1 edit | reply to keith2468
Re: veloz scumware seen on comercial just now said by keith2468:
Martin, I'm not querying what the signatures ID it as. But they simply look for sequences of binary numbers at particular places.
And AV makers, perhaps just the small and mid-sized ones, work on these things in groups. Reportedly they share info. So one false ID could lead to multiple false IDs, especially if the IDing took place during an major outbreak of something else when people didn't have time on their hands for double checking.
This is a very good and clear reasoning.
However. From my point of view, all this mess comes down to credibility. Meaning: if KAV, F-Prot, Norman et al say there's a trojan in that dll, I have no reason to think otherwise.
Now, why is there not an eAntology - or stop-sign or whatever the hell they want to be known as - representative refuting here and now the fact that their install setup has a trojan component and that it's mainstream AVs that have got it all wrong?
--
From the GSV "Ethics Gradient" |
|
2 edits | Martin:
You wrote:
said by Martinus:
Now, why is there not an eAntology - or stop-sign or whatever the hell they want to be known as - representative refuting here and now the fact that their install setup has a trojan component and that it's mainstream AVs that have got it all wrong?
From what I can tell, the Win32.Wren trojan downloader is not some separate, independent piece of malware that is being flagged within the eAcceleration stub downloaders (which is what the AV scan reports from earlier posters pertain to). The Win32.Wren trojan downloader IS eAcceleration's stub downloader:
»www.pestpatrol.com/pestinfo/t/tr···en_a.asp
In other words, when these AV apps are reporting that Win32.Wren is found, what they're really saying is that they've detected eAcceleration's stub downloader.
Best,
Eric L. Howes |
|
| said by eburger68:
From what I can tell, the Win32.Wren trojan downloader is not some separate, independent piece of malware that is being flagged within the eAcceleration stub downloaders (which is what the AV scan reports from earlier posters are scanning). The Win32.Wren trojan downloader IS eAcceleration's stub downloader:
That's exactly what I mean. I have the cab file right here, and the flagged trojan is an integral component of their install routine.
Of course, any Devil's Advocate could reason that mainstream AVs either have it all wrong or that this is a conspiracy to flush out new players in the market, but somehow, given the many different AVs - with different engines - flagging this software as a trojan, well...like a said before: credibility is what you got to hang to.
I'd still like to hear a stop-sign representative's arguments. Deafening silence.
--
From the GSV "Ethics Gradient" |
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to eburger68
quote:
what they're really saying is that they've detected eAcceleration's stub downloader
So a plain ordinary downloader, or not?
Would that be like triggering on Kazaa-lite because it is part Kazaa which is associated with adware?
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) |
|
