mekelek

Level 28
This is just one reason why I like G DATA (this is pretty awesome):

Behavior Monitoring of the Philadelphia Ransomware sample just posted to the MT Malware Hub a few minutes ago

Start time Type Header Status
2017-07-21 03:18:37 Behavior monitoring Unknown threat Done
AVA 25.13476
GD 25.10046
*** Process ***
Process: 11500
File name: Philadelphia_latest.exe
Path: c:\users\lockdown\desktop\philadelphia_latest\philadelphia_latest.exe
Publisher: Unknown publisher
Creation date: Friday, July 21, 2017 3:15:45 AM
Modification date: Friday, July 21, 2017 9:03:02 AM
Started by: Philadelphia_latest.exe
Publisher: Unknown publisher

*** Actions ***
A packer was run on the program file, possibly to conceal malicious content.
The program has created files and folders that can be used to endanger the system.
The program establishes a network connection.
The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.
An executable file was stored in a suspicious location.

*** Quarantine ***
The following files were moved into quarantine:
C:\Users\Lockdown\AppData\Local\Microsoft\Windows\INetCache\IE\57CHPOZI\BIKSR0B0.htm
C:\Users\Lockdown\AppData\Local\Microsoft\Windows\INetCache\IE\AAKDF6IH\LYJNXLPA.htm
C:\Users\Lockdown\AppData\Local\Microsoft\Windows\INetCookies\TT1PK6YC.cookie
C:\Users\Lockdown\AppData\Local\Temp\aut3019.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut302A.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut302B.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut303B.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut3086.tmp
C:\Users\Lockdown\AppData\Local\Temp\delph1.bin
C:\Users\Lockdown\AppData\Local\Temp\delph1.dat
C:\Users\Lockdown\AppData\Local\Temp\delphi.au3.509
C:\Users\Lockdown\AppData\Local\Temp\pd4ta.bin
C:\Users\Lockdown\AppData\Local\Temp\pd4ta.dat
C:\Users\Lockdown\AppData\Roaming\40E49DE9CC2B41610C9D2F936CBBFC74
C:\Users\Lockdown\AppData\Roaming\Isass.exe
C:\Users\Lockdown\Desktop\Philadelphia_latest\Philadelphia_latest.exe
C:\Windows\Temp\avkhttp_030847454_067c33b9.tmp
C:\Windows\Temp\avkhttp_031523918_0b3c9d19.tmp
The following registry entries were deleted:

YGLxqHIOLSctJy0mBi4nJycnJgZncoJygmJicCp0gkInKCYGt3KCcoJiYnAsJygnKCYGmXJykCsWjypooC0nKCcoJgbbcnJycmJiwC8nJycnJgZtcoJygmJi4C0WKAiPcvJy8mJi8CknJycnJgbPcnJycmJicLZycnJyYmJwqHKCcoJiYnC4ctJy0mJicOhycnJyYmJwusJhXmO2csJhXmO2cmJicNtycnJyYmJwnXKCcoJiYnCOcnIJ5yonJycnJgb3KScoJygmBugqJwfoKycnJiYnBwA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 15063 - Workstation 64bit OS
dll version: 70613
C:\Users\Lockdown\Desktop\Philadelphia_latest\Philadelphia_latest.exe /AutoIt3ExecuteScript "C:\Users\Lockdown\AppData\Local\Temp\delph1.dat"
MD5: ED0F05CAED1D5DBD129B6E49F0337725
"C:\Users\Lockdown\Desktop\Philadelphia_latest\Philadelphia_latest.exe"
MD5: ED0F05CAED1D5DBD129B6E49F0337725

View attachment 160293

View attachment 160294
sure, but did GData stop the ransomware before it did anything? in my case like a month ago when i was testing it against ransomware, it had these cool logs AFTER the ransomware already did all the necessary damage..

i admired the log details too but unfortunately that's the least i care about when it comes to a security suite.
 
