App Review Second Opinion Scanners- Part 1

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
Just downloaded with fictitious details................now scanning

:D

It says my paid VyprVPN is a malware. This is definitely BS lor!! EEK and KVRT also don't say that.

:rolleyes:
;)

Interesting, there is an option to mark it as safe, and even an option to send it to VirusTotal from within Sophos Scan & Clean; I am curious what the VirusTotal results show, and what type of malware did Sophos Scan & Click say that it was?

Out of curiosity, does Norton Power Eraser (NPE), ESET Online Scanner, Malwarebytes AdwCleaner detect it?

NPE/KVRT most likely.
Yeah, I am hoping for Norton Power Eraser (NPE), ESET Online Scanner, Malwarebytes AdwCleaner (just out of curiosity, even though it is not meant to be general purpose).
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
;)

Interesting, there is an option to mark it as safe, and even an option to send it to VirusTotal from within Sophos Scan & Clean; I am curious what the VirusTotal results show, and what type of malware did Sophos Scan & Click say that it was?

Out of curiosity, does Norton Power Eraser (NPE), ESET Online Scanner, Malwarebytes AdwCleaner detect it?
Sophos detected it as Mal/Generic-S malware

After marking it as safe, there's no more detection the next time I ran Sophos

AdwCleaner found nothing malicious

Not using NPE and ESET Online Scanner
 
Last edited:

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
There's no option to mark as SAFE. Only Ignore. Sophos detected it as Mal/Generic-S malware

AdwCleaner found nothing malicious

Not using NPE and ESET Online Scanner
Interesting, I guess it must depend on the type of detection, because today Sophos Scan & Clean detected AdGuard VPN as suspicious, it let me submit it to VirusTotal, and it let me mark it as safe.

Thanks, that seems like one of those generic detections of overly sensitive heuristics or something like that, well maybe you can report the false positive here at least: Service and Support

Thank you for scanning with at least one of those. (y)
 

Oldie1950

Level 5
Verified
Well-known
Mar 30, 2022
216

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Just wondering, if EEK didn't do that well does this mean that the protection level in Emsisoft AV is not that great as well??
Not at all. This video ONLY tests the 2nd opinion products and NOT the real-time applications of these companies (this point is actually made in the initial text box in Part 2). Most will be fine against such malware although some may not be.

In the case of Emsisoft (Anti-Malware Home)- when these malware files are initially run, the data-stealer is detected. For the Worm, although a definition did not exist, malicious activity was detected and the Worm was eradicated- so optimal results in this case.

But what would happen if Emsisoft Home was installed when the system is already infected? To test that, I infected the system and installed Emsisoft Home. after the usual update I rebooted to set the malware and did a full scan. For the Data Stealer, both the payload as well as the associated .dat file were detected and deleted; although the scheduled task for the payload remains, who really cares as it now points to nothing. In the case of the Worm however, this was not detected and with the persistence mechanism still in place continued to happily infect the system (and my USB). This result was rather sub-optimal. (Please note that this type of testing can be considered by some to be unfair (and i guess why it's really not done by anyone except especially cruel people.)

Thank you DC for the question!
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Not at all. This video ONLY tests the 2nd opinion products and NOT the real-time applications of these companies (this point is actually made in the initial text box in Part 2). Most will be fine against such malware although some may not be.

In the case of Emsisoft (Anti-Malware Home)- when these malware files are initially run, the data-stealer is detected. For the Worm, although a definition did not exist, malicious activity was detected and the Worm was eradicated- so optimal results in this case.

But what would happen if Emsisoft Home was installed when the system is already infected? To test that, I infected the system and installed Emsisoft Home. after the usual update I rebooted to set the malware and did a full scan. For the Data Stealer, both the payload as well as the associated .dat file were detected and deleted; although the scheduled task for the payload remains, who really cares as it now points to nothing. In the case of the Worm however, this was not detected and with the persistence mechanism still in place continued to happily infect the system (and my USB). This result was rather sub-optimal. (Please note that this type of testing can be considered by some to be unfair (and i guess why it's really not done by anyone except especially cruel people.)

