Take caution! VoodooShield and WinRAR

[Wave]

Yes, now that I recall correctly I had to reach them with "Contact Us" then they activated my account.

I'm confused then since I can send Private Messages without a problem, however I'm still not fully activated yet. Most likely because I had only made 1 post at the time of creating the account and didn't sign in since then except for today (more than 3 months ago).

 

[Av Gurus]

I think that you guys are offtopic A LOT....

 

[RejZoR]

There should be an exception where any file extracted from RAR is inherently untrusted...

 

[Wave]

There should be an exception where any file extracted from RAR is inherently untrusted...

This will be more difficult because he won't be able to differentiate between a program which was extracted from a RAR and one that wasn't... How do you suppose he implements such functionality?

 

[TheMalwareMaster]

He said he forgot to add something, and it will be fixed in the next version. VoodooShield ?

 

[RejZoR]

This will be more difficult because he won't be able to differentiate between a program which was extracted from a RAR and one that wasn't... How do you suppose he implements such functionality?

Source tracking. Basically, you follow chain of all events, like behavior blockers already do...

 

[Wave]

Source tracking. Basically, you follow chain of all events, like behavior blockers already do...

Yes, but this will require API hooking which will slow down the extraction process and isn't done through supported/documented methods - may become very unstable depending on future updates. The alternative, would be a device driver to monitor I/O operations, however this will cause additional slow-down as well.

Every piece of functionality like this comes with a price; performance, stability, etc.

 

[shmu26]

He said he forgot to add something, and it will be fixed in the next version. VoodooShield ?

when I saw reports on the other forum that people are still suffering from silent blocking of program updates, I uninstalled VS once again, and went back to good ole NVT ERP. There are certain problems that those VS fixes just never seem to fix.

 

[Av Gurus]

here is my short video about it:

 

[shmu26]

when I saw reports on the other forum that people are still suffering from silent blocking of program updates, I uninstalled VS once again, and went back to good ole NVT ERP. There are certain problems that those VS fixes just never seem to fix.

ummm, I think I misunderstood those reports. The people over there are now saying that the problem is fixed in the current version.

 

[TheMalwareMaster]

here is my short video about it:

Good job. Hope he will fix it now that there is this video. Maybe you should have used some ransomware to make more show

 

[Av Gurus]

First I tried with Ransomware but option VirusTotal scan kicked warning (35/50).

 

[TheMalwareMaster]

First I tried with Ransomware but option VirusTotal scan kicked warning (35/50).

Sorry, I didn't understand this. What happened?

 

[Av Gurus]

Sorry, I didn't understand this. What happened?

Like this:

 

[TheMalwareMaster]

Like this:

View attachment 137777

It kicked the archive while you tried to open it?

 

[Av Gurus]

Yes, with this ransomware because it is high detection on VT.

 

[TheMalwareMaster]

Yes, with this ransomware because it is high detection on VT.

Instead, I downloaded CDburnerxp( detection 8/56) and made the archive after downloading it. The archive wasn't kicked on opening. The problem keeps to be important for zero-day ransomware. If one is using WinRAR and VoodooShield and download this new piece of ransomware and opens it via WinRAR, he will be infected even if the sample has a VirusTotal detection

 

[Av Gurus]

Here is a new video with malware:

 

[TheMalwareMaster]

Here is a new video with malware:

Great job again

 

[TheMalwareMaster]

A small correction. The correct word is "archive" for one and "archives" for multiple ones. Not "arhive"