So i did test all free AV and was Surprised.

Are you surprised by the results conducted in my test?

  • Yes

    Votes: 11 28.2%
  • No

    Votes: 6 15.4%
  • Not on all programs

    Votes: 22 56.4%

  • Total voters
    39

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
For giggles I actually downloaded the pack. On the most cursory review I noticed that there were 20 instances of Webroot SecureAnywhere. 17 of these were an identical file signed by Webroot on Jan 16, 2017; the other 3 were the same app with a signature from Jan 3rd. Both of these were detected by either ClamAV or Rising/Jiangmin and nothing else (perhaps it was the UPX packer?). By the way, none of the 3 scanners mentioned are exactly considered Bulwarks of malware detection!

First off, let's concentrate on the 3 identical files, all with the SHA256:

c290e5e39b0f74f5f97d8accd2c202873ecb7e58e7fae289842d28e6a0983290

Now, go to the text file of VS's detection log (seen in Post 98) and do a search for the above- you will see that 2 were allowed and 1 was blocked- and this with all files being identical!

For the other (17 samples) with the SHA256:

b32753162fa9fba8771e302675ec5739aa3925f19ae0871dec32e9d27933082d

Half were Blocked, half Allowed (8 to 9).

Isn't that curious?
 
Last edited:

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
as i said its a mixed test. and Pups / pua are Most time malicious ( and werent many included ). or do you want something like these hard core reinstalling cpu eating toolbars or ad injectors installed because you didnt look or wasnt even asked ? or someone less techsavy installed something ? its a low risk threat but its a threat.
It's very rare for PUPs to be malicious. PUPs refer to portentially unwanted programs, rather than toolbars or adware. Toolbars or adware should not usually be identified as PUPs by antivirus software.
 

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
It's very rare for PUPs to be malicious. PUPs refer to portentially unwanted programs, rather than toolbars or adware. Toolbars or adware should not usually be identified as PUPs by antivirus software.
most av i used put Most toolbars or setups including these as either Pup / pua or adware
 
  • Like
Reactions: AtlBo

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
I ran a number of scans on the revised archive with the duplicates removed. Out of the 324 files, it seems that about 190 are malicious. The remaining files are either harmless PUPs, or are actually clean. The majority of the clean files are detected at VirusTotal due to false positives, but there a few clean files that are not detected by scanners. For example Rising, ClamAV, Zillya, and Baidu all give a lot of false positives.
 
Last edited:
  • Like
Reactions: askmark and frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top