Anti Virus Testing

[Azure]

I've been using Security Essentials lately and I really like it.

Lean and mean.

[BloodFetish]

Oilkiller, thanks for this great post. Not sure why but I have no "Thanks" button on this thread or I would have used it at least twice.

If you plan on doing more testing I have a request. I'm looking for a free-for-business AV program and in the past have used SpywareTerminator. When installing ST there is the option to also install the open-source ClamAV and include it in real-time shield. Therefore I'm very curious how ClamAV does in a real-time setting.

My beef with SpywareTerminator is that it feels heavy. I also find that less-savvy users get frustrated if HIPS is turned on because of the "Allow/Deny" pop-ups that are generated, and end up disabling the real-time shield! However it does explicitly state it's free for both personal and business use...

I have come across two other A/V packages that also incorporate Clam A/V - SecureITFree, and Moon Secure AV although I have not tried either one. I assume since they're using the same av engine that their test results would be the same as ST.

TIA!

[BloodFetish]

Quote:

Originally Posted by Azure

Anyone know anything about a gateway anti-virus?

We use the Sonicwall Gateway at the office and it does a great job(we get a lot less viruses now)....but its still not AS good as I want it to be.

Hi Azure. We also use Sonicwalls but until recently never paid for gateway antivirus. Now that we're buying the TZ200-series they come with either a one or two year subscription to Gateway AV so we're starting to get some mileage. Just curious - in addition to the Gateway AV do you also have AV software on the computers in your LAN? Can you elaborate on why it falls short of being "as good as you want it to be?"

Myself I've only known of two infections that Gateway A/V didn't stop. The first one we suspect was from a USB flash drive. The second was probably because I had disabled Gateway AV because it gave me a false positive on a file I was downloading, then I forgot to reenable it. D'oh!

[Frequitude]

Amazing thread. I'm uninstalling NAV and giving Avast a go. Thanks OilKiller.

Along a similar vein, what are some malware/spyware/general computer cleanup tools out there? I just ran CC Cleaner thanks to this thread, but am wondering if there are better free products available.

[BloodFetish]

Quote:

Originally Posted by Frequitude

Along a similar vein, what are some malware/spyware/general computer cleanup tools out there? I just ran CC Cleaner thanks to this thread, but am wondering if there are better free products available.

Congratulations on getting rid of NAV. Terrible program, although I hear their latest offering is better than before.

Here's some quick links...

SpywareBlaster (for immunizing a computer against several known threats, like bad ActiveX controls in IE, for example)

MalwareBytes (for cleanup, or as a manually-run 2nd opinion to Avast)

GMER (which specializes in finding rootkits, including the very elusive TDL3 rootkits. I had a computer with a TDL3 rootkit that infected a low-level system driver (atapi.sys) that eluded everything else I tried. GMER cleaned it up.)

ComboFix (When all else fails. Read their cautions about only using with the help of a professional, although I've used it by myself successfully. In my case the next step was reformat so I had nothing to lose...)

[OilKiller]

Quote:

Originally Posted by BloodFetish

If you plan on doing more testing I have a request. I'm looking for a free-for-business AV program and in the past have used SpywareTerminator. When installing ST there is the option to also install the open-source ClamAV and include it in real-time shield. Therefore I'm very curious how ClamAV does in a real-time setting.

Pretty sure I've done some testing with Clam before and it didn't do very well. There is a product out there called Immunet Protect that has teamed up with Clam AV. maybe give them a try. It is a cloud based AV product that is free. I think they have a paid version as well, but they do have a free version. Not sure if it is for business, but I believe it is free for all. They claim you can run it alongside any resident AV as well without issue.

[BloodFetish]

^^^In your posts you did some testing with ClamWin and it failed miserably, then afterwards you discovered it has no real-time shield. Sorry if I misunderstood.

I have just recently heard of Immunet. Reviewers have given it a so-so rating. Immunet's own website says it's intended to be used as a companion to another AV program. On the plus side it's reported to be very light on resources.

Maybe good in combination with the Sonicwall Gateway A/V?

[OilKiller]

I thought I had since done some other testing with Clam. Let me check some of my notes. Perhaps not...

I didn't care for Immunet, but some like it.

Personally right now, I'm using ESET Nod32 (actually the full ESET Smart Security package). Avast is an excellent free alternative, but not for business unfortunately. Not sure what is out there for business that is free. I haven't done much searching for that.

[Frequitude]

Quote:

Originally Posted by BloodFetish

Congratulations on getting rid of NAV. Terrible program, although I hear their latest offering is better than before.

Here's some quick links...

