BOClean does not work for me. [Resolved]

agraj · October 21, 2008, 7:28pm

HEy,
I am running a BOClean on a Vist 64 bit system . However it doesn’t seem to work. When ever i open a test webpage , it doesn’t give a alert for trojan . Is there any way to check if Boclean is running at all?

alaertsxan · October 21, 2008, 7:35pm

Try using a real trojan or try the Trojan Simulator

Please post back if BoClean catches it or not

Xan

agraj · October 21, 2008, 7:42pm

Hey… thanks a ton! It worked! But may i know the reason why test sites doesn’t work? even EICAR files are not flagged by BOclean.?

alaertsxan · October 21, 2008, 7:50pm

I have no idea. I think you tested it wrong. BoClean doesn’t use a real-time scanner, it works differently. (I don’t really know how to explain it)

Let’s take the hotel example. You are in the lobby and see all the people pass. At the doors you see bodyguards and people passing. Now what does it have to do with all of this . Pretty easy. The people passing are the processes running and files being opened. The bodyguards will check them with there ‘pictures of the criminals’. If they slip pass though Boclean (which was you) will keep looking at the people passing and when he spots a bad guy, he’ll catch him.

So boclean won’t actually scan a file. But if you want to do so (please be carefull, while doing this, you will actually activate them) you just drag and drop the file into the BoClean mainscreen. That should start the scanning

I hope I could help you

Xan

Rednose · October 22, 2008, 7:12am

Hi agraj

The way BOClean works is that it scans the memory for known Malware. Today a lot of Malware is packed and/or obfuscated so that traditional AV/AS software can’t detect it. But as soon as the Malware loads into the memory, it has to reveal it self, so that BOClean will detect and kill it

Greetz, Red.

ganda · October 22, 2008, 9:16am

i think i read kevin’s answer somewhere in this forum that the reason the Eicar isn’t flagged is because “it doesn’t really access the memory” or something like that

EricCryptid · October 22, 2008, 10:43pm

If you actually run either Eicar or Spycar .com files on your system and allow it in CPF then as soon as the signature hits the memory boclean shuts down and removes the file. It has to begin to load into memory before boclean will catch it but it’s an awsome program!

E

alaertsxan · October 25, 2008, 2:47pm

Great, after all these errr… ‘interesting posts 88)’ I think we solved this one

agraj : If you need this topic reopened, please pm me or any active mod with the link to this topic

Regards,

Xan