Viruses, spyware etc

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Over this weekend I have been trying to eliminate spyware / rogue dialler
which despite the efforts of Norton Internet Security and various spyware
software will not go away. All the software I have tried have detected a
threat(s) only some of which are dealt with only to change and reappear
maybe two re-boots later. I'm convinced it is morphing or hiding somehow.

This raises the question is there any independent research showing the
strengths and weaknesses of the various anti-virus software in detecting and
eliminating virus, spyware etc threats. I am particularly interested in
protection for stand-alone computers not large systems. Googling for this
information is unreliable as the software producers seem to be also good at
producing convincing reports in their favour.

Thanks

Bill Ridgeway
8 answers Last reply
More about viruses spyware
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Bill Ridgeway wrote:
    > Over this weekend I have been trying to eliminate spyware / rogue
    > dialler which despite the efforts of Norton Internet Security and
    > various spyware software will not go away. All the software I have
    > tried have detected a threat(s) only some of which are dealt with
    > only to change and reappear maybe two re-boots later. I'm convinced
    > it is morphing or hiding somehow.
    > This raises the question is there any independent research showing the
    > strengths and weaknesses of the various anti-virus software in
    > detecting and eliminating virus, spyware etc threats. I am
    > particularly interested in protection for stand-alone computers not
    > large systems. Googling for this information is unreliable as the
    > software producers seem to be also good at producing convincing
    > reports in their favour.

    I know of no definitive studies - just experience from dozens of frequent
    responders here and elsewhere pointing to some of the best software for such
    things. My list for AntiVirus and AntiSpyware follows:

    AntiVirus:
    Symantec (Norton) AntiVirus (~$11 and up)
    http://www.symantec.com/nav/nav_9xnt/

    Kaspersky Anti-Virus (~$49.95 and up)
    http://www.kaspersky.com/products.html

    Panda Antivirus Titanium (~$39.95 and up)
    http://www.pandasoftware.com/
    (Free Online Scanner: http://www.pandasoftware.com/activescan/)

    AVG Anti-Virus System (Free and up)
    http://www.grisoft.com/

    McAfee VirusScan (~$11 and up)
    http://www.mcafee.com/

    AntiVir (Free and up)
    http://www.free-av.com/

    avast! (Free and up)
    http://www.avast.com/

    Trend Micro (~$49.95 and up)
    http://www.trendmicro.com/en/home/us/personal.htm
    (Free Online Scanner:
    http://housecall.trendmicro.com/housecall/start_corp.asp)

    RAV AntiVirus Online Virus Scan (Free!)
    http://www.ravantivirus.com/scan/

    AntiSpyware:
    Lavasoft AdAware (Free and up)
    http://www.lavasoft.de/support/download/
    (How-to: http://snipurl.com/atdn )

    Spybot Search and Destroy (Free!)
    http://www.safer-networking.net/en/download/index.html
    (How-to: http://snipurl.com/atdk )

    Bazooka Adware and Spyware Scanner (Free!)
    http://www.kephyr.com/spywarescanner/
    (How-to: http://snipurl.com/ate3 )

    SpywareBlaster (Free!)
    http://www.javacoolsoftware.com/sbdownload.html
    (How-to: http://snipurl.com/ate6 )

    IE-SPYAD (Free!)
    https://netfiles.uiuc.edu/ehowes/www/resource.htm
    (How-to: http://snipurl.com/ate7 )

    CWShredder (Free!)
    http://www.softbasket.com/download/s_8114.shtml

    Hijack This! (Free)
    http://mjc1.com/mirror/hjt/
    ( Tutorial: http://hjt.wizardsofwebsites.com/ )

    ToolbarCop (Free!)
    http://windowsxp.mvps.org/toolbarcop.htm

    Browser Security Tests
    http://www.jasons-toolbox.com/BrowserSecurity/

    Popup Tester
    http://www.popuptest.com/

    The Cleaner (49.95 and up)
    http://www.moosoft.com/

    Avoid AntiSpyware Applications on this list:
    Rogue/Suspect Anti-Spyware Products & Web Sites
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    That isn't a virus.

