I have some questions about Anti-Virus, anti-Spyware general Anti-Malware software

Discussion in 'malware problems & news' started by MCPROTEUS, May 4, 2009.

Thread Status:
Not open for further replies.
  1. MCPROTEUS

    MCPROTEUS Former Poster

    Joined:
    May 4, 2009
    Posts:
    3
    Hello Wilder Security people

    The reason I am at this forum today is because a very nice guy who works for best buy Geek Squad told me this is a very good site for Malware, Spyware and Virus discussion. He also said that this forum is good as well http://spywareinfoforum.com/ Now that I am talking about this right now does anyone know any other forums and sites that are just as good as this one? If anyone could tell me that would be great I would like to add them to my bookmarked list. Ok moving on....

    I have been doing my best to learn as much as I can about the dark side of the internet these days. I want to become a Malware Spyware Pro. I am even thinking about going to school for it. But anyways here is what I want to say and what I am hoping someone / anyone can help me with...

    I would like to know if I have all the best tools and if I am doing the right thing to protect and clean and prevent infections on my computers ... Well mostly THIS computer. This is my new baby here are the specs

    dELL xps xps_430
    S.2 Windows Experience Index
    Intel (R) Core (TM) 2 Quad CPU Q8300
    @2.50 GHz 2.49 GHz
    MEMORY (RAM) 6.00 GB
    SYSTEM TYPE 64-BIT OPERATING SYSTEM


    I have lovingly names this machine " ED 209 " : )

    Ok so THIS is what I have right now to protect my PC

    I have ....

    1. Avira Ant-Virus Free
    2. Spyware Doctor
    3. Malwarebytes Antimalware
    4. A-Squared ( Free Version )
    5. CCleaner
    ( not a scanner but a cleaner but I might as well mention it )
    6. I was told to also add " Free Panda root kit scanner " to my list of active tools but I have not been able to find that program that works with Vista .. If anyone knows if there is a Vista compatible version of that software please let me know


    Ok so that is what I use all the time. I am pretty much always running a full scan or a intelliscan with Spyware Doctor. I scan with Avira all the time. I was told that MalwareBytes Antimalware and A-Squared are good to " supplement " or ... just good extra's after using Spyware Doctor.

    I was going to also add a program called " SUPERantispyware " to that list but the thing that is making me hesitate on doing that is because the Geek Squad people have no idea what that is and most of them never heard of the program. Geek Squad also convinced me to NOT use Registry Mechanic EVER! They talked about it like it was AIDS or something. They said it causes more problems then it fixes. I currently have Registry Mechanic and SUPERantispyware on my other two PC's but neither are on my Baby ED 2009 here.

    Ok like I said I do scans all the time with it. If I come across a folder filled with files and one of those files contain a .exe file I do a scan with Avira on the folder and I should maybe also do a scan with A-Squared because I noticed that if you right click on something there is a option to scan with A-Squared. And this part I think is really cool. I was told about two FREE ONLINE VIRUS AND MALWARE SCANNERS

    they are

    http://www.virustotal.com/

    and

    http://virusscan.jotti.org/

    Someone said if you are ever unsure about any .exe file load them up and scan them on those two sites. He said it will run them through like 20 Malware Scanners and it it says it's clean there is a 99.99 percent chance that that is correct and it IS clean ! I find this kind of exciteing...

    Ok and this gets even better. One of the Geek Squad people was nice enought to tell me ALL the programs they use to scan and clean a PC when they are paid to come to someones houe and clean their computer this is the list including the links to the sites


    PROGRAMS TO BUY IF PC IS EVER INFECTED !!!!



