Viruses, spyware etc

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Over this weekend I have been trying to eliminate spyware / rogue dialler
which despite the efforts of Norton Internet Security and various spyware
software will not go away. All the software I have tried have detected a
threat(s) only some of which are dealt with only to change and reappear
maybe two re-boots later. I'm convinced it is morphing or hiding somehow.

This raises the question is there any independent research showing the
strengths and weaknesses of the various anti-virus software in detecting and
eliminating virus, spyware etc threats. I am particularly interested in
protection for stand-alone computers not large systems. Googling for this
information is unreliable as the software producers seem to be also good at
producing convincing reports in their favour.

Thanks

Bill Ridgeway

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Bill Ridgeway wrote:
> Over this weekend I have been trying to eliminate spyware / rogue
> dialler which despite the efforts of Norton Internet Security and
> various spyware software will not go away. All the software I have
> tried have detected a threat(s) only some of which are dealt with
> only to change and reappear maybe two re-boots later. I'm convinced
> it is morphing or hiding somehow.
> This raises the question is there any independent research showing the
> strengths and weaknesses of the various anti-virus software in
> detecting and eliminating virus, spyware etc threats. I am
> particularly interested in protection for stand-alone computers not
> large systems. Googling for this information is unreliable as the
> software producers seem to be also good at producing convincing
> reports in their favour.

I know of no definitive studies - just experience from dozens of frequent
responders here and elsewhere pointing to some of the best software for such
things. My list for AntiVirus and AntiSpyware follows:

AntiVirus:
Symantec (Norton) AntiVirus (~$11 and up)
http://www.symantec.com/nav/nav_9xnt/

Kaspersky Anti-Virus (~$49.95 and up)
http://www.kaspersky.com/products.html

Panda Antivirus Titanium (~$39.95 and up)
http://www.pandasoftware.com/
(Free Online Scanner: http://www.pandasoftware.com/activescan/)

AVG Anti-Virus System (Free and up)
http://www.grisoft.com/

McAfee VirusScan (~$11 and up)
http://www.mcafee.com/

AntiVir (Free and up)
http://www.free-av.com/

avast! (Free and up)
http://www.avast.com/

Trend Micro (~$49.95 and up)
http://www.trendmicro.com/en/home/us/personal.htm
(Free Online Scanner:
http://housecall.trendmicro.com/housecall/start_corp.asp)

RAV AntiVirus Online Virus Scan (Free!)
http://www.ravantivirus.com/scan/

AntiSpyware:
Lavasoft AdAware (Free and up)
http://www.lavasoft.de/support/download/
(How-to: http://snipurl.com/atdn )

Spybot Search and Destroy (Free!)
http://www.safer-networking.net/en/download/index.html
(How-to: http://snipurl.com/atdk )

Bazooka Adware and Spyware Scanner (Free!)
http://www.kephyr.com/spywarescanner/
(How-to: http://snipurl.com/ate3 )

SpywareBlaster (Free!)
http://www.javacoolsoftware.com/sbdownload.html
(How-to: http://snipurl.com/ate6 )

IE-SPYAD (Free!)
https://netfiles.uiuc.edu/ehowes/www/resource.htm
(How-to: http://snipurl.com/ate7 )

CWShredder (Free!)
http://www.softbasket.com/download/s_8114.shtml

Hijack This! (Free)
http://mjc1.com/mirror/hjt/
( Tutorial: http://hjt.wizardsofwebsites.com/ )

ToolbarCop (Free!)
http://windowsxp.mvps.org/toolbarcop.htm

Browser Security Tests
http://www.jasons-toolbox.com/BrowserSecurity/

Popup Tester
http://www.popuptest.com/

The Cleaner (49.95 and up)
http://www.moosoft.com/

Avoid AntiSpyware Applications on this list:
Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

--
<- Shenan ->
--
The information is provided "as is", it is suggested you research for
yourself before you take any advice - you are the one ultimately
responsible for your actions/problems/solutions. Know what you are
getting into before you jump in with both feet.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

That isn't a virus.

Eliminate any scumware.
CAUTION!!!!! Before you try to remove spyware using any of these programs ,
download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

See
Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated with the program's update function
before every use, even when just downloaded. There's also a lot more to do
than just those two programs. CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.


