Key results of the testing of antivirus products for the treatment of active infections II

Antivirus products from 14 vendors were tested, including Avast!, AVG, AVZ, Avira, BitDefender, Eset, F-Secure, McAfee, Panda Software, Sophos, Symantec, Trend Micro, VirusBlokAda, Dr. Web, and Kaspersky Lab.

Testing was conducted using the following malicious programs (the names are shown according to the classification used by Kaspersky Lab) selected in accordance with the criteria described here:

  1. Adware.Win32. Look2me.ab
  2. Adware. Win32.NewDotNet
  3. AdWare.Win32.Virtumonde.bq
  4. Backdoor.Win32.Haxdoor.ix
  5. Backdoor.Win32.PcClient.ca
  6. Email-Worm.Win32.Scano.ac
  7. Trojan-Clicker.Win32.Costrat.l
  8. Trojan-Downloader.Win32.Agent.brr
  9. Trojan-Downloader.Win32.Agent.brk
  10. Trojan-Proxy.Win32.Agent.lb
  11. Trojan-Proxy.Win32.Wopla.ag
  12. Trojan-Proxy. Win32.Xorpix.ba
  13. Trojan-Spy.Win32.Bancos.aam
  14. Trojan-Spy.Win32.Goldun.ls
  15. Virus.Win32.Gpcode.af
  16. Rootkit.Win32.Agent.ea
  17. SpamTool.Win32.Agent.u

Testing of the ability of antivirus products to treat active infections was conducted strictly in accordance with the methodology.

Table 1: Results of active infection treatment by different antivirus products

Malware\ Antivirus Avast! Professional Edition 4.7 AVG Anti-Virus  7.5 Avira AntiVir PE 7.0 BitDefender Antivirus 10 Dr.Web Anti-Virus 4.33
Adware.Win32.Look2me.ab + + - - -
Adware.Win32.NewDotNet + - - - -
AdWare.Win32.Virtumonde.bq + + + - -
Backdoor.Win32.Haxdoor.ix - - - - +
Backdoor.Win32.PcClient.ca + + + - -
Email-Worm.Win32.Scano.ac - - - - -
Trojan-Clicker.Win32.Costrat.l - - - - -
Trojan-Downloader.Win32.Agent.brr - - - - -
Trojan-Downloader.Win32.Agent.brk - - - - -
Trojan-Proxy.Win32.Agent.lb + + + + -
Trojan-Proxy.Win32.Wopla.ag + + - - -
Trojan-Proxy. Win32.Xorpix.ba + + - - -
Trojan-Spy.Win32.Bancos.aam + + - - -
Trojan-Spy.Win32.Goldun.ls + + + - +
Virus.Win32.Gpcode.af - - - - -
Rootkit.Win32.Agent.ea - - - - -
SpamTool.Win32.Agent.u - - - - -
Total: 9/17 8/17 4/17 1/17 2/17

 
Table 2: Results of active infection treatment by different antivirus products (continued)

Malware\ Antivirus Dr.Web Anti-Virus 4.44 Beta Eset NOD32 Antivirus 2.7 F-Secure Anti-Virus 2007 Kaspersky Anti-Virus 7.0 McAfee VirusScan 2007
Adware.Win32.Look2me.ab - - - + -
Adware. Win32.NewDotNet + - - + +
AdWare.Win32.Virtumonde.bq + - - + +
Backdoor.Win32.Haxdoor.ix + - - + -
Backdoor.Win32.PcClient.ca + + + + +
Email-Worm.Win32.Scano.ac - - - + -
Trojan-Clicker.Win32.Costrat.l + - - + -
Trojan-Downloader.Win32.Agent.brr + - - - -
Trojan-Downloader.Win32.Agent.brk + - - - -
Trojan-Proxy.Win32.Agent.lb + + + + +
Trojan-Proxy.Win32.Wopla.ag + - - + -
Trojan-Proxy. Win32.Xorpix.ba + - - + -
Trojan-Spy.Win32.Bancos.aam + - - - -
Trojan-Spy.Win32.Goldun.ls + + + + +
Virus.Win32.Gpcode.af - - - + -
Rootkit.Win32.Agent.ea + - - - -
SpamTool.Win32.Agent.u + - - - -
Total: 14/17 3/17 3/17 12/17 5/17


