Looking for information on Mamutu

Status
Not open for further replies.

Hungry Man

New Member
Jul 21, 2011
668
6
Backdoor related behavior
Spyware related behavior
HiJacker related behavior
Worm related behavior
Dialer related behavior
Keylogger related behavior
Trojan Downloader related behavior
Injection of code into other programs
Manipulation of programs (patching)
Invisible installations of software
Invisible Rootkit processes
Installation of services and drivers
Creation of Autostart entries
Manipulation of the Hosts file
Changes of the browser settings
Installation of debuggers on the system
Simulated mouse and keyboard activity
Direct disk sector access on harddisk
Changes of the system group policies


These are Mamutu's categories of suspicious/malicious behaviors. I know what some are ie: Creation of autostart entries writes to the autostart area in the registry etc but a lot of them are vague.

Anyone know what each one does? Either specifically or in a broad sense.
 

pcjunklist

Level 1
Dec 28, 2011
523
11
I'm not going to break down everyone of these, but you should stick with emsisoft anti-malware instead of mamutu.

Here is emsisoft comparision http://www.emsisoft.com/en/software/compare/ (click the blue underline for some of the definitions of what they do)

Or you can take advantage of Jack's contest for a free mamutu license here: http://malwaretips.com/Thread-Giveaway-Emsisoft-Mamutu-Giveaway

But if you can spare the $20 I would go with this jack's deal instead: http://malwaretips.com/Thread-Buy-Emsisoft-Anti-Malware-50-OFF-Only-20
 

Hungry Man

New Member
Jul 21, 2011
668
6
I've got a Mamutu and Emsisoft license. I'm less interested in using the programs and more interested in understanding them.

I can't find an explanation on their site for some of these.
 

pcjunklist

Level 1
Dec 28, 2011
523
11
What is Heuristic Scanning?
http://www.symantec.com/connect/articles/heuristic-techniques-av-solutions-overview
 

Hungry Man

New Member
Jul 21, 2011
668
6
Good article but not exactly what I wanted - I'm looking specifically to find out what each of those behaviors is.
 

NathanF1

Level 2
Verified
Jul 9, 2011
601
82
Apologies if you've already seen these articles on rootkits, trojans, spyware, dialers, worms, etc.

Emsisoft Knowledge Base

emsisoftknowledgebase.png


Comodo Leak Test Suite has a broad description of the suspicious behaviors you can most probably use for cross-reference to some extent.

A screenshot of the Leak Test Descirptions


P.S. I remembered seeing this a few days ago:
Emsisoft on Facebook said:
Are there any topics you would like to read an article from us about? We are always looking for cool new content for our knowledge base. It can be either security or computer related.

Link
 

Littlebits

Retired Staff
May 3, 2011
3,902
3,058
One thing you need to take into consideration:

Each vendor has their own description of a malware category.

The same exact malware maybe labeled differently by each vendor, I have seen this many times.

For example what Emsisoft labels a Backdoor, might be labeled as a Trojan or Worm by other vendors.
Most rogueware as usually mislabeled as Trojans by most vendors because they have some of the same characteristics but are not the same.

Sometimes one vendor will labeled a malware as a virus, whereas other vendors might label the exact same malware as spyware, worm, adware, rogueware or Trojan.

Another thing some vendors have different definitions of each category of malware.
They all don't completely agree. So sometimes it is hard to find a correct answer to each category of malware suppose to do and why each malware is labeled into a select category.

Thanks.:D
 

NathanF1

Level 2
Verified
Jul 9, 2011
601
82
The reason I put the CLT descriptions was mostly as a reference for activities like installing drivers and services, debuggers and process injections - these aren't described at length in Emsisoft's articles.
 
Status
Not open for further replies.
Top