CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
 ·RoadRunner Cable
| reply to Name Game
Re: Latest Comodo BoClean Information
Hmmm.. I use KAV and have it set up to the max.. and I've tried to get vundo... it kills it every time.. In fact even with BOClean it never gets to the point to run in memory so KAV kills it before BOC realizes it is there..
--
da Cajun Darn I hate Malware |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | reply to yeah_need_name
What setting/configuration did you have on BOclean ?
»nsclean.com/supboc.html
»Re: Ad-Aware False Positives? |
|
yeah_need_name
@net.au
 from:
Name Game 
| reply to vmware_yes
If you didn't notice VM has NO AV on it and disabled security software.. better say that to be clear.
The vundo was just a plain old something KEYGEN.exe 31kb which drops the usual 27k Vundo into Winlogon
BOC detected the EXE and sure enough it deleted it but the DLL was already entered into the Winlogon registry and showing in Hijackthis, and couldnt be deleted by hand so it was running. BOClean soon gave an error and died.. mouse over tray icon it disappeared. So they crashed its kill and or delete routines ? perhaps.. might try that one again with AppDefend enabled
What I don't favour or understand is why KAV detect "virtumonde packed" and don't alarm.. OK it might be detected the next day.. still odd ! |
|
vmware_yes
@net.au
from:
Name Game
| reply to Name Game
Latest update was installed, I rebooted
http://www.youtube.com/watch?v=wQa6EtkK-MY
This video is the downloader, name is included and it turns out Kaspersky engine detects that downloader since Valentines day.. google the trojan name and look at F-Secure writeup. Sorry, next time I use VMware HIGH QUALITY I didnt realise would be only 2-3 MB. Still have the vid in quality though, just youtube blurred it 
The BZUB is downloaded as well as something infecting the system files, and Windows CD warning comes up.. still no peep from BOC |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | reply to testings_r_good
said by testings_r_good :
I'm giving it a go, so far its 1/2 out of 3
1.. a new spambot was the first thing i tried after reading Kevin specifically say they miss and WE catch.
BZZT. complete fail detected no dropper and no DLL.
2.. a VUNDO.. BOClean stopped it ! but as someone has posted correctly it is having a problem removing the file. This is where a scanner can be used even if that has to occur in Safe Mode.. its something the user can do themselves. HALF POINT.
3.. a downloader.. FAIL.. and here comes lots of malware it downloaded.. a BZUB .. FAIL AGAIN.. this same BZUB is detected by AntiVir, AVG, BitDefender, KAV, Ewido, TrojanHunter and more and is days old
So far not impressed enough to bother going further..
 Another amateur VM tester..so what update did you use
»www.nsclean.com/trolist.html
better go back to that thread now and read it again on what was found left and where it was found.
»HJT- BYXYAAX.DLL & MORE
and when you tested that BOClean..turn off the rest of those AVs..and then have a set up in a lab actually trying to infect a machine..and if you don't know how to set that up try for some hint from this lab. It is a good one hour interview..but it will give you some hints.
»Mikko Hypponen on Emergent Virus Threats
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
testings_r_good
@net.au
from:
dadkins
| reply to MADx
I'm giving it a go, so far its 1/2 out of 3
1.. a new spambot was the first thing i tried after reading Kevin specifically say they miss and WE catch.
BZZT. complete fail detected no dropper and no DLL.
2.. a VUNDO.. BOClean stopped it ! but as someone has posted correctly it is having a problem removing the file. This is where a scanner can be used even if that has to occur in Safe Mode.. its something the user can do themselves. HALF POINT.
3.. a downloader.. FAIL.. and here comes lots of malware it downloaded.. a BZUB .. FAIL AGAIN.. this same BZUB is detected by AntiVir, AVG, BitDefender, KAV, Ewido, TrojanHunter and more and is days old
So far not impressed enough to bother going further.. |
|
buttoni
Premium
join:2005-08-16
Temple, TX | reply to Rocky67
Will do. Thanks again. |
|
Rocky67
Pencil Neck Geek
Premium
join:2005-01-13
Orange, CA
 ·AT&T Yahoo
| reply to buttoni
You're gonna get multiple pop-ups from Comodo firewall asking if BOC and the BOC updater can connect out using several different TCP and UDP ports. Just give it permission and you're good to go.
