Author Topic: MultiAV Scanning Tool Review...  (Read 14788 times)

0 Members and 1 Guest are viewing this topic.

Zagor

  • Guest
MultiAV Scanning Tool Review...
« on: January 21, 2006, 09:41:22 PM »
Hello my virtual forum friends!

I've got a new review on one interasting tool called MultiAV Scanning Tool (This tool to me was recomended by polonius). This is Command Line On-Demand Virus Scanner Tool which incorporates few best AV scanning engines on the market. They are:
  • Sophos
  • McAfee
  • Kaspersky
  • Trend Micro
I've tested only Sophos & McAfee, because I'm already using Kaspersky's OnLine Scanner & Trend Micros's HouseCall and I was not going to double my files.

To the point:
  • Sophos
The scanning of my hard disks lasted for two hours (20GB of 80GB free). No unusual false positives except for this:
>>> Virus fragment 'W95/MrKlunky-A' found in file d:\Programs\_AntiVirus\PandaAntiVirusTitanium2006\PandaAntiVirusTitanium2006.exe\SfxArchiveData\data1.cab\ICAB:00250187
>>> Virus fragment 'W95/Whog-878b' found in file d:\Programs\_AntiVirus\PandaAntiVirusTitanium2006\PandaAntiVirusTitanium2006.exe\SfxArchiveData\Files/SAFEDISK.IMG
Removal successful
>>> Virus fragment 'W95/MrKlunky-A' found in file d:\Programs\_AntiVirus\PandaAntiVirusTitanium2006\PandaAntiVirusTitanium2006Unregistered.exe\SfxArchiveData\data1.cab\ICAB:00250187
Removal successful
>>> Virus fragment 'W95/CIH-10xx' found in file d:\Programs\_AntiVirus\PandaTruPreventPersonal2005\PandaTruPreventPersonal2005.rar\PandaTruPreventPersonal2005.exe\SfxArchiveData\data1.cab\ICAB:000d3ab3
Removal successful

As you can see, Panda, Panda, Panda!!! Now I have lost all three installation files, which I migh add: took ages to download with dial-up. Well, If this is how they work I don't need them any way. So, beside those false positive and long scan time Sophos AV Scan is a plus for protection you must have.
  • McAfee
Scan lasted for 45 minutes. Results:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll\00017b68.EXE ... Found potentially unwanted program Downloader-AGT.
        The file or process has been deleted.
        The archive has been deleted.
C:\Program Files\Ewido\Security Suite\guard.sys ... Found trojan or variant New Malware.z !!!
        Please send a copy of the file to McAfee
        The file or process has been deleted.
C:\Program Files\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate.
        The file or process has been deleted.

These are no Malware! False positives all around! Beware of McAfee Scan, cause who knows what software will recognize as dangerous and delete some modules.
« Last Edit: January 21, 2006, 09:43:33 PM by Zagor »

Zagor

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #1 on: January 21, 2006, 09:44:47 PM »
This is the download address:
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

This is manual on hot to use it (in few steps):
1. Execute & Unzip in this folder -> c:\AV-CLS\
2. Double-click on C:\AV-CLS\StartMenu.BAT
3. Choose the number in the Start Menu for starting the AV Vendor
4. Connect to the Internet & the files will be downloaded
5. Choose all harddisks or other location for scanning
« Last Edit: January 21, 2006, 10:11:32 PM by Zagor »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: MultiAV Scanning Tool Review...
« Reply #2 on: January 21, 2006, 09:53:49 PM »
Hi Marko,

Thanks for the review, but I would not recommend a scanner that goes on
deleting false positives. I would like online scanning only if I had an option
as what to do with the results. If I use DrWebCureIt, it gives me results,
I can decide not to do anything with it, update the suspect to Jotti or
Virustotal and see if it is real, then decide what to do finally.
False positives can be a pain in the neck, when they are really false
positives for important data on a computer. That is why a computer
with important data on it should not be connected.
If the software came with the option to do with the results as one pleases
my opinion of it would be milder, and one could use it say once a month
for a so-called garage stop.

your friend polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

..::ReVaN::..

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #3 on: January 21, 2006, 10:51:02 PM »
So does this program automatically deletes the infections it finds?

This is a little off the topic but i sometimes feel all my PC does is scan for malware all the time(when it's in windows ofcourse)....

