Ok, it makes sense that ClamAV isn't an active scanner since it's portable, but I don't understand how it's preventing OperaUSB from running if it's just an on-demand scanner. Couldn't you just not scan your Opera folder or not let it automatically cripple files (ask for confirmation first)? And what is it doing: is it deleting the suspicious file, renaming it, altering it?
I know these questions seem silly, but I use on-demand scanners set up to simply alert me of the results and to not take any actions, I don't even know what actions they take if I let them. A decade ago it was f-prot, but in recent times I've been largely relying on web-based multi scanners so I get a good perspective on the non-behavioral detection rates of malware I'm researching. =/
Queue
Opera Virus
@ Queue:
ClamWin Portable simply passivly scans the files and gives an alert (false positive) like this:
ClamWin Portable simply passivly scans the files and gives an alert (false positive) like this:
Nothing else ... no deletion of files etc.Scan Started Tue Apr 15 20:59:20 2008
-------------------------------------------------------------------------------
h:\PortableApps\Opera927de\operausb.exe: Trojan.QQPass-737 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 251966
Engine version: 0.92
Scanned directories: 38
Scanned files: 112
Skipped non-executable files: 1
Infected files: 1
Data scanned: 18.04 MB
Time: 115.900 sec (1 m 55 s)
--------------------------------------
Completed
--------------------------------------
I dont want to start a discussion if they are better or not than ClamAV.
Try it for yourself.
- Dr. Web CureIt is a free antivirus and antispyware utility based on Dr.Web antivirus scanner which can scan quickly and cure any infected system. You can run CureIt immediately after download, no installation required.
http://www.techsnack.net/drweb-cureit-f ... -antivirus
Download: http://freedrweb.com/
- Multi Virus Cleaner
Download: http://www.viruskeeper.com/us/mvc.htm
They both didn't show a "false positive" on operausb.exe
Try it for yourself.
- Dr. Web CureIt is a free antivirus and antispyware utility based on Dr.Web antivirus scanner which can scan quickly and cure any infected system. You can run CureIt immediately after download, no installation required.
http://www.techsnack.net/drweb-cureit-f ... -antivirus
Download: http://freedrweb.com/
- Multi Virus Cleaner
Download: http://www.viruskeeper.com/us/mvc.htm
They both didn't show a "false positive" on operausb.exe
Last edited by Checker on Tue Apr 15, 2008 10:16 pm, edited 1 time in total.
-
opsimathic
- Posts: 50
- Joined: Sun Feb 25, 2007 12:12 pm
- Location: Uganda
[quote="Dr. Web CureIt is a free antivirus and antispyware utility based on Dr.Web antivirus scanner which can scan quickly and cure any infected system. You can run CureIt immediately after download, no installation required.
http://www.techsnack.net/drweb-cureit-f ... -antivirus"[/quote]
Thanks for this heads-up - I will download Dr. Web CureIT later today when I have time to properly look at it.
I note it is not in the TPFC database - do you know if it is truly portable - preferably stealthy as well?
If it is a well behaved portable application, we should submit it so the wider community can use it.
Thanks again!
/opsimathic
http://www.techsnack.net/drweb-cureit-f ... -antivirus"[/quote]
Thanks for this heads-up - I will download Dr. Web CureIT later today when I have time to properly look at it.
I note it is not in the TPFC database - do you know if it is truly portable - preferably stealthy as well?
If it is a well behaved portable application, we should submit it so the wider community can use it.
Thanks again!
/opsimathic
-
opsimathic
- Posts: 50
- Joined: Sun Feb 25, 2007 12:12 pm
- Location: Uganda