I am running a BOClean on a Vist 64 bit system . However it doesn’t seem to work. When ever i open a test webpage , it doesn’t give a alert for trojan . Is there any way to check if Boclean is running at all?
Try using a real trojan or try the Trojan Simulator
Please post back if BoClean catches it or not
Hey… thanks a ton! It worked! But may i know the reason why test sites doesn’t work? even EICAR files are not flagged by BOclean.?
I have no idea. I think you tested it wrong. BoClean doesn’t use a real-time scanner, it works differently. (I don’t really know how to explain it)
Let’s take the hotel example. You are in the lobby and see all the people pass. At the doors you see bodyguards and people passing. Now what does it have to do with all of this . Pretty easy. The people passing are the processes running and files being opened. The bodyguards will check them with there ‘pictures of the criminals’. If they slip pass though Boclean (which was you) will keep looking at the people passing and when he spots a bad guy, he’ll catch him.
So boclean won’t actually scan a file. But if you want to do so (please be carefull, while doing this, you will actually activate them) you just drag and drop the file into the BoClean mainscreen. That should start the scanning
I hope I could help you
The way BOClean works is that it scans the memory for known Malware. Today a lot of Malware is packed and/or obfuscated so that traditional AV/AS software can’t detect it. But as soon as the Malware loads into the memory, it has to reveal it self, so that BOClean will detect and kill it
i think i read kevin’s answer somewhere in this forum that the reason the Eicar isn’t flagged is because “it doesn’t really access the memory” or something like that
If you actually run either Eicar or Spycar .com files on your system and allow it in CPF then as soon as the signature hits the memory boclean shuts down and removes the file. It has to begin to load into memory before boclean will catch it but it’s an awsome program!
Great, after all these errr… ‘interesting posts 88)’ I think we solved this one
agraj : If you need this topic reopened, please pm me or any active mod with the link to this topic