AV and malware

What is the status on AVs ability to detect and remove "malware". By malware I mean stuff that executes various tasks like downloading icons, dialers, installing dlls, redirecting IE pages etc. I recently got infected with at least 2 variants of CoolWebSearch (About:blank, CWS.NS3) and a couple of trojans. HiJackThis, CWShredder and so forth didnt do any good. Neither did SpySweeper / Ad-Aware. Norton AV was able to take out the trojans, but the CWS problem remained. Out of desperation I installed trials of various AVs. The only one that was able to remove CWS completely was PC-cillin Internet Security 2005.

 

Although all AV vendors are increasingly taking a more generic approach towards malware, that is attempting to deal with anything a consumer would classify as malware versus, for example, an application that handles pure viruses, this takes time to achieve and the landscape is very rapidly changing.

A good way to look at the malware coverage scene in general is to note the situation with spyware in which the best single coverage handled something like 63% of the test challenge, while adding a second layer raised that to ~ 70% (these results are likely already outdated). The direct link is here.

Clearly there is a substantial duplication of coverage in this example, but at any given point in time a layered solution does provide an incremental increase in coverage - the key is getting a sense of the point of diminishing returns and not heaping duplicate solutions on top of one another. What is seen with spyware is generally applicable to the malware scene as a whole

For the case here, I'd say that looking at a pure AV solution is probably not the most effective approach, although KAV 5.0 with maxed out setting will probably be very close. I'd augment a decent AV with a dedicated AT. TDS3, BOClean, TrojanHunter, Ewido, and a² are all viable options. Right now I use BOClean as my realtime AT coverage and I know that handles CWS.NS3, with TDS3 as my on-demand backup.

Blue

 

Thanks for your answer. Basically I need to add some kind of anti-malware on top of my antivirus I recon.

 

Indeed, for security setups you may want to take a look HERE. As well there are discussions HERE and even more HERE.

Hope this helps...

Cheers