SpywareBlaster (for immunizing a computer against several known threats, like bad ActiveX controls in IE, for example)

MalwareBytes (for cleanup, or as a manually-run 2nd opinion to Avast)

GMER (which specializes in finding rootkits, including the very elusive TDS rootkits. I had a computer with a TDS rootkit that infected a low-level system driver (atapi.sys) that eluded everything else I tried. GMER cleaned it up.)

ComboFix (When all else fails. Read their cautions about only using with the help of a professional, although I've used it by myself successfully. In my case the next step was reformat so I had nothing to lose...)

Awesome. Thank you. Will these things also help clean up the unnecessary processes that I can see running when I hit CTRL-ALT-DEL? I don't know much, but I do see way more than I would expect.

[Azure]

Quote:

Originally Posted by BloodFetish

Hi Azure. We also use Sonicwalls but until recently never paid for gateway antivirus. Now that we're buying the TZ200-series they come with either a one or two year subscription to Gateway AV so we're starting to get some mileage. Just curious - in addition to the Gateway AV do you also have AV software on the computers in your LAN? Can you elaborate on why it falls short of being "as good as you want it to be?"

Myself I've only known of two infections that Gateway A/V didn't stop. The first one we suspect was from a USB flash drive. The second was probably because I had disabled Gateway AV because it gave me a false positive on a file I was downloading, then I forgot to reenable it. D'oh!

We run client AVs too, but usually they're Microsoft Security Essentials or something like that.

The reason I said the Gateway AV wasn't as good as it can be was due to a couple viruses getting through about a year ago. Nothing serious as the client AVs caught it, but something the Sonicwall should have stopped.

Otherwise it works remarkably well. Does a good job at stopping malware attacks too.

[BloodFetish]

Quote:

Originally Posted by Frequitude

Will these things also help clean up the unnecessary processes that I can see running when I hit CTRL-ALT-DEL? I don't know much, but I do see way more than I would expect.

No they won't. But now I have some more tools for you

ProcessExplorer. This is a replacement for Windows Task Manager that shows a LOT more information. Very customizable - you can add columns to report on many different stats, not just processor and memory usage. If you like it, make sure to check Options -> Replace Task Manager.

The Ultimate Troubleshooter. I recommend this program to people who are not confident about making changes to their computer. It's similar to AutoRuns in that it shows the programs and services that load on boot-up, but it also rates them as "OK", "Not OK", "User's Choice" or "Unknown" AND gives a very good lay write-up of what a particular program or service does so the user can make an educated choice. Not free but there is a 10-use trial, albeit without the write-ups. They also have a Task List website where you can look up programs, and see the type of write-up information you'll get in the paid version of TUT.

AutoRuns. From the people who made ProcessExplorer. This will collect all the autostart entries on your PC and categorize them. Usually I pay attention to the "Logon", "Scheduled Tasks", and "Services" tabs. This is tool meant for more advanced users than TUT is, as it doesn't give any information or recommendations about what it finds.

Have fun!

[Hack&Lube]

Avast, Malwarebytes, and Spybot S&D failed me today. I noticed that when I clicked on links on Google it was redirecting me to other sites. Googling on another computer indicated I had the tidserv trojan and Kapersky's manual tool cured this for me but I had to manually identify my issue and hunt down the problem myself.

[Hack&Lube]

Quote:

Originally Posted by BloodFetish

No they won't. But now I have some more tools for you

ProcessExplorer. This is a replacement for Windows Task Manager that shows a LOT more information. Very customizable - you can add columns to report on many different stats, not just processor and memory usage. If you like it, make sure to check Options -> Replace Task Manager.

The Ultimate Troubleshooter. I recommend this program to people who are not confident about making changes to their computer. It's similar to AutoRuns in that it shows the programs and services that load on boot-up, but it also rates them as "OK", "Not OK", "User's Choice" or "Unknown" AND gives a very good lay write-up of what a particular program or service does so the user can make an educated choice. Not free but there is a 10-use trial, albeit without the write-ups. They also have a Task List website where you can look up programs, and see the type of write-up information you'll get in the paid version of TUT.

AutoRuns. From the people who made ProcessExplorer. This will collect all the autostart entries on your PC and categorize them. Usually I pay attention to the "Logon", "Scheduled Tasks", and "Services" tabs. This is tool meant for more advanced users than TUT is, as it doesn't give any information or recommendations about what it finds.

Have fun!

Process Explorer is awesome, helps me figure out what dlls are associated with which executables or other processes that are running if I am virus hunting or just trying to pick apart programs.

