Jump to content

how can kaspersky failed badly against terminator virus ??


nareshmeena

Recommended Posts

nareshmeena

im a regular visitor of a security channel 

https://www.youtube.com/@pcsecuritychannel

 

its a trusted one , he mentioned a new malware terminator ,and that video shocked me 

https://www.youtube.com/watch?v=uRB__njsOlk

 

almost every antivirus failed to detect this ,and also not able to stop it ,infact that malware kills antivirus ,  i was not expecting that ,how easily that malware can destory any system 

 

previous malware tricks users to turn off security but this terminator virus doest need anything ,all it need to run ,its doest matter which antivirus you running ,it just kills it 

 

proof : how kaspersky failed against this terminator virus while running with all protection on 

 

https://www.youtube.com/watch?v=Zi9ymh5DLG0&pp=ygUXa2FzcGVyc2t5IHZzIHRlcm1pbmF0b3I%3D

Link to comment
Share on other sites

If a legit but Vulnerable driver is used to evade AV and help the malware enter R0,

nowadays with latest windows system installed, AV is no match for the malware.

it is nearly impossible for AV to block any Dangerous actions.

Not to mention loading a malicious rootkit or bootkit driver via ZERO DAY~~~once the malicious driver is successfully loaded, removal is nearly impossible. The best way is to performance scan under PE environment.

  • Confused 1
Link to comment
Share on other sites

Kaspersky should at least add a detection for the driver, but yeah, No anti-virus is able to do anything against a legitimate driver, especially Kaspersky which I feel is geared toward NOT false positiving.

Link to comment
Share on other sites

Kaspersky is still a good tool, no Anti-Virus can do anything against it unless you setup custom rules. I have it where it cannot modify anything in Sys 32 to prevent BYOD attacks, but thats cause I use paid Kaspersky.

Link to comment
Share on other sites

They are already aware (investigating) of these tools using a risky legit driver to perform the attack.

  • Like 1
Link to comment
Share on other sites

Hi,

Information was given to the developers. We'll let you know when we have any news.

Thanks.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

Yury Parshin

Hi. We know about this utility and vulnerable driver from Zemana. Our product blocked them since 2023.06.02. We need a specific sample, which is on the video

  • Like 2
Link to comment
Share on other sites

I think Zemana installers can be still found relatively easy, but don't know about that specific one of that video test...

  • Like 1
Link to comment
Share on other sites

Yury Parshin

We blocked this utility since 2023.06.02, there is another terminator on the video

Edited by Yury Parshin
  • Like 2
Link to comment
Share on other sites

10 hours ago, Yury Parshin said:

Hi. We know about this utility and vulnerable driver from Zemana. Our product blocked them since 2023.06.02. We need a specific sample, which is on the video

Have you blocked the driver or Terminator Malware samples, im curious?

Link to comment
Share on other sites

harlan4096

I see currently the driver Terminator.sys is not detected, I've just reported via KOTIP.

  • Like 1
Link to comment
Share on other sites

harlan4096

I got this reply: "This is a legitimate vulnerable driver. Kaspersky products successfully block attempts to influence or kill their own processes and services using it.!

 

But why not just also add a signature, some av detect it...

 

image.thumb.png.a0b635ebcc7bad96c815881cdd8e199e.png

  • Like 2
Link to comment
Share on other sites

I am really shocked about this, terminator has been around for over a month. 

This genuinely scares me and makes me wonder if I made the right decision buying Kaspersky today.

Link to comment
Share on other sites

Yury Parshin
13 hours ago, Xeno said:

Have you blocked the driver or Terminator Malware samples, im curious?

We blocking the Zemana driver activity

  • Like 3
Link to comment
Share on other sites

3 hours ago, Yury Parshin said:

We blocking the Zemana driver activity

May I ask why it took so long, over a month? I did a lot of research on this, and virus total results are of no use in comparison to desktop apps, so I manually researched all the top names and when they were blocking terminator. You are one of the very last. In fact the two I always considered the best in the world were the slowest, you and one other who still doesn't block it to this day! I am glad at least Kaspersky blocks it but the fact is that for the last 30 days, and I didn't even know it existed till today, it would have eaten right through Kaspersky and I'd be pulloing my hair out wondering why my AV disappeared.

I am really paranoid now so would appreciate some reassurance as for me, the reason I bought the product was mainly because I felt safer with Kaspersky than any other AV. The tests on PC Security channel always show Kaspersky with 100%, and the behavioural blocking is what in particular supposed to be so good. So I don't understand this situation with terminator, and what happens now if they load it with another driver or file, since you are only blocking the Zemana driver? The virus is for sale for people to buy to distribute with their software to infect people, what makes you think they will all administer it the same way?

I am not getting a reply on my web injection topic, so I would at least really appreciate some help here. I am on the verge, I don't know whether to keep or get a refund and the decision is hanging on those two things so I really need your help.

Link to comment
Share on other sites

12 minutes ago, harlan4096 said:

I think that @Yury Parshinmeans They added 1 month ago the blocking of using that driver, which not necessarily implies adding a detection...

This is why I am confused cause that recent video clearly shows terminator instantly killing all kaspersky processes 9 days ago.

So if they are blocking only the driver, that means my previous post is already correct in assuming it is being deployed in other ways and kaspersky can't defend against it.

I saw the video with my own eyes.

Link to comment
Share on other sites

Yury Parshin
1 hour ago, harlan4096 said:

I think that @Yury Parshinmeans They added 1 month ago the blocking of using that driver, which not necessarily implies adding a detection...

Yes, blocking does not requires detection (it's still legal popular driver)

  • Like 1
Link to comment
Share on other sites

Again why did it take over a month and why should I feel confident in Kaspersky's zero day protection in the future? I am very happy it blocks it now though, truly.

 

Link to comment
Share on other sites

On 6/30/2023 at 1:30 PM, Yury Parshin said:

We know about this utility and vulnerable driver from Zemana. Our product blocked them since 2023.06.02.

Hello @Bav,

the responsible vulnerable driver is already blocked for a month. Since then your system is protected from this attack.
Now it was just a matter of tweaking settings like for the utility.

Link to comment
Share on other sites

7 hours ago, Yury Parshin said:

Blocked Terminator utility

image.thumb.png.c969effc1828f5af0dc3bb773962c8b2.png

Is this going to help against other drivers that terminate Kaspersky? I've seen other ones terminate the anti-virus (in detections) but what if there is a day zero one?

Link to comment
Share on other sites

6 hours ago, Schulte said:

Hello @Bav,

the responsible vulnerable driver is already blocked for a month. Since then your system is protected from this attack.
Now it was just a matter of tweaking settings like for the utility.

But it didn't cause terminator was shutting down a fully enabled kaspersky just last week. Again, it's all on video with proof. And it happened SO Fast, kasperky didn't even try to stop it.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...