PDA

View Full Version : Right click scan can't detect malware



dj.turkmaster
2008-09-04, 13:32
A few days ago I have submitted a malware (see: http://forums.spybot.info/showthread.php?t=33468) and received a mail that is has been added to the detections and said i could download the new detections on wednesday. So on wednesday i have downloaded the detection updates and scanned the malware i have submitted and spybot couldn't find the malware. So i tought that maybe it hasn't been added to the detections or that there was a problem with the right click scan. So i have downloaded well known keyloggers and a trojan. I have downloaded ardamax, golden keylogger, perfect keylogger and the prorat trojan. I scanned all those files and spybot only detected perfect keylooger and it detected it with heuristcs. So i think there is a problem with the right click menu scan. I am using the latest spybot version on windows vista home pre.

blues
2008-09-06, 14:20
this is important, the most important thing is that spybot detects, removes and protects against malware so it is strange that no one has answered your post.

i can see it was you that made the thread "spybot is weak against loggers" (if i remember right) i can only say i am sorry for my critisism to you.

dj.turkmaster
2008-09-06, 14:55
Yeah I was the one who opened the topic spybot is weak against loggers. I am the one who opened this topic. But you should know that i am the one who made bug reports sent undetected files, applied to translate spybot to turkish. If you had known turkish I could show what I have done in our forum which is the biggest computer security forum in Turkey. I have created a spybot group, had a sticky topic about spybot problems and replied all problems the users had with spybot, have spybot banner in my sig. I am also a hijackthis analyzer and I always make people scan their pc with spybot when I analyze hijackthis logs. And lots of other stuff which i can't remeber now. If i said "ohh super program, the best antispyware, conguratilations..." would this be better. Or is telling the problems better to help spybot develop? So stop crtisising me. You are talking pointless.

blues
2008-09-06, 15:06
So stop crtisising me.i have;)


You are talking pointless. yes:p:

i just tried to get someone respond to you.

Edit: Bumping is not the way to do it, as md usa spybot fan said,

By responding to this thread you raised the reply count. I have found that a member of "Team Spybot" is more likely to read and respond to a thread with a zero (0) reply count than a thread that has been responded to.

md usa spybot fan
2008-09-06, 15:11
dj.turkmaster:

I suggest that you repost your query in the New or undetected (http://forums.spybot.info/forumdisplay.php?f=17) forum so that stands a better chance of being seen by a member of "Team Spybot". I also suggest that you indicate if a regular "Check for problems" scan detected the keylogers and also try adding the download directory of were the installation files for the keylogers are located to the Settings » "Directories" feature and see if the installation file names are detected.

blues:

By responding to this thread you raised the reply count. I have found that a member of "Team Spybot" is more likely to read and respond to a thread with a zero (0) reply count than a thread that has been responded to.

dj.turkmaster
2008-09-06, 15:18
md usa spybot fan

Thanks for your reply. I know that perfect keylogger and ardamax keylooger are in spybot's database and also the xp antivirus should have been added to the database. (see: http://forums.spybot.info/showthread.php?t=33468) So this seems to be a problem with the right click scan not with the databse. But now i will infect the computer with those keyloggers but not with xp antivirus :) So i will see if spybot will be able to detect. If it can detect it will be obivus that there is a problem with the right click scan.

dj.turkmaster
2008-09-06, 15:31
Here are the results i hope this will clearify:
http://img175.imageshack.us/img175/4553/adszsi4.jpg

And the right click scan results:
http://img205.imageshack.us/img205/8654/222od0.jpg

dj.turkmaster
2008-09-07, 14:37
Now I have done a new test :) I put the malwares in a directory and added the directory to be scanned with the full scan (settings> directory> add a directory to the list). I didin't infect the computer with the malwares. Spybot again detected the malwares in the directory I added. But still can't detect with a right click scan. So it is obvious that there is a problem with the right click scan feature. And it seems as a serious problem. But I couldn't get an answer from "Team Spybot"

Yodama
2008-09-16, 08:26
hello,

actually it is not a problem with the single file scanner (right click scanner) itself. The scanner uses the same detection rule sets as Spybot S&D but some rules are set to be ignored by the single file scanner to avoid false positives due to 'weak' advanced parameters with the heuristics scan part. For instance a weak parameter would be a filename. Where possible we will increase the detection rate of the singe file scanner without increasing the rate of false positives.