Recent Infectee - comments on my new set-up (please!)

Discussion in 'other anti-virus software' started by dawmdt, Feb 27, 2009.

Thread Status:
Not open for further replies.
  1. dawmdt

    dawmdt Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    13
    Location:
    London
    Hi all,

    Long time browser of these forums and as a recent victim of what appeared to be a keylogger (although all my scans etc have yet to find anything...) I've reviewed and changed my security set-up.

    My concern is as a recent victim I may have gone a little over the top so I'd appreciate any views and comments on what I've now selected. Currently I'm using free or trial versions of these applications but will happily pay for them if they prove worthwhile.

    So here we go:

    Prior to infection I was running:
    - ESET SS
    - Spybot S&D
    - NoScript and ABP in Firefox

    I have now added to the above:
    - Prevx Edge
    - KeyScrambler
    - DefenseWall
    - Sandboxie
    - Spywareblaster
    And on-demand:
    - SAS
    - Malwarebytes AM
    - SDFix
    - TrojanRemover

    And not that it matters so much to my topic but for completeness, I was and still use Acronis TrueImage for backup purposes, and JungleDisk for backing up a few super-important files onto the Amazon S3.

    I'm also considering changing ESET SS so I'm no longer using a firewall and AV from the same manufacturer. In this case I am now considering:
    AV: either NOD32, Kaspersky or Avira (comments or alternatives would be appreciated on any of these)
    FW: Online Armor or Comodo (again any comments or alternatives appreciated)

    I know there are a lot of highly experienced pro's on here so I apologise if these questions are a little low-level or "newbish" for you all but after the pain I'm going through recovering from the fallout of the first successful attack on me in 20 years of using a PC I just want to make sure :)

    Answers can be technical if you like, I should understand them :p

    TIA,

    D
     
  2. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    You could try combinations like (as there is no right or wrong answer):

    a)
    sandboxie
    prevx edge (or eset)

    b)
    defensewall
    prevx edge (or eset)

    c)
    defensewall
    sandboxie
    prevx edge (or eset)

    With defensewall or sandboxie, the above options are enough, all you'll need is an on-demand scan once in awhile with your choice of program. It won't matter as you won't be finding anything.

    But if you intend on running all those programs at once, you might as well have a virus your system as it will be churning, slow and unresponsive. :)

    Here's another option for you, light and free:

    d)
    Avira personal (free)
    sandboxie (free)
    online armor or comodo (free)
     
  3. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    You've got way to much programs, it's total overkill.

    You should try to understand how your risks and get a setup which deals with it.

    Unless you're a really really high risk user you can probably get rid of at least Spybot S&D, SpywareBlaster, SDFix, TrojanRemover, KeyScrambler and Sandboxie.

    You can stick with Eset SS, unless there's something wrong with it on your computer?
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    ESET + ThreatFire should be just fine for pretty much anything. You can add Prevx Edge there if you feel a bit paranoid.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  6. dawmdt

    dawmdt Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    13
    Location:
    London
    Thanks all for the really helpful responses, I've cut a lot of the excess out :p

    I really like the idea of DefenseWall though but it seems to have such a heavy impact on my system performance particularly disk churning... any thoughts?

    Cheers,

    D
     
  7. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439

    No security product can detect every virus.
    -
    Also, Less is more, Don't be stupid and just plow everything on your machine.
     
  8. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    What kind of impact? Any particular application or the system at all?
     
  9. dawmdt

    dawmdt Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    13
    Location:
    London
    I apologise for being "stupid", I did say up-front that the question might be a bit too beginner for this forum but I wasn't sure where else to ask where I could get knowledgeable answers.

    Anyway thanks for the input although, insults aside, it pretty much reflects what everyone else has said and what I suspected - I went a bit over the top :p
     
  10. dawmdt

    dawmdt Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    13
    Location:
    London
    Seems to be a general lag across the system with everything taking a bit longer and lots of disk activity, although particularly when opening a hefty application like Firefox.
     
  11. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    This case you need contact me at support e-mail.
     
  12. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I have to agree, your new setup is overkill. However, can you give more details on how you got infected with the keylogger, and how you discovered it ? (because you said "although all my scans etc have yet to find anything...")
     
