Antivirus Software

Place to talk about all that new hardware and decaying software you have.

Moderator: General Mods

Psychotic Fox

Re: Antivirus Software

Post by Psychotic Fox »

Norton and McCafe are shit ... Thats why they give away free trials of them when you buy a new PC. Its the only way to get customers attention, as nobody is stupid enough to actually PAY for that rubbish.

I use AVG 2012 free and it has switched itself off a few times... but its FREE, so who gives a fuck about minor glitches occasionally?

Be sure to ignore the AVG performance check thing that constantly says you have "500 non-existent broken shortcuts" and "Your C: Drive doesnt need de-fragging, but ill tell you to do it anyway you retard" .... because its just "Scareware" to make you buy the extra crap they are pushing.

I also use SpyBot & Malwarebytes, which are pretty good.

NOTE: Be very careful with Microsoft Security Essentials if you are using a different browser than Internet Explorer ... I had Google Chrome installed when MSE crashed my system saying "Google Chrome is a Trojan or some other shit, so im crashing on you now motherfucker... Beeeeep"

(well, it didnt actually say that exact phrase, i just cant remember the actual message)
kode54
Zealot
Posts: 1140
Joined: Wed Jul 28, 2004 3:31 am
Contact:

Re: Antivirus Software

Post by kode54 »

Actually, WebKit browsers, at least Safari, and possibly Chrome, managed to trigger an issue in Windows 7 64-bit which could crash inside the kernel and trigger a blue screen error. Hopefully, that issue is fixed now.
adventure_of_link
Locksmith of Hyrule
Posts: 3634
Joined: Sun Aug 08, 2004 7:49 am
Location: 255.255.255.255
Contact:

Re: Antivirus Software

Post by adventure_of_link »

Should be good to go with Chrome, since I use it a lot on that Windows 7 laptop..
Image
<Nach> so why don't the two of you get your own room and leave us alone with this stupidity of yours?
NSRT here.
snkcube
Hero of Time
Posts: 2646
Joined: Fri Jul 30, 2004 2:49 am
Location: In front of the monitor
Contact:

Re: Antivirus Software

Post by snkcube »

That false positive with Google Chrome has been fixed ages ago. Plus, Norton has dramatically improved in recent years and is now one of the better virus scanners out there.
Try out CCleaner and other free software at Piriform
Image
sweener2001
Inmate
Posts: 1751
Joined: Mon Dec 06, 2004 7:47 am
Location: WA

Re: Antivirus Software

Post by sweener2001 »

it's still a for pay anti-virus.

when MSE and safe practices can get you same result, i don't see the point.

they should have never let the free ones catch up to them the way they did.
Image
paulguy
Zealot
Posts: 1076
Joined: Sat Jul 02, 2005 2:01 am
Contact:

Re: Antivirus Software

Post by paulguy »

Well, it's a good thing they did. Some basic, important things should just be available for free.
Maybe these people were born without that part of their brain that lets you try different things to see if they work better. --Retsupurae
Deathlike2
ZSNES Developer
ZSNES Developer
Posts: 6747
Joined: Tue Dec 28, 2004 6:47 am

Re: Antivirus Software

Post by Deathlike2 »

AVs these days get their "tentacles" all over the place. General networking problems can be attributed to them. You would hope these things would cause minimal stress to the system, but even with multi-core systems, I guess some people like poop (shitty AVs) in their comps.
Continuing FF4 Research...
paulguy
Zealot
Posts: 1076
Joined: Sat Jul 02, 2005 2:01 am
Contact:

Re: Antivirus Software

Post by paulguy »

The cure may often be worse than the disease...
Maybe these people were born without that part of their brain that lets you try different things to see if they work better. --Retsupurae
snkcube
Hero of Time
Posts: 2646
Joined: Fri Jul 30, 2004 2:49 am
Location: In front of the monitor
Contact:

Re: Antivirus Software

Post by snkcube »

sweener2001 wrote:it's still a for pay anti-virus.

when MSE and safe practices can get you same result, i don't see the point.

they should have never let the free ones catch up to them the way they did.

True, but for a paid anti-virus, people are finally getting a great product. This wasn't the case many years back.
Try out CCleaner and other free software at Piriform
Image
odditude
Official tech support dood
Posts: 2107
Joined: Wed Jan 25, 2006 7:57 am

Re: Antivirus Software

Post by odditude »

snkcube wrote:
sweener2001 wrote:it's still a for pay anti-virus.

when MSE and safe practices can get you same result, i don't see the point.

they should have never let the free ones catch up to them the way they did.

True, but for a paid anti-virus, people are finally getting a great product. This wasn't the case many years back.

i'd have to disagree. the people who most need an antivirus are the ones who suck at updates and all that... and the boxes i've worked on recently due to infection all had Norton installed but disabled by whatever they picked up. you can't really fault Symantec for that, but all those customers can say is "i paid $70 and i still got infected?"
Why yes, my shift key *IS* broken.
sweener2001
Inmate
Posts: 1751
Joined: Mon Dec 06, 2004 7:47 am
Location: WA

Re: Antivirus Software

Post by sweener2001 »

Deathlike2 wrote:AVs these days get their "tentacles" all over the place. General networking problems can be attributed to them. You would hope these things would cause minimal stress to the system, but even with multi-core systems, I guess some people like poop (shitty AVs) in their comps.


seconding the network issues. my in-laws' pc had an ISP sponsored f-prot thing on their computer, and it was definitely doing more harm than good. it didn't allow programs like flash and firefox to update themselves, etc. i had to dig for offline installers, but i was able to loosen the chokehold on the computer the next time i visited.

