BoClean(?)

Discussion in 'other anti-trojan software' started by SG1, Sep 12, 2005.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Have read at least two so-so reviews of this app. in the past, but have also read that the author's say they were striving to really beef it up.

    Well, anyone here use BoClean - & if so - can you please give me a "real world" user's opinion of this app?

    Thanks, SG1 (Pat)
     
  2. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I have used it for about two years. Very simple application to use. It really is a set it and forget it application. It has no file scanner for you to do a scan of your system, but you can scan individual files by dragging them into it's menu box. It was designed specifically to monitor your systems memory for running baddies. If it finds any, it stops them and asks you if you want to delete the file as well. It is designed as a back-up to your antivirus. If the AV doesn't nail the trojan as it scans it(it may be encrypted, packed etc) then once the trojan unpacks to memory then BOClean does it's thing. I've never had compatibility problems and i believe these are few and far between. Plus the service from Kevin and Nancy is fabulous.

    Hope this helps.
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Summed up nicely. I use it also. :cool: See here.https://www.wilderssecurity.com/showthread.php?t=92920
     
    Last edited: Sep 12, 2005
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Pat,

    I think it's an almost indispensible tool.

    My first "unplanned" use of it occurred last week on my son's PC. He runs KAV WS, but I had it set at standard settings. He obviously let something through, which was caught on an overnight scan, save for 1 dll file which was leading to near immediate BSOD's. BOClean did trap the offending file, the PC BSOD'd on the file delete operation, but I had the name/path and a boot to the secondary partition I had the PC outfitted with was all that was needed. For the KAV afficianados, setting detections to look at riskware would have caught this one, and that machine - and my other KAV installs - have now been reset to that level. But BOClean worked exactly as designed, advertised, and for what it was installed for - backup anti-malware coverage when needed - regardless of the AV. Based on the way this thing behaved, riskware was a charitable categorization

    BOClean is very highly recommended by me.

    Blue
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Very impressive, Blue.

    Would you recommend BOClean w/o any other AV? If it's that good, why would one need anything else?

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Rich,

    The simple answer is no. I do recommend it without reservation as secondary coverage. It's a very light memory scanner, and therefore not subject to many of the obvious tricks that can be used to obscure malware. My emphasis was to underscore that no single product is immune from potential difficulty all the time - even though the specific case here reflects not switching every option of a program (KAV) to the highest level.

    This was an example of a layered approach actually working in action and why one might consider some form of secondary coverage which does not duplicate the primary layer.

    Let me turn the question around - Do you put all of your eggs in any one basket? If so, why?

    Blue
     
  7. passing thru

    passing thru Guest

    I spent my "real world" weekend cleaning a Windows ME system that, in four years, had no running AV or Windows Updates. After scanning\cleaning with three AVs and Ad-Aware Plus (and its VX2 plugin), the system was still obviously "not right". This is after normal and safe mode cleaning, as well as pulling the HD out and doing an offline scanning\cleaning. As a last resort, I temporarily installed BOClean. After a couple of reboots, due to explorer.exe crashes when BOClean killed what it found active (which included VX2 again), the system was working well again. I highly recommend BOClean with or without an AV. In my case, I do not use an AV in real time.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
     
    Last edited: Sep 13, 2005
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    rich,

    I don't think you read my post closely enough. As far as I can tell, my son actively approved something he shouldn't have. KAV caught most of it, not all of it. Had I set KAV to maximum detection to include riskware, it would have dealt with the entire thing. This wasn't a slip by in the usual sense of the word. But is was nice to have backup detection at work.

    I notice you seem to use Deep Freeze/AntiExecutable. I'm not sure how this configuration would have played out in his hands, but for sake of argument, let's say he approved execution of some application. As I recall, he would have been infected until reboot with this combination, and that's it. Now, you seem to have faith in this approach, why did you not recommend that your friend give Deep Freeze/AntiExecutable a try? Or did you do that and did they decline?

    As far as I can see, things don't often slip by the top tier antimalware products for a casual user. I'm not sure why you'd be discouraged. Many folks who do have problems, seem oblivious to the need to keep these products updated, but that's no more complicated a task than unfreezing/freezing something like DF for an install.

    Blue
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I wouldn't recommend this approach unless I was sure that the person was confident enough in her ability to know what to approve and disapprove in downloading. In this person's case, she was not taught much about computer security - she and her brother shared a computer, and it was always getting infected, she remembers. Now she is out of school and has a job and wants her own computer with a good antivirus program so it won't get infected. (her words)

    These appeared in recent posts:
    ============================
    How do I remove this virus. My antivirus software picks it up but I can't get rid of it. Please help!
    --------
    scaned my system with the recently dicontinued TDS3 and found a pair of trojan downloaders the win32.istbar.fs and the keenaval.e dropper. The keenaval.e is in only one file but the win32.istbar is in 3000 of them and its embeded. is there a way to clean that without deleting all 3000 files?
    ---------
    A BHO has been downloaded to my system and keeps popping up random things. I have no idea how to get rid of it.