    1. Kaspersky anti-virus removal tool


    http://www.kaspersky.com/removaltools


    2. Panda Anti-Virus

    http://www.pandasecurity.com/canada-eng/



    3. McAfee Virus Scan

    http://www.mcafee.com/us/



    4. Trend Micro Virus Scan


    http://housecall.trendmicro.com/



    5. Webroot System Analyzer


    http://www.bleepingcomputer.com/forums/topic147098.html



    6. Spyware Doctor


    http://www.pctools.com/spyware-doctor/




    7. A-Squared ( a paid version )


    http://www.emsisoft.com/en/software/free/




    Now the Geek Squad guy said SO NOT buy those programs JUST to have them and scan your PC here and there. He said just use the list og tools that you already have. BUT .... IF your PC ever gets infected with something THEN wipe out the Credit Card and buy all those programs and Scan the heck out of your PC to get rid of the Malware. Because that will be A HELL of a lot cheaper then paying Geek Squad to come and clean it for you....

    Ok so now my question to you Wilder people is? Does this sound pretty good to you? Are there any other programs I should be using? I am sort of addicted to scanning my PC's these days and I even find it a little fun to be honest so any other ideas or software please throw my way ! Doe's everyone like my list of Tools? Am I rocking or what?

    I tried to ask this question on some other forum but I think I have pretty bad OCD and ADD and I am not a good listener or reader. Because it was some forums that has like free volunteers of people who try and get rid of malware on peoples PC's by giving them instructions and the site had a huge list of its own personal scanners it uses and the one guy was like " There is spyware and infections you can get and not be able to detect or get rid of even with all your apps. Please go to this thread read 10,000 lines of text and run your computer through all OUR weird scanners and get a ticket and someone one ...blah blah blah ..ect ect .... Know what I mean? Does anyone know what forum I am talking about?

    Ok so I put a lot of work in this thread. Someone out there HELP ME! Upgrade my brain security people !!

    Thank You very much for reading and I look forward to some nice replies I hope !

    Aaron aka PROTEUS
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi Aaron,
    The only question I have is,do you have a router or software firewall?

    The online scan sites are a good idea.
    You probably don't need a stand-alone rootkit scanner as Avira free has a rootkit scanner included.
    You have a lot of on-demand antimalware scanners listed. You probably could get by with 2 of them. It's your choice.
    SUPERantispyware(SAS) may not be as well-known but I thinks it's still a good program.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: I have some questions about Anti-Virus, anti-Spyware general Anti-Malware softwar

    A couple more sites you might like:
    Spyware Warrior.
    Kill Spyware Forums
    Spyware beware

    As for using the best tools, there is no single best setup. For researching purposes, I strongly suggest a separate PC for this purpose. The next choice would be a strong virtualization software like VMware. Do not use your primary PC.

    All of the tools you list are reactive, used to detect or block known threats. For more info regarding a pro-active approach, read the threads regarding HIPS, sandboxing, and virtualization systems. For protection of my PC, I use a default-deny policy enforced by HIPS, a rule based firewall, web content filtering, and attack surface isolation, specifically SSM, Kerio 2.1.5, Proxomitron, and Sandboxie. The security policy you're enforcing and the configuration of the OS, user software, and security apps is equally or more important than the security apps you choose. Regarding what apps are best, the best is the one that most closely matches your knowledge and skill that performs the specific tasks you want. A rule based firewall won't help you if you don't understand the IP system, IP address structure, what the basic protocols are, port numbers etc. The same applies to HIPS even more so. Knowledge is your best tool.

    Researching malware takes a completely different toolset than you'd use to protect yourself from malware. This is a broad field and there's many ways you can go with this. If you could be more specific regarding what you want to study, Malware function-what it does and how it works, malware detection and removal methods, methods of infection, defense strategies, etc, I can connect you with more specific information and tools. Be forewarned. If you're serious, this can be a consuming subject that has the ability to take all of your time. Nobody completely masters this field. It's too much for one person to master it all. Depending on what you decide to unclude, you can potentially be trying to learn about over a million pieces of malicious code!

