a little disappointed MSE

[leSLIe]

well, yesterday, i found out that my little brother (15) was downloading pr0n from the infamous Empornium, he used my PC and laptop!!!!!
I have Avira installed in my lappy (win7) and MSE in my desktop PC (Vista)

I catched him when he was using my lappy and suddenly he said: "opps", it was a warning alert from Avira, after i questioned him, i run a full scan in my PC with MSE, nothing found, then i restarted and booted in safe mode, then run MalwareBytes, and it found trojans and one hijacker

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS\RtlProt.sys (Trojan.Agent) -> Quarantined and deleted successfully.

what happened here??
MalwareBytes found the malware, Avira stop the viruses from entering my lappy, and MSE found nothing and didn't prevent the malware from infecting my PC?!?!?

It was the Emporium site, malware infected
this is last time i give my brother complete access to my computers :S

 

[/usr/home]

Why are you running Avira and MSE at the same time on there? Two AVs at one time is a big nono. That could be part of your problem.

 

[leSLIe]

Why are you running Avira and MSE at the same time on there? Two AVs at one time is a big nono. That could be part of your problem.

nope. Sorry, maybe I didn't explained myself right
There is only one antivirus in each computer

In my laptop, there is only Avira
In my PC, there is only MSE

Avira detected the malware and stop it from installing,
MSE, didn't do it

 

[450]

Did you try installing Avira after uninstalling MSE from your laptop?

If so, does Avira see anything on your desktop?

 

[leSLIe]

Did you try installing Avira after uninstalling MSE from your laptop?

If so, does Avira see anything on your desktop?

sorry, It seems that i continue to not make any sense, my bad, bear with me please
my little brother used both computers to browse pr0n, so both computers were infected, each computer had a different Antivirus, and only one Antivirus

there was only one antivirus installed in each computer
When i installed Vista in my PC, I only installed MSE in it
When i got my new lappy, I only installed Avira in it

so no, MSE was never installed in my lappy

bottom line is: MSE didn't detect the malware, Avira did detect the malware.

 

[evilsofa]

1. No antivirus can detect all malware, especially zero-day malwares. It could just as easily have been Avira that missed it and MSE that got it. If you still have the malware in quarantine, upload it to VirusTotal and it will tell you which antivirus engines will detect it, and you can post the results here.

2. Is it certain that the same malware attacked both computers? If the malware attacked through randomly served ads, the malware could be different even if it was the same page.

3. Set up passwords on your PC and laptop so your little brother can't use them anymore.

 

[Shadowssong]

I think evilsofa hit the point right on the head by saying that no antivirus can detect everything, which is why you have more than one scanner for malware. I would suggest that you also scan with possibly gmer or even combofix because you do not know if malwarebytes removed everything.

 

[YeOldeStonecat]

So you have 1x instance where MSE didn't detect a malware, yet Avira did?

Do a dozen of these a day...with a dozen different AV products...and after a few months of it...come back with some averaged results.

Just in the past week alone I can come up many examples of..where I worked on computers that got infected..where one AV plus malwarebytes cleaned up what others missed...including Avira. And visa versa. And visa versa again.

Welcome to malware, where every hour....hundreds of new variants come out. Early in the morning your favorite AV might detect a version of a rogue. A few hours later...it might miss the new variant that came out...and another brand may pick it up. Come back an hour later and they may both miss it and a 3rd AV may pick it up. Come back tomorrow and...well..who knows..but that's how it works.

It's in dealing with malware day in and day out and day in and day out and over and over and over again that you start to see which products work better than others.

 

[marley1]

yeah i am only luke warm impressed with MSE, i see people coming in every other day where i put MSE on them a while ago with spyware and MSE just sitting there yellow saying that a scan hasn't been run.

but yeah all AV suck with malware, stuff getting past ESET, Norton, Mcafee, etc.

 

[Grentz]

yeah i am only luke warm impressed with MSE, i see people coming in every other day where i put MSE on them a while ago with spyware and MSE just sitting there yellow saying that a scan hasn't been run.

but yeah all AV suck with malware, stuff getting past ESET, Norton, Mcafee, etc.

I have MSE on a ton of my machines and clients and have never seen that....

 

[awesomo]

I have MSE on a ton of my machines and clients and have never seen that....

Guess they don't go hopping around the porn sites then.
I have seen all the major antivirus's miss something. No one solution will protect you from everything. Nor can it protect the user from their own stupidity, but it sure can try.

 

[Oldie]

I've seen MSE miss thing several times, that I was able to remove with Mbam. It's a decent AV, but it just doesn't seem to have as good of a scanner as most think.

