OT: INternet Security Suites

[mobobog]

do you use any?

 

I got infected with some spyware called smitfraud, i have run all the trial programs i have found without success, any great spyware removal tool you can recommend?

[franknputer]

That one's a bitch - I had to take it off of one of my user's laptops last week. Try this:

 

http://www.bleepingcomputer.com/files/smitfraudfix.php

 

That worked, after several of the usual methods failed for me. Good luck!

[mobobog]

Thanks a lot, I'll try...

[blue2blue]

When I've had to remove extremely pernicious infections from client's machines (more as a favor... it's not something I would EVER add to my list of services...ever) I've typically found myself Googling to find as much info on the infective agent as possible (watch out for bogus info, though! Compare multiple sites, hopefully known to be reputable, if in doubt.)

 

 

A recent study showed that the most popular AV softwares, notably Symantec/Norton and Macaffee -- but also even useful free online AV scanners like Trend Micro's Housecall -- typically miss as much as 80% of new viruses -- which are typically the ones that are "going around," of course.

 

 

That said, by the time a client comes to me in frustration the virus is usually fairly well identified and if my first-reach tool, the aforementioned free, online Housecall doesn't nail it (because the commercial "pro" packages like MacAffee and Norton/Symantec are usually already so bollixed up as to be worthless -- if they were even up-to-date in the first place, which is typically not the case)... I will then proceed to search the web for advanced info to help me determine the identity and cure for the infective agent, which typically means thorough searches for problem files and multiple trips to the registry. The reboot button get's a THOROUGH workout...

 

 

 

 

__________

 

UPDATE: Drats... foiled by my own longwindedness again! Problem solved by the time my post went up, I guess.

[Dylan Walters]

I never used any consumer version Antivirus/Firewall/Spyware products. Anything with the name 'Norton' on it should be avoided like the plague. Symantec's Corporate Antivirus products are fairly nice, however. Any Internet Proection Suite takes an insane amount of system resources to run and are a bad idea to use if you have a small office with network shares. I use AVG Antivirus and it does a nice job while taking only a small footprint to run. I don't have any Spyware problems as I only visit known, trusted websites. Microsoft's Windows

[mobobog]

I also visit just known sites... and no, i dont visit porn sites

 

I dont know how i got it...

 

I am running the smitfraudfix utility, after answering yes to registry cleaning it is taking a long time... is it supposed to?

[mobobog]

Originally posted by franknputer That one's a bitch - I had to take it off of one of my user's laptops last week. Try this: http://www.bleepingcomputer.com/files/smitfraudfix.php That worked, after several of the usual methods failed for me. Good luck!

 

it didnt work

[philbo]

I have a hardware router with a built-in firewall, and a DSP modem with a built-in firewall, and also use these (freeware) products on PCs connected to the router:

 

Grisoft AVGFree (antivirus)

ZoneAlarm (software firewall)

 

 

I think the Grisoft Free availability will be ending soon -- - they are getting hungry for $$$.

[mobobog]

 

Originally posted by philbo I have a hardware router with a built-in firewall, and a DSP modem with a built-in firewall, and also use these (freeware) products on PCs connected to the router: Grisoft AVGFree (antivirus) ZoneAlarm (software firewall) I think the Grisoft Free availability will be ending soon -- - they are getting hungry for $$$.

 

 

I am using those too...

 

I recently changed zonealarm for comodo firewall just to try a different one, and it worked...

 

Seriously? they are dumping avg free? wow! that are bad news, at the beginning of this year avg free cleaned a virus in the same installation that got infected now.

[Joe Cole]

Here is two interesting products from a Danish company called NetOp.

 

Netop Desktop Firewall http://www.netop.com/netop-14.htm which is a driver centric firewall, and a fliter called Netfilter that actually uses text and image anaysis to block webpages. http://www.netop.com/netop-471.htm

 

I think there technology is really cool.

[franknputer]

Originally posted by mobobog it didnt work

 

Did you try it in safe mode?

 

I hope you can get rid of it - it was really a bitch...but that tool did manage to scrape it out of there, at least in my case.

 

The one my user got was from a trojan embedded in a "codec" (she/her boyfriend were supposedly trying to see video of Brittney Spears' un-clad crotch... I think they got what they deserved, really.)

[Anderton]

Are Macs still pretty much immune to viruses? I've heard about some going around for MacIntel machines, but do a lot of surfing on my G5 and haven't had any problems.

[franknputer]

mobo, you might want to check in here if you're still having problems:

 

http://forums.spybot.info/forumdisplay.php?s=&daysprune=&f=22

 

You can probably get much more specific assistance there.

[franknputer]

Macs are not "immune", but there is far less chance of getting one. People will argue about the reasons - I don't personally buy the obscurity angle (i.e. virus writers choose Windows because 85-90% of computers run it) as much as the fact that it's simply easier to write virii that will infect Windows.

 

If you're running your Mac with user privileges rather than administrator rights then you'll be a lot safer. Of course, that's true no matter what system you're running - most peoples' problems with Windows are related to the fact that it puts them in Admin mode by default.

 

I also think that this is exacerbated by software companies who require you to be in Admin mode to run their program, like Kodak's EasyShare - why the f*ck should anyone have to be in Admin mode to work with photos?!? But, I digress...

 

Safe computing is your best bet. Don't download anything without knowing what it is & where it's coming from.

[mobobog]

Originally posted by franknputer mobo, you might want to check in here if you're still having problems: http://forums.spybot.info/forumdisplay.php?s=&daysprune=&f=22 You can probably get much more specific assistance there.

