Boclean Advantage

As someone who has used/currently uses all the programs in question (well - OK - I used the Giant variant of MS Antispyware), I'd concur with john2g with the added comment that many of the downloaders responsible for placing spyware on PC's are now handled quite well be top tier AV's and BOClean is ably placed to handle anything that makes it by your chosen AV - which should be very few and very far between.

As I've mentioned elsewhere, while I've never felt compelled to run the realtime coverage from an AS application, in the past I typically did harvest a number of things in a demand cleanup mode. These days, however, those scans are now coming up clean as well due to the broader scope coverage that the primary AV provides (NOD32 in my case) and the addition of some additional, more generic tools (RegDefend, ProcessGuard, SafenSec, PrevX, etc. - take your preferred pick). For example, AdAware SE Pro runs on my PC while I'm away during the day. The last significant log entry as of this morning (i.e. everything except flagged tracking cookies) dates from January of this year. Although I still believe that it is prudent to have an AS application available, I believe this observation speaks for itself.

Blue

 

Would BOClean and the realtime coverage of Microsoft Antispyware cause problems for each other such as delays in programs opening, executing tasks etc?

 

I've never tried it, but based on how I believe they both work, I don't believe there i would be a conflict. Overall BOClean is an extremely well-behaved application. Let's say my experience with MS AS is, well, extremely limited. Aside from a few tens of minutes during which I had the Giant realtime module active after the initial installation, I've not used it. That wasn't due to a conflict, more a desire to keep the potential for contention to a minimum.

The obvious challenge test is easily performed - run with each application active separately and compare the results to when both are active. Just make sure both are fully deactivated when they should be in the single application test. If it's an issue, you'll see it.

Blue

 

hi

i run both boclean and counter spy ( another giant/MSAS clone) real time without any problems

edit: i believe MSAS/GIANT/CS scan "smart" if real time protection is enabled= they monitor the common spyware inbound routes, like internet streams etc, so its not like an antivirus scanning all accessed files

 

Why would you use Adaware SE Pro while you are away instead of checking the Unattended cleanup and removal option since BOClean intended it for unattended machines according to their support literature? Just wondering this is not meant to criticise.

 

No problem. That's just a legacy result of how I initially set it up. Never changed it. It was set to perform an update/quick scan daily and it used to clean out a reasonable amount of junk. Nothing terribly malicious, but junk nevertheless.

I placed it in service well before BOClean was installed and most times (since I'm not there - out of sight, out of mind I guess), I completely forget about it. It does, however, provide a bit of a snapshot regarding what had occurred over the past 9 months or so on my machine and for anyone wondering about the effectiveness of the products that I happen to use, that could be a worthwhile minor anecdotal data point - or not .

Blue

 

Thank's. for a snap shot I will probably use the Create a report option when a trojan is found and let the reports accumulate for a while. As I have Adaware SE 1.06 free version. Mind you I don't expect to accumulate much as NOD 2.50.25 has nailed everything (2 trojans since Feb) so far.

 

Apparently I have 18 outof 108 posts on this thread. Blue I hope BOClean gives you a percentage. I purchased and downloaded the program but did not install yet as BOClean advises to shut down my antivirus before install. I am not sure how to temporarily disable NOD 2.50.25 and don't know if it is really necessary as I have not had a problem with other program installs. BOClean says antivirus may pause the installer and POSSIBLY cause an install problem.

 

I believe I either just ignored that advice or simply quite the NOD32 Control Centre only.

The other way to can temporarily disable NOD32 is to fire up msconfig and uncheck the NOD32 service and startup entries, perform a selective startup/reboot, get BOClean running, and then reactivate the NOD32 entries you had just deactivated.

I am certain that I did nothing special when I installed BOClean, and that is for both NOD32 and KAV WS based systems.

Best of luck and post any problems if you encounter them.

Blue

 

Install went fine and computer seems to respond normally. When I check performance by clicking control/alt deleate the graph shows the spiking people talk about every ten seconds but i can not notice any real time impact. But I forgot to create a restore point before install what a dummy. Have to keep that in mind next time. Thanks Again.

 

How do I perform these two actions?

 

Hi Hammer,

On the BOClean support pages they recommend to use the excluder only in case of problems. So if there are no adverse effects running NOD32 and BOClean together, just follow step 2 of my post!

1) Open the BOClean control panel by clicking on the tray icon, click Program Excluder, click on file (left top), file explorer, navigate to the NOD32 install location and drag and drop the NOD32 exe's to the excluder window.

2) To exclude the BOClean folder and ini-file from real time scanning by NOD32, open the control center, go to AMON, exclusion. You have to enter the long path name to the BOClean folder / BOC412.ini (in the %Systemroot% file -> for me C:\Windows\...) as well as the 8.3 (short) path name (c:\progra~1\... etc). Make sure that the whole folder is excluded.

 

Computer responding normally. So I may not need to do either step 1 or step 2. I have coppied this post in event of problems.

 

I have NOD 2.50.25 installed best settings enabled. I say this not to knock NOD which I like. But only because people may wonder what I use. I sometimes run an online scan from one of the major antivirus companies. I have several, and today I choose Trend. I ran the combined spyware and antivirus scan. During the spyware portion the BOClean icon turned blood red. You know what that means, a trojan was found. I had BOClean set for unattended cleanup and removal. I realise that BOClean may not have found the trojan before because it was not active. Here's the log:"07/17/2005 14:55:00: C:\ WINDOWS\RMAGEN~1.DLL Trojan horse was found in above file. RMAGENT TROJAN STOPPED by BOCLEAN! Active trojan horse was shut down. System now safe. Trojan horse was removed, registry cleaned." The reason I am posting this is because I am wondering about the possibility of a Trend/BOClean FP.

 

Could be a FP. Set BOClean to keep a copy of the Trojan in the Config page. Then run the scan again!

 

Ran it again. Pretty sure it is a FP. log now says file copied to evidience location for examination. I also got Trend Micro screen that said "Trend Micro Damage Cleanup Engine has encountered a problem and needs to close. We are sorry for the inconvience." Forgot to mention I got this screen the first time also and when I clicked ok the scan continued. So how can i let BOClean know about this. And what do I do with the evidience file in my documents folder?

 

You could zip the evidence file in a password protected zip file and send it with your report to the BOClean makers, so they can check it out.

 

Did what you said. just ran F-Secure, CA and Panda with with no problem

 

Decided to run Bitdefender online scan and had no problem. Tried Trend virus scan ,antivirus only, no spyware scan and FP reappeared. If I want to run Trend I guess I'll pause Boclean. I wonder if anyone else can reproduce this FP.

 

I heard from Kevin. The problem should be fixed via update later tonight.

 

Good!

 

New update appears to have fixed the FP for Icesword also.

 

Ran Trend's Antivirus and Anti-spy everything went smooth.

 

Thanks Bruce and The Hammer for keeping us updated !
Glad things are OK again !
And of course also thanks to Kevin and Nancy !!

Cheers, Jan.

 

As we are all awear now it appears it takes a rootkit to detect a rootkit.

con