    I used:

    Ad-aware
    Spybot Search and Destroy
    Ewido Security Suit
    CWShredder
    Hi Jack This
    Stinger
    VX2 Finder
    ===========================

    Posts like this aren't very encouraging, and maybe as you say, they didn't keep their products updated - I don't know. But all of this is getting into an area I don't know much about, hence, my decision to send my friend to the local computer shop. They will recommend something, show her how to install/maintain it, and she will be satisfied.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    One of their set ups of new systems includes Norton System Works with Norton AV and firewall.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  13. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    SG1,
    "Well, anyone here use BoClean..." LOL :D

    Right many of us.

    I have been running it for over three years. I have used many AVs and several firewalls...the one constant security app. is BoClean.

    As to my opinion. No need to over type on my keyboard with repeats...Muf pretty much said what I would have said.

    BoClean=TrojanDefense (period) ;)
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    rich,

    That's an excellent approach which we often fail to follow - the solution, whatever it is, has to fit the user and their experience/knowledge. That's a similar route I took in not pursuing applications like Deep Freeze or Shadowuser for the family. At this point, they would be making completely uninformed decisions on approvals. I made the same decision with ProcessGuard, although I believe it is a great application.

    This is when I appeal to tests I have faith in, like www.av-comparatives.org - I'd say go with any option rated Advanced+. I have my personal preferences, but they all work well.

    Yes, those types of posts can be discouraging. On the other hand, my son didn't really have a clue on the first step to take, while I thought the problem was trivial and could have been solved easily without BOClean by taking a peek at the autostart entries. My guess is he could have resolved it easily walking through any of the standard clean-up guides available anywhere. The operational problem is that this is a very major step for most.

    Blue
     
  15. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I've been using BOClean for about 6 weeks on mine and my kids PCs and so far very pleased with it although it hasn't had to catch anything so far, possibly because I run it alongside KAV. I do like how light it runs and I like the licensing (no subscription, just a one off fee, multiple home computers).

    What I don't like about it is the tech support. I've only ever sent two emails to their support email address - the first was answered nearly a week later and the second email I sent nearly 10 days ago and still hasn't been answered. I guess their tech support priority is their subscription based corporate accounts.
     
  16. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    q1aqza,

    My own experience with PSC is that my "critical" questions have been answered very quickly. Informational ones can sometimes take a bit, althoiugh some of them have had fast responses.

    As always, you can always post here, or in their home forum, as appropriate to get an answer from another user. It's not always the best route, but it can fill in the gaps.

    Blue
     
  17. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    My questions were not critical so I appreciate that they wouldn't respond immediately but 10 days (so far) for a non-critical question is a bit slow in my book - the sort of thing you would expect for freeware support.

    I'll just have to be patient :cool:
     
  18. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Or resend your email :)
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Resend your email and post here.
     
  20. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    I've been running BOClean for some time. Allow me to say that it is an unobtrusive, well behaved, and well performing piece of security software. It's snatched up nasties that my top-tier A/V missed more than once. An integral part of my line of defense.
     
  21. controler

    controler Guest

    #17 Today, 12:45 PM
    q1aqza
    Regular Pos

    needs to have his own buisness that is not multibllion dollar or even a tad bit close and he is the only one answering support questions.

    Let's have a un duh?

    Corporations such as Mscrewme, but I won't say Nortonscrew me since I have known peter too many years.

    Have all their peons answering everyday humdrum e-mail.

    Kevin is superhuman :D That is one big smiley!!!!!!!!!!!!!!!!!!!!!!!!

    One of the best products on the planet today and still has time to answer our mundane questions.

    I only wish he would put out an operating system BIG LOL

    That would be the bomb as the new generation says.

    Cheers, we drink we conqure and we are not gay but marry



    controler
     
  22. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Must have been drunk when it was written, or audience have to be drunk to understand it :D

    I don't care how big or small a company is, if they sell a product at 'market' rate then I don't think it is unreasonable to expect a certain level of support, in line with the 'market'.

    Again, like i said in my earlier post, freeware or indeed 'cheapware' you expect slow response. BOClean is neither of these. Anyway, another 3 days have passed so I guess it's time to resend the email.
     
  23. controler

    controler Guest

    Why don't you post your question here?
    There are alot of people here that could possiably answer your question.
    I am SOBER today :eek:



    controler
     
  24. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I have never needed to use Hijackthis (because I use BoClean?) but a couple of folks at a couple of forums (was Wilder's one of them?) have stated that they have never seen a HijackThis posting from a system that also had BoClean installed on it. :cool:

    Acadia
     
  25. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    LOL, understand this answer much better !!

    I did post my question on this forum a few weeks ago and I was advised to email BOClean tech support. A poster hinted that there might be a 'special' build available that overcomes the 'dangerous app' problem when running ZA Pro 6. I'd been reluctant to contact BOClean's tech support as I see it as a ZA issue but I was advised to give them a try anyway.
     
Thread Status:
Not open for further replies.