  13. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    I pretty much agree with this. Spybot S&D, SDFix, TrojanRemover, KeyScrambler (and Sandboxie) should go.

    But for heavens sake keep SpywareBlaster. It's brilliant! :D It belongs in the company of SAS and MBAM that you've downloaded for extra scannings, which is wise. Stick to ESET SS - it's a fine product. I also agree that you could add ThreatFire from PC Tools.
     
    Last edited: Feb 27, 2009
  14. Thug21

    Thug21 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    141
    Location:
    Illinois
    I use "D" on Saraceno's list of suggestions, only I have the paid versions. But the free ones would be a great setup too. That and Firefox with adblock and Noscript.

    Can't think of anything else, except a limited account and DEP for all programs. And oh yeah, keep Windows and all software up to date. ;)
     
  15. thathagat

    thathagat Guest

    and

    well both the statements seem self contradictory....and say if in 20 yrs you got infected once then too.... loading your pc with all possible secu. apps is indeed an over-kill....it will make our pc slow and sluggish for sure but not anymore secure.......and if indeed the scans find nothing then too going for a complete security overhall is a bit too drastic..............DW is great addition ...though
     
  16. dawmdt

    dawmdt Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    13
    Location:
    London
    Well basically my gmail account became compromised and whoever broke into that found an e-mail that gave them enough detail to access an account I have on another system (WoW, game fans!). Not a password but enough personal information to get the password and e-mail address associated with it changed in their name. I'm a bit miffed as I use a secure token for 2FA access to that account but it appears customer services didn't apply the correct process for getting a "failed" token removed from the account and the intruder has applied his own/

    So really I'm assuming it's a keylogger as the intruder would have needed to know it was a WoW account, would have had to searched my gmail to find a single two year old e-mail (since removed) and to have captured the password on that account at some point. The e-mail in my gmail gave him enough info to apparently remove my token from my account also although they are supposed to received copies of bills, driving licence and take a few days to achieve that (this took hours).

    So I don't see what else it could have been as I'm soooo careful about what I download and run, always use fairly strong passwords and always use https when accessing google services (indeed I use the CustomizeGoogle addon to force that).
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,221
    You don't have to apologize about anything as there isn't such a thing as stupidity in the security world. On the other hand there's a lot of misinformation on internet which makes choices problematic.

    Only a few years back, the average Wilders member would happily brag about its 10+ programs as a good 'layered defense' (have a look at "What is your security setup these days?" thread in its early days).

    Back on topic, IMO Eset SS is fine ( although,I personally don't like suites) + Sandboxie, and DefenseWall, should really give you some peace of mind.

    I prefer to virtualize my system completely, although I must admit against keyloggers it wouldn't protect much, that's why I think very private matters should not be kept stored on your computer or allowed to transit on the web.
     
  18. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Totally agree with this. I use exactly the same configuration for months without any issues :thumb:
     
  19. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    Agreed :D

    Why don't you look into some passive security that doesn't eat tons of resources? With a limited user account, software restriction policy, no autoruns for users (kafu.exe) and DEP you can make an antivirus almost redundant.

    Here are some links for info: LUA

    Software Restriction Policy

    Tutorial for SuRun

    Here's another good article on setting up a software restriction policy.

    In addition I have no desktop firewall, but rather an old IBM ThinkCentre running the IPCop Linux firewall distro. I do have an antivirus, but running this setup the only activity it has is updating itself everyday :cool:
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    You do realize edge is meant to be run alongside an AV?
     
  21. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Its ment to be run standalone but is designed to work alongside all other populair security software
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i was told by a prevx
    agent this morning that prevx edge can handle to secure a system alone ;)
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    now my question is if i decided to buy another program well for sure will not be another antivirus but i was thinking and i need and advise for this one,between SuperAntiSpyWare Pro and MalwareBytes Pro which one will be a good back up second opinion for prevxedge complement?
    note:this is for familly's pc;)any advise thanks
     
  24. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Wichever u like best cus one is not better then the other, they r both magical at what they do
     
Loading...
Thread Status:
Not open for further replies.