Antispyware software reviews

spywareIntroduction
This time I'll explain how to use antivirus programs to protect a whole network segment: for example a company one. In the company where I work we've got constant problems with viruses, spyware and trojans so we needed a global change in our protection system in order to deal with the constant infection problems.

Problem
Usually when one computer gets infected then the virus uses its local area network to spread over the other computers. So instead of cleaning just 1 computer you end up cleaning a whole network segment.

Global solutions
There are many possibilities to prevent trojans and viruses from exploiting your network. I'll emphasize on two of them:

  • Honey Pots
    First one is the so called honey pot - fake alarm triggering actions implemented with Intrusion Detection System IDS on a linux/unix machine to trap the intruders(viruses/torjans/hackers). There exist complicated honey pot versions allowing to exploit the trojan horse and clean it automatically even before it has propagated over the local network.
  • Group Policies
    Another very effective type of protection is to implement antivirus programs using windows's group policies. So for example if you've got 250 windows machines they boot using a predefined set of rules (global policies). Since the number of running programs on the computer could be controlled via these polices it's becoming easy to start up real time virus resident protection programs such as McAffee, Kaspersky etc.
    The only problem could arise when a computer catches a virus unknown to the antivirus/antispyware program. In such case the virus will again spread over the whole network.

    Rescue    : As a last resort if you have group of identical computers you might use preburned ISO backup images having the main software and operating system and just copy them back thus fresh reinstalling everything on the system. This approach is much faster than a complete reinstall of windows distribution with its drivers and specific software.
How to choose a good antivirus program?
Lot of opinions I've heard about antivirus programs. Among recommended from friends and professionals were: NOD32, Kaspersky, Panda, Avast, Dr.Web, Mc-Affee, F-prot, AVG, AVP. I'll discus practical issues one might encounter when using those programs.

First off we started with Nod32 - very good and fast program. The problem after 2 weeks of use was that Kaspersky, Dr. Web, AVG and AVAST found viruses that NOD32 could not catch.
Conclusion: NOD32 is good for stopping trojans and filtering infected e-mails but there are viruses and spyware that it could not catch.

Panda - it's said that only Panda protects agains massive attacts with viruses and worms.
Conclusion: Good for general protection, but didn't catch the newest in wild trojans and slows a little bit the computer.

AVAST is very good free complex antispyware and antivirus software. Now my network is almost fully equipped with Avast and NOD32. Avast cleans almost all apyware/trojans by having resident on demand scanner that scans the files priror every request to them. The program moves infected emails rewriting their headers. This way it protects the user from accidental opening using Outlook Express.
Avast really speaks and gives alarms to the user. It has an intuitive user interface that looks like an audio player. The integrated resident scan engine doesn't decrease the perforamance of the computer as much as Kaspersky.
One problem that you might experience that Avast still misses some trojans so when browsing actively(it misses the massive 20 trojans attack reported by Panda) and you have to use alternative AV applications.
Another issue is how AVAST treats its infected files - when AVAST finds an unknown virus then it prompts the user for action which is almost usually Delete. But this is a real issue because this way you can erase lots of important system files. A good feature of this program is the Virus Recovery Database(VRDB) that automatically repairs(restores to previous state) the infected by unknown virus file.
So when users don't browse ultimate "bad" or "restricted" web sites AVAST provides definitely good protection.
Conclusion: use it, but also check your network with other antispyware tools such as AVG!

SpyBot vs Ad-aware
Well the discussion for free anti spyware program is enormous but after months of practice I've discovered that AdAware and Spybot antispyware databases are fluctuating. The only difference according to my tests is that the engine of Ad-aware is faster than Spybot's. Now Spybot has again regained his perfect accuracy by cleaning lots of modern toolbars and spyware that Adaware misses. That is the reason why I prefer Spybot - you could wait a few minutes but the revenue is having more fully cleaned system. The only cons is that due to the enormous adware/spyware/trojan database Spybot scanning is now very slow.

Spyware Terminator
I recommend using Spyware Terminator. It is free, faster than the most antispyware software and has an active system protection.

Windows Defender - aka Microsoft Antispyware requires genuine MS Windows distribution. Using that check Microsoft restricted lots of people from using their Antispyware Product.
Conclusion: Windows Defender is definitely better than some others but I hope that Spybot & Adaware will evolve and cause faster cleaning and better detection. Beware that the application takes up lots of system resources and thus slows down the overall system performance. That's why I recommend Spyware Terminator as a whole system protection.

Kaspersky has very big antivirus database that's why I recommend it, although it slows down a bit the computer. One could also use the free personal version from AOL active virus shield http://www.activevirusshield.com/ powered by Kaspersky.

