Vulnerability Test failed


I’m using BOClean and CPF.

I tried this Vulerability Test and BOClean or CPF couldn’t stop it.
I just wanted to inform you.

Could maybe Memory Guardian pass this test?

Kind regards

I have tried this and it actually terminated the latest version of Memory Guardian on my PC (actually the files were still alive in task manager but the icon had disappeared from my taskbar).

No detection from CFP 2.4 on high security settings which is a worry. Nothing from BOClean.

I did have to allow the file to execute when CAVS HIPS warned me so I could have prevented the simulated attack at that point. Tried it, blocking with HIPS prevented the file running after double clicking on it.


EDIT: Just goes to show how careful you need to be to avoid Trojans:

You can limit the risk of trojans by observing the following rules:

Always be alert to internet traffic and the downloading of files

Never open files which you are offered by an unknown party. This applies to all types of files received through all possible channels.
Ensure that programs such as Microsoft Word and Excel do not automatically run macros.
Ensure that your e-mail program does not automatically open attachments for you.
Never accept files which are offered via MSN Messenger or similar chat programs.
The downloading of illegally copied software is always risky. It is better to use a reliable software archive such as Tucows or
Do not accept files which you have to install in order to view a web page.

Has anyone tried the test while running under a Limited User Account ?

Ran the test under Debugger User on XP Pro and also as Administrator on another PC. I cant change to a limited user at work I will try when I get home tonight.


Well boys (and girls), why don’t you all get Avira\Antivir?

It intercepts this trojan. :Beer

HIPS protection is all very well, but a having a good\big database is at least as important (just my opinion).

How about avast? Stuart

tried it and avira stopped it cold. just my two cents worth. have a great week-end. frank

I also tried this test and absolutely nothing told me that it had penetrated my system, other than Comodo asking for permission to get back on the web. This is extremely worrisome for me as I thought I was somewhat well protected against these types of attacks with Boclean, CPF and Avast, but I guess I’m not. Anyone of authority have any suggestions?

CFP v3 includes HIPS and will come out of beta some day. I’m now using Spyware Terminator which also features whitelist HIPS. And I was using AVG Free but when I heard that Avast and Avira were better I considered both and finally decided to go for Avira, I’m glad I did. It’s got better detection than Avast according to all sources and its only downside is no email scanner which is not necessary IMO --and you can get it from Avira along with resident antispyware for $20.

But if you run programs downloaded from untrusted sources there’s no way you’ll be 100 per cent safe. It would be almost safer not using any security software at all but being careful.

It did pull up the Calculator, then CFPv3b’s Defense + (the HIPS) gave an alert about it, which I denied. Then the test popped up a message that said my computer had failed, and the info it extracted was on the website. I clicked on the button to review the report, and it tried various ways to access the network which I denied (looked suspicious to me; some tests don’t actually fail until you let them back out); I only allowed it when it became the new parent to FF. When I allowed it to access the website, the page was blank. I’d feel better about the internet access side of it if they would provide a link instead of a button…

The concerning thing was that it pulled the calculator up before v3 triggered a HIPS alert (and I had all Security Levels locked down). BY the name of their product, it would seem they use an overrun technique, but CMG did not trigger either. Nor did BOC.


Two people now three are telling you what to use.The rest of the post are crap.user4 and bonnieville,you know of what you speak.The rest is just a bunch of fanboy covering up Comode.

Pff whatever you say. 88)

–Avira User


I have not seen any evidence of any “Covering up” of this issue, we would not attempt to do that. Covering something up on the internet is a fools game.

We have established that another product detects this so called “trojan” through a signature.

I could change one byte of the so called “trojan”, then you would see how “Good” the technique Avira has used to identity this program as a trojan (As you can with most antivirus products). These tests are not meant to be detected by signatures, they are meant to be stopped by plugging the problem in the firewall.

EDIT: It is not actually a trojan, I accidentally referred to it as such, it is a test program which does as it advertises it does so it is not a trojan.

HIPS simply stopped the TroyDemo. When I allowed it to run, it also popped up the message. And when I clicked the button CFP popped up and it couldn’t connect to the internet. My opinion : Although it certainly worries me what I saw ( And that is that neither Avast! or CBOClean stopped it ), I am surprised people simply beleve what the pop up message says.

Just to prove my point : Close the internet connection, or even pull out the network cable if you want, and run the TroyDemo. Just wait … and voila : The first program which is able to connect to the internet WITHOUGHT an internet connection :stuck_out_tongue:

Greetz, Red.

That is an interesting finding.

If what RedNose says is correct, then that company has a lot to explain.

Ah Pugmug, nothing to share as usual. :smiley:

On the other hand, if you have to rely solely on HIPS to protect you from viruses and trojans, then I say good luck the the normal\average user (including me).

How are you to know whether a new exe is malware or not. It could be disguised as something else, the “greeting cards spam” is a recent example. Who can recognize the malware just by looking at a HIPS pop up?

I just don’t like the Comodo approach whereby HIPS is more important than detection.
It should be the other way around. Once malware can be detected by having a topnotch detection rate, answering the HIPS pop up becomes irrelevant and MUCH easier for the average Joe.

  1. Detection
  2. HIPS

True, the point I was trying to get across was that the program was meant to be “This program proves that a weakness exists”, the solution to that is NOT “Lets detect this one program and not fix the problem it was made to uncover”.

Turns out the program/problem is potentially fake anyway.

Yep, what they do is a very old trick : Tell people something is stolen from their vault, and there are always fools who open it immediately to see if it is true ;D It takes more than that to fool me :wink:

Greetz, Red.

I’m pretty much on the side of a fake program, although it does what it says it does… if you let it.

In my case after denying everything (so nothing actually happened), it still came up with the message that it had successfully attacked my system, and brought up a blank page of stuff it had snagged ;D

As to relying on HIPS (which is how Comodo and I blocked it (S)) - the average user would probably be a bit suspicious if asked if they really wanted to terminate explorer. I might also add it did nothing to affect my browsing experience in Firefox :slight_smile:

Running CAVS Beta 2 and CPF Beta 3 (I live life on the edge).


PS The image shows all the boxes you have to confirm to allow the program to work.

[attachment deleted by admin]