vendors (actually i encourage you to do it) just send them in :)

 

i almost get an headache every time a user comes to the forum and writes that kav is not detecting something but that he has deleted all the samples and is not able to send them in. i mean in such case users are "complaining" about something that they had all the power in their hands to fix it and didn't do it.

Edited by saso

Share this post


Link to post
Share on other sites

Don,

 

I understand... I know where you are coming from, but I don't believe that to be the case here. Long story short... this was a website/bookmark detected as... "Application.Adware.Istbar.LNK"

 

It is still being detected that way by other AV apps. I could be wrong, but if it was a FP I think by now the other AV apps would have made the correction. I think you will agree that on the flip side... no AV in the world will catch everything all the time. For example...

 

I know for a FACT that on 12-08-05 trojan "Edepol-B" was 1st found by Microsoft Antispyware of all things... Kaspersky, BitDefender, Sophos, McAfee, Dr. Web, NOD32 and a slew of other AV could not detect it period.

 

I guess my point is... these things go both ways.

 

 

 

Blackhawk, if you only knew how many times i've heard something like "I once sent a sample that was most definately a threat and I was told it was not a threat."......that wasn't a threat in the end. The fact that other AV's detected your sample doesn't mean it's malware, i have personally seen samples 5-6 AV's detected as malware, but was in fact just FP's and got corrected later ;)

 

Also there a growing number of what some call greyware, not strictly speaking virus, i would also like my AV to detect everything, but think it is not really possible unless you wish to see a scanner with 1000000 signatures in a few years (2-3 years), i know i don't. Much better to have specialized adware scanners for the majority of adware of lesser importance and have Kaspersky detect the heavy stuff that is very difficult to remove (can be).

 

Btw. Kaspersky have doubled their extendedbases in the last year, so most likely we will see this trend in the future too. :)

Share this post


Link to post
Share on other sites
Don,

 

I understand... I know where you are coming from, but I don't believe that to be the case here. Long story short... this was a website/bookmark detected as... "Application.Adware.Istbar.LNK"

 

It is still being detected that way by other AV apps. I could be wrong, but if it was a FP I think by now the other AV apps would have made the correction. I think you will agree that on the flip side... no AV in the world will catch everything all the time. For example...

 

I know for a FACT that on 12-08-05 trojan "Edepol-B" was 1st found by Microsoft Antispyware of all things... Kaspersky, BitDefender, Sophos, McAfee, Dr. Web, NOD32 and a slew of other AV could not detect it period.

 

I guess my point is... these things go both ways.

 

Well at this point we are choosing Kaspersky as our AV solution and Spyware Doctor as our anti-spyware/adware solution.

 

We typlically use about 10 app's when supporting our clients...we're just trying to narrow it down a bit.

 

Also, do you guys feel the adware/spyware industry is getting...how shall we say...weaker?

Share this post


Link to post
Share on other sites
to mrizos and everyone else sending in the samples i can say only thank you. it does not matter how good the engine is or how advance is the heuristics and other technologies if the signature database is "empty". i even don't mind if you sent the samples also to other vendors (actually i encourage you to do it) just send them in :)

 

i almost get an headache every time a user comes to the forum and writes that kav is not detecting something but that he has deleted all the samples and is not able to send them in. i mean in such case users are "complaining" about something that they had all the power in their hands to fix it and didn't do it.

I can only complain about one thing, i sent a few smples to kl a few days back but i didn't get a reply:it's clean, it's infected, even an automated message that the file has arrived.

Two days ago, i sent another files, and this time i got confirmation that it was clean.

Now i sent the first samples again (yesterday night), and still haven't got a reply. :(

Share this post


Link to post
Share on other sites
I can only complain about one thing, i sent a few smples to kl a few days back but i didn't get a reply:it's clean, it's infected, even an automated message that the file has arrived.

Two days ago, i sent another files, and this time i got confirmation that it was clean.

Now i sent the first samples again (yesterday night), and still haven't got a reply. :(

 

I always get replays. If not then the file is clean. Last two files I sent they were infected with Trojan.Downloader.

 

Best Regards, Leo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now