Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Scans not Consistent


  • Please log in to reply
5 replies to this topic

#1 yabbadoo

yabbadoo

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 08 July 2013 - 09:51 AM

Over the years I have had AVG as my online AV protection with MBAM and Emsisoft AM as optional manual scanners.

 

Emsisoft or MBAM I use about twice per month for a manual scan, mostly MBAM as it is quicker. Perhaps every 5-6 weeks I use AVG. Using Sandboxie eliminates the necessity of more frequent scans.

 

Question ?

AVG and MBAM almost never pick any infections up, they are consistently clean. But when I use Emsisoft, it has on several occasions picked up infections which the other programs have not.

 

I would gratefully appreciate a logical explanation why this should occur.

 

Again, AVG and MBAM never picked up any infections today - 8th July 13,  yet Emsisoft picked up 5 worms and trojans, which I quarantined. See :-

 

Emssisoftscan0807113_zpsa38b548a.jpg

 

 

Thank you in advance.

 



BC AdBot (Login to Remove)

 


#2 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:04:45 AM

Posted 08 July 2013 - 10:24 AM

Those entries must be in the Emsisoft definitions but not in the databases of the other two.   They could be false positives, but if you keep finding things when you scan you should maybe consider some active protection to keep malware from entering your system.

 

Personally I use Comodo Internet Security and no scanners have ever found anything other than the odd tracking cookie on my computers in the last 5 years, however maybe I avoid visiting dodgy sites.

 

If you only do the occasional scan it could well be too late to save your data from being stolen.


James

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 08 July 2013 - 10:33 AM

Emsisoft products are prone to "false positives" and they even acknowledge this.


...Sometimes security software falsely identifies important crucial system components as a threat (hence the term False Positives - FP).

Removing/deleting critical system files, even temporarily, can make a system crash. Sometimes the system will recover after a reboot, and sometimes it will not. Therefore, you may not be able to start your system. Special system restore measures may be needed, or even a full system re-installation...

Using Security Software To Scan Data


...the Anti-Malware Scanner looks for files, folders, registry entries and Tracking Cookies that are typically created by Spyware programs. Traces are exactly these trails that Spyware leaves behind...This approach has both advantages and disadvantages for Malware recognition...The negative side is that it provides a relatively inexact, or insufficiently differentiated to be more precise, Malware recognition. Benign software can be falsely recognized, for example, if it uses the same file name or folder as a dangerous Spyware program.

Software discovered via Traces should therefore first be double-checked to see if it is actually Malware before it is finally deleted...

Spyware Traces in Detail

If you're going to use Emsisoft products, get a second opinion on suspicious or questionable file detections by submitting them to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

If there are multiple file detections you're not sure about, then perform an Online Virus Scan.

If you suspect the detection was a false positive, then report it to Emsisoft Support so they can investigate or submit samples to their research lab.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 08 July 2013 - 01:50 PM

Emsisoft products are prone to "false positives" and they even acknowledge this.

 

...Sometimes security software falsely identifies important crucial system components as a threat (hence the term False Positives - FP).

Removing/deleting critical system files, even temporarily, can make a system crash. Sometimes the system will recover after a reboot, and sometimes it will not. Therefore, you may not be able to start your system. Special system restore measures may be needed, or even a full system re-installation...

Using Security Software To Scan Data


...the Anti-Malware Scanner looks for files, folders, registry entries and Tracking Cookies that are typically created by Spyware programs. Traces are exactly these trails that Spyware leaves behind...This approach has both advantages and disadvantages for Malware recognition...The negative side is that it provides a relatively inexact, or insufficiently differentiated to be more precise, Malware recognition. Benign software can be falsely recognized, for example, if it uses the same file name or folder as a dangerous Spyware program.

Software discovered via Traces should therefore first be double-checked to see if it is actually Malware before it is finally deleted...

Spyware Traces in Detail

If you're going to use Emsisoft products, get a second opinion on suspicious or questionable file detections by submitting them to one of the following online services that analyzes suspicious files: In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

If there are multiple file detections you're not sure about, then perform an Online Virus Scan.

If you suspect the detection was a false positive, then report it to Emsisoft Support so they can investigate or submit samples to their research lab.

 

That is a great reply, thank you so much.

 

I have sent the 5 items to Emsisoft, who promise to come back by Email. I will wait and see. I have restored all 5 items so that other AV`s can pick them up it they really exist as malware.

 

I did try Kasperski`s free scan. It found 3 malware items after 14% run at which I stopped it. No details of the items were given. When clicking "Fix it", it opened my browser at a page in Danish displaying their products, which had to be purchased. So they find 3 dubious threats and then say "Ah, we found them free, but you are not getting us to fix them free, you have got to buy one of our nice AV packages".

 

NO WAY ! Seen that kind of scam before. So I gave  Kasperski.the big elbow. Not getting caught like that again with so-called "free" AV scans or waste my time messing about with them. So I will slog on and see if I can  crack it myself, using some of your tips, my ability and  lot of common sense.

 

I have just  run MBAM on a full computer scan with the 5 Emsisoft restored and guess what ? Perfectly clean, no malicious items found. I suspect that Emsisoft is the culprit in labelling perfectly innocent items as malicious. If I prove this to my satisfaction, then Emsisoft will follow Kaspersky mighty quick.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 PM

Posted 08 July 2013 - 01:57 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 10 July 2013 - 12:24 PM

I suggest you submit these 5 files to VirusTotal.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users