Subscribe

Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts

Search

Archives

Anti-Virus and Anti-Spyware

by Steve Wiseman on December 8, 2008 · 19 comments

in AntiSpyware,AntiVirus,Windows


.

I was making the rounds this weekend to visit family and friends. I was asked the usual…”um while you are here…do you think you could take a look at a little computer problem we are having?”

In each case, the system was loaded with spyware. The funny part is all of them were using Comcast, so they had the free Anti-Virus from McAfee. Not one of these systems showed any alerts that McAfee had found anything. Full system scan – nothing. It is true McAfee is Anti-Virus, and not Anti-Spyware – but I would argue that just because a program does not self-replicate does not mean McAfee should ignore it.

Same held true for AdAware. I did a complete scan with AdAware. Every time I would see there were 533 “Threats”. What were those threats? Cookies. Yep those pesky cookies. All of them were used to keep state in a well known web application like gmail. I think about 1% were from spamvertisers.

The first computer I looked at had this interesting piece of malware called “Internet AntiVirus Pro”. To the average user it looked like a real anti-virus product, and it would find all kinds of “viruses” on your system. It scared the heck out of my Uncle. He was considering paying the $91 fee they were suggesting to remove the “problems”

Take a look at one of the screens:

Internet AntiVirus Pro

You get a very professional payment form when you click on “Erase all threats” 89.95 + 1.95 activation.

I tried removing it by hand with no luck. Finally I tried SpyBot – Seek and Destroy – don’t let that website scare you. It really works. On every single system I cleaned Spybot did the job.

What about anti-virus? On Sunday I was at my Aunt’s house. I decided I would make a pre-emptive strike. “How is your computer I asked?”. “Fine” She said. Hmm. They have two teenagers that are constantly downloading everything and anything. “Can I take a look?”

Sure enough, SpyBot found nothing. Anti-Virus? I forgot that I had installed the free version of AVG a few months ago. They use DSL, and do not have Comcast….so no free McAfee.

Don’t get me wrong. I know this is just a single case – but I don’t think I will ever use McAfee again. If it misses that much how can I possibly trust it?

So this post is a question. What anti-virus are you using, and what has worked the best for you?

Email me at support@intelliadmin.com or post a comment in the article.

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 19 comments… read them below or add one }

1 DaveInACave December 8, 2008 at 11:05 am

Steve, great blog btw, I have been using http://www.avast.com/ for quite some time. I have never had my system infected with spyware. I recommend it to all of my friends and family

2 Jennifer December 8, 2008 at 11:08 am

I have been using trendmicro at home for over a year now, and I have not had any problems. I wonder if that is a false sense of security. I think I will be downloading SpyBot tonight to see if there is anything on my system.

3 Anthony Leondis December 8, 2008 at 12:21 pm

Kaspersky has been good for us. I never have had any spyware on my system, but then again I don’t download much these days.

4 Ivan_NJ December 8, 2008 at 3:14 pm

I use and always recommend Zone Alarm Security Suite, it’s all in one, not a memory hog and simple to use (if you want to pay for)

Other solution is a FREE alternative, Trend Micro http://housecall.trendmicro.com/housecall/ is web based and does a very good job.

For some pesky hard to detect spyware I would go for MalwareBytes http://www.malwarebytes.org , this one is also free.

5 cloudkicker December 8, 2008 at 3:57 pm

In Germany Avira’s AntiVir ist very popular. Many tests show that it has very good recognition of viruses. It’s free for private users and it’s available in English, too.
Avira AntiVir Free.

6 Doug Woodall December 8, 2008 at 7:27 pm

Isnt Spybot great?
It always comes thru when you need to get rid of those pesky nasties.
I get the same line when visiting. I dont get much visiting done.
Most users just assume they are protected by whatever product came installed on their puter.
How many repeats do you get? Say, from the time you fix the puter at ThanksGiving till the next time you visit at Christmas?

7 Angus S-F December 8, 2008 at 7:45 pm

I use McAfee, but not the “free” Comcast version. I also use Spybot S&D. I have never been infected, but I’m also a computer consultant and probably vastly more careful than most.

My home-user clients who have been infected have been running various AV packages, usually Symantec but sometimes AVG (free) or Avast (free). The infections I’ve had to deal with most recently have all been variants of the AV2008/AV2009 type, which is very good at social engineering.

8 Alex December 8, 2008 at 10:00 pm

At my company we used to use Avast with home users but ran into a number of times that it let items through because it did not do daily full system scans even though it does realtime scanning. AVG Free tends to be our AV of choice these days – I use a batch file i created to automate the installation in order to do an instant update upon installation as well as turning off the “safe search” and removing the “advertisement” dll so they cannot push the users into purchasing and upgrade that isnt needed.
We use spybot as well – it’s very nice in that it can be setup to be automatically run on startup – update, immunize and scan and clean or can be setup to just do it automatically whenever the program is opened manually. This helps for those less that technical users that get scared when they see large lists of “infections” that may only be simple cookies.

There are 2 really bad infections going on that we’ve been dealing with on the corp and home user front that falls into the same category as the Internet AntiVirus Pro you ran into. It had been going by Antivirus XP Pro, Antivirus 2008 XP, Antvirus Removal Pro 2.1 and a number of other variations. You ran into a more docile variety of this trojan/virus infection. It tends to masquarade in emails as a zip file attachment on a spam message from someone claiming to be UPS and saying that they were unable to deliver an item and the information is included in the zip. This has tricked over 60 of our users in the past 3 months even with us sending out warnings.