    I've been an ASAP member for over 4 years with several more years in the anti-malware field. My experience centered on malware removal and defense strategies. Over the last 5+ years, I've come to a few conclusions.
    It is not possible for an individual to be knowledgable about all the malicious code in circulation at any given moment.
    It is not possible to completely protect a PC from all malicious code by using conventional methods, such as AVs, anti-spyware, rootkit detectors, etc, no matter how many of them you have.
    A PC cannot be totally protected from malicious code if unknown code is allowed to run or when users are allowed to make administrative decisions. See The Six Dumbest Ideas in Computer Security. If potentially malicious code is allowed to execute, there are no guarantees that any security software will protect you.
    If you want to secure your PC once and for all, learn the details of how the OS and user software works, then implement a default-deny security policy that allows only those applications and processes you use to execute, nothing more. If you still want to research or study malicious code, use a separate PC that just for that purpose.
     
  4. MCPROTEUS

    MCPROTEUS Former Poster

    Joined:
    May 4, 2009
    Posts:
    3
    I have a 2701HG-G Gateway modem and router. Well I think it's a router. It has 4 Ethernet sockets in the back. Does that make it a router ( sorry if I seem stupid ) I guess If I get more then one other new computer I guess I would get like a Ethernet HUB? Like USB Hub or would I have to get a second router and modem?

    Yeah I would need a Vista version of that Panda Root Scanner thing and I think it might be only for XP. I got the idea to use if off someone I met on a forum and I trust that guy a lot.

    Well If It's ok I would like to use all the scanners. It sort of just makes me feel better.

    OK cool ! I will install and use SUPERAntispyware! I am surprised non of the Geek Squad people have heard of that program...

    Thanks

    Aaron
     
  5. MCPROTEUS

    MCPROTEUS Former Poster

    Joined:
    May 4, 2009
    Posts:
    3
    The 2701HG-G Gateway modem and router is from Bell Sympatico buy the way.
     
  6. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Regarding the Panda rootkit scanner it looks like Panda decided NOT to make it compatible for Vista, at least as late as version 1.08.
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I think you can only load files up to 10MB in size to VirusTotal or Jotti so keep that in mind.

    Be sure to have a look at Sandboxing programs, light virtualization apps and some sort of execution control like a HIPS type of program. Once you learn about these and how they work you'll be scanning less and less.

    Cleaning a computer can be done for free through one of the forums mentioned here. They normally have a cleaning procedure like you mentioned that takes time and effort before they can help you. This saves the volunteers time as they are extremely busy as you can imagine.

    It's important to keep your Operating System and programs updated to prevent exploits. The Secunia online scanner or the downloadable PSI version can help you keep on top of updates. See my signature for the link.

    If your running Vista, consider creating a plain limited user account for everyday use. This should limit the actions of any potential malware that may slip by your defenses.

    P.S. I'm glad your enjoying ED 209. I've named my Quad system W.O.P.R. because sometimes it can have a mind of it's own :shifty:
     
  8. wat0114

    wat0114 Guest

    Image/Restore software such as Acronis True Image or ShadowProtect, for example, should never, ever be overlooked. this is far more easier and effective than trying to scan and safely remove malware from a heavily infested pc. I'm not suggesting ditch your antivirus software, just that you should have a backup/restore plan in place as well.

    Thus, I disagree with the underlined part of the quote.
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    MCPROTEUS,

    Buying all those products when you're infected seems a bad idea IMO.

    Just a waste of money. Besides, do you really want to buy things by credit card with a computer that is infected ?

    Some of those products listed are not very good.

    And a good imaging solution (example: external harddrive to store images on, connect only to PC when doing a restore or creating an image, good imaging software and a bootable CD to boot from when you're infected) will go a long way, it's worth the money. I can't recommend any particular imaging software, I use Acronis version 8, but I understand that the latest version is rather bloated, and probably less user-friendly.
    Of course, this only works if you have a KNOWN clean image.
     
  10. Jazz

    Jazz Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    37
    Location:
    London, UK
    In addition to the comments made by other posters, trust me Geek Squad are not the be all and end all. Far from it, actually.

    Just goes to prove their expertise and experience in malware removal when they state that they have never heard of SUPERAntiSpyware. It has been around for a while now and is very effective at what it does, used in conjunction with MBAW, which you currently have in your arsenal.

