Antivirus that can be run from a flash drive with complete definitions

I gotta see this in action, Clamwin beating the rest in detection... That'll be something.

 

I don't recommend any AV for Linux actually, you don't need one as long as you stick to trusted repositories. ClamAV is made for Linux, and one of the few AV that work there, so I'm not against recommending it if need be. But I cannot recommend ClamWin's effectiveness on Windows based on what I and most others have experienced and tested.

Those OS are so old that I doubt anyone techie enough to run them need an AV. Plus security by obscurity doe factor.

Nope, sorry.

 

One thing I will definitely agree with is that the interface for Malwarebytes 2.0+ is pretty ugly, bug prone, and scan speeds are significantly slower than 1.75x version. Consequently I'm still using 1.75 on my main computer.

As for the rest of it, you simply don't have the knowledge to make such sweeping statements about the relative effectiveness of programs. The best basis to compare programs would be independent testing, i.e. unbiased organisations actually testing the products against real threats, using published methodologies. Secondly, listening to the real world experience of people involved in IT or computer security, e.g. techies who (like me) have actually used these products to remove malware on people's computers will give you an idea of what works in practice. MBAM is considered a go-to tool. Even personal testing can involve more than just observing the UI, as there are repositories of malware one can test products against if they know what they're doing (although publishing the results here is frowned upon). It's not enough that the UI is nice - the product needs to be effective if there's actually an infection.

You don't even know what these programs are actually for. AdwCleaner is more for PUPs and adware. While Malwarebytes will detect PUPs/adware, its focus is more on malware such as trojans and rootkits (and will even detect viruses, but unlike an actual antivirus it can't disinfect a file.) It's also free for use as a scanner, as it has been for many years. SuperAntiSpyware is far from a better option; again you make a claim that one product is better than a known good product with little basis, when independent testing has found MBAM to be significantly superior to SAS on detections for malware. Also the focus of SAS is different to MBAM, although it claims to be good for general malware and rootkits (it isn't, particularly).

 

I no longer care for all these. Toys for boys. After installing and remobing MBAM, my machine got some ugly thing, either this or someone in here hacked me just for fun. Or it could be someone known as henry who unlocks the inbox from the US who was angry at me for using adblock software, and him not being able to make money with google ads. I seen him actually listed on stackexchange for spamming askubuntu and other forums in there to get more visitors on his inlock the inbox site.

Anyway this is definitely not a safe place for beginners like me. It is a place for pirates and people with nothing better to do than shown off. Have to unregister and hope to stay away from such rather boring yet dangerous places. If it were not for privatefirewall, i would have never registered in here, and so I would have never had to deal with such an ugly virus or whatever it is.

 

I'm sure you'll find a use for Clamwin then.

 

oh, that was soo funny. especially coming from a complete stranger

 

So your experience makes you an expert?

Pft!

 

I don't know how to answer that - what else would experience do but add to knowledge? I've looked at more than enough heavily infected machines to work out which tools are useful in practice, and which aren't - but I know the limitations of basing opinions on technical experience alone. When I compare tools, it's also with a basis in evidence or general knowledge.

I don't jump into discussions on security forums and make claims outside of my depth or scope of knowledge. Since the poster in question managed to get infected during this thread, I'm inclined to believe that he doesn't have the knowledge or skills required for this discussion.

 

I think you missed the part which indicated sarcasm (Pft!).

 

Actually I thought all of it indicated sarcasm, not just the parts I chose not to quote

 

I agree - sarcasm!

I believe you think you know a lot about malicious software and infections. Chucking 'whatever' at your infections isn't the way to deal with them.... but you know that, right?

 

"I don't jump into discussions on security forums and make claims outside of my depth or scope of knowledge."

Ah, but you know everything, right? You have also assumed I know nothing about "my depth or scope of knowledge."

But you're so knowledgeable... how could you posssibly be wrong about anything?

Again I will say Pft!