they also still had norton that came with the pc co-installed with the new isp bundled f-prot.

and i like the point paulguy made.
Image
mudlord88
Lurker
Posts: 115
Joined: Sat Nov 20, 2010 12:43 am

Re: Antivirus Software

Post by mudlord88 »

Avira is shitware, TR/Crypt.XPACK.Gen on the following code:

Code: Select all

    BITS 32
     
    global _pe_loader
     
    section .text
     
    LOADER_START_MAGIC equ 0xC0DE1111
    LOADER_END_MAGIC   equ 0xC0DE2222
    LOADER_DATA               equ 0xC0DE3333
     
    _pe_loader:
    dd LOADER_START_MAGIC
            pushad
            call GetBasePointer
            GetBasePointer:
            pop ebp
            sub ebp, GetBasePointer ;delta offset trick..
     
            ;get kernel32 imagebase for loadlibrary
            xor     eax, eax
            add     eax, [fs:eax + 30h]
            test    eax, eax
            js os_9x
                    mov     eax, [eax + 0ch]
                    mov     esi,  [eax + 1ch]
                    lodsd
                    mov     eax, [eax+8]
                    jmp     finished
            os_9x:
            mov     eax, [eax + 34h]
            lea     eax, [eax + 7ch]
            mov     eax, [eax + 3ch]
            finished:
            mov     [ebp + load_kernel32], eax
            mov eax, [ebp+load_oep]
            add eax, [ebp+load_imgbase]
            jmp eax
    ;strlen replacement
    _strlen:
            push    edi
            sub     ecx, ecx
            mov     edi, [esp + 8]
            not     ecx
            sub     al, al
            cld
            repne   scasb
            not     ecx
            pop     edi
            lea     eax, [ecx]
            retn
    ; Input:  Hash of API or name of API in esi
    ; Output: Address of API(eax)
    GetK32ApiAddress:
            xor     eax, eax
            mov     edx, esi
            push    esi
            call    _strlen
            add     esp, 4
            mov     ecx, eax ; ecx = api name string length
            mov     esi, dword [ebp + load_kernel32]
            add     esi, 0x3C
            lodsw                           
            add     eax, dword [ebp + load_kernel32]
            mov     esi, [eax + 0x78]
            add     esi, [ebp + load_kernel32]
            add     esi, 0x1C
            lodsd
            add     eax, [ebp + load_kernel32]
            mov     dword [ebp + k32_AddressTableVa], eax
            lodsd
            add     eax, [ebp + load_kernel32]
            push    eax
            lodsd
            add     eax, [ebp + load_kernel32]
            mov     dword [ebp + k32_OrdinalTableVa], eax
            pop     esi     ; esi = name pointer table VA
            ; walk EAT API name table
            mov     word [ebp + k32_i], 0
            _gotoNextApi: 
                    push    esi
                    lodsd
                    add     eax, [ebp + load_kernel32]
                    mov     esi, eax        ; esi   = VA of API name       
                    mov     edi, edx                ; edx =  to wanted API
                    push    ecx                     ; ecx = API size
                    cld
                    repe    cmpsb           ; compare API names
                    pop     ecx
                    jz      _gotApiAddress
                    pop     esi                         
                    add     esi, 4                 
                    inc     word [ebp + k32_i]     
            jmp _gotoNextApi
                           
            _gotApiAddress: 
            pop     esi
            movzx   eax, word [ebp + k32_i]
            shl     eax, 1
            add     eax, dword [ebp + k32_OrdinalTableVa]
            xor     esi, esi                       
            xchg    eax, esi                       
            lodsw                                 
            shl     eax, 2
            add     eax, dword [ebp + k32_AddressTableVa]
            mov     esi, eax                               
            lodsd                                 
            add     eax, [ebp + load_kernel32]             
            retn
     
    dd LOADER_DATA
    load_imgbase:   dd      0xB00BFACE             
    load_oep:           dd  0xB00BFACE
    load_kernel32:  dd      0xB00BFACE
    ;for kernel32 api addr
    k32_OrdinalTableVa:     dd(0xFFFFFFFF)
    k32_AddressTableVa:     dd(0xFFFFFFFF)
    k32_i:                          dd(0x0000)
    dd LOADER_END_MAGIC
    ret



Which is stupid.
A) All my code does currently is append a new PE section, make it the PE entrypoint and embedd that code into it
B) That code posted above does not compress, it simply diverts the code execution before jumping to main code.

So yeh, recommend me a AV thats not Avira.
kthnx.
Rashidi
Trooper
Posts: 515
Joined: Fri Aug 18, 2006 2:45 pm

Re: Antivirus Software

Post by Rashidi »

mudlord88 wrote:it simply diverts the code execution before jumping to main code.

well, its quite similar fashion with oldie JMP manipulation from .com file, dos-era virus.

but, naming such behaviour into "TR/Crypt.XPACK.Gen" were way off.
mudlord88
Lurker
Posts: 115
Joined: Sat Nov 20, 2010 12:43 am

Re: Antivirus Software

Post by mudlord88 »

Yes, all copy protections these days work the same way: wrapping all code in a envelope and decrypting it in real time, like a virus.
sweener2001
Inmate
Posts: 1751
Joined: Mon Dec 06, 2004 7:47 am
Location: WA

Re: Antivirus Software

Post by sweener2001 »

or avast! is terrible.

i mean, if you deliberately download a virus, and your antivirus doesn't do anything, it's not because it's super awesome.
Image
Post Reply