AVG v KAV results

  • Thread starter Thread starter xyZed
  • Start date Start date
X

xyZed

Very unscientific I'm afraid. But I was using AVG (Free), which used
to scan my entire hard drive in 25 mins and find no virus' or worms.
After reading this forum I downloaded KAV 5 trial and it's still
scanning after over an hour and only 49% done.

So far it's detected 4 worms and one virus.
 
- xyZed -
Very unscientific I'm afraid. But I was using AVG (Free), which used
to scan my entire hard drive in 25 mins and find no virus' or worms.
After reading this forum I downloaded KAV 5 trial and it's still
scanning after over an hour and only 49% done.

So far it's detected 4 worms and one virus.

- Nehmo -
When you look at the report (on the Tasks tab, select the Scanner, the upper
paper icon on the right) you may see that some of these viruses are zip
attachments of downloaded messages of newsgroups. KAV flags the message
about Bush being assassinated, for example.
On mine, it looks like this:
C:\Documents and Settings\Nehmo\Local Settings\Application
Data\Identities\{2DA4618F-8EA9-48C9-AEC6-49518BFDCBE9}\Microsoft\Outlook
Express\alt.comp.hardware.pc-homebuilt.dbx/[From (e-mail address removed)][Date Sun, 26
Sep 2004 11:01:46 GMT]/CCTV-Assasination.zip/CCTV-Assasination.scr Infected
Backdoor.Hackarmy.gen

Although AVG wouldn't have caught it, I wouldn't have opened it anyway.

I'm not sure how the two AV's differ in methods of search. But I must say,
AVG Free worked well for me for years.

But regarding how KAV works, I'm actually trying to figure out what KAV
means by "corrupted".
 
There is circumstantial evidence that on Tue, 28 Sep 2004 04:02:42
_______________________________________________________

› When you look at the report (on the Tasks tab, select the Scanner, the upper
› paper icon on the right) you may see that some of these viruses are zip
› attachments of downloaded messages of newsgroups. KAV flags the message
› about Bush being assassinated, for example.
› On mine, it looks like this:
› C:\Documents and Settings\Nehmo\Local Settings\Application
› Data\Identities\{2DA4618F-8EA9-48C9-AEC6-49518BFDCBE9}\Microsoft\Outlook
› Express\alt.comp.hardware.pc-homebuilt.dbx/[From (e-mail address removed)][Date Sun, 26
› Sep 2004 11:01:46 GMT]/CCTV-Assasination.zip/CCTV-Assasination.scr Infected
› Backdoor.Hackarmy.gen

› Although AVG wouldn't have caught it, I wouldn't have opened it anyway.


They were all in P2P zips, which I hadn't opened yet but would have
later. AVG gave them the all clear.
 
AVG 7 catches the GWB zip file virus.

xyZed said:
There is circumstantial evidence that on Tue, 28 Sep 2004 04:02:42
_______________________________________________________

When you look at the report (on the Tasks tab, select the Scanner, the upper
paper icon on the right) you may see that some of these viruses are zip
attachments of downloaded messages of newsgroups. KAV flags the message
about Bush being assassinated, for example.
On mine, it looks like this:
C:\Documents and Settings\Nehmo\Local Settings\Application
Data\Identities\{2DA4618F-8EA9-48C9-AEC6-49518BFDCBE9}\Microsoft\Outlook
Express\alt.comp.hardware.pc-homebuilt.dbx/[From (e-mail address removed)][Date Sun, 26
Sep 2004 11:01:46 GMT]/CCTV-Assasination.zip/CCTV-Assasination.scr Infected
Backdoor.Hackarmy.gen

Although AVG wouldn't have caught it, I wouldn't have opened it
anyway.


They were all in P2P zips, which I hadn't opened yet but would have
later. AVG gave them the all clear.

--

Free washing machine help and advice. Free washing machine reviews. Buy washing machine parts.

www.washerhelp.co.uk [remove mymask_ to email]
 
There is circumstantial evidence that on Tue, 28 Sep 2004 04:02:42
_______________________________________________________

› When you look at the report (on the Tasks tab, select the Scanner, the upper
› paper icon on the right) you may see that some of these viruses are zip
› attachments of downloaded messages of newsgroups. KAV flags the message
› about Bush being assassinated, for example.
› On mine, it looks like this:
› C:\Documents and Settings\Nehmo\Local Settings\Application
› Data\Identities\{2DA4618F-8EA9-48C9-AEC6-49518BFDCBE9}\Microsoft\Outlook
› Express\alt.comp.hardware.pc-homebuilt.dbx/[From (e-mail address removed)][Date Sun, 26
› Sep 2004 11:01:46 GMT]/CCTV-Assasination.zip/CCTV-Assasination.scr Infected
› Backdoor.Hackarmy.gen

› Although AVG wouldn't have caught it, I wouldn't have opened it anyway.


They were all in P2P zips, which I hadn't opened yet but would have
later. AVG gave them the all clear.

What virus' where they? Did you try extracting them? I had similar
results recently but AVG _did_ detect the virus' KAV did when I
extracted them however it didn't when they were in the rar file. Have
you got the "Scan inside archives" enabled when scanning your whole
system?
--
Morgan Pugh

Email (ROT13): (e-mail address removed)
Web: http://mpugh.co.uk

PGP Key at http://mpugh.co.uk/pgp.asc
 
There is circumstantial evidence that on Wed, 29 Sep 2004 17:51:16
› What virus' where they? Did you try extracting them? I had similar
› results recently but AVG _did_ detect the virus' KAV did when I
› extracted them however it didn't when they were in the rar file. Have
› you got the "Scan inside archives" enabled when scanning your whole
› system?

I can't remember them really, I didn't write them down. I know one was
Kcrapper worm or something similar. I have uninstalled AVG now but I'm
sure I had it set to check archives because I regularly checked zip
downloads (on demand) and it gave the "no suspicious files found"

My findings seem to back up the results on some of the recent virus
checker test site results posted recently - i.e. KAV detection (on
demand) rate is far superior to AVG.

My personal needs are for good on demand scanning as I didn't used to
have active scanning on. I preferred to make sure I had a clean system
and just scan anything new I introduced. However, I suspect this is no
longer good enough (although I have Win XP SP2 installed.
 
I can't remember them really, I didn't write them down. I know one was
Kcrapper worm or something similar. I have uninstalled AVG now but I'm
sure I had it set to check archives because I regularly checked zip
downloads (on demand) and it gave the "no suspicious files found"

My findings seem to back up the results on some of the recent virus
checker test site results posted recently - i.e. KAV detection (on
demand) rate is far superior to AVG.

My personal needs are for good on demand scanning as I didn't used to
have active scanning on. I preferred to make sure I had a clean system
and just scan anything new I introduced. However, I suspect this is no
longer good enough (although I have Win XP SP2 installed.

When you do an on-demand scan of a zip file it will scan inside the
archive however you have to set it to scan inside archives when you do
a full system scan. Infact you have to set it to scan every file as by
default it only scans files which can be infected! I have told Grisoft
this is wrong but they never replied :(

I wouldn't give up on AVG just yet. If you check _every_ setting
available it is a good program with a good detection rate.

KAV also adds ADS to files which I do not like.
--
Morgan Pugh

Email (ROT13): (e-mail address removed)
Web: http://mpugh.co.uk

PGP Key at http://mpugh.co.uk/pgp.asc
 
Back
Top