Efficiency of antivirus companies or the history of a single virus report
Not as far as yesterday
I come from a lunch break, and our technologist cries for explosions.
Mihalych, here my cheto Windows is stuck.
He came and was delighted - Microsoft had convicted her (technologist) of watching gay porn and demanded a ransom for webmoney.
Since I got rid of this scourge quickly, I decided to check for decency with free antiviruses that were at hand and at the same time submit a new copy.
')
A short "summary" of the work done under the cut
Well, first we will try to get rid of this gay porn.
One word invested in 10min.
By the way, Avast 4.8 Home Edition stands on that system. Of course, I didn’t have much hope for him, but still threw him on that file. As expected - he did not show anything.
Here the excitement has already turned on and decided to check with all available antiviruses, as well as add a new sample.
But first things first
Since it was already found out that this virus is not listed in Avast, I started sending them a copy to the laboratory. Unfortunately, the site does not have a form for automatic sending for analysis and an online scanner.
Having rummaged through Google, I found out that the samples are sent to virus@avast.com with a password-protected archive with a password embedded in the text.
Dr.Web - very pleased in all plans. Although his CureIt and later online scanner did not detect the threat, it made it easy to add a sample. Everything was quite logical and fast.
Grieved. Any Google search for the phrase “Kaspersky online scanner” led to the site www.kaspersky.ru/virusscanner where it wasn’t. There was only a set of utilities that were offered to download, install and then something to do with them.
Fortunately, an online form was immediately found to send the sample to the laboratory, which was immediately done.
The results were also a little surprised, although if we analyze all the above, they were logical.
As you can see, all the subjects coped with the task. But Dr.Web turned out to be the most operational and informative . After him - who did not participate in the race - the Microsoft Security Essentials to which I submitted the file in the evening, the field of work, and he surprisingly responded for ~ 30min-1 hour. And he added to the sample in his database about what and notified me in his letter.
3rd place was taken by Kaspersky, although he warned me on the form that if you want efficiency, send it through your personal account. But still, I think I could condescend to send me a notification in the mail that the virus was added.
4th place avast - no online forms for submission, no report on the delivery of the virus, it is good though the reaction is not more than 24 hours.
What I would like is a simple and efficient service with a maximum of 3 clicks and no quests:
PS Addresses for sending new viruses:
Dr.Web: vms.drweb.com/online - immediately after the online check item “Add new”
Kaspersky Antivirus: support.kaspersky.com/virlab/helpdesk.html
Avast: virus@avast.com - password-protected archive with a password in the text of the letter.
MSSE: www.microsoft.com/security/portal/Submission/Submit.aspx
UPD: Address avast scanner scan: onlinescan.avast.com
I come from a lunch break, and our technologist cries for explosions.
Mihalych, here my cheto Windows is stuck.
He came and was delighted - Microsoft had convicted her (technologist) of watching gay porn and demanded a ransom for webmoney.
Since I got rid of this scourge quickly, I decided to check for decency with free antiviruses that were at hand and at the same time submit a new copy.
')
A short "summary" of the work done under the cut
Deliverance
Well, first we will try to get rid of this gay porn.
- Reboot into Safemode. It is still hanging.
- I call the Task Manager with a quick movement of the hand (for some reason it hasn’t been blocked yet, and thank God) and sharply click to delete the current task - yes.
- Succeeded. Now we start msconfig and we take away from autorun 0.07209009531421795.exe
- We are overloaded for the 2nd time - blocking again (see that there is an infection somewhere else). This time it was not possible to delete it via the task manager.
- Reboot for the 3rd time. But now we press Ctrl + Alt + Del immediately after the message that “Now Windows is working in safe mode” appears and launch the explorer.
- Find that file and rename it.
- Overload. Voila
One word invested in 10min.
By the way, Avast 4.8 Home Edition stands on that system. Of course, I didn’t have much hope for him, but still threw him on that file. As expected - he did not show anything.
Here the excitement has already turned on and decided to check with all available antiviruses, as well as add a new sample.
But first things first
Avast
Since it was already found out that this virus is not listed in Avast, I started sending them a copy to the laboratory. Unfortunately, the site does not have a form for automatic sending for analysis and an online scanner.
Having rummaged through Google, I found out that the samples are sent to virus@avast.com with a password-protected archive with a password embedded in the text.
Dr.Web
Dr.Web - very pleased in all plans. Although his CureIt and later online scanner did not detect the threat, it made it easy to add a sample. Everything was quite logical and fast.
Kaspersky
Grieved. Any Google search for the phrase “Kaspersky online scanner” led to the site www.kaspersky.ru/virusscanner where it wasn’t. There was only a set of utilities that were offered to download, install and then something to do with them.
Fortunately, an online form was immediately found to send the sample to the laboratory, which was immediately done.
results
The results were also a little surprised, although if we analyze all the above, they were logical.
- Avast - email sent with confirmation of delivery. But all is quiet. The answer did not come. but after 24 hours with a new base virus is detected as Win32: Rootkit-gen [Rtk]
- Dr.Web - immediately after filling out and submitting the form, an email was received so that the file is being processed, and after ~ 4 hours a notification that the sample was added to the database called Trojan.Winlock.3256
- Kaspersky - after the submission a letter came that the file was being processed and nothing else.
After 24 hours, I tried the Kaspersky server with the databases from 11/17/2011 0:20:00 - defines it as detected: Trojan program Trojan-Ransom.Win32.Gimemo.dfe
Conclusions or whatever
As you can see, all the subjects coped with the task. But Dr.Web turned out to be the most operational and informative . After him - who did not participate in the race - the Microsoft Security Essentials to which I submitted the file in the evening, the field of work, and he surprisingly responded for ~ 30min-1 hour. And he added to the sample in his database about what and notified me in his letter.
3rd place was taken by Kaspersky, although he warned me on the form that if you want efficiency, send it through your personal account. But still, I think I could condescend to send me a notification in the mail that the virus was added.
4th place avast - no online forms for submission, no report on the delivery of the virus, it is good though the reaction is not more than 24 hours.
What I would like is a simple and efficient service with a maximum of 3 clicks and no quests:
- Main site
- Item: Online Scanner
- Item: Add New
PS Addresses for sending new viruses:
Dr.Web: vms.drweb.com/online - immediately after the online check item “Add new”
Kaspersky Antivirus: support.kaspersky.com/virlab/helpdesk.html
Avast: virus@avast.com - password-protected archive with a password in the text of the letter.
MSSE: www.microsoft.com/security/portal/Submission/Submit.aspx
UPD: Address avast scanner scan: onlinescan.avast.com
Source: https://habr.com/ru/post/132848/
All Articles