[OilKiller]

Quote:

Originally Posted by Hack&Lube

Avast, Malwarebytes, and Spybot S&D failed me today. I noticed that when I clicked on links on Google it was redirecting me to other sites. Googling on another computer indicated I had the tidserv trojan and Kapersky's manual tool cured this for me but I had to manually identify my issue and hunt down the problem myself.

Unfortunately not all will be caught by any AV. That's why I usually suggest a layered approach, which is what you had. I'm surprised that not one caught it. Spybot, meh, but MBAM and Avast together missing it is surprising.

[BloodFetish]

^^^Pretty sure TidServe is one of the tricky TDL3 rootkits that a lot of software has trouble finding. Good on Kapersky for getting it. For a second opinion on whether you got it, try GMER...

[Frequitude]

NAV is officially gone, and Avast officially installed. My life thanks you for the additional 3 minutes I now have at startup.

[Hack&Lube]

Quote:

Originally Posted by OilKiller

Unfortunately not all will be caught by any AV. That's why I usually suggest a layered approach, which is what you had. I'm surprised that not one caught it. Spybot, meh, but MBAM and Avast together missing it is surprising.

Spybot is meh for actual scanning and curing but it is good for preventative practices like immunizing your OS & browsers against vulnerabilities and helping you create the hosts file, etc.

Quote:

Originally Posted by BloodFetish

^^^Pretty sure TidServe is one of the tricky TDL3 rootkits that a lot of software has trouble finding. Good on Kapersky for getting it. For a second opinion on whether you got it, try GMER...

I couldn't say that a normal Kapersky scan would have caught it, I had to get the manual tool specifically for this rootkit. Any suggestions for a good all-around suite that will take care of these as they happen instead of waiting for me to come across my computer acting all messed up and figuring out by myself what the problem is? (by which point it is often already too late).

I have GMER installed somewhere but it's been so long since I used it that I completely forgot about it or even where I put it.

http://www.rootkit.com/blog.php?newsid=970

Quote:

GMER was blind and unworkable, RKU refuses to run due to file operations blocking

"I don't want to even speak about antiviruses and their abilities to detection this currently. I'm 100% sure, they currrently CAN'T.

I should probably also download the latest Dr.Web CureIt! build. I wonder if that would have caught it.

[kdogg]

I have been recently failed by Avast as well.

After reading this thread, I made a switch from Security Essentials, to Avast.


After running Avast for a few months now, and I thought everything as going fine. I started having some redirecting problem in my browser, and got a little suspicious. I check my Avast log history, and for over a month, my scheduled scans have been detecting viruses, but Avast doesn't appear to do anything with them. It didn't even give me any sort of obvious indication that they were still on my computer.

I cleaned them up through Avast, and also ran Trend's House Call to clean up my computer a little more. I also recently installed Malwarebytes to clean up my computer even further.


Unless there is some sort of Avast setting I didn't select to automatically clean and warn of virus detection, I'll probably head back to Security Essentials as that has never let me down.
________
Prilosec class action

[Bobblehead]

Avast used to. As a matter of fact, it was a PITA - it would stop cold and wouldn't proceed until you old it how to deal with the virus. That was how they got you to buy the full version; with the full version you could tell it to always quarantine/clean/etc but the free one you always had to answer a prompt.

[Hack&Lube]

Quote:

Originally Posted by kdogg

I have been recently failed by Avast as well.

After reading this thread, I made a switch from Security Essentials, to Avast.


After running Avast for a few months now, and I thought everything as going fine. I started having some redirecting problem in my browser, and got a little suspicious. I check my Avast log history, and for over a month, my scheduled scans have been detecting viruses, but Avast doesn't appear to do anything with them. It didn't even give me any sort of obvious indication that they were still on my computer.

I cleaned them up through Avast, and also ran Trend's House Call to clean up my computer a little more. I also recently installed Malwarebytes to clean up my computer even further.


Unless there is some sort of Avast setting I didn't select to automatically clean and warn of virus detection, I'll probably head back to Security Essentials as that has never let me down.

Avast and Malwarebytes cannot catch the new Gen 3 rootkits.

I recommend Dr. Web for actual manual scanning. That is made by the Russians to defeat the Russians. Everytime you download it, it even downloads as a new build with a random filename.

http://www.freedrweb.com/cureit/?lng=en

Quote:

Originally Posted by Bobblehead

Avast used to. As a matter of fact, it was a PITA - it would stop cold and wouldn't proceed until you old it how to deal with the virus. That was how they got you to buy the full version; with the full version you could tell it to always quarantine/clean/etc but the free one you always had to answer a prompt.

I don't know, my Avast automatically deals with stuff.