a-squared (free)

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A couple of weeks ago Mr Cat recommended a-squared as a specifically good
trojan-detecting tool, and after using their free online scanner to scan
specific files, or do smart scans a couple of times I thought it was worth
downloading & installing the free version of the program.

Having dones so, I ran a full system scan for the first time. It took a
while (30mins plus...) but what particularly impressed me was its method of
reporting.

First, it detected a possible dialer 'heuristically', but warned very
clearly that this needed to be checked, that it might be a false positive,
and that I should not delete the file until I'd checked it out. (It turned
out to be a message tracer for my ISDN driver.)

Second, it detected mirc.exe which had shown up as a false positive on AVG
recently (and which I'd intended to uninstall but hadn't, and now really
will!). But it explained clearly that this was 'riskware', and explained what
it meant by that, and offered the option to ignore it in future.

So both detections were innocuous as it turns out - but what really
impressed me was the clarity with which the findings were presented and
explained, with options clearly and calmly presented. Thanks then to Mr Cat
for his recommendation, and I in my turn would like to recommend it to anyone
else who, like me, never quite understands what's going on and needs all the
'i's dotting and all the 't's crossed.
The online scanner, and links to download the onboard version are here:
http://www.emsisoft.com/en/software/ax/
 
BTW Mirc can also be used as a downloader. So there is a grey area as to a
false positive. Some anti-spyware will warn you about Mirc and obviously
others will not.
 
Mr Cat said:
BTW Mirc can also be used as a downloader.
Click to expand...

Not now on my machine, it can't - I've used this reminder to uninstall it.

Thanks for this extra comment. I had no idea it was such a serious security
risk, neither, I imagine, do many of those who actually use it ... Do you
mean that just by having it installed, it can pose a threat? Or is it only
used by malware when it's actually in use?
 
Not really sure how to answer your question because I don't know the
internals. I suspect that it only poses a potential threat when the user has
requested a download.
 
here i beg to differ a bit with you cat, Mirc can be used as p2p program
because you can send and receive files. Mirc in the past before there were
"script kiddies" was a very secure program to chat with. I used it for
15yrs because I was an administrator and a irc operator on a large chat
network. As the "kiddies" learned how to get at the program and produce
scripts which contained mega viruses and trojans, the creater of Mirc
Khaled Mardam-Bey basically can not keep up with the the scripts that people
create and now alot of spyware programs when doing scans will come up with
this program as a "baddie" because of what it can innocently install if you
go to a chat channel.

I stopped using mirc because of this problem.. It is just not worth the
effort. the scripts I had to create to stop the bad scripts from coming in
was more trouble and time then it was worth.

Alan since you have mirc on your system, I suggest you uninstall it and
listen to this program that found it.

Also this program which I also installed the free download besides doing the
online scan also found no other malware on my computer, so after doing 4
online scans, 4 programs in safe mode (taking off system restore first) and
coming up completly clean, I am now assuming I am free of this downloader.
I still have it quarantined in superantispyware and will wait a month to
make sure there are no other problems then i will delete the file completly.
robin
 
Thank you Robin. I stand correctled.

Robin said:
here i beg to differ a bit with you cat, Mirc can be used as p2p program
because you can send and receive files. Mirc in the past before there were
"script kiddies" was a very secure program to chat with. I used it for
15yrs because I was an administrator and a irc operator on a large chat
network. As the "kiddies" learned how to get at the program and produce
scripts which contained mega viruses and trojans, the creater of Mirc
Khaled Mardam-Bey basically can not keep up with the the scripts that people
create and now alot of spyware programs when doing scans will come up with
this program as a "baddie" because of what it can innocently install if you
go to a chat channel.

I stopped using mirc because of this problem.. It is just not worth the
effort. the scripts I had to create to stop the bad scripts from coming in
was more trouble and time then it was worth.

Alan since you have mirc on your system, I suggest you uninstall it and
listen to this program that found it.

Also this program which I also installed the free download besides doing the
online scan also found no other malware on my computer, so after doing 4
online scans, 4 programs in safe mode (taking off system restore first) and
coming up completly clean, I am now assuming I am free of this downloader.
I still have it quarantined in superantispyware and will wait a month to
make sure there are no other problems then i will delete the file completly.
robin
Click to expand...
 
Robin said:
Alan since you have mirc on your system, I suggest you uninstall it and
listen to this program that found it.
Click to expand...

I have sent it back to the great Script Writer in the sky.
 
Hi,

so i try the program also, found 17 things, all false positives! ;)
so uninstall it again.