 

Well if you're curious, I used to enjoy the challenge of finding the source of an infection before something like MBAM had finished scanning. Here's a bunch of tools from with the OP could select something, beyond just anti-malware/AV scanners:

In the past, something like HijackThis was sufficient for most trojans - was relatively simple to scan the report for the obvious culprit (e.g. xcgiuhljhaf.exe), and to fix the changes to other parts of the system such as proxies, brower helper objects. On the next reboot you could delete the trojan and any associated files. The tool didn't keep up to date with all the areas where something could autorun, and wasn't overly useful for rootkits either.

A more useful tool is Sysinternals Autoruns (which has essentially been copied by Comodo as part of CCE), which shows a full list of autorun locations, including scheduled tasks. Following an intitial infection, it's not uncommon to see malicious scheduled tasks - usually to install other malware components such as the rootkit. Autoruns lets you verify code signatures of files and drivers as well, which while useful - it's not foolproof given the number of times malware has spread through signed drivers. Autoruns is still very useful today.

Sysinternals also made Process Explorer, which certainly has some useful features, and similar to Autoruns - CCE includes their version of it, Killswitch. While it's useful to be able to do things like uncover DLL injection or see related network activity, in all honesty I found it easier to just find the ways in which malware executed on boot and not worry so much about active processes unless they blocked the running of antimalware. While Process Explorer could close malware processes, it was easier just to run Rkill.

Tools like OTL by oldtimer and DDS were great, but I'm not nearly as proficient in them anymore (now that computer security doesn't take up much of my time anymore). Once upon a time it was actually easy to clean a rootkit by hand back when all it took was looking for unsigned drivers [] or comparing chksums online vs offline (because the rootkit would lie, but couldn't if the drive was offline), but rootkits these days require more knowledge and interpretation. I've forgotten more than I remember. If I suspected a rootkit then I'd prefer a reinstall over a clean. I never really bothered with GMER beyond testing it out on infected machines; it was simpler and more effective to just use Combofix. I still remember the days when CF was likely to cause more harm than good, so I only like it as a last resort.

As mentioned to the OP earlier, aswMBR can be run with definitions copied from a networked computer. It'll look for a number of rootkits, as the name suggests check the MBR, and do a comprehensive AV scan too. I used to run TDSSkiller as standard, given a period of time when TDL rootkits seemed to be every other infected computer, and the scans don't take very long.

There are different tools floating around to repair damage to Windows components from malware, such as Windows Repair (All In One). The OP might need it to re-enable the internet.

 

Actually that wasn't even referring to you.

 

No, I am not in the slightest interested in your trial and error hit amd miss philosophy.

 

What would you recommend for the OP? How did you deal with your recent infection, and do you know the source of it?

 

"What would you recommend for the OP?

How did you deal with your recent infection

, and do you know the source of it?"

I'm not sure it's relevant to the OP and for that I apologize.

What would you recommend for the OP?

I would recommend anyone, including the OP, sign up for assistance from a qualified malware removalist - someone who knows hows to create / read scripts with advanced tools and knows what those scripts will do. Not someone who says run this and see how things go. That is almost as dangerous as the malware would be let loose on the system.

How did you deal with your recent infection[?]

I don't believe I had an infection, but how did I deal with it? I restored a week old image of my machine.

and do you know the source of it?

No I don't, but I believe it was a corruption, not an infection.

 

Why over-complicate things? Once you know how malware can execute, then you can stop it executing.

With the majority of trojans, it's as simple as removing its ability to start on boot, and undoing any changes to the system particular to that trojan. For this, Autoruns & something like MBAM will be sufficient in most cases. Obviously you can't approach all infections the same. There's no need for overkill unless there's an indication of something more insidious hiding, e.g. some trojans are commonly associated with particular rootkits.

People who clean computers regularly want to do it in the most efficient way possible, without messing up the system. Likewise, clients don't want to spend weeks following instructions from someone with internet qualifications in malware removal - if they were computer savvy, they'd deal with it themselves.