Last edited:

Nevi

Level 4
Verified
I was married to WSA over 6 years. Before that I used Kaspersky and PrevX (which was my reason to start WSA ). The good part is that I didnt get infected. Now I am so happy for Emsi, and I feel more secure about ransomware, but also generally all malware. It seems I was wrong using WSA (at least alone) I just think I was lucky I didnt met some real ugly malware. In the future it will be Emsi, Kaspersky or Bitdefender.
 

Faybert

Level 22
Verified
Malware Hunter
This is just one reason why I like G DATA (this is pretty awesome):

Behavior Monitoring of the Philadelphia Ransomware sample just posted to the MT Malware Hub a few minutes ago

Start time Type Header Status
2017-07-21 03:18:37 Behavior monitoring Unknown threat Done
AVA 25.13476
GD 25.10046
*** Process ***
Process: 11500
File name: Philadelphia_latest.exe
Path: c:\users\lockdown\desktop\philadelphia_latest\philadelphia_latest.exe
Publisher: Unknown publisher
Creation date: Friday, July 21, 2017 3:15:45 AM
Modification date: Friday, July 21, 2017 9:03:02 AM
Started by: Philadelphia_latest.exe
Publisher: Unknown publisher

*** Actions ***
A packer was run on the program file, possibly to conceal malicious content.
The program has created files and folders that can be used to endanger the system.
The program establishes a network connection.
The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.
An executable file was stored in a suspicious location.

*** Quarantine ***
The following files were moved into quarantine:
C:\Users\Lockdown\AppData\Local\Microsoft\Windows\INetCache\IE\57CHPOZI\BIKSR0B0.htm
C:\Users\Lockdown\AppData\Local\Microsoft\Windows\INetCache\IE\AAKDF6IH\LYJNXLPA.htm
C:\Users\Lockdown\AppData\Local\Microsoft\Windows\INetCookies\TT1PK6YC.cookie
C:\Users\Lockdown\AppData\Local\Temp\aut3019.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut302A.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut302B.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut303B.tmp
C:\Users\Lockdown\AppData\Local\Temp\aut3086.tmp
C:\Users\Lockdown\AppData\Local\Temp\delph1.bin
C:\Users\Lockdown\AppData\Local\Temp\delph1.dat
C:\Users\Lockdown\AppData\Local\Temp\delphi.au3.509
C:\Users\Lockdown\AppData\Local\Temp\pd4ta.bin
C:\Users\Lockdown\AppData\Local\Temp\pd4ta.dat
C:\Users\Lockdown\AppData\Roaming\40E49DE9CC2B41610C9D2F936CBBFC74
C:\Users\Lockdown\AppData\Roaming\Isass.exe
C:\Users\Lockdown\Desktop\Philadelphia_latest\Philadelphia_latest.exe
C:\Windows\Temp\avkhttp_030847454_067c33b9.tmp
C:\Windows\Temp\avkhttp_031523918_0b3c9d19.tmp
The following registry entries were deleted:

YGLxqHIOLSctJy0mBi4nJycnJgZncoJygmJicCp0gkInKCYGt3KCcoJiYnAsJygnKCYGmXJykCsWjypooC0nKCcoJgbbcnJycmJiwC8nJycnJgZtcoJygmJi4C0WKAiPcvJy8mJi8CknJycnJgbPcnJycmJicLZycnJyYmJwqHKCcoJiYnC4ctJy0mJicOhycnJyYmJwusJhXmO2csJhXmO2cmJicNtycnJyYmJwnXKCcoJiYnCOcnIJ5yonJycnJgb3KScoJygmBugqJwfoKycnJiYnBwA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 15063 - Workstation 64bit OS
dll version: 70613
C:\Users\Lockdown\Desktop\Philadelphia_latest\Philadelphia_latest.exe /AutoIt3ExecuteScript "C:\Users\Lockdown\AppData\Local\Temp\delph1.dat"
MD5: ED0F05CAED1D5DBD129B6E49F0337725
"C:\Users\Lockdown\Desktop\Philadelphia_latest\Philadelphia_latest.exe"
MD5: ED0F05CAED1D5DBD129B6E49F0337725

View attachment 160293

View attachment 160294
G Data is awesome, one of my favorite antivirus :)
Thanks for the info.
 