    Furthermore, dump Spyware Doctor and use one of the aforementioned anti-malware scanners for realtime scanning. This would mean purchasing a license, naturally.

    Just my 0.2c worth.


    Incidentally, a very good post by noone_particular.

    As stated in previous posts, the best way to go about things, IMO, is to clean install and then make an image using a third party application, such as Acronis True Image. If you ever encounter issues with malware, viruses and the like, you will be up and running with a clean (should be) system in no time. My restore usually takes around 10 minutes.
     
    Last edited: May 6, 2009
  11. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Is it necessary to wipe the drive before you install the image. Are there any advantages to doing this?
     
  12. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    No, because everything will wiped when restoring your image. :D
    There's no advantage to gain from it AFAIK.

    All I can say that when visiting this forum is that overprotection is not the right way to do it. Like the others already said, have a look at the proactive defense software.
    Of course a good imaging program is needed in case all else fails. :)

    That's a lesson I learnt and it saved me more then once. Ok, it's not with malware, but it could be. In my case it was about experimenting with software. :D
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: I have some questions about Anti-Virus, anti-Spyware general Anti-Malware softwar

    In theory, when a drive is formatted, there are no actual files left. With nothing to identify the disk data as actual files, the Windows installer pays no attention to it, treating it all as free space that can be overwritten as needed. That said, a fair percentage of users claim that the install process runs faster and smoother if the drive is completely overwritten first. For myself, if I'm re-imaging one of my own drives with the same OS it had before, formatting is sufficient. If I'm working with a PC that's been infected or has had other disk related problems, I overwrite it with DBan, then reformat it. I can't say for sure that it helps with anything, but it doesn't hurt anything, and all it costs is some time.

    It would be theoretically possible to put malicious code on a hard drive in such a way that it could survive a reformatting. IMO, it would require a very specific, targeted attack to make it work, and wouldn't be worth the effort on anything but a very high value target. That said, I've never heard of any malware that attempts to do this.
     
  14. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Re: I have some questions about Anti-Virus, anti-Spyware general Anti-Malware softwar

    This is really interesting. I'm trying to get my head around how it would be possible. It would really have to be designed for a reformat from the start and even then I think would be very chancy for it to survive..
    Could you maybe post about this some more in a new thread ?
    I don't want to take this one off topic.

    Anyway for the OP , you got some quality advice so far.
    my 2c would be don't concentrate on the scanners / tools as its easy to get distracted by them.
    look at how people get infected in the first place, and then work backwards to prevent it.
     
  15. DevilFrank

    DevilFrank Registered Member

    Joined:
    Jul 20, 2003
    Posts:
    108
    Re: I have some questions about Anti-Virus, anti-Spyware general Anti-Malware softwar


    That´s the point. :thumb:
    You have a 64Bit-system (Vista?) - setup a limited user account and use 32Bit-applications only. I haven´t seen a way to corrupt the system with this specs without any interaction of the user.
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: I have some questions about Anti-Virus, anti-Spyware general Anti-Malware softwar

    Joeythedude,
    The data on a drive isn't wiped or overwritten when it's reformatted. The malicious code could be left at a predetermined physical location. After the reformat, an application or system component with low level or direct physical access to the hard disk could be instructed to find and execute the data located on the same specific drive sector. A method such as this wouldn't be useful unless the attacker knew that they would be able to gain access to the PC again after the reformatting, either through another compromised PC on the same network or malicious code residing at a physical location other than the hard disk, like the BIOS. Either way, it would be a very specific and targeted attack that wouldn't be worth the effort on anything but a very high value target. Theoretically possible, but difficult in reality if it's even posible. A good HIPS would be able to defend against this kind of attack from within Windows.

    In one respect, this is off topic. In another, it's very much on topic when a defaullt-deny security policy enforced by a classic HIPS would likely be able to defend against such an attack by intercepting the low level access of the hard disk.
     
Loading...
Thread Status:
Not open for further replies.