Table 3: Results of active infection treatment by different antivirus products (continued)

Malware\ Antivirus Panda Antivirus 2008 Sophos Anti-Virus 6.5 Norton AntiVirus 2007 Trend Micro Internet Security 2007 VBA32 Antivirus 3.12
Adware.Win32.Look2me.ab + - + - -
Adware. Win32.NewDotNet + + + + -
AdWare.Win32.Virtumonde.bq - - + + -
Backdoor.Win32.Haxdoor.ix + - + + -
Backdoor.Win32.PcClient.ca + - + - -
Email-Worm.Win32.Scano.ac - - - - -
Trojan-Clicker.Win32.Costrat.l - - + - -
Trojan-Downloader.Win32.Agent.brr + - + - -
Trojan-Downloader.Win32.Agent.brk - - - - -
Trojan-Proxy.Win32.Agent.lb + + + + +
Trojan-Proxy.Win32.Wopla.ag + - + - -
Trojan-Proxy. Win32.Xorpix.ba + - + - -
Trojan-Spy.Win32.Bancos.aam + - + - -
Trojan-Spy.Win32.Goldun.ls + + + + -
Virus.Win32.Gpcode.af - - - - -
Rootkit.Win32.Agent.ea - - - - -
SpamTool.Win32.Agent.u - - - - -
Total: 10/17 3/17 12/17 5/17 1/17

Notice! According to analysis of testing results and awards:

( + ) means that antivirus solution successfully removed the active infection, and the system was restored (or was not damaged),
( - )
The antivirus solution failed to remove the active infection or the system’s integrity was seriously damaged.

As you can see from Tables 1-3, the most complicated for treatment malware samples ware Virus.Win32.Gpcode.af, Rootkit.Win32.Agent.ea, SpamTool.Win32.Agent.u, Email-Worm.Win32.Scano.ac and Trojan-Downloader.Win32.Agent.brk.

Table 4: Test Summary

Award Products
Gold Malware Treatment Award
Gold Malware Treatment Award

Download GIF image (500х500px)

Dr.Web Anti-Virus 4.44 Beta (82%)
Silver Malware Treatment Award
Silver Malware Treatment Award

Download GIF image (500х500px)
Kaspersky Anti-Virus 7.0 (71%)
Symantec Norton AntiVirus 2007 (71%)
Bronze Malware Treatment Award
Bronze Malware Treatment Award

Download GIF image(500х500px)
Panda Antivirus 2008 (59%)
Avast! Professional Edition 4.7.1029 (53%)
AVG Anti-Virus 7.5 (47%)
Poor results McAfee VirusScan 2007 (29%)
Trend Micro Internet Security 2007 (29%)
Avira AntiVir PE Premium 7.0 (24%)
F-Secure Anti-Virus 2007 7.0 (18%)
Eset NOD32 Antivirus 2.7 (18%)
Sophos Anti-Virus 6.5 (18%)
Dr.Web Anti-Virus 4.33 (12%)
BitDefender Antivirus 10 (6%)
VBA32 Antivirus 3.12 (6%)

Only six of 15 tested products demonstrated acceptable results in the treatment of active infection, i.e. they successfully cured the infected system.

The most effective antivirus in the treatment of active infection is Dr.Web Anti-Virus 4.44, which won Gold Malware Treatment Award. Kaspersky Anti-Virus 7.0 and Norton AntiVirus 2007 also showed decent result (71%) and was awarded with Silver Malware Treatment Award.

The other three antivirus products: Panda Antivirus 2008, Avast! Professional Edition 4.7 и AVG Anti-Virus 7.5, demonstrated mediocre results (от 59 до 47%). These figures meet the requirements for Bronze Malware Treatment Award.

An additional three antivirus products, namely, Eset NOD32 Antivirus, Sophos Anti-Virus and BitDefender Antivirus, demonstrated mediocre results. The remaining antivirus solutions performed poorly. These products can by no means be relied upon to effectively combat today’s virus threats.

For detailed test results, including the information on the disinfection of specific viruses, and to verify the calculations used to determine the test results, please download the complete results below in PDF or Microsoft Excel format.

AttachmentSize
Complete testing results in Microsoft Excel format »114.5 KB
Complete testing results in PDF format »179.43 KB