See this link for information about malware:
http://arstechnica.com/articles/paedia/malware.ars

If nothing there helps, please post back to this thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/


"Bill Ridgeway" <info@1001solutions.co.uk> wrote in message
news:aY4td.955$317.151@newsfe6-gui.ntli.net...
> Over this weekend I have been trying to eliminate spyware / rogue dialler
> which despite the efforts of Norton Internet Security and various spyware
> software will not go away. All the software I have tried have detected a
> threat(s) only some of which are dealt with only to change and reappear
> maybe two re-boots later. I'm convinced it is morphing or hiding somehow.
>
> This raises the question is there any independent research showing the
> strengths and weaknesses of the various anti-virus software in detecting
> and eliminating virus, spyware etc threats. I am particularly interested
> in protection for stand-alone computers not large systems. Googling for
> this information is unreliable as the software producers seem to be also
> good at producing convincing reports in their favour.
>
> Thanks
>
> Bill Ridgeway
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Mon, 06 Dec 2004 22:21:58 GMT, Bill Ridgeway wrote:

> Over this weekend I have been trying to eliminate spyware / rogue dialler
> which despite the efforts of Norton Internet Security and various spyware
> software will not go away. All the software I have tried have detected a
> threat(s) only some of which are dealt with only to change and reappear
> maybe two re-boots later. I'm convinced it is morphing or hiding somehow.
>
> This raises the question is there any independent research showing the
> strengths and weaknesses of the various anti-virus software in detecting and
> eliminating virus, spyware etc threats. I am particularly interested in
> protection for stand-alone computers not large systems. Googling for this
> information is unreliable as the software producers seem to be also good at
> producing convincing reports in their favour.
>
> Thanks
>
> Bill Ridgeway

Bill, the problem is that as fast as the fixes come out - in antivirus
programs or dedicated anti-spyware programs - new delivery methods for this
....junk (being polite) are invented.

Suggestion: When your programs identify a problem, take a few minutes to
look the name up at their website. You should find some documentation
describing the intrusion. There are often additional steps in these
articles that need to be done in Safe Mode or done manually to completely
eliminate an intrusion. You may even find a link for a special removal tool
for a particular nasty in that documentation.

While it's possible the problem is reappearing due to incomplete cleaning
or constant reinfection -- what you're describing sounds like it could be a
two pronged mechanism that has been documented for several known
intrusions. One file (or set of files) to carry out the dirty work, another
file (or set of files) to make sure that the "working" mechanisms are not
deleted. If deleted, the "monitoring" set of files replaces them. Due to
the complexity, you need the documentation on the particular intrusion to
clean it up entirely.

Also no single application is "best" at removing all known intrusions.
Using a combination of "anti-" programs (anti-virus, anti-spam,
anti-scumware) that have a solid reputation for being effective is a good
strategy. Shenan has posted a list of good programs and defensive practices
to adopt so will refer you back to that post for that information.

--
Sharon F
MS-MVP ~ Windows Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"Sharon F" <sharonfDEL@ETEmvps.org> wrote in message
news:OVQW8ZK3EHA.1396@tk2msftngp13.phx.gbl...
> On Mon, 06 Dec 2004 22:21:58 GMT, Bill Ridgeway wrote:
>
>> Over this weekend I have been trying to eliminate spyware / rogue dialler
>> which despite the efforts of Norton Internet Security and various spyware
>> software will not go away. All the software I have tried have detected a
>> threat(s) only some of which are dealt with only to change and reappear
>> maybe two re-boots later. I'm convinced it is morphing or hiding
>> somehow.
>>
>> This raises the question is there any independent research showing the
>> strengths and weaknesses of the various anti-virus software in detecting
>> and
>> eliminating virus, spyware etc threats. I am particularly interested in
>> protection for stand-alone computers not large systems. Googling for
>> this
>> information is unreliable as the software producers seem to be also good
>> at
>> producing convincing reports in their favour.
>>
>> Thanks
>>
>> Bill Ridgeway
>
> Bill, the problem is that as fast as the fixes come out - in antivirus
> programs or dedicated anti-spyware programs - new delivery methods for
> this
> ...junk (being polite) are invented.
>
> Suggestion: When your programs identify a problem, take a few minutes to
> look the name up at their website. You should find some documentation
> describing the intrusion. There are often additional steps in these
> articles that need to be done in Safe Mode or done manually to completely
> eliminate an intrusion. You may even find a link for a special removal
> tool
> for a particular nasty in that documentation.
>
> While it's possible the problem is reappearing due to incomplete cleaning
> or constant reinfection -- what you're describing sounds like it could be
> a
> two pronged mechanism that has been documented for several known
> intrusions. One file (or set of files) to carry out the dirty work,
> another
> file (or set of files) to make sure that the "working" mechanisms are not
> deleted. If deleted, the "monitoring" set of files replaces them. Due to
> the complexity, you need the documentation on the particular intrusion to
> clean it up entirely.
>
> Also no single application is "best" at removing all known intrusions.
> Using a combination of "anti-" programs (anti-virus, anti-spam,
> anti-scumware) that have a solid reputation for being effective is a good
> strategy. Shenan has posted a list of good programs and defensive
> practices
> to adopt so will refer you back to that post for that information.
>
> --
> Sharon F
> MS-MVP ~ Windows Shell/User
===========================================
I would add that at the end of the day, if whatever malware just
can't be cleaned, then a complete format / clean install should be
considered. Then proceed with secure computing practices.
===========================================

 

[Markt]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Why is all spyware, malware passive defence software? Isn't it a bout time
you technical chaps got on the offensive? If the annnoying nerds that produce
the offensive software can get into systems and install diallers spyware etc
I am sure there are ways in which some form of attack on their systems could
be mounted. Seems that not all 'anitivirus' software are comprehensive
leading to numerous updates required and systems running slower and slower as
the av software checks everything out.

Regards someone who wishes the web was like it used to be!!

"Frank Saunders, MS-MVP, IE/OE" wrote:

> That isn't a virus.
>
> Eliminate any scumware.
> CAUTION!!!!! Before you try to remove spyware using any of these programs ,
> download a copy of LSPFIX from any of the following sites:
> http://www.cexx.org/lspfix.htm
> http://www.spychecker.com/program/winsockxpfix.html
> (if your OS is Win2k or XP) The process of removing certain malware may kill
> your internet connection. If this should occur, this program, LSPFIX, will
> enable you to regain your connection.
>
> See
> Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
> http://mvps.org/winhelp2002/unwanted.htm
>
> Note that AdAware and SpyBot S & D will each catch some things the other
> won't. Also, each needs to be updated with the program's update function
> before every use, even when just downloaded. There's also a lot more to do
> than just those two programs. CWShredder is also available here:
> http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
> **Post your HijackThis log to
> http://forums.spywareinfo.com/ or the Spyware forum at
> http://forum.aumha.org/ for expert analysis, not here.**
> Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
> may be found on this page:
> http://aumha.org/a/parasite.htm.
>
>
> See this link for information about malware:
> http://arstechnica.com/articles/paedia/malware.ars
>
> If nothing there helps, please post back to this thread.
>
> --
> Frank Saunders, MS-MVP, IE/OE
> Please respond in Newsgroup. Do not send email
> http://www.fjsmjs.com
> Protect your PC
> http://www.microsoft.com/security/protect/
>
>
> "Bill Ridgeway" <info@1001solutions.co.uk> wrote in message
> news:aY4td.955$317.151@newsfe6-gui.ntli.net...
> > Over this weekend I have been trying to eliminate spyware / rogue dialler
> > which despite the efforts of Norton Internet Security and various spyware
> > software will not go away. All the software I have tried have detected a
> > threat(s) only some of which are dealt with only to change and reappear
> > maybe two re-boots later. I'm convinced it is morphing or hiding somehow.
> >
> > This raises the question is there any independent research showing the
> > strengths and weaknesses of the various anti-virus software in detecting
> > and eliminating virus, spyware etc threats. I am particularly interested
> > in protection for stand-alone computers not large systems. Googling for
> > this information is unreliable as the software producers seem to be also
> > good at producing convincing reports in their favour.
> >
> > Thanks
> >
> > Bill Ridgeway
> >
>
>
>

 

[galen]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

In news:4C5F1B2E-6B83-421F-81D6-3414E644596E@microsoft.com,
markt <markt@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> Why is all spyware, malware passive defence software? Isn't it a bout
> time you technical chaps got on the offensive? If the annnoying nerds
> that produce the offensive software can get into systems and install
> diallers spyware etc I am sure there are ways in which some form of
> attack on their systems could be mounted. Seems that not all
> 'anitivirus' software are comprehensive leading to numerous updates
> required and systems running slower and slower as the av software
> checks everything out.
>
> Regards someone who wishes the web was like it used to be!!

There's quite a bit of proactive software solutions available and none of
them beat awareness and education. Properly configured security settings,
utilization of the security zones, not using the default settings for
internet explorer, and properly configuring scripts to be at least set to
prompt are just a few simple solutions that can be taken. Proper
configuration of a firewall is capable of blocking a number of problems and
scanning files before opening them with updated definition files (scanning
with more than one malware prevention product is recommended by me at least
if the source is even moderately suspect) are a bit more agressive but still
good solutions none the less. The problem isn't that there's only defensive
solutions, the problem is that the typical end user is a) uneducated b)
unwilling to take the time and c) not interested until things go wrong.
Then, when things do go wrong, they look for the most public source and
blame them. That has been my findings at any rate. A search engine for
proactive security solutions will reveal a great number of options available
from hardware to software.

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.

 

[Gilbert]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Galen wrote:
> In news:4C5F1B2E-6B83-421F-81D6-3414E644596E@microsoft.com,
> markt <markt@discussions.microsoft.com> had this to say:
>
<snipped>
>> Why is all spyware, malware passive defence software? ...
>
>... the problem is that the typical end user is a)
> uneducated b) unwilling to take the time and c) not interested until
> things go wrong. Then, when things do go wrong, they look for the
> most public source and blame them.

But when you consider that the World Wide Web has become a (virtual)
shopping centre, why shouldn't there be some onus on virtual shop-owners to
maintain adequate safety standards for their customers, as there is in the
'real' world? Of course, shops are not responsible for crimes committed on
their premises, but they do have a duty of care to customers to offer a safe
and secure environment - I'm thinking of fire protection in particular, fire
alarms, fire escapes, etc. I don't expect to have to wear fire-protective
clothing when I go to a (real) shopping centre, why should I on the web?
(Nevertheless, I do use AV and a firewall, but you get my point...)
Gilbert

 

[galen]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

In news:4263c833$0$42329$ed2619ec@ptn-nntp-reader02.plus.net,
Gilbert <me5@privacy.net> had this to say:

My reply is at the bottom of your sent message:

> But when you consider that the World Wide Web has become a (virtual)
> shopping centre, why shouldn't there be some onus on virtual
> shop-owners to maintain adequate safety standards for their
> customers, as there is in the 'real' world? Of course, shops are not
> responsible for crimes committed on their premises, but they do have
> a duty of care to customers to offer a safe and secure environment -
> I'm thinking of fire protection in particular, fire alarms, fire
> escapes, etc. I don't expect to have to wear fire-protective clothing
> when I go to a (real) shopping centre, why should I on the web?
> (Nevertheless, I do use AV and a firewall, but you get my point...)
> Gilbert

I get your point and agree. Oh do I agree... I also think that there should
be some sort of licensing agreement between the PC user and their government
that makes them accountable for their own computers and that they need to
adhere to standards as well as pass various tests to be allowed to do
different things with their computer. Sadly, I'm not kidding... We're
required a license to hunt, to fish, to drive a car, to operate an ATV, to
marry, and many other things but we've the power to install all sorts of
malware on our system and propagate it across the globe freely which is
potentially harming other people's computers.

Okay... So I'm not really sure I agree with that but I'm hoping that you see
my point.

You mention the "World Wide Web." I agree. It's world wide and as such we
need to accept that there's currently no legislation in place (and no
treaties to enforce them) that would enforce this onus. I know that I
enforce it by not shopping at sites which don't offer 128 bit encryption and
don't have a certificate that matches the rest of their information and I
don't buy or recommend software that's malware. I think it's up to us to
force the issue by simply avoiding things of this nature. I'd never, for
instance, buy a product recommended in a SPAM email nor would I host with a
site who was also known to be affiliated with SPAMMERS. The shops do have
reasonable protection but the internet isn't just shops but rather a
collection of shops, museums, homes, lurkers, and all that. I truly like the
superhighway analogy of yore. We are citizens on that highway and it's our
responsibility to insure that our vehicle is safe to traverse the highway.
It's the hardware vendor's responsibility to provide you with hardware that
will last. It's the OS's authors responsibility to provide you with an OS
that's as secure as they can make it while still allowing reasonable use.
It's the OEM's job to put it all together in a package that fits your needs
and then support it. It's all about ALL of us accepting responsibility. If
people stopped buying products from SPAM they'd stop sending it. They
wouldn't send it if it wasn't profitable. If people stopped downloading
malware they'd stop writing it. If people stopped clicking OK on everything
they see they'd stop ad supported software. If people started to monitor
their internet traffic and scanned files before installing them (or even
Googled to get other people's opinions) they'd stop coding spyware because
it wouldn't get them anywhere... (Don't get me wrong. Two things. This won't
happen overnight. They'll find new ways.) In the end it boils down to
education before use, to being aware, and to thwart threats before your
infected. We... You... Me... The coders... The other end-users... We all
have a responsibility to the community and we have to do our part to stop
this. Using, as you said, a firewall and an AV product is a good start. I'd
toss a trojan and spyware specific application on top of them and use a
software firewall with a decent router just to be sure but hey, it's a start
and a heck of a lot better than some people do. Time and time again you read
"I stopped updating my AV because it was <insert anything here, cost too
much, taking too long, too much of a hassle>. You hear, "What's a firewall?"
You hear, "I installed a firewall but I gave suchandsuch.exe access because
it kept asking me." What I don't hear is, "I just installed a firewall and
now I want to configure it to meet my needs, how do I do that?" I'd love it
if I heard, "I just updated my AV software and want to know if it's actually
working, does anyone know where there's a test file?"

This is, of course, the newusers group... I'm unlikely to hear those in here
but I don't hear them in the other groups very often either. I'm usually a
very liberal person but there should be some sort of EFFECTIVE world wide
consortum to enforce standardization of safety regulations and minimum
security guidelines as well as policies for dealing with infractions. What
we have online now is nothing short of anarchy in most places or agressive
dictatorial oppression and neither is acceptable in my opinion.

It has been said by people wiser than I that anarchy leads to true freedom
so we'll have to see what happens.

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.