The other is something I’ve seen before and is becoming prevalent again. It’s coming in as a CODEC update (either FLASH or something else) in order to view a video from a website link in a forwarded email from a friend. In many cases this is comign from a legit friend and they are themselves infected as well. It’s files masquarade as if they were qttask.exe or hpmon.exe (those are the real utilities – they usally add a letter or # to the file name or change it so it’s only 1 letter off). I have an Avira portable version that was amazing in ending the processes and removing those two files and identifying the location of the codec trojan installation so i could manually remove the rest of the infection.

AUTORUNS from sysinsternals is also amazing in being able to determine valid or invalid items loading on startup and being able to pinpoint a real infection.

9 vince December 8, 2008 at 11:44 pm

I have to agree Avira AntiVir Free is fantastic. It’s also has low system overhead.

10 Graham Thompson December 9, 2008 at 7:45 am

I have deployed ESET NOD32 for both business and home clients over the last few years and have been incredibly impressed by both the small footprint of the client software and also how damn effective it is! Now I can concentrate on other more lucrative calls!!

Unlike many antivirus clients out there (both free and paid for) NOD32 scans for “viruses, trojans, worms, adware, spyware, phishing, rootkits”. I have seen NOD32 pick up on viruses that some of the major players in the market miss completely.

Just to add, I don’t work for them!!

On a side note, I have found the free version of AVG to cause a number of stability issues with XP SP3 of late!

11 Darien December 9, 2008 at 10:31 am

At home I run avast free on all my machines there and have been for awhile. No problems so far…

12 Michael Allen December 9, 2008 at 7:52 pm

I Would Have To Agree With Graham, I Am In Love With NOD32. I Used to Use CA AntiVirus, However Found That It Has Started To Miss Things, So Now I Have Been Using NOD32 For Over A Year & Works Great.
– Low Foot Print
– Highly Configurable
– Alerts

Note I Use The Business Edition v2.7 I Believe, Can’t Check At The Moment, However I Tried The Newer Version & Was Not Impressed.

MJ

13 Jon December 10, 2008 at 12:19 am

I use Symantec Corporate Edition AV v11. Works great.

14 Cameron December 10, 2008 at 1:01 am

Nice post!! McAfee provides best antivirus security…

15 DanB December 11, 2008 at 5:18 pm

I use spybot all the time. But recently some stuff has been going around that requires malwarebytes to remove. One, Antivirus 2008, would not let spybot run and I finally had to rename malwarebytes so it would not stop it from running.

On my systems I run avast, but it requires you to get a new license every 14-16 months and many of my home users do not update and then get infected. So AVG is the ticket for them. In the last two weeks I have been finding malware that disables McAfee and gives fake windows security windows. Norton gets hacked frequently. I run linux on my main machine with vista and xp running in Virtual Box so to give me a extra layer of protection.

The machines that have Spybot and either AVG or Avast rarely get infected. Avast gets your attention when it finds something.

At this moment I am removing something called Spyware Guard 2008. I tried to help them over the phone but it was to hard to remove, so I have in on the bench. Even Malwarebytes is having problems with it.

16 KevinP December 14, 2008 at 9:31 pm

As a retail computer tech, I’ve found that you need to run more than one anti-virus and anti-spyware programs in order to be thorough as some programs will catch some things that others won’t catch.

So my usual routine is the following.

– Run ComboFix (Removes those AntiVirus 2009 and etc in one shot)
– Run HijackThis

– Load up UBCD4Win from a ThumbDrive

– Run Avira Antivirus with latest definitions (Both Full System Scan and RootKit Scan)
– Run SuperAntispyware
– Run Spybot
– Run aSquared Free

– Reboot system and Install Avast, run Boot up Scan
– Run Spyware Terminator

– Run Spyware Blaster to be immunized against threats.

Seems like a lot, but you’d be surprised sometimes at the stuff you’d find left behind by other programs.

Only after all of that I know a system is clean.

I’ve seen Norton and McAffee do absolutely nothing when the system was in fact loaded with viruses. NOD32 and Kaspersky in my experience work really well for paid AVs, for the free ones Avira and Avast.

17 Ellie_D December 17, 2008 at 12:18 pm

I have to agree with KevinP, one antivirus program does not cut it.I personally am currently running avg-free, It has become quite “heavy” as an antivirus program. I also use comodo free firewall, can be annoying at times but I rather the annoyance than the infections. Firefox with add-in such as Adblock plus, Noscript and WOT do their part too.

AVG might not be the best but with the help of other programs such as Spybot and Spyware blaster and a few more I feel fairly safe. Norton isn’t as effective as I would want it to be.

18 Jarret January 4, 2009 at 8:51 am

I also have Comcast and now have Antivirus 2009 and other viruses I am trying to battle. I think the original Trojan came in when I tried to use the comcast spyware scanner. My computer is virtually useless at this point. I will get back to all of you with your various suggestions to see which seemed to help the most. Otherwise I will be coming to see you, Kevin P.

19 Deepak April 24, 2009 at 7:26 am

I use nod32… it uses less resources and has a nice detection rates…
Kaspersky is also good…but it uses more system resources(in my case i cant compromise with that…)

Leave a Comment

Category Links - Windows Forum - Exchange Forum