    Eliminate any scumware.
    CAUTION!!!!! Before you try to remove spyware using any of these programs ,
    download a copy of LSPFIX from any of the following sites:
    http://www.cexx.org/lspfix.htm
    http://www.spychecker.com/program/winsockxpfix.html
    (if your OS is Win2k or XP) The process of removing certain malware may kill
    your internet connection. If this should occur, this program, LSPFIX, will
    enable you to regain your connection.

    See
    Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
    http://mvps.org/winhelp2002/unwanted.htm

    Note that AdAware and SpyBot S & D will each catch some things the other
    won't. Also, each needs to be updated with the program's update function
    before every use, even when just downloaded. There's also a lot more to do
    than just those two programs. CWShredder is also available here:
    http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
    **Post your HijackThis log to
    http://forums.spywareinfo.com/ or the Spyware forum at
    http://forum.aumha.org/ for expert analysis, not here.**
    Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
    may be found on this page:
    http://aumha.org/a/parasite.htm.


    See this link for information about malware:
    http://arstechnica.com/articles/paedia/malware.ars

    If nothing there helps, please post back to this thread.

    --
    Frank Saunders, MS-MVP, IE/OE
    Please respond in Newsgroup. Do not send email
    http://www.fjsmjs.com
    Protect your PC
    http://www.microsoft.com/security/protect/


    "Bill Ridgeway" <info@1001solutions.co.uk> wrote in message
    news:aY4td.955$317.151@newsfe6-gui.ntli.net...
    > Over this weekend I have been trying to eliminate spyware / rogue dialler
    > which despite the efforts of Norton Internet Security and various spyware
    > software will not go away. All the software I have tried have detected a
    > threat(s) only some of which are dealt with only to change and reappear
    > maybe two re-boots later. I'm convinced it is morphing or hiding somehow.
    >
    > This raises the question is there any independent research showing the
    > strengths and weaknesses of the various anti-virus software in detecting
    > and eliminating virus, spyware etc threats. I am particularly interested
    > in protection for stand-alone computers not large systems. Googling for
    > this information is unreliable as the software producers seem to be also
    > good at producing convincing reports in their favour.
    >
    > Thanks
    >
    > Bill Ridgeway
    >
  3. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Mon, 06 Dec 2004 22:21:58 GMT, Bill Ridgeway wrote:

    > Over this weekend I have been trying to eliminate spyware / rogue dialler
    > which despite the efforts of Norton Internet Security and various spyware
    > software will not go away. All the software I have tried have detected a
    > threat(s) only some of which are dealt with only to change and reappear
    > maybe two re-boots later. I'm convinced it is morphing or hiding somehow.
    >
    > This raises the question is there any independent research showing the
    > strengths and weaknesses of the various anti-virus software in detecting and
    > eliminating virus, spyware etc threats. I am particularly interested in
    > protection for stand-alone computers not large systems. Googling for this
    > information is unreliable as the software producers seem to be also good at
    > producing convincing reports in their favour.
    >
    > Thanks
    >
    > Bill Ridgeway

    Bill, the problem is that as fast as the fixes come out - in antivirus
    programs or dedicated anti-spyware programs - new delivery methods for this
    ....junk (being polite) are invented.

    Suggestion: When your programs identify a problem, take a few minutes to
    look the name up at their website. You should find some documentation
    describing the intrusion. There are often additional steps in these
    articles that need to be done in Safe Mode or done manually to completely
    eliminate an intrusion. You may even find a link for a special removal tool
    for a particular nasty in that documentation.

    While it's possible the problem is reappearing due to incomplete cleaning
    or constant reinfection -- what you're describing sounds like it could be a
    two pronged mechanism that has been documented for several known
    intrusions. One file (or set of files) to carry out the dirty work, another
    file (or set of files) to make sure that the "working" mechanisms are not
    deleted. If deleted, the "monitoring" set of files replaces them. Due to
    the complexity, you need the documentation on the particular intrusion to
    clean it up entirely.

    Also no single application is "best" at removing all known intrusions.
    Using a combination of "anti-" programs (anti-virus, anti-spam,
    anti-scumware) that have a solid reputation for being effective is a good
    strategy. Shenan has posted a list of good programs and defensive practices
    to adopt so will refer you back to that post for that information.