 

[leSLIe]

After a thorough questioning to my little brother and after a check to the browser history (he didn't delete it) I found out that there was only one pr0n site, Empornium, and well, that site is full of pr0n, so why would he need another one, hehe, that's too bad

Well i tried to recreate the problem, both machines have user passwords (which i gave to my little brother, big mistake, i know )

• First I logged in to that site using my lappy (Win7, Avira, Firefox) then click on torrents, and bam!! a pop-up, and immediately after that a warning from Avira, a trojan!
• Then I logged in to that site using my PC (Vista, MSE, Firefox) then click on torrents, and bam!! a pop-up, then NOTHING

After those tests, my PC was infected, again, run Malwarebytes in safe mode and deleted the malware

1. No antivirus can detect all malware, especially zero-day malwares.

yes, no AV can detect all the malware out there

So you have 1x instance where MSE didn't detect a malware, yet Avira did?

Do a dozen of these a day...with a dozen different AV products...and after a few months of it...come back with some averaged results.

Just in the past week alone I can come up many examples of..where I worked on computers that got infected..where one AV plus malwarebytes cleaned up what others missed...including Avira. And visa versa. And visa versa again.

Welcome to malware, where every hour....hundreds of new variants come out. Early in the morning your favorite AV might detect a version of a rogue. A few hours later...it might miss the new variant that came out...and another brand may pick it up. Come back an hour later and they may both miss it and a 3rd AV may pick it up. Come back tomorrow and...well..who knows..but that's how it works.

It's in dealing with malware day in and day out and day in and day out and over and over and over again that you start to see which products work better than others.

porn pop-ups, the infamous most annoying source of malware in the net


One more thing, Firefox (vanilla version, absolutely no plug-ins installed) were used in both machines. I guess, the malware problem could been avoided if i haven't forgot to install a pop-up killer plug-in

 

[450]

Your brother needs his own computer IMO.

Still, 1 small-ish issue isn't so bad, especially considering the price of the software involved (free).

 

[leSLIe]

Your brother needs his own computer IMO.

Still, 1 small-ish issue isn't so bad, especially considering the price of the software involved (free).

hehe, he was just visiting, funny what he does in just a couple of days though he has his own stuff at his home, with my parents.

Yeah well, still a little disappointed with the AV
that bursted my bubble, my life would never be the same again!!!

 

[YeOldeStonecat]

One more thing, Firefox (vanilla version, absolutely no plug-ins installed) were used in both machines. I guess, the malware problem could been avoided if i haven't forgot to install a pop-up killer plug-in

No..the rogues will blast right through Firefox....I run Firefox with add ons....and last winter PAV (Personal AntiVirus) punched right through FF.

 

[Grentz]

Guess they don't go hopping around the porn sites then.
I have seen all the major antivirus's miss something. No one solution will protect you from everything. Nor can it protect the user from their own stupidity, but it sure can try.

I was referring to "MSE just sitting there yellow saying that a scan hasn't been run."

Not that MSE can miss things.....all the A/V packages miss things (pay and free).

 

[marley1]

well i deal with it alot and have seen the thing sitting there yellow not poping a thing. run mbam cleans it, i deal with spyware alot unfortunately as we handle both business and home, so i have seen it a few times. most of the people are either looking at porn or facebook, and have no idea and just click on things.

but i haven't seen any one AV do anything over the others, i still recommend Nod and been puting on the version 4.2 and honestly haven't seen so much crazy spyware on those, but its possible with any client.

 

[xX_Jack_Carver_Xx]

Why would you knowingly go to places that have infection..... and not do it in a cleanroom manner.

Either with some virtual machine setup, or with a baby victim PC that you don't give a shit if it gets infected. Then, take the drive out, put it in a USB external enclosure, and connect to a machine that is set to NO AUTOPLAY. Then scan and clean and harvest your pron safe pron files.

How about a browser environment that ABSOLUTELY cannot affect the system as a whole? With a quad core CPU running 20-50 GFLOPs of compute power, how can we not have a browser that is all psuedocode running in an interpreter with oversight that makes it 100.0000% bulletproof to any attack from the net? What the fuck does all this compute power do exactly? I remember browsing with a 200Mhz Pentium, something around 1/1000th as powerful as my current 4Ghz 965.

Seems like a very solvable problem.... whats the holdup?

 

[AVT]

Why would you knowingly go to places that have infection..... and not do it in a cleanroom manner.

Either with some virtual machine setup, or with a baby victim PC that you don't give a shit if it gets infected. Then, take the drive out, put it in a USB external enclosure, and connect to a machine that is set to NO AUTOPLAY. Then scan and clean and harvest your pron safe pron files.

How about a browser environment that ABSOLUTELY cannot affect the system as a whole? With a quad core CPU running 20-50 GFLOPs of compute power, how can we not have a browser that is all psuedocode running in an interpreter with oversight that makes it 100.0000% bulletproof to any attack from the net? What the fuck does all this compute power do exactly? I remember browsing with a 200Mhz Pentium, something around 1/1000th as powerful as my current 4Ghz 965.

Seems like a very solvable problem.... whats the holdup?

Or just run it in a VM.

Of course, that kills Javascript benchmark numbers - so they'll never do it.

 

[Udo]

Haha...I told my sister that her son was browsing for porn when he was only 12 to 13 and she didn't believe me. He 'effed the computers so many times that I was royally pissed and she didn't believe me that he was the reason.