P.S:One of the reasons i like avast! so much is that it produces very few FP's ;)

Cheers,

Mikey


Zagor

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #4 on: January 21, 2006, 11:42:40 PM »
Hi, Mickey

Yes unfortunatelly this program does that, but none the less idea about multiple scanner engines is good and the program is quite simple to use. The only thing you need is some recovery program after running the program to restore all false positives that has been deleted  :( Any way, you saw the list yourself...
I think the polonus is right about this thing, so this scanner remains pending untill the author puts the option to decide what to do with the files after the scan!

In fact I'll mail him to see what are his plans and get back to you when he answers.

Greets

Zagor

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #5 on: January 21, 2006, 11:49:16 PM »
Does anyone knows something about the file that I lost as false positive in the scann earlier mentioned?

C:\Program Files\Ewido\Security Suite\guard.sys

I found this info on the net:
Service (registry key): ewido security suite driver
Display name: ewido security suite driver
Image path: \??\C:\Program Files\ewido\security suite\guard.sys
Image size: 3072


Anyone has Ewido? Did you experience something similar? Is there any other option else then reinstall?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: MultiAV Scanning Tool Review...
« Reply #6 on: January 22, 2006, 12:13:13 AM »
Hi Zagor,

This may help you with your predicament:
http://www.911cd.net/forums/lofiversion/index.php/t15202.html

So you can fix it,

Polonus aka Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

..::ReVaN::..

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #7 on: January 22, 2006, 12:58:30 AM »
And Zagor always remember to BACKUP before testing new programs   ;)

Zagor

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #8 on: January 22, 2006, 01:07:11 AM »
I'm afraid in this case that opportunity has come and gone my friend  :-\

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: MultiAV Scanning Tool Review...
« Reply #9 on: January 22, 2006, 01:45:16 AM »
Does anyone knows something about the file that I lost as false positive in the scann earlier mentioned?

C:\Program Files\Ewido\Security Suite\guard.sys
I think the guard.sys relates to the resident part of ewido, so if you are using the free version (that after the trial period disables the resident part) it shouldn't have any adverse effect.

I don't know to what depth the removal process goes, e.g. does it also delete any registry entry related to guard.sys?
If not then it would be possible to just replace the guard.sys file (IM me your email address and I will send it to you) in the C:\Program Files\ewido\security suite folder.
However, if it also deleted registry entries you may need to reinstall.

Edit: Just renamed guard.sys and did an update and a small scan no issues.
« Last Edit: January 22, 2006, 01:48:53 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Zagor

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #10 on: January 22, 2006, 01:53:31 AM »
I think the guard.sys relates to the resident part of ewido, so if you are using the free version (that after the trial period disables the resident part) it shouldn't have any adverse effect.

I don't know to what depth the removal process goes, e.g. does it also delete any registry entry related to guard.sys?
If not then it would be possible to just replace the guard.sys file (IM me your email address and I will send it to you) in the C:\Program Files\ewido\security suite folder.
However, if it also deleted registry entries you may need to reinstall.

I have the paid version, it proved itself like a very reliable one in preventing many trojan atacks! Yes it is a driver for Ewido guard (resident part). This file was cleaned:
C:\Program Files\Ewido\Security Suite\guard.sys
Could AV remove some registry entries and not report about it? I can reinstall, but I was just curious if this was fixable ( :)) on some other way.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: MultiAV Scanning Tool Review...
« Reply #11 on: January 22, 2006, 02:04:07 AM »
Some AVs may go to the effort to remove registry entries, but I can't say that for sure.

You could check by using regedit to search for guard.sys, if it exists then replacing the file may work - you should be able to tell of the resident element is working after replacement and a reboot.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Zagor

  • Guest
Re: MultiAV Scanning Tool Review...
« Reply #12 on: January 22, 2006, 03:40:24 AM »
Thank you David,

Couldn't find it in registry, so I used the old way: reinstall, boot! Now it purrs like a kitten in my tray waiting for Trojans...
                                                                               
                                                                                                            EWIDO THE SEQUEL

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: MultiAV Scanning Tool Review...
« Reply #13 on: January 22, 2006, 03:38:51 PM »
Your welcome, now you know some AVs not only remove the file but the entries in registry.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: MultiAV Scanning Tool Review...
« Reply #14 on: January 22, 2006, 05:08:09 PM »
Hi DavidR,

This actually means that scanning could be a risky business. And that prior to scanning one should backup the registry or even better set a restore point with a restore program in case of loss through false positives. So before doing something with a suspicious file, one should always seek a founded opinion to now the infection at hand is real, especially when heuristical scanning is involved.
The above also is true for spyware scanning with online scanners and full removal is not possible or it fails, before scanning set a restore point and backup the registry. I know good online scanners provide these possibilities and ask Windows to do this.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!