 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to Martinus
Re: veloz scumware seen on comercial just now Martin, I'm not querying what the signatures ID it as. But they simply look for sequences of binary numbers at particular places.
And AV makers, perhaps just the small and mid-sized ones, work on these things in groups. Reportedly they share info. So one false ID could lead to multiple false IDs, especially if the IDing took place during an major outbreak of something else when people didn't have time on their hands for double checking.
PestPatrol makes some pretty clear claims about this product doing some easy to observe things, like blocking firewalls and being a trojan downloader.
So I'm asking if someone who has a test system, one they can re-ghost, would like to try to duplicate PestPatrol's results. (Just put it outside your firewall incase something malicious -- not just adware -- does come in.)
It would be educational if nothing else.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) |
|
|
|
1 edit | said by keith2468:
Martin, I'm not querying what the signatures ID it as. But they simply look for sequences of binary numbers at particular places.
And AV makers, perhaps just the small and mid-sized ones, work on these things in groups. Reportedly they share info. So one false ID could lead to multiple false IDs, especially if the IDing took place during an major outbreak of something else when people didn't have time on their hands for double checking.
This is a very good and clear reasoning.
However. From my point of view, all this mess comes down to credibility. Meaning: if KAV, F-Prot, Norman et al say there's a trojan in that dll, I have no reason to think otherwise.
Now, why is there not an eAntology - or stop-sign or whatever the hell they want to be known as - representative refuting here and now the fact that their install setup has a trojan component and that it's mainstream AVs that have got it all wrong?
--
From the GSV "Ethics Gradient" |
|
2 edits | Martin:
You wrote:
said by Martinus:
Now, why is there not an eAntology - or stop-sign or whatever the hell they want to be known as - representative refuting here and now the fact that their install setup has a trojan component and that it's mainstream AVs that have got it all wrong?
From what I can tell, the Win32.Wren trojan downloader is not some separate, independent piece of malware that is being flagged within the eAcceleration stub downloaders (which is what the AV scan reports from earlier posters pertain to). The Win32.Wren trojan downloader IS eAcceleration's stub downloader:
»www.pestpatrol.com/pestinfo/t/tr···en_a.asp
In other words, when these AV apps are reporting that Win32.Wren is found, what they're really saying is that they've detected eAcceleration's stub downloader.
Best,
Eric L. Howes |
|
| said by eburger68:
From what I can tell, the Win32.Wren trojan downloader is not some separate, independent piece of malware that is being flagged within the eAcceleration stub downloaders (which is what the AV scan reports from earlier posters are scanning). The Win32.Wren trojan downloader IS eAcceleration's stub downloader:
That's exactly what I mean. I have the cab file right here, and the flagged trojan is an integral component of their install routine.
Of course, any Devil's Advocate could reason that mainstream AVs either have it all wrong or that this is a conspiracy to flush out new players in the market, but somehow, given the many different AVs - with different engines - flagging this software as a trojan, well...like a said before: credibility is what you got to hang to.
I'd still like to hear a stop-sign representative's arguments. Deafening silence.
--
From the GSV "Ethics Gradient" |
|
 novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to keith2468
said by keith2468:
Martin, I'm not querying what the signatures ID it as. But they simply look for sequences of binary numbers at particular places.
And AV makers, perhaps just the small and mid-sized ones, work on these things in groups. Reportedly they share info. So one false ID could lead to multiple false IDs, especially if the IDing took place during an major outbreak of something else when people didn't have time on their hands for double checking.
PestPatrol makes some pretty clear claims about this product doing some easy to observe things, like blocking firewalls and being a trojan downloader.
So I'm asking if someone who has a test system, one they can re-ghost, would like to try to duplicate PestPatrol's results. (Just put it outside your firewall incase something malicious -- not just adware -- does come in.)
It would be educational if nothing else.
While the last version the version i installed some time back to play vircoms the 4th profacy (after it was closed down and sold off by vircom to smaller companies) had no add remove program entry adaware removed it very easly. Triggered avg like mad during the ad aware scan though soon as the scan hit the eanthology files and dirs. Id install it my self but wouldnt know where to begin in disecting what it dls during install and after.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to eburger68
quote:
what they're really saying is that they've detected eAcceleration's stub downloader
So a plain ordinary downloader, or not?
Would that be like triggering on Kazaa-lite because it is part Kazaa which is associated with adware?
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) |
|