Dr.Web - definitely better than Kaspersky. It has an integrated network scanner and resident shield. Best of all antivirus program - very light and fast Dr.Web has an integrated virus protection and its larger database recognizes viruses marked by Kaspersky as Unknown - > for example BkCln.Unknown. Now Dr.Web has a free stand alone scanner CureIt! which you can use for emergency scans.

AVG AntiSpyware - excellent antispyware program with updated engine and huge database aka ewido antispyware. It is fast and reliable.

CounterSpy has one of the biggest spyware database. It also scans and detects hidden viruses in alternate data streams. Use this program to check your overall system.

A-Squared free - although not offering resident protection this tool has detected hidden trojans that Spyware Terminator had missed - so give it a try once in a month for a full system scan.

Conclusion:
For a complete protection use combination of free antivirus & antispyware program: for example Spyware Terminator and BitDefender or Spybot and AVG.


Update:
Now AVG goes shareware so you might want to try the new AVP - Antivirus Toolkit Pro. by Nevyan Neykov


Post a Comment

Spyware removal tools

spywareIn this article I'll begin with the cleaning process of infected systems using a set of antivirus & antispyware programs. I'll use antivirus programs such as: SpyBot-Search & Destroy, AntivirGuard, Kaspersky Antivirus and Ad-Aware.
The goal is to clean Trojans and malware that had infected my system.
After downloading the anti virus software do not forget to update!




 

Rescue spyware cleaning with Spybot


  • Run Spybot
  • Go to 'Check for Problems' and wait until the checking process ends.
  • Then click on 'Fix selected Problems'.
    That will clean most of the trojans, adware, spyware and malware from your system.spybot antispyware
Teatimer - protection from bad Internet pages
Spybot has the ability to protect currently installed applications on your system from further infection named Teatimer.
  • To enable the blocking of bad pages from loading in Internet Explorer press Immunize
  • Check the options 'Enable permanent blocking of bad addresses in Internet Explorer' and 'Block all pages silently'.

To activate the immunization press the button: Immunize.

spybot immunize

Advanced settings
Here are some additional settings of Spybot(when used with program's default settings)
First Switch to Advanced Mode from Mode->Advanced Mode. Then choose Tools and check:
  • ActiveX - from here you can see which ActiveX controls are installed in your system and remove the bad ones. The same applies to Browser Helper Objects(BHO).
  • Host File - use spybot's integrated host file to block certain known bad web addresses.
  • Process List - from here you could watch, end(termninate) & operate with windows's processes as well as their according modules from sub-section Open Network Ports.
  • IE Tweaks - locking up protection to Internet Explorer and Hosts file. Usefull when a you have frequent spyware-related problems.

Ground cleaning with AntivirGuard

AntivirGuard is a free for personal use program. The process of installation goes with the automatic scan of the computer. The scanner is fast and the program has a resident protection. The only cons are that the definitions are not updated so fast but for a free for personal use product AntivirGuard is more than good.
For better cleaning results you can use the following additional settings:
under Options->Configuration, press Repair and check 'delete without prompt'
  • Unwanted programs: Activate all types
  • Heruistic: Enable macro virus heruistics
  • Win32 file heruistics: Enabled
  • Miscellaneous: Overwrite Deleted files

Rescue spyware cleaning with Ad-Aware

Ad-aware updates its definitions every week. It has two variants. This software goes well and removes even the hardest to clean viruses - the resident ones(running in the computer's memory).
Here is how to clean viruses with AdAware:


  • Run AdAware, and click on Scan now,
  • Check Perform Full system scan & press button Next.
  • Wait until the checking is done and press Next, then Right-click with the mouse and choose Select All Objects, again press Next, confirm with OK and the cleaning is done.


adaware usage


If you have a virus that don't want to disappear start in advance the integrated utility Ad-watch and gradually delete the virus with Ad-Aware.
The trick here is again immediately after the cleaning to restart the PC in safe mode and scan for viruses. This will remove even the nastiest variants of spyware.
For a complete system protection you can use Ad-Watch. It will monitor and stop registry changes and hijack attempts of your Internet browser.
Here are some additional Ad-Aware settings for a deeper cleaning and system files protection:
  • Scanning In category: Drives, Folders, Files check with green: Scan within archives
  • Startup In category Startup Action check with green: Clean automatically
  • Tweak Press + on the section Safety Settings and check with green: Write protect system files after repair.

Ground Cleaning with Kaspersky Antivirus

Kaspersky's definitions are updated on every 2 hours. The program has an intuitive interface so I'll look over program's advantages:
  • extremely big virus database - catches newest spyware, viruses and trojans
  • resident protection - has an active monitor that prevents virus loading from sources as Internet, Floppy drives, HDD, CD, flash memory etc.
The only cons are that program decreases computer performance, but compared to what viruses could do that is nothing.

You may continue with the complete list of small anti virus utilities.

