B
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
I just happened to have a copy of an infected file that has been installing a
trojan phishing exploit directed at AOL users. I sent it to Virus Total
tonight. Compare the results:
Results of a file scan
This is a report processed by VirusTotal on 04/30/2006 at 06:20:06 (CET)
after scanning the file "mypic.jpg.scr" file.
Antivirus Version Update Result
AntiVir 6.34.0.24 04.20.2006 TR/Drop.VB.ML
Avast 4.6.695.0 04.28.2006 no virus found
AVG 386 04.28.2006 Dropper.Generic.EVK
Avira 6.34.1.58 04.29.2006 TR/Drop.VB.ML
BitDefender 7.2 04.30.2006 no virus found
CAT-QuickHeal 8.00 04.29.2006 no virus found
ClamAV devel-20060202 04.27.2006 no virus found
DrWeb 4.33 04.29.2006 no virus found
eTrust-InoculateIT 23.71.142 04.29.2006 no virus found
eTrust-Vet 12.4.2184 04.28.2006 no virus found
Ewido 3.5 04.29.2006 Dropper.VB.ml
Fortinet 2.71.0.0 04.30.2006 W32/VB.ML!tr
F-Prot 3.16c 04.30.2006 no virus found
Ikarus 0.2.59.0 04.29.2006 Trojan-Dropper.Win32.VB.ml
Kaspersky 4.0.2.24 04.30.2006 Trojan-Dropper.Win32.VB.ml
McAfee 4751 04.28.2006 Generic PWS.o
Microsoft 1.1372 04.30.2006 no virus found
NOD32v2 1.1513 04.29.2006 a variant of Win32/TrojanDropper.VB.IO
Norman 5.90.17 04.28.2006 W32/VBTroj.AFE
Panda 9.0.0.4 04.29.2006 Suspicious file
Sophos 4.05.0 04.29.2006 no virus found
Symantec 8.0 04.30.2006 PWSteal.Marlap
TheHacker 5.9.7.136 04.29.2006 Trojan/Dropper.VB.ml
UNA 1.83 04.28.2006 TrojanDropper.Win32.VB
VBA32 3.11.0 04.29.2006 Trojan-Dropper.Win32.VB.ml
VirusTotal is a free service offered by Hispasec Sistemas
trojan phishing exploit directed at AOL users. I sent it to Virus Total
tonight. Compare the results:
Results of a file scan
This is a report processed by VirusTotal on 04/30/2006 at 06:20:06 (CET)
after scanning the file "mypic.jpg.scr" file.
Antivirus Version Update Result
AntiVir 6.34.0.24 04.20.2006 TR/Drop.VB.ML
Avast 4.6.695.0 04.28.2006 no virus found
AVG 386 04.28.2006 Dropper.Generic.EVK
Avira 6.34.1.58 04.29.2006 TR/Drop.VB.ML
BitDefender 7.2 04.30.2006 no virus found
CAT-QuickHeal 8.00 04.29.2006 no virus found
ClamAV devel-20060202 04.27.2006 no virus found
DrWeb 4.33 04.29.2006 no virus found
eTrust-InoculateIT 23.71.142 04.29.2006 no virus found
eTrust-Vet 12.4.2184 04.28.2006 no virus found
Ewido 3.5 04.29.2006 Dropper.VB.ml
Fortinet 2.71.0.0 04.30.2006 W32/VB.ML!tr
F-Prot 3.16c 04.30.2006 no virus found
Ikarus 0.2.59.0 04.29.2006 Trojan-Dropper.Win32.VB.ml
Kaspersky 4.0.2.24 04.30.2006 Trojan-Dropper.Win32.VB.ml
McAfee 4751 04.28.2006 Generic PWS.o
Microsoft 1.1372 04.30.2006 no virus found
NOD32v2 1.1513 04.29.2006 a variant of Win32/TrojanDropper.VB.IO
Norman 5.90.17 04.28.2006 W32/VBTroj.AFE
Panda 9.0.0.4 04.29.2006 Suspicious file
Sophos 4.05.0 04.29.2006 no virus found
Symantec 8.0 04.30.2006 PWSteal.Marlap
TheHacker 5.9.7.136 04.29.2006 Trojan/Dropper.VB.ml
UNA 1.83 04.28.2006 TrojanDropper.Win32.VB
VBA32 3.11.0 04.29.2006 Trojan-Dropper.Win32.VB.ml
VirusTotal is a free service offered by Hispasec Sistemas
B
Bill Sanderson MVP
That's a good one--I like seeing results like that--you can get a picture of
who's on their toes and who is not. This one is probably also illustrative
of who is putting effort into the spyware coverage, versus the virus
coverage--although why a trojan shouldn't get coverage by an antivirus, even
if its customary payloade is spyware, would be beyond me. I believe that
Microsoft now says that their coverage at safety.live.com includes spyware,
but I haven't seen real detections, so I'm not convinced. Also, I haven't
figured out how to correllate the version numbers stated at virustotal with
anything--they don't match what I see in OneCare, for example.
--
who's on their toes and who is not. This one is probably also illustrative
of who is putting effort into the spyware coverage, versus the virus
coverage--although why a trojan shouldn't get coverage by an antivirus, even
if its customary payloade is spyware, would be beyond me. I believe that
Microsoft now says that their coverage at safety.live.com includes spyware,
but I haven't seen real detections, so I'm not convinced. Also, I haven't
figured out how to correllate the version numbers stated at virustotal with
anything--they don't match what I see in OneCare, for example.
--
G
Guest
That was just a small "snapshot" and, of course, not sufficient for
evaluating any ot the AV's overall. We won't really have a real comparison
until Microsoft's AV is able to participate in wider testing, such as AV
Comparatives. At least the Virus Total participation is a step in that
direction. Lack of information for comparision is the main reason I have
never seriously considered installing One Care. By the way, I still have not
reinstalled Defender, and there are times when I miss the software explorers
and even the alerts about known software. I hope some improvements are made
to it, so I can feel safe to try it again. In the interim, I was beta testing
another product, but it became unstable and I removed it as well. For now,
I'm sticking to GM software for my peace of mind.
evaluating any ot the AV's overall. We won't really have a real comparison
until Microsoft's AV is able to participate in wider testing, such as AV
Comparatives. At least the Virus Total participation is a step in that
direction. Lack of information for comparision is the main reason I have
never seriously considered installing One Care. By the way, I still have not
reinstalled Defender, and there are times when I miss the software explorers
and even the alerts about known software. I hope some improvements are made
to it, so I can feel safe to try it again. In the interim, I was beta testing
another product, but it became unstable and I removed it as well. For now,
I'm sticking to GM software for my peace of mind.