- Apr 13, 2013
- 3,149
- Content source
- https://www.youtube.com/watch?v=EmER05uy73k
Second opinion scanner.
Last edited by a moderator:
A test of Kaspersky Virus Removal Tool
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Second opinion scanner.
- May 26, 2014
- 1,059
If Kaspersky was running first before infection, would you have been able to install it without disabling or most any other AVs? and second is there a secondary scanner that can detect and remove Xores? Thanks
- Apr 13, 2013
- 3,149
If by that you mean if Kaspersky real time was installed, then there would have been no infection as K would have detected the original malware and deleted it. As for other AV's the detection rate is spotty (and could be made more so by manipulation of the original, making it close to zero-day).
As to other 2nd opinion scanners, next week will be the same versus NPE (actually this video is part 1 of a 4 part series- next NPE, then Fun Facts about both NPE and KVRT); probably will bore most to tears but at least they will be equally short.
But one thing I need to point out is that this malware, as also will be the case in a similar one that will be used is that on normal use they will be essentially invisible to the user. They reside in a Hidden System directory (so no joy when checking with a file manager), they persist via Scheduled Tasks (so avoiding Startup mangers that just look at registry entries), and will only be active during the pulse transmission out to malware command, so are far too ephemeral for noting in Task manager.
Stuff like these make me question the "I haven't been infected for years" comments, because one really never knows, do one?
@cruelsister, can you test KillSwitch and the Autorun Analyzer from CCE Tools against your malware? KillSwitch and Autorun scan processes and files and give trusted, malicious, and unknown verdicts.
- Aug 17, 2013
- 1,905
- Apr 25, 2013
- 5,355
it`s Virus Removal Tool
no detection (ksn-bases) - miss
test? what for it?
no detection (ksn-bases) - miss
test? what for it?
- Mar 2, 2023
- 803
Thank you, as this is what I was wondering about, NPE, after watching your video.
- Apr 28, 2015
- 8,678
In MalwareTips Hub, during the last years, We added KVRT as a mandatory tool, BUT making a bit tweak, since We found that KVRT did not / or missed scanning all the system risky folders in default settings.
We found that adding these 2 folders, many tests with the final verdict Clean, should have been System Infected:
Probably in this so special test scenario, there won't be any difference, but...
We found that adding these 2 folders, many tests with the final verdict Clean, should have been System Infected:
Probably in this so special test scenario, there won't be any difference, but...
- Apr 19, 2017
- 237
This is my favorite quote from Joanna Rutkowska:
The inconvenient and somehow embarrassing truth for us is that there does not exist any reliable method to determine if a given system is not compromised. True, there is a number of conditions that can warn us that the system is compromised, but there is no limit on the number of checks that a system must pass in order to be deemed “clean”.
Compromise recovery in Qubes OS
Occasionally #####ups happen, even with Qubes (although not as often as some think). What should we – users or admins – do in such a situation? Patch, obviously. But is that really enough? What good is patching your system if it might have already been compromised a week earlier, before ...
www.qubes-os.org
If an expert don't know whether their computer is compromised or not, how can average user know.
- Jan 6, 2022
- 436
I've found loads of complex and truely unknown malware/backdoors. Sometimes it's easy and sometimes it takes longer to find during an assessment. But we eventually come to the conclusion that what if a system file is compromised from MS end(supply chain). We can never truely know if a system is clean.This is my favorite quote from Joanna Rutkowska:
The inconvenient and somehow embarrassing truth for us is that there does not exist any reliable method to determine if a given system is not compromised. True, there is a number of conditions that can warn us that the system is compromised, but there is no limit on the number of checks that a system must pass in order to be deemed “clean”.
Compromise recovery in Qubes OS
Occasionally #####ups happen, even with Qubes (although not as often as some think). What should we – users or admins – do in such a situation? Patch, obviously. But is that really enough? What good is patching your system if it might have already been compromised a week earlier, before ...
If an expert don't know whether their computer is compromised or not, how can average user know.
But we can ensure that all code on the machine is trusted. Every software analysed for it's purpose on that environment (abuse of legit tooling). All persistent mechanisms are checked as a part of these compromise assesments.
- Apr 16, 2017
- 1,878
Even then what if the malware remains dormant for a long period of time until a trigger is activated after let's say 6 months. A week of running software under assessment won't help you then and no one is decompiling every single piece of software to find the hidden backdoor. There is a very interesting read about how you can never fully trust anything:
- May 13, 2017
- 2,498
Indeed, CCleaner's case is a good example, made by the trustworthy company and waited for the execution.
- Mar 29, 2018
- 7,132
I never noticed the settings flyout before. The contrast and colors of the UI aren't the best. Thanks.
Last edited:
- Apr 16, 2017
- 1,878
It's very oldschoolI never noticed the settings flyout before. The contrast and colors of the UI aren't the best. Thanks.
If it ain't broke don't fix it, just like Nvidia Control Panel.
- Jan 6, 2022
- 436
That's what I meant by supply chain attacks. Agreed.
Similar threads