Good luck with the virus cleaning! by Nevyan Neykov


Post a Comment

Spyware - How do I clean my PC

spyware bugWhen my system gets infected by a virus or an adware here are the steps that I take to clean up my computer. I hope that they'll make cleaning of spyware, adware, malware, trojan and other type of viruses easier for you.

Information revealed here concerns beginners as well as advanced Windows OS users. I will emphasize on two types of programs: free (AntivirGuard, SpyBot, HijackThis, Pocket KillBox) and requiring license (Kaspersky Antivirus, AdAware).

I'll use a combination of fast(rescue) cleaning - including removal of viruses affecting the actual system performance and ground(through) cleaning that will check every file on your system to prevent further infection. Without getting into bigger details let's move on to the actual process: EASY WAY
In wild exists so called "honest" type of spyware/adware so open Add/Remove programs and try to uninstall the suspicious elements. If the problem is solved - be happy, otherwise try the:
HARD WAY
  1. Copy&Install the chosen from above antivirus programs to your hard drive and Update them. Update is needed because when equipped with newest antivirus definitions the antivirus program could catch more new viruses.

  2. Unplug the LAN cable and start your Windows distribution in Safe Mode(restart the computer, press continuously F8 and select Safe Mode from the text menu). Then wait until windows loads.
    If you are using any kind of startup manager like MSConfig(For Windows XP users)or another, you must allow all the startup processes to load by stopping the startup manager before running HijackThis. This will allow HijackThis to see all potential problem software that may be on your PC. After scanning with HijackThis you can go back and start System Configuration Utility from: Start->Run->msconfig. From the menu services uncheck hide all. Next uncheck everything that you don't know(looks suspicious). Apply and press OK.msconfig
  3. Start HijackThis and press Do a system scan only. You'll see lots of results. Those are loaded at startup programs, settings and it is a bit hard to distinguish between a "virus" and valid application. You will see the entries that have hijacked/redirected/ your browser as well as some unneeded and possibly "virus" DLLs.hijackthis scan
    To know which entries are illegal start the integrated Process Manager. Here you can see DLL's used by the running applications. Unknown to you entries are the viruses. After you've determined them, mark the suspicious ones and press Clean. Usually viruses are hidden as loadable library modules - DLLs. or executable .EXE files. You can also find entries as .htm .html, .vbs etc... that usually affect your browser's home page.

What if the virus remain in memory?
Still exist a small possibility for some of the viruses will stay in your computer's memory. In such case remember(write somewhere) the "virus" filename either from the antivirus program error message or HijackThis's log. Again:

  1. Start the HijackThis Process Manager tool from Open the Misc Tools section->Open Process Manager
  2. Find the process created that "filename" and send a Kill Process command.
  3. Go to Delete on reboot tool and type the full path to the same problematic "virus" filename.hijackthis process manager
Alternative
As an alternative for file deletion you can use the program pocket killbox.

  1. Start it and enable the option Delete on reboot.
  2. Now paste the full path to spyware "filename" from Hijackthis in the field Full Path of File to Delete.
  3. Press over the red cross button and then 'yes' on Delete on reboot.

    Don't let Killbox to restart the system until you've erased all the suspicious filenames. If this procedure doesn't work just rename the infected file/directory. To do this restart in DOS mode or Recovery Console and use the command 'rename' or 'ren'.
Example: ren file.exe new_file.exe will rename the file file.exe to new_file.exe


Actual Cleaning

1. Again restart in Safe Mode. A message will appear that you are using a system configuration utility. Check on 'do not run this at startup' and press OK.
2. At this stage is good to turn off the system restore(in Me, XP) because some viruses are using the restore mechanism to infect again the machine if the virus has been intentionally deleted.
3. Start the preferred from above set of antivirus programs.
4. Press Ctrl-Shift-Esc and turn off the processes iexplore.exe and explorer.exe

How to use HijackThis Process Manager?

HijackThis has its own integrated process manager that can be used to start processes/applications as well to determine loaded DLLs for a specific process. To use this function click on the button Config and then over Misc Tools. Now you'll see a new screen with button Open Process Manager. This screen shows all the running processes at the moment on your machine. By clicking on the process you can select it. The button Kill Process ends the selected process.

To see which DLLs are loaded for a particular process check the option show DLLs. Your screen will split into 2 sections. In the first part will be shown all the running processes. When you click on a process its loaded DLLs(the libraries that are in use) are shown in the bottom part of the window.

How to use HijackThis Delete on reboot?

Surely you've noticed that often is too hard to remove some files. HijackThis has a method by which the Windows itself deletes the file prior its start, so the file don't get a chance to load itself.
To use Delete on reboot:
  1. Go to Config-> Misc Tools and press Delete on Reboot button.
  2. A new window will open from where you have to choose the file that you want to be deleted. Chose it and press Open.
  3. You'll be asked whether you like to restart to delete the file. Press Yes.

 by Nevyan Neykov


Post a Comment