It’s the middle of the Antivirus 2012 calendar. 2012 AV apps have been out for about 6 months now and have had their rounds of bugfixes and service packs. It’s time to see if their detection and removal capabilities have improved for 2012.
I’m setting up my infected VM right now. It’s got all kinds of goodies on it
The scenario of these tests:
- The “imaginary” owner of this computer has an expired antivirus
- The owner may or may not be fully patched with windows updates
- The owner let’s another person use their computer for a few days
- The owner of the PC finds the PC almost unusable (since it’s so infected) after their PC was used by another person.
- The owner goes to their local store, buys an anti-virus application to remove the infections and try’s to get their pc running like it was prior to infection.
- …this is pretty much the story I get at least once a week from a client.
- Get the PC running to a usable state and as malware free as possible using only the antivirus the “customer bought”.
- Zeus v2 Trojan
- Sinowal Trojan
- Cridex Trojan
- Fake AV
- Banker Trojan
- Rootkit Zero-Access
- ….excessive much…well…yes
- Combofix – (look at files created in the last X days)
- Bootable Scans - (did they find anything)
- Malwarebytes – (did it find anything)
I’m sure I’ve got more to add…I’ll do it tomorrow…