    --
    Sharon F
    MS-MVP ~ Windows Shell/User
  4. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    "Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
    news:OVQW8ZK3EHA.1396@tk2msftngp13.phx.gbl...
    > On Mon, 06 Dec 2004 22:21:58 GMT, Bill Ridgeway wrote:
    >
    >> Over this weekend I have been trying to eliminate spyware / rogue dialler
    >> which despite the efforts of Norton Internet Security and various spyware
    >> software will not go away. All the software I have tried have detected a
    >> threat(s) only some of which are dealt with only to change and reappear
    >> maybe two re-boots later. I'm convinced it is morphing or hiding
    >> somehow.
    >>
    >> This raises the question is there any independent research showing the
    >> strengths and weaknesses of the various anti-virus software in detecting
    >> and
    >> eliminating virus, spyware etc threats. I am particularly interested in
    >> protection for stand-alone computers not large systems. Googling for
    >> this
    >> information is unreliable as the software producers seem to be also good
    >> at
    >> producing convincing reports in their favour.
    >>
    >> Thanks
    >>
    >> Bill Ridgeway
    >
    > Bill, the problem is that as fast as the fixes come out - in antivirus
    > programs or dedicated anti-spyware programs - new delivery methods for
    > this
    > ...junk (being polite) are invented.
    >
    > Suggestion: When your programs identify a problem, take a few minutes to
    > look the name up at their website. You should find some documentation
    > describing the intrusion. There are often additional steps in these
    > articles that need to be done in Safe Mode or done manually to completely
    > eliminate an intrusion. You may even find a link for a special removal
    > tool
    > for a particular nasty in that documentation.
    >
    > While it's possible the problem is reappearing due to incomplete cleaning
    > or constant reinfection -- what you're describing sounds like it could be
    > a
    > two pronged mechanism that has been documented for several known
    > intrusions. One file (or set of files) to carry out the dirty work,
    > another
    > file (or set of files) to make sure that the "working" mechanisms are not
    > deleted. If deleted, the "monitoring" set of files replaces them. Due to
    > the complexity, you need the documentation on the particular intrusion to
    > clean it up entirely.
    >
    > Also no single application is "best" at removing all known intrusions.
    > Using a combination of "anti-" programs (anti-virus, anti-spam,
    > anti-scumware) that have a solid reputation for being effective is a good
    > strategy. Shenan has posted a list of good programs and defensive
    > practices
    > to adopt so will refer you back to that post for that information.
    >
    > --
    > Sharon F
    > MS-MVP ~ Windows Shell/User
    ===========================================
    I would add that at the end of the day, if whatever malware just
    can't be cleaned, then a complete format / clean install should be
    considered. Then proceed with secure computing practices.
    ===========================================
  5. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Why is all spyware, malware passive defence software? Isn't it a bout time
    you technical chaps got on the offensive? If the annnoying nerds that produce
    the offensive software can get into systems and install diallers spyware etc
    I am sure there are ways in which some form of attack on their systems could
    be mounted. Seems that not all 'anitivirus' software are comprehensive
    leading to numerous updates required and systems running slower and slower as
    the av software checks everything out.

    Regards someone who wishes the web was like it used to be!!

    "Frank Saunders, MS-MVP, IE/OE" wrote:

