Sign in with
Sign up | Sign in
Your question

Best Antivirus Program for Combatting Personal Security Virus

Last response: in Windows XP
Share
April 5, 2010 5:00:02 AM

Greeting Everyone,

I am servicing computers everyday for both business and home users and the vast amount of computers are infected with this whole family of viruses by names like Personal Security, WinAntivirus, Antivirus7, Security Guard etc.

I see these ransomware infections getting past everything from the free Antivirus programs to the most expensive antivirus programs, especially with home computers that are use for Entertainment Purposes and always because the users were browsing the Internet and are tricked into clicking on a fake warning of infection or security risk. Once they are tricked into that initial click, life goes downhill rapidly as the infection installs itself and then takes deeper root as the user clicks on subsquent fake screens. If they don't register the fake program, it will proceed to convince them to register by progressively turning off more and more Windows features.

My question to the knowledgable users of this forum is:

Does anyone know of an antivirus/spyware program or combination of programs that can catch these infections as they initially try to install from that first ill-fated click while browsing the Internet?

I have tried all the 'Big' names to varying degrees of disappointing success.

Would registered versions of MalWarebytes or SuperAntiSpyware be effective?


April 5, 2010 5:56:11 AM

How old are these viruses? I can't imagine all the big names aren't already updated to recognize them.

We've already used MBAM here to remove them, so maybe the resident MBAM could prevent them. Does the MBAM site specify anything?
April 5, 2010 6:25:25 AM

I've talked direct to some of these companies and they all seem to skirt around the issue of avoiding initial infection, quoting day zero infections and such.

I am kind of adverse to naming names in a public forum.

I too think MBAM is great at combatting infected computers, but I have clients asking how to avoid getting reinfected and the best advice I can give them is to educate them in how these infections are happening in the first place and advise a shutdown and restart when presented with a warning message when browsing the Internet that isn't presented by their own antivirus. I have experimented with sites that have infected client computers and if you click the inital fake warning you are sunk.

I am still searching for a program that I can refer clients to, but I don't want to purchase all of them to find out which is the best. I am hoping someone here could suggest a program from experience that stops these infections before they happen so I could make an educated investment in for trial testing.

I know I'd make more money if they get reinfected, but some of these people have limited incomes and kids using the computer at home, so their risk of reinfection is high. I'd like to be fairly confident in recommending a prevention program that works for them. I know that no one can claim a 100% success and I wish I could point to free antivirus software as the problem, but I am seeing many of the top antivirus programs succumming to these infections. Maybe they aren't all keeping their programs uptodate???

My favorite cocktail for disinfecting is:

MiniPE and Registry REstore Utility
Combo Fix
Malwarebytes
Superantispyware (and Windows fixes under preferences to reset things)
ATF Cleaner
CCleaner
Panda
and finally reinstall client's antivirus and do full scan
Superantispyware

Related resources
April 5, 2010 6:38:27 AM

So you answered your own Q.

I've never used it, but how about the resident MBAM?
April 5, 2010 7:31:39 AM

I am inclined to purchase a shop copy of MBAM and put it to the test. I am just curious on the prevention aspect though. When viewing forums (and not just this site) all of these programs and more are recommended to cure the computers, but no one ever seems to finish up the job with a recommendation of what to do to avoid reinfection (other than keep your antivirus/spyware programs up to date).

Maybe there isn't a best program. I know I can't count on all fingers the number of purchased versions of different protection software packages I've trusted over the years that seem to fall short over time and you move onto something else.

I was hoping that I was missing the golden answer!
April 5, 2010 8:09:18 AM

They all fall short, according to all my reading. The best bet wqoukd be the one that prevents THE MOST. And that's where ratings come in.

Try the Eicar test with MBAM, although it might not be as malevolent as some of the other viruses.

oops, it's out of date: http://www.eicar.org/anti_virus_test_file.htm
April 5, 2010 8:26:31 AM

Thanks graywolf! I've bookmarked the link and will put it to the test this week.
April 5, 2010 9:15:48 AM

But it's old!! Viruses have changed so much.
a b 8 Security
April 5, 2010 12:25:17 PM

graywolf said:
But it's old!! Viruses have changed so much.



Like both you, GrayWolf and digitalprospector, I have a lot of time for MBAM and think it's almost a false economy not to upgrade the free version to the higher level for £17 GBP - twenty four of your Dollars, I think and that's for life. However, unlike you, GrayWolf, ;)  I still believe in the power of Spybot as a resident and in addition to that, SpywareBlaster regularly updates its list of restricted sites to include the sites this rubbish comes from on a redirect.

I've probably cleared out thirty of these this year alone and I find Kasperky's TDSSKiller often finds Rootkits where these things have either trodden or left a back door open.


April 5, 2010 2:07:57 PM

Thanks for the suggestion to check out TDSSKiller. Always good to have an expanded toolkit!

Spybot is on my tools CD and I do use it sometimes, but I've always found the user interface uninformative for whatever reason. Maybe it just a personal dislike for the screen layout on my part.
April 5, 2010 11:45:43 PM

If you want to keep from geting infected in the first place,i would look into Avast,ThreatFire,Web of Trust browser add-on and Zone Alarm firewall which includes zone alarm browser toolbar.

Why you might be interested:
Web of trust is a community based site rating service which has two important functions.First it displays a site rating icon next to search results on sites like google,second if you use the adress bar of click a link on something other than a search engine and happen upon a dangerous site the screen will black out and tell you"this site has a poor reputation",at which time you can read the ratings or leave the site.

Avast has saved me from infections a time or two by dropping connection and preventing a trojan from downloading when a site i visited which i thought was safe...thats good to have.

Threatfire has also saved me from infection or two.It doesnt rely on definitions so you dont necessarily have to scan your machine for it to catch infections,it offers real time behavior based protection against infections....This is my favorite of the bunch.

Zone alarm firewall...its a firewall but unlike xp's default firewall it blocks/asks for permission for outgoing connections.The best feature is the toolbar which works to protect you from known spyware ditribution sites.

So to sum this up to keep you from getting infected in the first place you have zone alarm toolbar,web of trust and avast's web and network shield.Then if something does get downloaded and tries to something,threatfire does a good job of catching it the moment it tries to do so.And finally threat fire and and avast both can be set to shedule a scan just to be sure something didnt sneak in.

And of course you still have malwarebytes to scan with.
April 6, 2010 12:13:24 AM

Interesting jimb0b.

Do these apps needed to be purchased to be effective? Again, I ask because many of the home computer I service are homes without big budgets. Are you running free versions of any of these, or did you register them all?

Thanks for the input.
a b 8 Security
April 6, 2010 6:37:52 AM

[#0005ff]SpywareBlaster still has a part to play in all this. It maintains a database of those sites to which you might be inadvertently redirected - currently nearly 15,000 of them. Still free to download - although they welcome donations - from and it adds all those sites to the Restricted Zone of IE a lot quicker than you or I could do it. :D  [/#000ff]
April 6, 2010 12:50:12 PM

Thanks for th input Saga Lout! SpywareBlaster is a program I am not fimiliar with. Can it run along side most antivirus software?
a b 8 Security
April 6, 2010 3:48:04 PM

digitalprospecter said:
Thanks for th input Saga Lout! SpywareBlaster is a program I am not fimiliar with. Can it run along side most antivirus software?



I've used for six years and never noticed it interfere with anything else. It only adds to the Restricted Zone and doesn't act as a resident in any way but it does prevent those redirects. Find it at http://www.javacoolsoftware.com.



April 7, 2010 3:26:19 AM

SPBlaster doesn't run resident. It controls through the HOSTS file. I forgot to mention it bec it works quietly.

ZA is still free, but no longer owned by Zone Labs. It had some problems with the last few versions of Firefox, and there was no contest as to which one I would keep.

Prevention works fine for us who are careful and "educated" in computers. I just did a little talk on that at my PC users group. And when the instructor asked who else had security in their computers, only the 3 other pros raised their hands. This was at a security workshop that meets every month.

The problem for us is with clients who don't practice prevention, and you have to educate them. But some are not interested in restricting their online activities, or don't recognize sleazy stuff, and it's not really connected to intelligence either. They want their illegal movies, their illegal songs, their snazzy-looking toolbars. Even after getting infected they go right back to their old behavior.

Things I hear from clients:
"If I get one more virus problem, I'm switching to a Mac (many have.)"
"I'll just get a new computer."
"I'll call you if it gets bad."

You'll all be surprised by these recent reviews in Max PC Mag, although I still prefer to have all my security programs separate. They're reviewing mostly suites here, and the mag was being passed around last night in my group:

http://www.maximumpc.com/article/features/protect_your_...
April 7, 2010 3:33:03 AM

SL--SPWB does work with Firefox, doesn't it? It claims it does. I rarely use IE.

Even after reading the reviews, digit(may I call you digit, or is it too intimate :lol:  ) you can conclude that there's no 100% prevention. The bad guys are always a little ahead.

I've never heard of F-Protect. Anyone?
April 7, 2010 3:37:23 AM

Oh, another thing clients tell me:
Me: "Where did the warning come from? Did it have your A-V 's name on it? Did you write it down precisely as stated?"
They: "I dunno, didn't really notice."
April 7, 2010 4:15:36 AM

I have never heard of F-Protect either. Interesting article graywolf. Thanks for pointing it out. Just the type of feedback I am looking for. I found it very interesting that ESET's NOD32 ranks so high. I think I will have to go back and take another look at that package.

And yes... you can call me digit if you want... who knew I'd get my first nickname well after my highschool years! <grin>
April 7, 2010 5:09:29 AM

Even since this was printed in Dec, the scorecard could be different.

But did you notice they also completely ignore free programs? That's unfair to some fine free security programs. I wonder who advertises in that mag?
April 7, 2010 5:19:21 AM

Saga Lout said:
Like both you, GrayWolf and digitalprospector, I have a lot of time for MBAM and think it's almost a false economy not to upgrade the free version to the higher level for £17 GBP - twenty four of your Dollars, I think and that's for life.


Isn't the paid MBAM resident?
April 7, 2010 5:27:26 AM

The days of some smart kid programming a virus at home just to see where it will show up in the news is long gone. Most of it is now put out by organized crime for identity theft and it is very obvious that they are fooling alot of users with their tactics. However, it has also become very obvious to me that many users give little concern to avoiding reinfection by curbing their online practices of surfing porn and downloading movies, music and such, just like you stated graywolf.

To be fair to some people though, there is some very clever methods being utilized to infect computers these days. Especially the practice of setting up fake websites to lure people in. Did you know that there are more religous sites on the internet than there are porn sites? The minds behind these malware infections know this and they are setting up bait in the form of religious sites, travel sites, review sites, and even fake sites ranking protection software on which they make sure that their fake product of the day is given good reviews. It's no wonder people are being fooled out there.

Anyway... enough of my rant for tonight!
a b 8 Security
April 7, 2010 5:40:42 AM

Avira, Avast, or Microsoft security essentials are all top notch free antivirus programs.
April 7, 2010 5:45:28 AM

Digit wanted to know if anything was foolproof, and we all pretty much agreed that nothing was.
a b 8 Security
April 7, 2010 6:28:58 AM

graywolf said:
SL--SPWB does work with Firefox, doesn't it? It claims it does. I rarely use IE.

Even after reading the reviews, digit(may I call you digit, or is it too intimate :lol:  ) you can conclude that there's no 100% prevention. The bad guys are always a little ahead.

I've never heard of F-Protect. Anyone?



[#0005ff]It does work with Firefox but not with Opera or Safari. However, since IE settings are part of Internet Options, the restricted Zone may apply to those browsers which are less self-contained.

I use Firefox only because of X-Marks and usually solely for this Forum, TSG and e-Bay but I'm getting teed with the time it takes to start in the morning so I'm looking for a slimmer version. I want to go back to an earlier Firefox which includes Foxmarks or X-Marks but not all the other bumph and I don't want to spend hours in about:config beore I start using it either.
[/#000ff]
April 7, 2010 6:35:43 AM

So I might be wasting my time keeping Blaster updated all the time.

Earlier FF are not secure. Don't go back before 3.5. 3.0 no longer supported.

If it's starting slowly, visit forums.mozillazine.org and they'll fix you up. Generally slimmer means fewer extensions. I might even see you there. I'm the wombat.

April 7, 2010 4:34:27 PM

So here is an interesting turn of events.

I am test running SpywareBlaster (as suggested earlier in this thread). Since I installed it yesterday just after suppertime, my IE8 running on Win XP Pro SP3 is freezing and Not responding (usually just as a new page attempts to display. Even when in this forum and posting a reply. 14 times so far since yesterday. No other installation between then and now. I am going to uninstall SpywareBlaster to see if my problem persists. Will provide update later.
!