Impressed again


Userlevel 4
I had downloaded a installer from what appeared to be a legitimate web site,and since Im paranoid about downloading
anything after getting hit by malware a few years ago I came to rely on second opinion scanners.
Malwarebyes Hitman pro.
In short both found nothing when I scanned the installer saved to the download folder.
Scanned with WSA and it went red and found it was infected.
Im not making this up really.
I am impressed as well as astonished.
Thanks for putting up with me so far.
 
Tony

10 replies

Userlevel 7
Badge +25
@ wrote:
I had downloaded a installer from what appeared to be a legitimate web site,and since Im paranoid about downloading
anything after getting hit by malware a few years ago I came to rely on second opinion scanners.
Malwarebyes Hitman pro.
In short both found nothing when I scanned the installer saved to the download folder.
Scanned with WSA and it went red and found it was infected.
Im not making this up really.
I am impressed as well as astonished.
Thanks for putting up with me so far.
 
Tony
Hi @  This just goes to show that Webroot Secure Anywhere is the BEST out there!  
Userlevel 7
Badge +56
@ wrote:
I had downloaded a installer from what appeared to be a legitimate web site,and since Im paranoid about downloading
anything after getting hit by malware a few years ago I came to rely on second opinion scanners.
Malwarebyes Hitman pro.
In short both found nothing when I scanned the installer saved to the download folder.
Scanned with WSA and it went red and found it was infected.
Im not making this up really.
I am impressed as well as astonished.
Thanks for putting up with me so far.
 
Tony
Can you supply the MD5 Hash from that file? Right Click on the Webroot Icon down by the Clock and Click Save a Scan Log and look near the bottom of the scan log and post the lines to the infection.
 
Example: [u] d:program files (x86)urnaware premiummediadisc.exe [MD5: 6302954EB500DCC5CF0DC007E16C57AD] [Flags: 00081001.5684]
 
Thanks,
 
Daniel 😉
Userlevel 4
Best I can do is a Virus Total result.
https://www.virustotal.com/en/file/29aa7e33a6955d476139ee42676e02593161aff693d087bff32885c95003f7d4/analysis/1464137744/
hitman and malwarebytes seem to have missed it.
 
Tony
Userlevel 5
Badge +1
You might be interested in hearing about some of my recent experiences.  In some tests I did a few months ago on new "zero day" malware I found that both Kasperky and Bitdfender who provide the HitmanPro detection were surprisingly slow at detecting certain strains of virus.
 
Surprisingly, Microsoft was detecting all the new stuff except one or two, I was really impressed. Webroot was similar to Kaspersky and Bitdefender and relying on monitoring behaviour to a large extent; that's both good and bad depending on the kind malware involved.
 
On Windows 7 PCs, I've found that a great combination is Microsoft Security Essentials as the first gatekeeper plus Webroot sitting on top as the hawk circling overhead ready to swoop down and pounce on anything that might get past.
Unfortunately for Windows 10 this combination is not possible for technical reasons. 
 
I have some PCs running only Webroot and nothing has got past yet, so perhaps I am being over-cautious, but my tests proved that whilst Webroot is excellent it is not perfect (like any other AV) and running something else alongside is preferable for me, especially when it comes to PCs used for banking, Webroot really locks down the connection to the bank in a very secure way.
Userlevel 7
As has oft been said by many here and by the iindusty pundits...a layered defence is the best approach as, as you said cavehomme, no one solution can be guaranteed to be 100% effective 100% of the time.
 
That is what the wise practice. ;)
 
Regards, Baldrick
Userlevel 5
Badge +1
Indeed, I just wish I could use WRSA and Defender on Windows 10, I hope that's allowed one day. Someone posted a workaround to play with the registry, I tried it but I don't believe it's a reliable option so don't use it.
Userlevel 7
 Yes, I have seen that and believe that it works well...but can understand why the 'tweaking' of the Registry might not appeal.
 
It is not Webroot who prevent the two working together but rather Microsoft and I cannot see why they would reverse the decision to do this any time soon...as I cannot see why they made the decision in the firs place given that WD is starting to look like a decent option (will never be as good as WSA, mind...;)).
 
Baldrick
Userlevel 5
Badge +1
I might give it another try on one of my machines. If you have the link to the fix any chance you could post or pm it please?
Userlevel 7
Hi cavehomme
 
PM on the way.
 
Regards, Baldrick
Userlevel 7
Badge +56
@ wrote:
Best I can do is a Virus Total result.
https://www.virustotal.com/en/file/29aa7e33a6955d476139ee42676e02593161aff693d087bff32885c95003f7d4/analysis/1464137744/
hitman and malwarebytes seem to have missed it.
 
Tony
Here is some info i got from your VT link! http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx
 


 
 

Reply