Want to improve detection?

[Lisandro]

Here is a comparison of a infected sample of files of mine (made by keygens/cracks as posted in the begginning of this thread)

Windows Defender: a false positive Hijacker.AllStar and a detection of a keylogger.

Ewido detected:

cdpatch.exe -> Downloader.Harnig.bq
crack.exe -> Dropper.Agent.anl (on 6 files)
crack.exe -> Hijacker.Delf.fm (on 8 files)
iks.sys -> Not-A-Virus.Monitor.Win32.IKSlog.21 (same Keylogger detected by Windows Defender)
RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a (on 2 files)
patch.exe -> Trojan.Agent.jh (2 files)

It's just a matter of downloading samples from P2P... 

[nickzn]

I checked ewido networks to find this...

Is ewido anti-malware compatible with 64-Bit versions of Windows?

Unfortunately, at the moment ewido anti-malware is only comaptible with 32-Bit versions of Windows.


Any other suggestions? or just wait till 64bit version release...

[JerryM]

I am not sure if the latest version of A squared is compatible with W 64 bit. I posted the question on that forum. I'll post the answer or you can check.

http://forum.emsisoft.com/Default.aspx?g=posts&t=940

Jerry

[JerryM]

Here is the reply posted from a-squared. At this point in time the 64 bit is not supported by a lot of programs I guess. Sorry.

Quote
a-squared is not 64bit compatible either. While the scanner works the whole realtime protection is not working.
Regards,
Andreas Haak

a-squared Team - www.emsisoft.com
End Quote

Regards,
Jerry

[DavidR]

Strange I thought that the win64bit version was able to run 32bit programs as there are so few 64bit windows programs (obviously not but the responses above). By all accounts win64bit also has a 16bit virtual environment for 16bit programs.

I mean avast for windows is a 32bit program but that is compatible with win64bit, perhaps it has to be signed/approved by MS and avast have been working closely with MS to achieve this I think.

[nickzn]

Thanks for your replies!

I mean avast for windows is a 32bit program but that is compatible with win64bit, perhaps it has to be signed/approved by MS and avast have been working closely with MS to achieve this I think.

win64 has kind of a simulator thing to run 32bit programs, I guess avast can be simulated by that while some others don't

and Avast is compatible with windows defender, another clue as to avast team indeed have been working closely with MS?

[igor]

Well, I wouldn't call it exactly "a simulator", but yes, Win64 is able to execute 32bit user-mode applications without any problems.
What it can't do, however, is to load 32bit drives - only 64bit drivers are supported. So, your application can be 32bit, but if it requires special drivers to work correctly, updated 64bit ones have to be supplied (which affects low level programs like antiviruses, and their resident protection in particular, probably CD burning tools, etc.)

And no, Win64 does not have a 16bit virtual environment - Win16 or DOS executables are not supported anymore there and can't be run.

[DavidR]

Thanks for the explanation Igor, especially about the 16bit programs as this cropped up in another Topic re Vista and I can't remember if that was for the 32 or 64 bit version.

[igor]

From what I was told, the 16bit subsystem support has only been removed from the 64bit version (and not only Vista, WinXP is affected as well).

[JerryM]

I have been told that BOCLEAN is compatible with 64 bit W.

Here is a review
http://www.anti-trojan-software-reviews.com/review-boclean.htm

I have not used it and there is no free version.

Jerry