Thank you DC for the question!
Thank you very much for pointing this out. On the bright side, Emaisoft support is excellent and they are very helpful when it comes to support request (malware infection issues included). I know one might think the system is clean (in the case of installing Emaisoft on an already infected system), but in my case I consider myself paying for Emaisoft not for its protection, but rather for support who have proven to be knowledgeable.

Moreover, with the help of other tools and 2nd opinion scanners, one would be notified especially if multiple 2nd opinion scanners are in use.


I have a question if you dont mind. In the case of the worm infection and after you installed Emaisoft on the infected machine. Why do you think Emaisoft failed to detect the malicious activity? Is it not the same malicious activity? Or was it that Emaisoft after a system scan exluded the infection from its monitoring considering it safe and thus neglecting the malicious behaviour?
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814

Let's see if you can download it from this link, fingers crossed.
View attachment 272090
Yes it is possible to use this link, thank you, with certain private email addresses. But it does not seem to work if I try 'popular' free email providers - yahoo/outlook/gmail type ones. The better and more secure free email services, I won't mention them here but I'm sure MT members can work out which ones I mean, get past the filtering by Sophos.

Interesting, I tried it with my Gmail account, and it worked; but I was using a paid VPN for the first time, in my case AdGuard VPN.

If you do want the Sophos Scan & Clean file, maybe I can send it to you somehow, or perhaps you will decide to use Norton Power Eraser and / or ESET Online Scanner and / or Malwarebytes AdwCleaner instead.
I have it now thank you, other MT members have helped me out.

I'd like to say here how much I appreciate the offers of help from fellow MT'ers, and the website as whole. A while back I pulled up someone on here for being a bit 'mouthy' on a thread, I didn't think that their behaviour was typical of users of this website, they told me to 'grow up'. But the offers from others here to help out underline what had been my opinion of MT in general, there are some really nice people here, helpful and knowledgable. Thanks to you all, its a pleasure to be a part of MT.

Sophos detected it as Mal/Generic-S malware

After marking it as safe, there's no more detection the next time I ran Sophos

AdwCleaner found nothing malicious

Not using NPE and ESET Online Scanner
I found an old copy of Sophos Virus Removal Tool on another PC yesterday and ran it to see if it found anything. It flagged the installer for CryptoBuster as Mal/Generic-S, VirusTotal detects nothing. After you reported the same detection with your VyprVPN I'm wondering if various Sophos tools have a habit of reporting various false detections of Mal/Generic-S.
 
Last edited:

Malleable

Level 1
Mar 2, 2021
45
it`s not correct test
no detection (cloud, signature) from dropped file - not perform decently.
this scanners based on cloud, signature based. not a behavior
for undetected malware need to use other tools (autoruns, etc....)
It might be very interesting to have both autoruns.exe and procexp.exe with VirusTotal lookup enabled run after a test to see which, if any, av engine detects something amiss. Not being knowledgeable in these areas (among many others) I don't know if it would do much to reveal persistence or dropping but both executables play a part in my weekly "second opinion" routine before backup. And, yes, I do hate myself when suggesting more work for others.
 
F

ForgottenSeer 97327

things belong to what one can term "feel good" security.
That is why I run them in the morning in the train enjoying a coffee with a dunking donut as breakfast, not healthy but it makes me feel good (to start the day with a clean sheet) (y)

But seriously. Thanks for the video, sadly there are some easy ways to survive re-boot in user land. You just reminded me that I have not closed a few on my wife's laptop.

Do you know whether this still works to prevent creating tasks on Windows11?

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Task Scheduler5.0]
"Task Creation"=dword:00000000
 

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,236
Not at all. This video ONLY tests the 2nd opinion products and NOT the real-time applications of these companies (this point is actually made in the initial text box in Part 2). Most will be fine against such malware although some may not be.