--
"The Internet? Is that thing still around?" - Homer |
|
buttoni
Premium
join:2005-08-16
Temple, TX
·AT&T Yahoo
·AT&T DSL Service
| reply to Rocky67
Thanks Grimy. Good to hear they work together OK. Sounds like I'm good to go. Actually, I just checked and Im running CS 2.1.946 (I forgot the last update). Think I'll give BOC a try!
Comodo will hopefully alert me if I need to change anything in my FW settings. Going to check over on the Comodo BOC forum to see if any settings recommendations are being recommended before installing. I pretty much have Comodo's default settings right now.
--
-------
WinXP Home SP2; Firefox 1.5.10; IE6; Comodo 2.4; Avast4; CounterSpy 2.0; SBC/ATT DSL 2Wire modem |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable
1 edit | reply to MADx
I broke down yesterday and downloaded the CBO_4.23 and installed it with out un-installing BOC 4.22 and i haven't had any problems with either one as of yet.
I only did this to see what all the fuss was about un-installing 4.22 before installing 4.23. |
|
Rocky67
Pencil Neck Geek
Premium
join:2005-01-13
Orange, CA
·AT&T Yahoo
| reply to buttoni
I'm trying BOC 4.23 on an XP Pro SP2 system that also has CS 2.1.917 installed and haven't had any problems. Installation was smooth - CS asked me to OK new startup program and I had to make some changes to firewall rules to accomodate BOC and that was it.
--
"The Internet? Is that thing still around?" - Homer |
|
buttoni
Premium
join:2005-08-16
Temple, TX
·AT&T Yahoo
·AT&T DSL Service
| reply to MADx
I'm contemplating installing BOClean 4.23 and am in the process of reading what on-line info is available at nsclean.com. I'm running a 512K ram, WinXP machine with only what appears in my signature realtime.
My question: Are there any members here running BOClean & CounterSpy 2.0 concurrently? Would like some feedback on BOClean compatibility with CS 2.0's heavy-duty realtime agents? The latest CS release moved a lot of it's listed 30+ realtime agents to the kernel level (greatly improving performance). As the kernel level of the OS is waaaaay out of my league of computer knowledge, thought I'd ask members who may have had problems running the two programs. I would like to add the layer of protection BOC can provide, but as I've never experienced a BSOD, I don't want to find out what that's like! LOL
--
-------
WinXP Home SP2; Firefox 1.5.10; IE6; Comodo 2.4; Avast4; CounterSpy 2.0; SBC/ATT DSL 2Wire modem |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to munckman
said by munckman :I have limited computer skills and for some unknown reason to me, I do get calls to fix them for free. More times than not, the first time I am asked to lend a hand, they have an expired AntiVirus that is still active. This is usually the only protection that is present and they brag about the fact they have an AV and ran a scan, as they should. Thanks You will not necessarily get less calls since BOClean also has to be kept updated and there are many thing these days that can cause "slow down"
If those Free AV you have installed have real time protection and you have locked down the browsers and updated the OS and other applications that are Microsoft products.. including all the hotfixes..then who ever uses the PC has a better chance of survival since most now are running WinXP SP2 that now by default have a firewall installed and running as well as limited user when they hit the internet.
I mention all those things..since I know how long it really takes to do all those things and even update the java.
Even paid tech do not do all of that..since time is money..but once you do Patch vulnerabilities..then would not even matter if the AV missed it.
The name of the game out there today for the badboys is to EXPLOIT exiting vulnerabilities in the OS or other applications your friends are running...so no amount of AV's ..free or paid is really the answer if you have not plugged the holes in the first place..since tomorrow there will be a new vector trying to exploit that same vulnerability..just in a different way the AV can not stop.