 

Thanks i opted for the 100% effective solution...format!

 

Thankfully is not my audio PC, and i think some of my beloved "stupid pc user" friend should have downloaded something...

 

Now that i am out of college i will do what i wanted to do, and should have done, many years ago...switch to mac!

 

Well they are not inmune but they are not as vulnerable as pc's, and there are my 3 main reason to switch:

 

1. Reasonable priced software: $199 for the starter windows version!!!! and yes it includes calculator, and a clock...

 

2. Best package out of the box: once again...

 

3. less viruses spyware

 

 

Have you seen this ads?

 

http://www.apple.com/getamac/ads/

 

They are a lot of fun.

[Jon Gnash]

I use RegEdit and delete all the entries under

 

HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar.

 

I usually grit my teeth and mumble

[John Sayers]

I'm regularly hit by Keyloggers and trojans - I can always tell when they arrive because my machine suddenly slows down dramatically.

 

I use the windows firewall, and Avira Virus protection from Germany http://www.avira.com/ and it stops all viruses, i.e. I've never had one, just warnings since install, but it won't stop trojans.

 

I use Xoftspy and Ad Aware for spyware and trojan scans.

 

I update all programs and check Microsoft updates once a week.

 

It's dangerous out there:eek:

[Lancaster]

Originally posted by mobobog Seriously? they are dumping avg free?

 

No. If you click on the Nag Screen about going to 7.5, It'll open the website where they try and get you to buy a version.Scroll down to the bottom of the page to find the new free version...in tiny print, but it's there.

 

I installed it yesterday.

[mobobog]

 

Originally posted by Jon Gnash I use RegEdit and delete all the entries under   HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar.   I usually grit my teeth and mumble

[mobobog]

Originally posted by Lancaster No. If you click on the Nag Screen about going to 7.5, It'll open the website where they try and get you to buy a version.Scroll down to the bottom of the page to find the new free version...in tiny print, but it's there. I installed it yesterday.

 

Ahh ok, good news... because it really work for me. In fact the virus it killed wasnt even detected by norton... so i uninstalled norton

[philbo]

Ultimately (for WinTel machines) the best thing to do is to plan ahead a bit at the time you format your drive. Here's what I do on all my PCs:

 

1. Use Partition Magic to split up the boot physical hard drive into 2 or more parts:

 

C: 6 - 8 GB

Windows, Swap File (set to fixed size, 2x the amount of RAM), and programs that do not let you choose where to install.

 

D: 15 - 20 GB

All program files that allow you to choose where they are installed.

Plus, a directory called !INSTALLS that contains 2 or 3 folders: PROGRAM INSTALLS (copies of all program CDs + serial numbers & registration keys, and all downloaded program installers, like WinAmp, WinZip, Mozilla programs, ZoneAlarm, etc.),

DRIVERS (copies of all driver CDs for all the PC hardware),

and DOCUMENTS (safe place for text files, photos, and backup data, etc.)

 

E: (The rest of the drive) - MP3 collection, other extensively large data not associated with music or video recording/editing work

 

2. The 2nd physical drive is used for audio & video files, and other large chunks of data that need high through-put access.

 

This saves me considerable grief when I do get infected and can't be sure I've gotten it cleaned up - -

 

I just reinstall Windows on C: (telling the installer to reformat C: ), then use the D:!INSTALLS stuff to reinstall all drivers and programs (over their original directories in the root of D: ), and I'm back in business without having to search for any CDs!

 

I've gotten it down to about 2.5 hours for a complete redo, and have never lost data this way except for email addressbook and browser bookmarks (which I learned to backup to D:!INSTALLSDOCUMENTS after a couple of times).

 

Since you mentioned you are reformatting anyway, I thought I'd mention all this...

[mobobog]

Originally posted by philbo This saves me considerable grief when I do get infected and can't be sure I've gotten it cleaned up - - I just reinstall Windows on C: (telling the installer to reformat C: ), then use the D:!INSTALLS stuff to reinstall all drivers and programs (over their original directories in the root of D: ), and I'm back in business without having to search for any CDs!

 

Great advices... but how can you tell windows to install everything from a single directory, i dont recall having seen such option when installing windows.

[philbo]

Originally posted by mobobog Great advices... but how can you tell windows to install everything from a single directory, i dont recall having seen such option when installing windows.

 

 

??? You mean the drivers & programs? They're not in a single directory - - Each install CD is copied to it's own subfolder under D:!INSTALLSPROGRAMS

 

Actually, I have it organized a bit further than that - - for example, all stuff related to the web (ZoneAlarm, Grisoft antivirus, Firefox, Thunderbird, etc.) is all under

D:!INSTALLSPROGRAMSInternet

 

Similarly, Partition Magic, WinZip, WinRAR and stuff of that sort are all under D:!INSTALLSPROGRAMSDisk Utilities

 

All the programs are cataloged in that way. It's just a matter of saving time - - I don't like to hunt for stuff. Maybe I'm a little ADD, but by the time I find stuff, I've usually forgotten why I was looking for it and what I was going to do with it.

 

Y'know it's like the T-shirt says:

I have Attention Deficit Disorder and... oh look! A chicken!

 

 

On the other hand... if you are talking about reinstalling the programs on D:, again, each program gets it's own folder in the root of D: - - most programs present a default install path (like C:Program FilesYadaYada Software) but will allow you to browse to where you want them installed. And that's what I do.