Jump to content
OliverK

Does SAS detect this nasty rootkit?

Recommended Posts

Hi, I've just come across this description of a trojan which sounds really scary, on a competitors website.

"The latest examination of Trojan.Mebroot rootkit samples show that it uses powerful concealing techniques designed to avoid detection by anti-rootkit/anti-spyware programs. We have found Trojan.Mebroot infects the Master Boot Record (MBR), stores the rootkit driver in physical drive sectors, and hides the true contents of all sectors from both user-mode and from anti-rootkit/anti-spyware detection."

They've given it particular prominence on their forum site, making me think this is a really bad rootkit.

Just out of curiosity, and given that I'm using SAS Pro only, does it detect and remove this rootkit? (I can't find it on the list of recent inclusions, but I realise that SAS may call it something different).

Many thanks.

Share this post


Link to post
Share on other sites
Well, SAS has a "good" capability of removal of rootkits....but it lacks driver locking technologies. So.....rootkits often reinstall themselves upon removal. Moreover, SAS does not have self-defense codes, sometimes some typical Rootkits often delete the host which tries to remove them.

For a reliable removal of rootkits, boot your PC through virtual Windows Environment (BartPE), and then run a full system scan. :)

You really have no idea what you are talking about here. Please do not state things as facts if you don't really know what's going on.

FACT : SAS has techniques that prevent a rootkit (any kind) from restarting or re-installing once detected

FACT : SAS has technologies to prevent termination and blocking by rootkits if SAS is installed first.

FACT : We already are handling the new rootkits with our upcoming release that do some of the new "nasty" techniques as referenced above.

Share this post


Link to post
Share on other sites

You are interpreting what was said and that is not factual; READ what was actually said. Don't READ implications into the response, you tend to do this a lot in reviewing your posts. :)

Share this post


Link to post
Share on other sites
Fact 1: Oh really!!! Just browse Kaspersky forum and look what users say about the re-occurance of Rootkit infection even after removal by SAS.

You said, "SAS has techniques that prevent a rootkit (any kind)"......that implies that it has 100% detection rate.....quit boasting about your product....no AV/AS has 100% detection rate.

Fact 2: OMG, install "Ashan Khan Butto Virus" and then see how the entire OS including SAS perishes away eventually....

Fact 3: You openly admit that SAS detects ONLY the malwares that are in active circulation!! What are the criterias for malware to be in active circulation? I've been posting several malicious malwares, which never come under detection tree....you say that they are not in active circulation.....then how do you know that they acutally not in active circulation? Do you sit on every PC on this earth and then figure it out that the malware which I've send to that labs are not their on their PCs?

FACT : We never said 100% detections\ of all rootkits - let me clarify so you can understand what I said - if we detect a rootkit, we render it unable to re-start. If something re-installs it that can be a different story.

FACT : We detect rootkits that we have analyzed and many we haven't using our heuristic techniques.

FACT : You sent in 2 items that were not even malware - the other item you sent is in our queue and may have already been analyzed.

FACT : As far as what's in active circulation - we receive MILLIONS of diagnostics per month and have an excellent view of what's really on the systems of our users

FACT : Regarding "Ashan Khan Butto Virus" - maybe you missed what our product does "SUPERAntiSpyware" not "Anti-virus" :) We leave the virus protection and detection up to the virus products.

In the future, please do not post things as "facts" when they are in fact your OPINION - you have no access to the inner workings of SUPERAntiSpyware. You are always welcome to post your opinion, or questions and we will be happy to answer them as we do with all of our users.

Share this post


Link to post
Share on other sites
Fact 1: Oh really!!! Just browse Kaspersky forum and look what users say about the re-occurance of Rootkit infection even after removal by SAS.

You said, "SAS has techniques that prevent a rootkit (any kind)"......that implies that it has 100% detection rate.....quit boasting about your product....no AV/AS has 100% detection rate.