Regards >*< TOM >*<

Alan D schreef:
 
Tom Emmelot said:
so i try the program also, found 17 things, all false positives! ;)
so uninstall it again.
Click to expand...

Good grief, Tom! That would make the program a complete waste of time, I
agree.

Has anyone else had this kind of experience with it?
 
Well. Funny Tom should mention those FPs. I`m currently investigating two
flags its thrown up on my system which doesn`t appear on any of my other 4 AS
progs - seems strange but I`m keeping an open mind at the moment. All this on
your recommendation :) Not that I would want you to feel bad about this Alan
:)

Stu
 
i ran it and found no false positives
I ran it on 3 computers and no false positives
the only thing it found were a bunch of cookies
robin
 
you should keep an open mind
look what happend to me
5 antispyware/trojan programs did not find the downloader i had
only one did-superanitspyware
goes to show these antispyware programs need more work
robin
 
Hi All,

the most off the things concerning a toolbar from Chello (my provider)
and some dialer things that came with my keyboard. 17 together.
I use for my protection the latest PC-cillin 2007 beta this includes
Venus Spytrap, Cw shredder, AV, Firewall, Email Anti Spam, Anti Phishing
Fraud, Website Filter, Remote File Lock, Transaction Guard, Total
Recovery, Support Chat.

And WD.
If i install and use Spybot and Adaware, I got the same a lot off things
that are no danger False Positives and MRU list and nothing else. So i
keep it by Trend and WD, WD did not spot or stop anything so far,
spytrap is the first that stop and ask permission for running programs,
and allow it once is enough ;)
Also use all the Mozilla stuff and Site Advisor.
So protection enough so far!

Regards >*< TOM >*<


Stu schreef:
 
If you'd really like to understand how mIRC relates to malware, go to the
source, this is the best complete description I've ever seen.

http://www.mirc.co.uk/help/virus.html

The issues with Internet Relay Chat, viruses and worms have been a moving
target, which makes them confusing. To fully understand the issue you need to
read, since all spot experience will give only a small part of the picture.

This is the ultimate truth behind all malware, since it's constantly
evolving, so any specific statement only holds true for some finite period of
time. The most radical shifts occur when there are fundamental changes in the
'Windows Ecosystem' which is a term coined by Microsoft. There has never been
a larger set of such changes at once than the period from Jully 11th (Win
9x/ME End of Support), to recent releases of Internet Explorer 7, Windows
Defender, through January 30th, the release of Windows Vista and OneCare
support for that OS. All changes by other vendors, especially security [and
malware], are in reaction to this.

The fundamental truth behind all of this is that software [including
operating systems] was once designed specifically to provide the hooks
desired by developers to allow them to easily extend and add to it's base
abilities, often without significant concern for security. Unfortunately,
these same hooks are exactly what was needed for malware to easily exploit
the same systems, once those writing it were knowledgable enough to use them.
So changes in the base software/OS structure have had to be made to add the
required security, often crippling or fundamentally changing the ease of use
or programming for these once very desireable abilities.

In its day mIRC was fine, it has become outmoded by its very own ability to
move not only chat, but also files into and through systems behind the scenes
very efffectively. When combined with users who aren't technically
knowlegeable this was a deadly combination, as with P2P and other sharing
technologies.

It isn't the technology that is the problem. it's the people, but since most
of the people aren't going to change [educate themselves] the technology will
have to.

Bitman
 
Stu said:
Well. Funny Tom should mention those FPs. I`m currently investigating two
flags its thrown up on my system which doesn`t appear on any of my other 4 AS
progs - seems strange but I`m keeping an open mind at the moment. All this on
your recommendation :) Not that I would want you to feel bad about this Alan
:)
Click to expand...
Thanks for the reassurance Stu! Excuse me while I jump off this cliff.

Of course of the two alerts I got, one was an obvious fp, and the other was
just a gentle warning. So I have no idea how good this program may be at
actually detecting real threats, but it really does tell you very nicely
about its spurious findings!

I've since uncovered a couple of other downsides. One is a bug. If I try to
change the configuration, it instantly forgets what I've told it to do and
restores the default settings.

The other is that its updates seem always to be a big download (9 MB or so)
which is a great bore on dialup and a strong disincentive to update often.
I'm hoping shortly to move to broadband so this will presumably then be less
bothersome, but it's still worth mentioning.

But those 17 fps of Tom's - they're disturbing. I propose to be very
cautious about what this program tells me until I feel I can trust it.
 
Back
Top