Take all that into consideration and you will get less repeat phone calls.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
munckman
join:2003-07-08
| reply to dadkins
I have limited computer skills and for some unknown reason to me, I do get calls to fix them for free. More times than not, the first time I am asked to lend a hand, they have an expired AntiVirus that is still active. This is usually the only protection that is present and they brag about the fact they have an AV and ran a scan, as they should.
I set them up with one of the top 2 AV's (usually free versions) depending on how I perceive their ability to deal with updating and scanning. To some this may seem silly but to me it is an important consideration.
To ask them to run a AntiMalware Scanner is easy. I just wonder why I get calls asking "what should be done." I installed the scanner that I thought is best for them. I tell them to just follow the prompts for anything that is detected.
Many also get the usual passive protections but some object because they are informed of everything that I do and possible ramifications. If they express that they don't need anything else, they are of course right.
Firewalls are kinda tough to explain but if they don't install things often, I just install my favorite free one and run through their installed programs (usually not many) and have them watch the process. Just in case you wondered; yes I read the prompts out loud to them. Firewalls are a no win situation for me. Some do understand though!
So, if I installed BoClean on "these" systems, set with no prompts to delete and save deletes and with the owners' permission to do so will I get less repeat phone calls stating that "my computer is really slow?"
Thanks |
|
Kiwi
Premium
join:2003-05-26
USA
·Comcast
·Aristotle Internet
| reply to Name Game
I don't care much for any other thread reality, It's better to divulge the number of incidents and results; from a product. It's not hard to strip down. The politics, I don't care for.
On the whole over time I have felt comfortable with BoClean, but I see several areas that the product is weak in. Does it matter, not to most people, I guess.
If anything I'm kinda miffed that BC has not answered to some serious issues related to Trojan_LIKE activity. But that's just me! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to MADx
LOL Mele20 you put more spin on stuff than the Hollywood gossip column..when you're not sure.. just make things up.
Please keep us informed.
»gladiator-antivirus.com/forum/in···3823&hl=
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to tempnexus
said by tempnexus :said by Mele20 :It's not up to Kevin...it's Melih and look what he has already gone and done and then tried to save face in the Comodo forum with a lame excuse. I give Kevin six months tops at Comodo. Sorry, I am not really following the COMODO forum since I have no real interest in COMODO besides Boclean (although I did post a question there regarding the ability to update BOC 4.22). What has happened besides the cosmetic changes? There is a BoClean forum at Comodo...you might want to keep up there if you are interested in BoClean.
Melih went and released BoClean without bothering to even tell Kevin he was doing so much less get Kevin's permission. Because it was premature and Kevin had no idea what Melih was doing there was no read me, etc and a bunch of complaints. Those who had purchased BoClean when Kevin and Nancy owned it were left out in the cold without their special version that Kevin promised. They were hurt.
Melih then tried to save face by concocting the notion that he had not released Comodo BoClean but that he had...yeah...without Kevin's knowledge or permission ....(but's what the big deal there...I'm the boss...I can do as I please and treat my employees like shit if I want) had released "only" a Release Candidate. Yeah, really....
I haven't read the Comodo forum today so I don't know the latest, but these kinds of shenanigans on the part of Melih I believe are likely partly why he he has difficulty attracting or keeping excellent employees. Maybe everything will still end up working out great...but I sure have my doubts.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
Mats
Here kitty and the chimp. Smash
Premium
join:2002-03-16 | reply to mers2
Good response..
And he didnt want to hear those answers?? Why, did they prove him wrong?? No, not at all..
By Dadkins response, his question wasnt answered.. It's so nice that you think they were though.. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Mats
said by Mats :said by mers2 :I've got to say, dadkins , you've gotten a lot of answers that you just didn't want to hear. What answers did he get that he didnt want to hear?? Show just one of them.. Nobody could answer his question is more like it. He is right about everything he said about BOC. He found out BOClean works with Vista but not Dadkins.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| reply to Mats
Read any of Kevin's responses, or Name Game 's, or a number of other users. The answers were there. I'm not going to take the time to go through and point them out to you. Specific questions were asked and answered.
--
Team Discovery
|
|
