Results 1 to 9 of 9

Thread: Right click scan can't detect malware

  1. #1
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default Right click scan can't detect malware

    A few days ago I have submitted a malware (see: http://forums.spybot.info/showthread.php?t=33468) and received a mail that is has been added to the detections and said i could download the new detections on wednesday. So on wednesday i have downloaded the detection updates and scanned the malware i have submitted and spybot couldn't find the malware. So i tought that maybe it hasn't been added to the detections or that there was a problem with the right click scan. So i have downloaded well known keyloggers and a trojan. I have downloaded ardamax, golden keylogger, perfect keylogger and the prorat trojan. I scanned all those files and spybot only detected perfect keylooger and it detected it with heuristcs. So i think there is a problem with the right click menu scan. I am using the latest spybot version on windows vista home pre.
    DOCTUS.ORG Turkish security forum

  2. #2
    Guest
    Join Date
    Jun 2008
    Posts
    478

    Default

    this is important, the most important thing is that spybot detects, removes and protects against malware so it is strange that no one has answered your post.

    i can see it was you that made the thread "spybot is weak against loggers" (if i remember right) i can only say i am sorry for my critisism to you.
    Last edited by blues; 2008-09-06 at 14:25.

  3. #3
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Yeah I was the one who opened the topic spybot is weak against loggers. I am the one who opened this topic. But you should know that i am the one who made bug reports sent undetected files, applied to translate spybot to turkish. If you had known turkish I could show what I have done in our forum which is the biggest computer security forum in Turkey. I have created a spybot group, had a sticky topic about spybot problems and replied all problems the users had with spybot, have spybot banner in my sig. I am also a hijackthis analyzer and I always make people scan their pc with spybot when I analyze hijackthis logs. And lots of other stuff which i can't remeber now. If i said "ohh super program, the best antispyware, conguratilations..." would this be better. Or is telling the problems better to help spybot develop? So stop crtisising me. You are talking pointless.
    DOCTUS.ORG Turkish security forum

  4. #4
    Guest
    Join Date
    Jun 2008
    Posts
    478

    Default

    So stop crtisising me.
    i have

    You are talking pointless.
    yes

    i just tried to get someone respond to you.

    Edit: Bumping is not the way to do it, as md usa spybot fan said,
    By responding to this thread you raised the reply count. I have found that a member of "Team Spybot" is more likely to read and respond to a thread with a zero (0) reply count than a thread that has been responded to.
    Last edited by tashi; 2008-09-14 at 19:27. Reason: edit

  5. #5
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    dj.turkmaster:

    I suggest that you repost your query in the New or undetected forum so that stands a better chance of being seen by a member of "Team Spybot". I also suggest that you indicate if a regular "Check for problems" scan detected the keylogers and also try adding the download directory of were the installation files for the keylogers are located to the Settings » "Directories" feature and see if the installation file names are detected.

    blues:

    By responding to this thread you raised the reply count. I have found that a member of "Team Spybot" is more likely to read and respond to a thread with a zero (0) reply count than a thread that has been responded to.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  6. #6
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    md usa spybot fan

    Thanks for your reply. I know that perfect keylogger and ardamax keylooger are in spybot's database and also the xp antivirus should have been added to the database. (see: http://forums.spybot.info/showthread.php?t=33468) So this seems to be a problem with the right click scan not with the databse. But now i will infect the computer with those keyloggers but not with xp antivirus So i will see if spybot will be able to detect. If it can detect it will be obivus that there is a problem with the right click scan.
    DOCTUS.ORG Turkish security forum

  7. #7
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Here are the results i hope this will clearify:


    And the right click scan results:
    DOCTUS.ORG Turkish security forum

  8. #8
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Now I have done a new test I put the malwares in a directory and added the directory to be scanned with the full scan (settings> directory> add a directory to the list). I didin't infect the computer with the malwares. Spybot again detected the malwares in the directory I added. But still can't detect with a right click scan. So it is obvious that there is a problem with the right click scan feature. And it seems as a serious problem. But I couldn't get an answer from "Team Spybot"
    DOCTUS.ORG Turkish security forum

  9. #9
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    actually it is not a problem with the single file scanner (right click scanner) itself. The scanner uses the same detection rule sets as Spybot S&D but some rules are set to be ignored by the single file scanner to avoid false positives due to 'weak' advanced parameters with the heuristics scan part. For instance a weak parameter would be a filename. Where possible we will increase the detection rate of the singe file scanner without increasing the rate of false positives.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •