I currently have IE6 and Mozilla Firefox installed. How can I get the category changed to zero on IE SOFTWARE (plugins) unprotected items, or is it possible.

You really should upgrade IE6 to IE7 while IE7 still has vulnerabilities its alot better than 6

looks like no more AOL Active Virus shield it is now changed to McAfee Virus Scan plus Virus Special Edition.
http://www.activevirusshield.com/antivirus/freeav/get_started.adp

oh dear lord more McAfee, eeekk run

oh dear lord more McAfee, eeekk run

I am not running McAfee or AOL Active Virus Shield. The last time I ran either was over a year ago while I had AOL dial up. I used it because it came as part of the AOL service. I had problems during a update with their Safety and Security center. It took several hours download, uninstall, install, customer service etc....... I then uninstalled it again and went to AVG virus. I was curious about the Active Virus Shield because I had seen good reviews on it. When I went to look at it today it said it was no more......

I am wondering if they will continue with updates for those people who currently are running it. I wonder if they will receive update through Kapersky or if they'll have to uninstall and find something else soon.

Ok guys, I tried a another new "fix technique" last night, problem is my computer is too damn clean. That's ok it will be good practice for trying to fix another computer some day.

this is from a global mod over at bleepingcomputer, he's a msmvp secuity expert


download these 2 selfcontained programs, do not use them yet!!!!!!!!

http://www.atribune.org/ccount/click.php?id=1
ATF Cleaner

http://www.freedrweb.com/cureit/
DrWeb Cureit

I would save these files and make a new text doc with instructions and put them all in a folder where you can find them

because all this has to be done is safe mode and when all those icons won't fit on your desktop? I put mine in my docs and then hit show details after getting into safe mode and opening my docs



Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Dr.Web CureIt as follows:
Double-click on cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan tab" and UNcheck "Heuristic analysis"
Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
When done, a message will be displayed at the bottom advising if any viruses were found.
Click "Yes to all" if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

I did find 2 trojan downloader, but they have been in norton's quarentine for months

... I was curious about the Active Virus Shield because I had seen good reviews on it. When I went to look at it today it said it was no more......

For the most part IMO, if it may please the court, I find most reviews from magazines to seem coporated and biased

I prefer to test them out for myself, Norton and McAfee are IMO, if it may please the court, to be crapware and money driven software. I tested Norton and McAfee myself a couple of different times, even used to subscribe to Nortons' usual System Works for numerous years, buying the new upgrades year after year, only to find out that it screwed my computer up, and I had 2 trojans, on my system, and Free-ware programs found these and fixed my computer.

Im sometimes too anal about things, and vehement against things that have burnt me, but I while can admit the Norton and McAfee have stepped up their efforts, mainly Ive seen its alot easier to uninstall now than in preveious years. But I will never use their crap again, as I was spending way too much for their BS, as it seems every software publisher is getting on the subscription bandwagon now-a-days

Another new free tool is ZoneAlarm ForceField (http://zonealarm.com/forcefield). It's virtual browsing like sandboxie, but specifically designed for security, with alerts when you're on sketchy sites, anti-phishing, spyware prevention, etc. I'm helping find users for our beta, and we'd love to hear what you think.

For the most part IMO, if it may please the court, I find most reviews from magazines to seem coporated and biased

I prefer to test them out for myself, Norton and McAfee are IMO, if it may please the court, to be crapware and money driven software.
(snip)



Hmmm, when I first started learning Intel assembly I typed in like 13 files worth of assembler(back then the programming books didn't come with a disk so you could just copy onto the PC) from Peter Norton's book to create this little disk sector editor utility. I think he made a better programmer than CEO. :)

Another new free tool is ZoneAlarm ForceField (http://zonealarm.com/forcefield). It's virtual browsing like sandboxie, but specifically designed for security, with alerts when you're on sketchy sites, anti-phishing, spyware prevention, etc. I'm helping find users for our beta, and we'd love to hear what you think.

Too bad no Vista or I might try it.

till then I stick with Sandboxie

Version 3.02 is out!!!

well looks like ZoneAlarm's Force Field (http://download.zonealarm.com/bin/free/beta/forcefield/index.html) now supports Vista but is still in BETA

Sandboxie is running like a champ altho I have found Firefox runs better in it than IE7

Still no Mal-Ware detected on my system, and I have found a memory leak but that was with 32 Tabs in IE7 and not 100% sure it was a memory leak or just a total systme bog down, but it crippled Sandboxie and Vista requiring a hard reboot was worried that this may have compromised sandboxie so I did a FULL system scan using 15 different programs thru all 3 OSes on my system still 100% clean against all known Mal-ware

AVG 7.5 Pro is available to download for free (usually $29.95) until 17/1/2008:

http://www.computeractive.co.uk/avg/

Worked for me :)
Thanks Admin

Running Clamwin & using System Suite 8's Net Defense 2-way firewall (not free), on the XP32 side & Clamwin with Comodo's 2-way firewall, having chosen Basic not Advanced during the installation. Have a friend who is running Clamwin & Comodo on Vista, been doing it for a while now.

AVG 7.5 Pro is available to download for free (usually $29.95) until 17/1/2008:

http://www.computeractive.co.uk/avg/

bought the magazine as I have for about 7 months now? I can't see anything in the magazine that states anything at all about this offer. Is this in the last issue or what? Where am I supposed to find the information for the offer above . Your help would be appreciated.

I don't have the magazine either, I found the link on another website (which got the link from another forum). Apparently, all you need to do is to download and install the software, although some have said that it is a 1 year license only. More info and download mirrors here:

http://cybernetnews.com/2007/12/26/free-antivirus-avg-75-professional/

The MegaUpload mirror is still working, I just confirmed.

http://siri.geekstogo.com/SmitfraudFix.php

Heres a little scanner. Tell me what you think please

http://www.dslreports.com/faq/10063

The experts at CERT and SANS don't think an on-site team of certified trained and experienced professionals can reliably clean a system that has had a backdoor installed, up to the standards of everyday commercial and institutional use. So how can one expect to do that long distance?

backdoor trojans are now using rootkits

Hi Guys. What's W/ZoneAlarm's Free System Checkup? Is it worth a try w/out messing up your pc in anyway? I already have ZoneAlarm free. Just don't want to leave anything else running in the background after a free scan. Thnx.

http://www.dslreports.com/faq/10063



backdoor trojans are now using rootkits

Glad I read this and also some posts through search in the forum about zonealarm. Just dumped it. Looks like we all just have to stick w/w/e's working in the moment and just keep on top of the constant changes to security whether good or bad.

I am seeing some new malware hitting, people downloading apps off P2P, can't get into safe mode, no .exe files will work, no av, rootkit keylogging backdoor trojans where if even your antimalware finds and deletes the files, they come right back, people are pulling the plug to the internet, wiping their computers, losing all data and reinstalling.
The bad guys seem to be doing it just to trash computers tho.

Man this WWW is crazy enough. Can't phathom linking to some other's system to play games or w/e else. It's that GO ASSIST feature from Dell or Verizon and I'm leary. Honestly, I just do my video and music work and beef things up w/a new app. here and there that's necessary. Common sense ain't too common anymore. I knew str8 off the back to scrap yahoo and all that other traffic after my system got infected. The more traffic the more the odds are in favor of getting hit.

Soup posted a good one but I prefer MWSnap (http://www.snapfiles.com/get/mwsnap.html) ;)
How are you supposed to use MWSnap 300 when I download it it says
MWSnap 300 is not a valid Win32 application. And then will not do anything. I have downloaded and run from the Desktop and E:drive . Is there any other programs for taking screen shots.

Hi Snagel. Where did you try to download it from? Same thing happened to me w/another app. a while back. Think it was softpedia where I tried to download from. Was suggested to me that the download must of been corrupt and that I should try downloading again. I didn't even bother after the second try.

Hi Snagel. Where did you try to download it from? Same thing happened to me w/another app. a while back. Think it was softpedia where I tried to download from. Was suggested to me that the download must of been corrupt and that I should try downloading again. I didn't even bother after the second try.

Right from the link on this forum from BR7. It was from MWSnap.

Threatfire AntiVirus & Spyware protection ~ http://www.threatfire.com/

Right from the link on this forum from BR7. It was from MWSnap.

I either started a thread a couple of weeks ago or posted in one about taking screen shots. I downloaded irfanview. does the job. also there's paint.net which Loco recommended. just pick one and keep the one that you feel most comfortable with. Also remember you need an image hosting service which is also free. Took me a bit too get it going but it's worth it.

How are you supposed to use MWSnap 300 when I download it it says
MWSnap 300 is not a valid Win32 application. And then will not do anything. I have downloaded and run from the Desktop and E:drive . Is there any other programs for taking screen shots.Sorry it's not working for you.I'm not sure why you are getting that error,it has always worked flawlessly for me

Right from the link on this forum from BR7. It was from MWSnap.

Hey snagel, I'm not familiar with that program but generally what I do with a hard to get download is google on the download filename. If it's a popular program sometimes it will even show up on a college ftp server that allows
anonymous access. You can just go and get it once you know where to look.

My modem/router died on me a couple of days ago. Now I have the new Modem/router from Qwest 2701 HG-D. When running the new installation disc it has Windows live one care as Qwest with MSN for virus protection, firewall, anti-spyware and anti phising. Is Windows live one care any good?

Your comments will be appreciated.

If you run it it will advise you to uninstall AVG professional, AVG Free, and Adaware 2007. I don't know why you couldn't uncheck the box and not have resident protection on AVG and still keep them for scanning utilities.....

Just curious.

Is Windows live one care any good?
Just curious.

for ur answer...
http://forum.digital-digest.com/showthread.php?t=78902

no u cant install multiple antivirus programs from multiple brands. compatibility problems....

re: atfish

I always had the understanding that if you did not have anti-virus or anti spyware for that matter running in real time or resident protection that you could have more than one. I then understood that you could use the ones without resident protection or realtime protection as scanners.

wouldn't this be true under this practice........ pick the one you wanted to run and use it in real protection and use all others as scanners only unchecking the tick box to make it available only as a scanner.

Hi snagel. The other day I either came up w/a false positive from Avira my free virus proggie and I called Verizon as it had to do w/their directory in some way. Story short I deleted the entry and asked Verizon how much their virus and anti-spyware cost and how good it was. Bottom line it was too much xtra money a month and the tech also said I couldn't have another anti-virus program installed at the same time as theirs. Probably cause it's directly integrated w/the whole isp service or w/e.

I use Avira Free PE and Spybot Search and destroy also free. I also use windows firewall. As long as you play it as safe as possible by some of the suggestions either here in this thread or on some others, along w/Firefox w/No Script and Add Block Plus you should be fine. Firefox is just safer. IE I use for certain downloads and purchases that FF can't do. Choice is yours though. Play w/it see what you like and check out the suggestions posted by the more veteran fellas and all will play itself out well in the end.

I think I finally put together a low footprint dummy down combination of security programs

first you have to have a decent router nat hardware firewall w/ windows firewall

then your OS is fully updated, same for browser, java too

firefox no script for iffy surfing

then spybot w/sd helper and immunize/update frequently, no teatimer

next winpatrol to monitor changes

last the avira personal free for resident av protection

I tested this combination on an old dell that I had installed xpsp3 on

23 seconds to boot w/wireless internet

9 seconds to shut down

protection will not let me extract the test trojan(amazing how fast it worked)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

I think I finally put together a low footprint dummy down combination of security programs

first you have to have a decent router nat hardware firewall w/ windows firewall

then your OS is fully updated, same for browser, java too

firefox no script for iffy surfing

then spybot w/sd helper and immunize/update frequently, no teatimer

next winpatrol to monitor changes

last the avira personal free for resident av protection

I tested this combination on an old dell that I had installed xpsp3 on

23 seconds to boot w/wireless internet

9 seconds to shut down

protection will not let me extract the test trojan(amazing how fast it worked)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



first you have to have a decent router nat hardware firewall?

What is nat?

NetworkAdressTranslation

all routers have it, it's what you do with a router that's important

change the default password, use mac address filtering for wireless etc

malware has now moved into routers

Free (6 months subscription to) Kaspersky Internet Security:

http://www.ozbargain.com.au/node/4953

I'm using KIS at the moment, and it's pretty good, if slightly high in the memory usage stakes. My license is also a free 6 months one from about 5 months ago (give away in a PC magazine).

i found avast 4.8 pretty good and fast, better then my older 2 products frm symantec.
whats better whole 1 year, then re-register to get one more hmmm nice. combination with S&D works for me....

NetworkAdressTranslation
all routers have it, it's what you do with a router that's important
change the default password, use mac address filtering for wireless etc
malware has now moved into routers

Hi Chewy :)... dude you always talk 3 or 4 levels above my head ...
Chewy can you point me to a website that can teach me (us) these "NAT" and other Router setup.

Thanks,

G!:angelgrn:

I could but they are above my head

the whole idea is if you are on a broadband cable modem or dsl one, if it doesn't have a router built into it(where you can connect 4 wired connections) then you need to add one between your modem and your computer

http://www.geobytes.com/IpLocator.htm?GetLocation

when yuu go to this site it shows your real ip address

a hacker or malware can try to get into you by going there

a router reassigns ip addresses and stops the hackers

looking from your computer outward

start>run>cmd

then type in

ipconfig /all

192.168.2.1

here's my gateway(belkin router)

and it gives me a virtual/private IP

192.168.2.4 right now

http://www.practicallynetworked.com/

study this site and come back and explain it to me, some of this stuff is worse than video

Hi Chewy,

THANKS ... at least now I will be heading in the right direction.

G! :thanks2: :realbighu

I stick to AVG free. That has never failed me. I use comodo for a firewall.

Hi folks,

FYI, my OS is Vista Home Prem. SP1, 64-bit.

I believe that S&D TteaTtimer tells us if a program or a .EXE is trying to "Add Registry Entries" ... so then that might alert you to a possible Problem.

Q1: Is S&D TeaTimer same as or similar to Comodo Firewall? If not what is the equivalent to S&D TeaTimer?

Q2: If the two are the same ... then which one is better at the protection that I mentioned above ...
A) S&D TeaTimer or
B) Comodo Firewall

Q3: If I decide on using S&D and TeaTimer ... what other AntiVirus and Firewall would it work well with it.

Thanks,

G!:)

I'm not 100% sure they're the same. Maybe work the same in regards to certain things. Tea Timer is always on, and does take a bit of ram, but some like it. Blu I think posted about using it, and being ok w/it. I chose to not check it off on setup. I use Spybot S&D w/Avira and just window's firewall. No problem whatsoever. I also added Malware Bytes to my arsenal. Now if S&D is compatible w/your system go for it. Avira's great. Small foot print if any. Malware Bytes on the $$$ also. Well it's free so that's a oxymoron I believe. I don't know your browsing habits, or how paranoid you are, and if this is for your notebook. If it is you better have a good wireless router setup like Chewy suggested. Safe hexing Master Gonwk. Vigilance best overall in addition to anything you use.

Had one go around with teatimer, which was the last time it will be installed on any systems I own.

Had one go around with teatimer, which was the last time it will be installed on any systems I own.

Ditto for me as well soup, and thanks to chewy for the heads up when I first went to install it. :thumbs_up

Teatimer is very powerful, and complicated registry protection, Blu seems to have mastered it. I was OK with it after I had hosed 2 or 3 computers, none of my clients ever mastered it. Firewalls don't protect the registry. Winpatrol does, and I wouldn't use it with teatimer. It seemed a little more stable.

Hi guys,

Thanks DR_ML, Soup, and Chewy for your responses.

@ Chewy ... I am running WinPatrol ... and I like it ... the only thing about it sometimes it asks me about a function ... well, if I don't understand or know about the function then what am I tell it to do ... then I sometime just guess at the darn thing.

I wish WinPatrol had a database that I could pop up and check and see if the thing is koshere!

G!:)

gonwk have you had a really bad hack into your registry that you definitely feel the need for all that security? A good router hooked up and configured along w/the s&d and w/e av along w/MB should do you right. Remember what chewy just posted. Blu has mastered the Teatimer, and we both can really agree that neither you or me or many of us are even close to what Blu can do. So just imagine the learning curve for that Winpatrol, especially if it's not really a immediate need. Conquer and divide.

gonwk have you had a really bad hack into your registry that you definitely feel the need for all that security? A good router hooked up and configured along w/the s&d and w/e av along w/MB should do you right. ....

Hi dr_ml,
No ... I want to keep it that way!:toast:

BTW, how have you been!?!? Are you freezing your tush in your nick of the woods? :angelgrin

G!:)

when winpatrol asks to allow something, just think, did I just install a good program or go to a badwebsite

remember a lot of programs ask for you to reboot, make sure you do so and then allow winpatrol

when winpatrol asks to allow something, just think, did I just install a good program or go to a badwebsite

remember a lot of programs ask for you to reboot, make sure you do so and then allow winpatrol

Doh :smashead: ... darn ...

Chewy you just make things "So Much Easier" ...

Now why didn't I think of that ...I was looking for some "Complicated" rule or guide.

THANKS Chewy!

G!:)

Anyone use ghosterly (http://www.ghostery.com/) Firefox addon?
I'm trying it out now. Supposedly it picks up on those one pixel graphics on web pages that pull info off your machine or help them track you.

The text below will allow you to test your anti-virus program.

First open note pad and cut and past the text below.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Then save as eicar.com. Then double click on the program. Or it may not even let you save as eicar.com. If your anti-virus is working properly, it will not even let you save it as eicar.com.

The text below will allow you to test your anti-virus program.

First open note pad and cut and past the text below.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Then save as eicar.com. Then double click on the program. Or it may not even let you save as eicar.com. If your anti-virus is working properly, it will not even let you save it as eicar.com.

great test

I did this a couple of weeks ago and my AVG went crazy on this one!

The text below will allow you to test your anti-virus program.

First open note pad and cut and past the text below.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Then save as eicar.com. Then double click on the program. Or it may not even let you save as eicar.com. If your anti-virus is working properly, it will not even let you save it as eicar.com.

Just tried it in Avast. It would not let me even save without alarms.

I turned off my McAfee anti-virus and windows defender also blocked it.

Anyone recommend a portable or no-install antivirus/scumware scanner? I'm looking for something that doesn't try to start itself up on bootup and prevent me from shutting it off. I just want to scan the files then delete the program. No resident shield no email filter and yadda yadda. Does av that polite exist anymore? :)

http://ftp.kaspersky.com/devbuilds/AVPTool/

Thanks for the link. :)

@ Miles How bad/annoying of a time were you having w/the one you were using and what system were you using it on if I may ask? I've been using Avira personal free on my XP home 32 bit w/no real issues of it starting on bootup. Although by starting up on bootup do you mean it actually starting a system scan, or just being on? If system scan then I could understand chucking the one you have for a online quick scan like the one Chewy suggested. If just being on I'm just curious how crazy it's bogging you down to load up.

My system loads to the log-on window in about 10 to 15 seconds more or less depending on what time. That's on my Dell E3100. On my build it might take lil longer more or less. Let me know please so I could compare and decide on any adjustments also. Thnx.

The link I posted is for a very powerful and effective standalone virus scanner, not an online one. It's updated very often but was intended for a use once and throw away scenario. That's what miles ordered?

I understand. By stand alone you mean it's not integrated into the registry, or just the option of running n then deleting? After deleting can you use it again by going to the link when/ever? Is it like a .exe file like ATF in a way? Thnx. I mean if just use when/ever how many times then what's use of resident whether just on at startup w/option to scan after logging in or w/e? What's the risk factors, especially while surfing/downloading? Thnx.

Keep your resident, that's what keeps you from being deeply infected

the standalone is only good after the fact

Thnx. That's what I figured. Don't get why anyone would want to try n catch something later to remove for the sake of a couple of seconds on bootup or w/e? I'd like to see why Miles wants this.

It's not about slow booting. I had the update scheduler set to manual. When I pressed the button to do the update, it complained the update service wasn't present. So I started the service and it updated. I did the scan. Then it didn't want to let me turn the scheduler off. If this is supposed to be part of the self-protection scheme or just broken I don't know but I know I don't like it.

The only way to shut off sched.exe was to uninstall. I don't need this kind of headache on my PC.

Which PC you running your Vista? Also I've had no problems w/Avira updating while on my PC doing w/e, whether I'm doing video work, online, E-mail or all of them. It'll just update, download the files and then close automatically. Matter of fact you don't have to wait for it to close, you can click on close and done. Avira once you log on or w/e will search n update, almost like having a schedule or doing it manually.

Which AV were you using? If it was on your Vista then prolly had to be Vista compatible, if not then it's the AV proggie itself. Either way your choice is get rid of w/e AV you were using, replace w/another, or find one that'll have no issues w/the PC you're using if that's the case. I'm just curious because I don't know how some have issues w/a AV n others don't especially when it's the same one and on same OS. Only thing I can think off in this scenario is internet connection or some compatibility issues in your PC.

Not for anything, but the headache might be worst trying to catch n get rid off something on there already using a throwaway. No doubt you can do this, but more consuming? Pretty sure you have backup image of any HDD's or w/e also. That Vista's a bi@#h huh?

I don't like Scheduled Tasks in Windows because, for one thing, there's no easy way to check for HD activity. That's why you see all these tasks that fire at "idle" use CPU %. To get the HD activity involves lots of work.

As I mentioned a few times, when my first Vista PC was new, I didn't know defrag was in the scheduler. I was defragging with jkDefrag when Windows defrag decided I wasn't doing anything(since CPU % was low and no keyboard hits,) so why not defrag now? It's really lame until they have a fix for simple HD activity check accessible to programmers. afaik the only way is an involved system performance scripting thing. No simple API like GetDriveActivity(PhysicalDrive, duration) .. which is what's needed.

I don't like to run my PC so it pleases the av program. I'd rather have access to a bootable CD image with av on it with db and the image is updated. Then the blasted av wouldn't even be on my HD, much less running.

Ok. So basically it's because of the tests you run regarding programming and such that you'd like no AV at all, even if it's behaving normally. I kinda figured that. I've had no drop in performance at all w/Avira being on. Not scanning, just on like you mentioned you don't even want. Even on my Dell, at least nothing to notice. Being that you work w/your apps. a lot for programming I understand. Funny that since it's inception they still haven't put something out that doesn't use idle processes or any background running. They can. Just lazy I guess.

Now that you mentioned that defragging thing that happen on your 1st new Vista PC, I helped a friend today w/some tweaking n cleaning on his Dell. It's a XP Home Professional OS. I removed so much crap that's bundled w/the new prebuilds and about more than a GB of temp n reg stuff using Revo Uninstaller, Ccleaner n ATF. When I went to defrag there was no defrag option. I turned system restore off just to see if that was the case n still it said no defragging tool installed. Is Professional like that? It doesn't have a defragger? I'm almost positive I didn't remove it, because I would of got some warning. OT here so if a quick reply that's great, then I'll just search n post new thread if needed. Thnx.

I believe XP Pro has your basic Windows defrag. I'm not sure what they do on these machines. According to the docs the Vista command line defrag that comes with Windows no longer has the -b option to defrag your boot files. The -b option doesn't show if you do "defrag /?" to get the params. But I did it anyway and it worked on my machine! Go figure!
It gets more mysteriouser all the time. :)

Thnx Miles. You hit it on the button. I just Googled this very same thing n there were hits all over. From not being able to defrag if not Administrator to System Restore like I mentioned. I left a message on the old man's machine to call Dell. It should be under warranty. Let them figure it out. I'm holding on to XP Home until something can really convince me to let go n move on, and even then I'll still have it on 1 of my machines.

Can't blame you for hanging onto XP. I have the one PC dual booting so at least I can boot it to XP to do something I know works in XP but I'm not so sure about in Vista yet.

i use avg free and advance system care free along with windows firewall. i love ascf its from iobit. kim komando actually talked about it i tried it and love it. http://www.download.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html

Can't blame you for hanging onto XP. I have the one PC dual booting so at least I can boot it to XP to do something I know works in XP but I'm not so sure about in Vista yet.

The thing about Vista is that you Must have enough ram. I work on a lot of computers. As long as I have 3-4 gigs of ram it runs as good or better than xp. Very few problems. :smashead:

i guess i needed to reply with the quote on the first post it doesnt make sense where its at. lol.

The thing about Vista is that you Must have enough ram. I work on a lot of computers. As long as I have 3-4 gigs of ram it runs as good or better than xp. Very few problems. :smashead:

I understand. I have Vista 32 bit on one PC and Vista64 on the other. It's just always a good idea to have one machine with the mature OS installed since it supports the most applications. That way you don't get stuck. :)

I understand. I have Vista 32 bit on one PC and Vista64 on the other. It's just always a good idea to have one machine with the mature OS installed since it supports the most applications. That way you don't get stuck. :)

Very true miles. I have to say also 64 is very limited in what it will and wont run. Maybe in the next year or so it will be a more available situation but right now it just isn't.:smashead:

http://ftp.kaspersky.com/devbuilds/AVPTool/


Talk about thorough. almost 15mins., but came up clean. Wish 1 can surf n just do 1 of these every once in a while w/out having it onboard as resident. that would b asking for trouble nowadays even w/safe hexing.

Any info on how bloated the paid version is? Thnx. Actually how much of a resource hog? This more than 40mb.

Set you clocks forward .

Hi guys,

I use Avira religiously ... but the other day it did not catch a Backdoor Trojan Banker ... but "A-Squared" caught it.

Just wanted to share it with you folks!

G!:)

In some of the security forums there is discussion of how new malware gets thru your antivirus protection, first it's too new for your definitions, then it grabs the internal process used by most AV and then hides whatever it want to do, same with your firewall.

Heuristics and later definitions are all that will work, we are seeing sets of rootkits which hide each other.

Avira plus mbam running resident has a chance.

Safe hex and vigilance are your best defense.

I thought mbam wasn't a resident always on AV. Is there a setting that keeps it on looking out for threats? Or by resident you just mean being installed on your PC, and ready when you are?

You're totally correct though, nothing's 100% fool proof. I think I caught something off of Major Geeks n also the Driver download site which has a indefinite ampount of advertisements, pop-ups and free offers.

Is SAS still holding its ground? That I haven't tried yet.

dr_ml422

The purchased version of mbam has the option to run resident for realtime protection.

I knew there was a catch. I'm getting senior moments, but I was almost positive the free version wasn't resident. Paid resident version bloated w/additional stuff not really needed?

Matter of fact which freeware sites are mostly recommended now if I may ask? Is filehippo still safe? How's cnet's download.com? Thnx.

I knew there was a catch. I'm getting senior moments, but I was almost positive the free version wasn't resident. Paid resident version bloated w/additional stuff not really needed?

Well I don't know if you would call it Bloat! LOL
But yes it will take some system resources.

What I really hate is bundled software as mostly always it's additions are not needed n constantly has to be updatedbecause of the many addons? I just want a AV if I pay for a AV. I'll get a Firewall alone if I want that, and I'll use a separate Spyware. That's what I mean by bloated, which most likely will use more resources. I also don't need a E-mail protection as I feel running my setup as being forwared from my ISP through Gmail is enough. That's why I chucked Nero's software once you guys introduced me to Imgburn.

I'm about to get a additional app. regarding 19 that's looking better now as the one I have is turning into a Nero.

Btw, I noticed Spybot quotes Mcaffee n Trend Micro as being Spyware according to the definition by the people behind the whole Spyware business. What's to say about that? Spybot's free so I see no reason other than trying to help for quoting that.

I hardly notice the mbam protection module running when I tested it

This the paid version? Also check this out. just ran mbam n 2 days found same infection. I might have to wipe my drives. thing is this is a different drive, but I cloned it so it prolly caught the infection from the other 1. I haven't gone nywhere except here today. You might b right about not being able to get rid of some malware. give me a pullup b4 this might get worse. thnx.

Malwarebytes' Anti-Malware 1.34
Database version: 1825
Windows 5.1.2600 Service Pack 3

3/9/2009 1:48:54 AM
mbam-log-2009-03-09 (01-48-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 63611
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

It's the paid version but I got it for testing only, I am allowed to use it on multiple computers, it's a perk.

That setup.exe is a red flag unless it's in a legitimate installer package.

Chances are it's a false positive from a bad installer.

If nothing else verifies an infection i wouldn't worry about it.

Here's a very good rootkit scanner

Please download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop. Extract (unzip) the file to its own folder such as C:\Gmer. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure.)
Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
Do NOT click scan. GMER does an automatic quick scan when run.
Click the copy button on the right side of GMER and then paste into your next reply.

This is not a toy, follow directions exactly, don't even move the mouse

2 days in a row n same infection. just ran avira n spybot came clean, but yesterday spybot caught some cookie and also that other 1 in my other thread. Let me download this n get back to you. Lil tired. want to be alert to learn how to run if necessary. Thnx.

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\92ef5b4d.sys (*** hidden *** ) [SYSTEM] 92ef5b4d <-- ROOTKIT !!!
Service system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
Service system32\drivers\UACkixnrjlq.sys (*** hidden *** ) [SYSTEM] uacd.sys <-- ROOTKIT !!!

This poor guy can't even connect to the internet and keeps having to borrow his wife's mac, I told him to reload, his wife told him to buy a new computer

Those are some nasty rootkits, must be nice to have the wife tell him to buy a new computer. I will take his old computer if he doesn't want it.

here you go:

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-09 02:49:18
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT BAF2BCAC ZwCreateThread
SSDT BAF2BC98 ZwOpenProcess
SSDT BAF2BC9D ZwOpenThread
SSDT BAF2BCA7 ZwTerminateProcess
SSDT BAF2BCA2 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

---- EOF - GMER 1.0.15 ----

Here's a state of the art system analysis tool, even a 64 bit version

No I don't want to analyze any logs, you'll see why

http://www.eset.com/download/sysinspector.php

Won't analyze because of the personal info included, or because it's not that hard since it has a color coded feature to check n see what's a real risk? Or both?

I'll run it anyway and see what's going on if anything at all. Thnx. Will also bookmark this page.

My report zipped was 142KB, the unzipped 1.6 megs

xml's are big

Oh ok. Well if I'm stuck then maybe I'll post part that I can't make out. Thnx.

It's good that you took to researching the Viruses more and their programs as after a while we all need something new and a bit more interesting to get into. This for sure is a much needed piece of info and makes for a valuable tool of knowledge as it's a vital part of the whole industry.

Great tool here. Really dissected the whole computer. Everything fine. Brought Avira as unknown, but prolly because I deactivated it thinking this was a Anti-Virus app.. It also brought up the hosts section as red or w/e. I think though it most likely was connections to the server for Avira and others n maybe some cookies. Too much stuff to go through as you posted. I ran Avira, Malware Bytes and Spybot n everything's clean.

Personally

if u have norton then ur safe :)

I have a router with a built in firewall - it rules! no slow in connection at all in anyway and if there was (which usually never is) i just use webcache from my ISP :D

You're joking. Norton has the weakest software going. The Anti-Virus doesn't scan all the files and folders and it skips the System Volume Information folder for a start and viruses can enter there easy and the Firewall has weak spots. Sometimes it goes wrong and blocks the internet when it's supposed to block hackers.

Not to mention the update folders corrupt at times so that you can't update the different softwares anymore until you fix it and when you check their help pages they suggest this 'n that that make matters worse.

With the latest round of rootkit(TDSS variants) eg Skyhook I have been using a program called RootRepeal


Many times your AV is totally blocked and even MBAM won't run.

http://rootrepeal.googlepages.com/

http://rootrepeal.googlepages.com/RootRepeal.zip

Just use the file tab at the bottom, scan and paste the report into a reply here please

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\UACcspejepqlpicdam.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UAChqoutbkivknbhsj.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACnpumfowaycqmust.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACrslysgmccmpxbam.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACvsdgryahwayjmuv.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACwinlaqllrykmihl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACwispkhxllkieexu.dat
Status: Invisible to the Windows API!

Path: C:\Program Files\Sandlot\Cake Mania\cakemania.exe:{CC93F282-9F98-EEBA-1D94-B379F02AE5B6}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\drivers\UACpaswvgkuowyjawn.sys Status: Invisible to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\UAC6e67.tmp
Status: Invisible to the Windows API!

Highlighting the core rootkit file and rightclicking and choosing wipe file then immediately rebooting allows to run MBAM and remove the infection.


http://www.malwarebytes.org/forums/index.php?showtopic=12709

Yes I know it happens only antivirus program but check that full version sometimes fails to scan infected email to delete so this kind of problem comes so try for other antivirus and check if it works.

Kirstein

i'm using kaspersky, but its update is too slowly to use. so, thanks for your share.

i'm a computer tech, and am familiar with many good, free s/w sites but like this new one.
also I had a message to post a debug log report and now don't know where it goes so here it is

i'm a computer tech, and am familiar with many good, free s/w sites but like this new one.
also I had a message to post a debug log report and now don't know where it goes so here it is

Sorry, can't talk about DVD ripping on this forum anymore, please refer to the rules, thanks:

http://forum.digital-digest.com/faq.php?faq=vb_faq#faq_new_faq_item