View Single Post
Old 08-11-2012, 11:11 AM   #9
Codey
Human being with feelings
 
Join Date: Sep 2010
Posts: 87
Default

Quote:
Originally Posted by richie43 View Post
Not a problem. On a side-note... You sure have alot of AV crap running! Too mnay can be a conflict, but that's my take on it.....


Er, that is mostly on demand stuff, with only one real time av running.
I work in the security world, fixing and cleaning computers.

You said I had a lot of AV crap running, but there is only one AV program there - MSE, so no, and besides all those programs are 100 percent compatible as certified not just by the people that develop the programs, but the hardest core security geeks on the planet - Wilderssecurity. Months and months of research went into the checking of this.

This isn't my machine anyway. On my machine I don't even need to run AV because I have my system hardened at such a low level that it is not necessary. You'll find that the most advanced users use a multi-tier approach to security and that is where updating your hosts file and using dns blocking (Norton), to give just two examples, is the way to go. Also many other security features such as HIPS and sandboxing, plus EMET. Plus a whole lot more. EMET, for example, just one of the programs used, uses low level system security features built into windows itself - Data Execution Prevention, Address Space Layout Randomisation and Structured Exception Handler Overwrite Protection, to name but three. It's the only way to protect against 0 day stuff. Who needs AV when you have that little lot when you have a Host Intrusion Protection System running too? And all at virtually no performance hit unlike an AV. Invisible and super powerful protection, mind you, you have to study and research it for years to be able to implement it. But some of us have taken the time...

Let me pause for air ;-).

Anyway, thanks for the advice, but there was only ONE Anti-Virus program there running in real time. Not a lot of crap as you said. ;-) Just ONE.
Don't confuse Anti-Virus with Anti-Malware, with domain blocking, anti-phishing etc etc.... In fact you can run more than one Anti-Virus at once in real time, with little performance hit. But you have to be very very sure which ones play nice together and then make exceptions in their execution just to make sure things don't get confused between them.


Hopefully my little rant will prove educational and not inflammatory - I am on your side chaps, a very happy and satisfied customer of Cockos, whose developers I hold in the highest regard. Even you grubby little lot I hold a little affection for ;-) and I just want to keep you all safe and warm at night....


It's nearly time for my meds. But before I go I just want to say what I think has happened here:

This is not anything to do with phishing. There is no redirect trojan.
Panda security is an extremely well respected company in the security field. In fact, I figured out what was happening, and so confident was I in fact of my conclusion, that I went ahead and clicked all the way through and downloaded the file. No phishing. No re-directs. No virus. No malware. Just a false positive from Panda. Maybe someone from Cockos should have a word with them to sort it out. We all make mistakes.

Not one person has said the name of this virus/trojan. If someone has identified it, then please say what it was and what program found it.
I am open to being proved wrong, because that is how I learn about security. The file I downloaded was good. I (on demand) checked it with about 10 scanners. The re-direct to the Panda page you talked about happens because that is HOW THE PROGRAM WORKS. It stops you from going to the dodgy page and re-directs you to their secure servers.

Has no one taken the time to sort this out or get to the bottom of it?

Btw, the direct link that Ollie gave in the other post about this worked perfectly. I did a quick clean of the machine and restarted and the problem disappeared. But then I clicked on the win32 and win64 buttons again and it then came back blocking it. As I said the Mac download buttons never get blocked. Nothing is being re-directed anywhere, the URI for the win32 and win64 download of REAPER have been flagged by Panda security as malicious. It is a false positive that's all.


So anyone still maintaining this is a virus, can you please tell me the name of it, or at least the generic family, and how you found it and with what program, and how you cleaned it up.


Thanks. I genuinely come in peace and would love to know if I am wrong.
Maybe I am. It wouldn't be the first time. ;-+

On another side note, how about somebody from Cockos emailing the guys at Panda - they have excellent customer service - and we clear this up once and for all.


Good day Gentlemen I thank you for your concern, as I hope you will thank me for mine.

:-}
Codey is offline   Reply With Quote