Vulnerability Test failed

I was bored, so I tried this. I’m running Win98SE with NOD32, BOClean, and OutPost Pro. When I downloaded the executable, nothing happened, so I clicked on the executable. The calculator opened and then my computer rebooted. I don’t really know what was happening but I suspect this is little more than a slightly more sophisticated version of the Blonde virus.

You have been infected with the Blonde virus. Inasmuchas we do not have any real programming knowledge or experience, this virus works on the honor principle. Please forward this virus to everyone in your address book, and then delete all of your system files. Thank you for your cooperation.

Maybe comodo should be looking at heuristics? Maybe everyones getting paranoid? I just tried bit defender 10 free boy did that slow down my pc and it froze!

pugmug. not a fanboy of comodo or anyone elses products. just happen to like avira but depend on cpf-boclean. would just like a simple explanation as to why other two programs didn’t catch this. in laymans terms if someone could. frank.

Frank,

In layman’s terms, the other programs did not detect it because they are not programmed to do so. In order to detect by using signatures, those signatures must be programmed into the application; these are your daily AV updates.

It is possible that your AV caught it because of heuristics, rather than virus definitions. I doubt that, though, as it would seem likely other applications would then catch it. I am surprised that BOC didn’t trigger on it, but apparently BOC doesn’t see it as a threat (by the definitions in its database); BOC has no heuristics.

Hope that answers your question.

LM

With the latest definition updates CBOClean flags it. But it seems that it can’t stop the TrojDemo BEFORE it is running : It is still messing with the calculator, desktop, taskbar etc.

Greetz, Red.

afternoon lm. tks for the reply. i can understand it now. tks a bunch. frank.

Not sure if this review on this website means much, but the person seemed to feel BOClean and Comodo Pro was worth having on board. Loading...

Thank you for your insightful, enlightening, and informative contribution.

Please post again soon, so that we can all bask in the warming glow of your presence. :slight_smile:

how will you know a malware is a malware before it causes damage and is brought to AV vendor’s attention?

Detection is a reactive technology that will always lag behind the baddies! Which means they will cause havoc as they are.

Melih

Ah, the never ending HIPS discussion. :slight_smile:

As long as the white list is really huge, average Joe will almost never have to bother because HIPS won’t alert. When there is an exception - a program is being executed but it’s unknown - then it may be a problem.

I downloaded an AVI to GIF converter. At least that was what I thought. It wasn’t in the white list (CAVS HIPS), still I wanted to execute it because I thought it was the program I was looking for. Now BOClean caught it as a trojan, which was very lucky for me. Who knows what it could have done?

So,

  1. HIPS with a vast white list
  2. Detection with a vast black list (and smart heuristics)

That’s my dream. If any company will make it come true, I think it’ll be Comodo. Says the fanboy. Hey pugmug, are you reading this?!

Thanks,
/LA

a-squared Anti-Malware’s IDS didn’t stop it, but Cyberhawk did. Both have Behavioral Detection. Not sure if this means anything and not sure the test means anything, but it’s comforting to know Avira and Cyberhawk detects this.

I know this is the BOClean forum, but I believe Comodo Pro Firewall would ask if you want to allow the TrojDemoexe. access to the internet correct? I know the Firewall in the McAffee Internet Security Suite does, and can then be blocked to stop the info that the fake trojan obtains and wants to send out.