Just downloaded with fictitious details................now scanning
It says my paid VyprVPN is a malware. This is definitely BS lor!! EEK and KVRT also don't say that.
Second Opinion Scanners- Part 1
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Just downloaded with fictitious details................now scanning
It says my paid VyprVPN is a malware. This is definitely BS lor!! EEK and KVRT also don't say that.
Just downloaded with fictitious details................now scanning
It says my paid VyprVPN is a malware. This is definitely BS lor!! EEK and KVRT also don't say that.
Interesting, there is an option to mark it as safe, and even an option to send it to VirusTotal from within Sophos Scan & Clean; I am curious what the VirusTotal results show, and what type of malware did Sophos Scan & Click say that it was?
Out of curiosity, does Norton Power Eraser (NPE), ESET Online Scanner, Malwarebytes AdwCleaner detect it?
Yeah, I am hoping for Norton Power Eraser (NPE), ESET Online Scanner, Malwarebytes AdwCleaner (just out of curiosity, even though it is not meant to be general purpose).
Sophos detected it as Mal/Generic-S malware
Interesting, there is an option to mark it as safe, and even an option to send it to VirusTotal from within Sophos Scan & Clean; I am curious what the VirusTotal results show, and what type of malware did Sophos Scan & Click say that it was?
Out of curiosity, does Norton Power Eraser (NPE), ESET Online Scanner, Malwarebytes AdwCleaner detect it?
After marking it as safe, there's no more detection the next time I ran Sophos
AdwCleaner found nothing malicious
Not using NPE and ESET Online Scanner
Last edited:
Interesting, I guess it must depend on the type of detection, because today Sophos Scan & Clean detected AdGuard VPN as suspicious, it let me submit it to VirusTotal, and it let me mark it as safe.
Thanks, that seems like one of those generic detections of overly sensitive heuristics or something like that, well maybe you can report the false positive here at least: Service and Support
Thank you for scanning with at least one of those.
F
ForgottenSeer 94738
In AVLab's test, you can see that many AV programs do not detect some malware until it is executed.
Recent Results » AVLab Cybersecurity Foundation
The latest results of the Advanced In-The-Wild-Malware Test, in which we regularly evaluate software designed to protect devices.
avlab.pl
cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Not at all. This video ONLY tests the 2nd opinion products and NOT the real-time applications of these companies (this point is actually made in the initial text box in Part 2). Most will be fine against such malware although some may not be.
In the case of Emsisoft (Anti-Malware Home)- when these malware files are initially run, the data-stealer is detected. For the Worm, although a definition did not exist, malicious activity was detected and the Worm was eradicated- so optimal results in this case.
But what would happen if Emsisoft Home was installed when the system is already infected? To test that, I infected the system and installed Emsisoft Home. after the usual update I rebooted to set the malware and did a full scan. For the Data Stealer, both the payload as well as the associated .dat file were detected and deleted; although the scheduled task for the payload remains, who really cares as it now points to nothing. In the case of the Worm however, this was not detected and with the persistence mechanism still in place continued to happily infect the system (and my USB). This result was rather sub-optimal. (Please note that this type of testing can be considered by some to be unfair (and i guess why it's really not done by anyone except especially cruel people.)
Thank you DC for the question!
Thank you very much for pointing this out. On the bright side, Emaisoft support is excellent and they are very helpful when it comes to support request (malware infection issues included). I know one might think the system is clean (in the case of installing Emaisoft on an already infected system), but in my case I consider myself paying for Emaisoft not for its protection, but rather for support who have proven to be knowledgeable.
Moreover, with the help of other tools and 2nd opinion scanners, one would be notified especially if multiple 2nd opinion scanners are in use.
I have a question if you dont mind. In the case of the worm infection and after you installed Emaisoft on the infected machine. Why do you think Emaisoft failed to detect the malicious activity? Is it not the same malicious activity? Or was it that Emaisoft after a system scan exluded the infection from its monitoring considering it safe and thus neglecting the malicious behaviour?
Yes it is possible to use this link, thank you, with certain private email addresses. But it does not seem to work if I try 'popular' free email providers - yahoo/outlook/gmail type ones. The better and more secure free email services, I won't mention them here but I'm sure MT members can work out which ones I mean, get past the filtering by Sophos.