    > That isn't a virus.
    >
    > Eliminate any scumware.
    > CAUTION!!!!! Before you try to remove spyware using any of these programs ,
    > download a copy of LSPFIX from any of the following sites:
    > http://www.cexx.org/lspfix.htm
    > http://www.spychecker.com/program/winsockxpfix.html
    > (if your OS is Win2k or XP) The process of removing certain malware may kill
    > your internet connection. If this should occur, this program, LSPFIX, will
    > enable you to regain your connection.
    >
    > See
    > Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
    > http://mvps.org/winhelp2002/unwanted.htm
    >
    > Note that AdAware and SpyBot S & D will each catch some things the other
    > won't. Also, each needs to be updated with the program's update function
    > before every use, even when just downloaded. There's also a lot more to do
    > than just those two programs. CWShredder is also available here:
    > http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
    > **Post your HijackThis log to
    > http://forums.spywareinfo.com/ or the Spyware forum at
    > http://forum.aumha.org/ for expert analysis, not here.**
    > Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
    > may be found on this page:
    > http://aumha.org/a/parasite.htm.
    >
    >
    > See this link for information about malware:
    > http://arstechnica.com/articles/paedia/malware.ars
    >
    > If nothing there helps, please post back to this thread.
    >
    > --
    > Frank Saunders, MS-MVP, IE/OE
    > Please respond in Newsgroup. Do not send email
    > http://www.fjsmjs.com
    > Protect your PC
    > http://www.microsoft.com/security/protect/
    >
    >
    > "Bill Ridgeway" <info@1001solutions.co.uk> wrote in message
    > news:aY4td.955$317.151@newsfe6-gui.ntli.net...
    > > Over this weekend I have been trying to eliminate spyware / rogue dialler
    > > which despite the efforts of Norton Internet Security and various spyware
    > > software will not go away. All the software I have tried have detected a
    > > threat(s) only some of which are dealt with only to change and reappear
    > > maybe two re-boots later. I'm convinced it is morphing or hiding somehow.
    > >
    > > This raises the question is there any independent research showing the
    > > strengths and weaknesses of the various anti-virus software in detecting
    > > and eliminating virus, spyware etc threats. I am particularly interested
    > > in protection for stand-alone computers not large systems. Googling for
    > > this information is unreliable as the software producers seem to be also
    > > good at producing convincing reports in their favour.
    > >
    > > Thanks
    > >
    > > Bill Ridgeway
    > >
    >
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    In news:4C5F1B2E-6B83-421F-81D6-3414E644596E@microsoft.com,
    markt <markt@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > Why is all spyware, malware passive defence software? Isn't it a bout
    > time you technical chaps got on the offensive? If the annnoying nerds
    > that produce the offensive software can get into systems and install
    > diallers spyware etc I am sure there are ways in which some form of
    > attack on their systems could be mounted. Seems that not all
    > 'anitivirus' software are comprehensive leading to numerous updates
    > required and systems running slower and slower as the av software
    > checks everything out.
    >
    > Regards someone who wishes the web was like it used to be!!

    There's quite a bit of proactive software solutions available and none of
    them beat awareness and education. Properly configured security settings,
    utilization of the security zones, not using the default settings for
    internet explorer, and properly configuring scripts to be at least set to
    prompt are just a few simple solutions that can be taken. Proper
    configuration of a firewall is capable of blocking a number of problems and
    scanning files before opening them with updated definition files (scanning
    with more than one malware prevention product is recommended by me at least
    if the source is even moderately suspect) are a bit more agressive but still
    good solutions none the less. The problem isn't that there's only defensive
    solutions, the problem is that the typical end user is a) uneducated b)
    unwilling to take the time and c) not interested until things go wrong.
    Then, when things do go wrong, they look for the most public source and
    blame them. That has been my findings at any rate. A search engine for
    proactive security solutions will reveal a great number of options available
    from hardware to software.

    Galen
    --
    Signature changed for a moment of silence.
    Rest well Alex and we'll see you on the other side.
  7. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Galen wrote:
    > In news:4C5F1B2E-6B83-421F-81D6-3414E644596E@microsoft.com,
    > markt <markt@discussions.microsoft.com> had this to say:
    >
    <snipped>
    >> Why is all spyware, malware passive defence software? ...
    >
    >... the problem is that the typical end user is a)
    > uneducated b) unwilling to take the time and c) not interested until
    > things go wrong. Then, when things do go wrong, they look for the
    > most public source and blame them.

    But when you consider that the World Wide Web has become a (virtual)
    shopping centre, why shouldn't there be some onus on virtual shop-owners to
    maintain adequate safety standards for their customers, as there is in the
    'real' world? Of course, shops are not responsible for crimes committed on
    their premises, but they do have a duty of care to customers to offer a safe
    and secure environment - I'm thinking of fire protection in particular, fire
    alarms, fire escapes, etc. I don't expect to have to wear fire-protective
    clothing when I go to a (real) shopping centre, why should I on the web?
    (Nevertheless, I do use AV and a firewall, but you get my point...)
    Gilbert
  8. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    In news:4263c833$0$42329$ed2619ec@ptn-nntp-reader02.plus.net,
    Gilbert <me5@privacy.net> had this to say:

    My reply is at the bottom of your sent message:

    > But when you consider that the World Wide Web has become a (virtual)
    > shopping centre, why shouldn't there be some onus on virtual
    > shop-owners to maintain adequate safety standards for their
    > customers, as there is in the 'real' world? Of course, shops are not
    > responsible for crimes committed on their premises, but they do have
    > a duty of care to customers to offer a safe and secure environment -
    > I'm thinking of fire protection in particular, fire alarms, fire
    > escapes, etc. I don't expect to have to wear fire-protective clothing
    > when I go to a (real) shopping centre, why should I on the web?
    > (Nevertheless, I do use AV and a firewall, but you get my point...)
    > Gilbert

    I get your point and agree. Oh do I agree... I also think that there should
    be some sort of licensing agreement between the PC user and their government
    that makes them accountable for their own computers and that they need to
    adhere to standards as well as pass various tests to be allowed to do
    different things with their computer. Sadly, I'm not kidding... We're
    required a license to hunt, to fish, to drive a car, to operate an ATV, to
    marry, and many other things but we've the power to install all sorts of
    malware on our system and propagate it across the globe freely which is
    potentially harming other people's computers.

    Okay... So I'm not really sure I agree with that but I'm hoping that you see
    my point.

    You mention the "World Wide Web." I agree. It's world wide and as such we
    need to accept that there's currently no legislation in place (and no
    treaties to enforce them) that would enforce this onus. I know that I
    enforce it by not shopping at sites which don't offer 128 bit encryption and
    don't have a certificate that matches the rest of their information and I
    don't buy or recommend software that's malware. I think it's up to us to
    force the issue by simply avoiding things of this nature. I'd never, for
    instance, buy a product recommended in a SPAM email nor would I host with a
    site who was also known to be affiliated with SPAMMERS. The shops do have
    reasonable protection but the internet isn't just shops but rather a
    collection of shops, museums, homes, lurkers, and all that. I truly like the
    superhighway analogy of yore. We are citizens on that highway and it's our
    responsibility to insure that our vehicle is safe to traverse the highway.
    It's the hardware vendor's responsibility to provide you with hardware that
    will last. It's the OS's authors responsibility to provide you with an OS
    that's as secure as they can make it while still allowing reasonable use.
    It's the OEM's job to put it all together in a package that fits your needs
    and then support it. It's all about ALL of us accepting responsibility. If
    people stopped buying products from SPAM they'd stop sending it. They
    wouldn't send it if it wasn't profitable. If people stopped downloading
    malware they'd stop writing it. If people stopped clicking OK on everything
    they see they'd stop ad supported software. If people started to monitor
    their internet traffic and scanned files before installing them (or even
    Googled to get other people's opinions) they'd stop coding spyware because
    it wouldn't get them anywhere... (Don't get me wrong. Two things. This won't
    happen overnight. They'll find new ways.) In the end it boils down to
    education before use, to being aware, and to thwart threats before your
    infected. We... You... Me... The coders... The other end-users... We all
    have a responsibility to the community and we have to do our part to stop
    this. Using, as you said, a firewall and an AV product is a good start. I'd
    toss a trojan and spyware specific application on top of them and use a
    software firewall with a decent router just to be sure but hey, it's a start
    and a heck of a lot better than some people do. Time and time again you read
    "I stopped updating my AV because it was <insert anything here, cost too
    much, taking too long, too much of a hassle>. You hear, "What's a firewall?"
    You hear, "I installed a firewall but I gave suchandsuch.exe access because
    it kept asking me." What I don't hear is, "I just installed a firewall and
    now I want to configure it to meet my needs, how do I do that?" I'd love it
    if I heard, "I just updated my AV software and want to know if it's actually
    working, does anyone know where there's a test file?"

    This is, of course, the newusers group... I'm unlikely to hear those in here
    but I don't hear them in the other groups very often either. I'm usually a
    very liberal person but there should be some sort of EFFECTIVE world wide
    consortum to enforce standardization of safety regulations and minimum
    security guidelines as well as policies for dealing with infractions. What
    we have online now is nothing short of anarchy in most places or agressive
    dictatorial oppression and neither is acceptable in my opinion.

    It has been said by people wiser than I that anarchy leads to true freedom
    so we'll have to see what happens.

    Galen
    --
    Signature changed for a moment of silence.
    Rest well Alex and we'll see you on the other side.
Ask a new question

Read More

Spyware Software Windows XP