5

509322

sure, but did GData stop the ransomware before it did anything? in my case like a month ago when i was testing it against ransomware, it had these cool logs AFTER the ransomware already did all the necessary damage..

i admired the log details too but unfortunately that's the least i care about when it comes to a security suite.
In this case it did. They still need to improve some things with their AntiRansomware protection. It now stops the majority of, but not every single ransomware. In January it was barely working against any ransomware. I see a marked improvement.

It's a decent internet security suite that will provide a good baseline security for a user.
 
Last edited by a moderator:
5

509322

If security soft geeks would realistically limit their expectations to very good baseline security from their security softs, like they should, instead of expecting SkyNet anti-CIA\NSA capabilities, then they would be much better off both protection-wise and personally.

CIA\NSA has been successfully hacked on multiple occasions. So how do you expect your home security soft configuration to protect against persistent or advanced attacks ? Everybody knows the answer to that, acknowledges it as fact, but still a lot of people still have the attitude that vendors are negligent in producing their security softs and get all bent out of shape when they see the next "bypass" video.

It's ridiculous.
 
5

509322

@Lockdown How's the G DATA's effectiveness now against Cerber with latest 25.4.0.1 update?
They need to continue to improve their antiransomware feature - which we all know that they will. Test results, CRBR fail and PHA new variant partial fail. Despite this it is still a decent product that will do a respectable job under typical computing conditions.
 
5

509322

Is anyone here married or "married" to VBA32 these days?
I remember I used to like it's Advanced and unique Heuristics a lot around 2005, it was great I think.
I had a License for it and also bought a License for it + Kaspersky as a Birthday gift to my cousin.
Does anyone know what is up With VBA or it's Developers these days?
In 3 years I have only seen 1 person ask about Virus Blocka Ada.
 
  • Like
Reactions: MWNu72 and jadinolf

ncage

Level 2
Absolutely not. I generally won't be irritated enough to switch off (though i almost did recently) if i find something better i'll switch. There are products out there have gone through good times and bad times (i'm looking at you norton) and there is absolutely no reason to stick with something if its not working for you. We use the business version of NOD & work and i find it to be a descent product. We used to have Symantec Endpoint Protection and i thought it was a piece of crap though the last time i tried their consumer version i thought it was decent.

Like for example what i'm using isn't my favorite AV (bitdefender). I probably like emsisoft the best and Kaspersky second but you can't beat the family pack that bitdefender offers and since i run a LOT of virtual machines that many licenses are important to me. If i only had one or two machines then maybe i would buy emsisoft but i have 10VMs, 1 windows workstation, 1 Macbook Pro, 1 Wife Labtop, 1 Parents Desktop, and 1 android phone and the family pack covers everything.
 

jamescv7

Level 61
Verified
Trusted
I've engaged a lot of Antivirus software however I'm not happy with them considering my risk level is very low and not needing those powerful components. ;)

So far I prefer the built in one, Windows Defender which is fine for me and can last longer (maybe forever? haha).

I'm already satisfied watching those video reviews on how different AV performs, in that case it will just turn out in same conclusion result.
 

jadinolf

Level 4
Mmmmhmmm.... ;)

Do not worry about me good man, Jadinolf,
I have gotten myself some solid 10 hours sleep this night at last,
now please excuse me, while I have some spare energy to read some posts
and post some posts: Here we! :)
Lucky guy.
I take it you must not have a Basset Hound pup licking your ears at 5:15 . every morning.:(
 
  • Like
Reactions: MWNu72 and ispx