In the case of Emsisoft (Anti-Malware Home)- when these malware files are initially run, the data-stealer is detected. For the Worm, although a definition did not exist, malicious activity was detected and the Worm was eradicated- so optimal results in this case.

But what would happen if Emsisoft Home was installed when the system is already infected? To test that, I infected the system and installed Emsisoft Home. after the usual update I rebooted to set the malware and did a full scan. For the Data Stealer, both the payload as well as the associated .dat file were detected and deleted; although the scheduled task for the payload remains, who really cares as it now points to nothing. In the case of the Worm however, this was not detected and with the persistence mechanism still in place continued to happily infect the system (and my USB). This result was rather sub-optimal. (Please note that this type of testing can be considered by some to be unfair (and i guess why it's really not done by anyone except especially cruel people.)

Thank you DC for the question!
Thanks CS
 

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
I have it now thank you, other MT members have helped me out.

I'd like to say here how much I appreciate the offers of help from fellow MT'ers, and the website as whole. A while back I pulled up someone on here for being a bit 'mouthy' on a thread, I didn't think that their behaviour was typical of users of this website, they told me to 'grow up'. But the offers from others here to help out underline what had been my opinion of MT in general, there are some really nice people here, helpful and knowledgable. Thanks to you all, its a pleasure to be a part of MT.
Great, you are welcome, and I am glad that I could be among the various MalwareTips Forums members who you have had positive experiences with to overshadow the few negative experiences. (y)

I used to mostly be a viewer here and at the Wilders Security Forums, I started posting there sometimes until I got tired of the limits on not being able to compare products et cetera, so I moved here, mostly just viewing, until more recently.
 

n8chavez

Level 16
Well-known
Feb 26, 2021
785
I've been an infrequent Wilders poster, am/was much more of a lurker there, but haven't posted for some time there. The limitations on what you can/cannot do there are one reason for using MT far more. Oopps, there we go, comparing! Thanks again.

No A vs B, dammit! Oh wait, this is not "that" forum! MT is muuuuch better.
 
Last edited:

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
I've been an infrequent Wilders poster, am/was much more of a lurker there, but haven't posted for some time there. The limitations on what you can/cannot do there are one reason for using MT far more. Oopps, there we go, comparing! Thanks again.
It has been so long that I forgot about Wilders Security Forums, until your previous comment helped me remember. :D
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
I've been an infrequent Wilders poster, am/was much more of a lurker there, but haven't posted for some time there. The limitations on what you can/cannot do there are one reason for using MT far more. Oopps, there we go, comparing! Thanks again.
It has been so long that I forgot about Wilders Security Forums, until your previous comment helped me remember. :D

Wilders should be renamed the Sandboxie forum, it's really the only active forum topic with a few backup/image posts. There really is not much activity there these days, most of the good posters are gone or rarely post. It's still nice to browse for nostalgia purposes but it's near EOL.
 
Last edited:

goodjohnjr

Level 5
Verified
Jul 11, 2018
230
Wilders should be renamed the Sandboxie forum, it's really the only active forum topic with a few backup/image/posts. There really is not much activity there these days, most of the good posters are gone or rarely post. It's still nice to browse for nostalgia purposes but it's near EOL.
Sandboxie, another piece of software from the past that I almost forgot about, thank you for the reminder.

RIP to both of them. 🙏

Angel:



😁
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Wilders should be renamed the Sandboxie forum, it's really the only active forum topic with a few backup/image posts. There really is not much activity there these days, most of the good posters are gone or rarely post. It's still nice to browse for nostalgia purposes but it's near EOL.
You can add the MS Defender forum, where many/most posts are by people who like to post a lot, as if they know about security, malware analysis, etc. Really, some who just like to hear themselves go on endlessly about MS Defender's real-world deficiencies and 'layered' security. It's laughable!

No bashing but I created an account like a year ago and I am still not able to post anything on Wilders. (y)
Don't worry. You're not missing out on anything!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top