Fact 2: OMG, install "Ashan Khan Butto Virus" and then see how the entire OS including SAS perishes away eventually....

Fact 3: You openly admit that SAS detects ONLY the malwares that are in active circulation!! What are the criterias for malware to be in active circulation? I've been posting several malicious malwares, which never come under detection tree....you say that they are not in active circulation.....then how do you know that they acutally not in active circulation? Do you sit on every PC on this earth and then figure it out that the malware which I've send to that labs are not their on their PCs?

Interesting you were trying to pirate our software :

"XPSunny - Posted: Tue Dec 26, 2006 2:19 am Post subject: SuperAntispyware crack needed

--------------------------------------------------------------------------------

Please..........

"

and

"XPSunny - Posted: Tue Jan 02, 2007 4:10 am Post subject: Re: SuperAntispyware crack needed

--------------------------------------------------------------------------------

Anyone please help me.

"

Very interesting indeed.....

Share this post


Link to post
Share on other sites

Nice answers you gave him :P

i like to read when people write about things they dont know anything about, and is completely wrong. And then get "beated up" by someone who knows what he is talking about :P

And what do you mean with..

FACT : We already are handling the new rootkits with our upcoming release that do some of the new "nasty" techniques as referenced above.

Does that mean SAS dont handle the new rootkits now.?

And this "opcoming release." Will that be pure improvements in detection/removal (and maybe also self-defence) Or will there also be some new features? example like password to open sas. :)

And keep up the good work, so SAS forever will be the number 1 AntiSpyware product :D

Share this post


Link to post
Share on other sites
Nice answers you gave him :P

i like to read when people write about things they dont know anything about, and is completely wrong. And then get "beated up" by someone who knows what he is talking about :P

And what do you mean with..

FACT : We already are handling the new rootkits with our upcoming release that do some of the new "nasty" techniques as referenced above.

Does that mean SAS dont handle the new rootkits now.?

And this "opcoming release." Will that be pure improvements in detection/removal (and maybe also self-defence) Or will there also be some new features? example like password to open sas. :)

And keep up the good work, so SAS forever will be the number 1 AntiSpyware product :D

We are always improving our technology to more effeciently detect and remove the new infections and styles of infections.

This is mostly a technology update - the next version will be more interface and other items (such as the password) :)

Share this post


Link to post
Share on other sites
Fact 1: Oh really!!! Just browse Kaspersky forum and look what users say about the re-occurance of Rootkit infection even after removal by SAS.

You said, "SAS has techniques that prevent a rootkit (any kind)"......that implies that it has 100% detection rate.....quit boasting about your product....no AV/AS has 100% detection rate.

Fact 2: OMG, install "Ashan Khan Butto Virus" and then see how the entire OS including SAS perishes away eventually....

Fact 3: You openly admit that SAS detects ONLY the malwares that are in active circulation!! What are the criterias for malware to be in active circulation? I've been posting several malicious malwares, which never come under detection tree....you say that they are not in active circulation.....then how do you know that they acutally not in active circulation? Do you sit on every PC on this earth and then figure it out that the malware which I've send to that labs are not their on their PCs?

Interesting you were trying to pirate our software :

"XPSunny - Posted: Tue Dec 26, 2006 2:19 am Post subject: SuperAntispyware crack needed

--------------------------------------------------------------------------------

Please..........

"

and

"XPSunny - Posted: Tue Jan 02, 2007 4:10 am Post subject: Re: SuperAntispyware crack needed

--------------------------------------------------------------------------------

Anyone please help me.

"

Very interesting indeed.....

Stop acting like a kid......quit claiming false accusions.

PROVE IT.

Same IP, same registered e-mail address......you do the math! :) It's ok, you got busted, no big deal, people try to steal software every day, it's an unfortunate part of the software world.

Share this post


Link to post
Share on other sites

xpsunny: You just got owned.

Please stop the discussion of yours, it's embarrasing. You just make a fool out of yourself.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×