I have it now thank you, other MT members have helped me out.
I'd like to say here how much I appreciate the offers of help from fellow MT'ers, and the website as whole. A while back I pulled up someone on here for being a bit 'mouthy' on a thread, I didn't think that their behaviour was typical of users of this website, they told me to 'grow up'. But the offers from others here to help out underline what had been my opinion of MT in general, there are some really nice people here, helpful and knowledgable. Thanks to you all, its a pleasure to be a part of MT.
I found an old copy of Sophos Virus Removal Tool on another PC yesterday and ran it to see if it found anything. It flagged the installer for CryptoBuster as Mal/Generic-S, VirusTotal detects nothing. After you reported the same detection with your VyprVPN I'm wondering if various Sophos tools have a habit of reporting various false detections of Mal/Generic-S.
Last edited:
It might be very interesting to have both autoruns.exe and procexp.exe with VirusTotal lookup enabled run after a test to see which, if any, av engine detects something amiss. Not being knowledgeable in these areas (among many others) I don't know if it would do much to reveal persistence or dropping but both executables play a part in my weekly "second opinion" routine before backup. And, yes, I do hate myself when suggesting more work for others.
F
ForgottenSeer 97327
That is why I run them in the morning in the train enjoying a coffee with a dunking donut as breakfast, not healthy but it makes me feel good (to start the day with a clean sheet)
But seriously. Thanks for the video, sadly there are some easy ways to survive re-boot in user land. You just reminded me that I have not closed a few on my wife's laptop.
Do you know whether this still works to prevent creating tasks on Windows11?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Task Scheduler5.0]
"Task Creation"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Task Scheduler5.0]
"Task Creation"=dword:00000000
Great, you are welcome, and I am glad that I could be among the various MalwareTips Forums members who you have had positive experiences with to overshadow the few negative experiences.
I used to mostly be a viewer here and at the Wilders Security Forums, I started posting there sometimes until I got tired of the limits on not being able to compare products et cetera, so I moved here, mostly just viewing, until more recently.
I've been an infrequent Wilders poster, am/was much more of a lurker there, but haven't posted for some time there. The limitations on what you can/cannot do there are one reason for using MT far more. Oopps, there we go, comparing! Thanks again.
No A vs B, dammit! Oh wait, this is not "that" forum! MT is muuuuch better.
Last edited:
It has been so long that I forgot about Wilders Security Forums, until your previous comment helped me remember.
It has been so long that I forgot about Wilders Security Forums, until your previous comment helped me remember.
Wilders should be renamed the Sandboxie forum, it's really the only active forum topic with a few backup/image posts. There really is not much activity there these days, most of the good posters are gone or rarely post. It's still nice to browse for nostalgia purposes but it's near EOL.
Last edited:
Sandboxie, another piece of software from the past that I almost forgot about, thank you for the reminder.
RIP to both of them.
Angel:
Last edited:
Reminds of the Soup N**i. Can I post a thread about product A vs B or malware removal help = "NO FORUM POST FOR YOU!"
No bashing but I created an account like a year ago and I am still not able to post anything on Wilders.
You can add the MS Defender forum, where many/most posts are by people who like to post a lot, as if they know about security, malware analysis, etc. Really, some who just like to hear themselves go on endlessly about MS Defender's real-world deficiencies and 'layered' security. It's laughable!
Don't worry. You're not missing out on anything!No bashing but I created an account like a year ago and I am still not able to post anything on Wilders.
You may also like...
-
I had to use a few second opinion scanners alongside Kaspersky premium. Any chance of Kaspersky corruption.
- Started by nonamebob567
- Replies: 18
-
Kaspersky showed 52 disinfected objects after a full scan, but there's nothing in the quarantine folder.
- Started by nonamebob567
- Replies: 13
-
Huorong Internet Security v6.0.7.12 (Modified Setting)- Started by janx
- Replies: 22
-
Testing Orion Malware Cleaner Designed by Me- Started by Trident
- Replies: 8
-
Emsisoft Anti-Malware Home 2025- Started by Shadowra
- Replies: 52