Announcement

Collapse
No announcement yet.

MS Anti-Spyware/Windows Defender jumped the shark?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MS Anti-Spyware/Windows Defender jumped the shark?

    I had a customer visit me today.

    He'd been infected with several different spyware/malware programs just this morning.

    His IE home page was hijacked and this weird program called SpywareQuake was running and throwing false warnings that his PC was infected with a virus.

    He had NAV 2006 and Windows Defender installed.

    NAV detected SpywareQuake but not the other infestations and it wasn't even able to properly remove SpywareQuake.

    Windows Defender, after a full scan, found nothing.

    I tried Webroot SpySweeper. It detected the infestations but the new version won't run a repair unless you buy it. Previous versions would run the repair but not enable active shielding.

    So I made the customer buy SpySweeper and it was able to remove the malware that was infecting his computer.

    Not only did Windows Defender not defend my customer, it didn't even detect that there was problem.
    P.S. You've been Spanked!

  • #2
    Why am I'm not surprised.
    Spyware Doctor and Spyware Sweeper are best cleaners I've found so far.
    Also why not do you friend a favour and remove NAV 2006 as well and try a different checker. Removing Norton itself will be like adding a few extra mhz to the system.
    Chief Lemon Buyer no more Linux sucks but not as much
    Weather nut and sad git.

    My Weather Page

    Comment


    • #3
      I have actually ditched my NAV2003 install and I'm now using AVG free, I havent noticed any speedchanges tho
      If there's artificial intelligence, there's bound to be some artificial stupidity.

      Jeremy Clarkson "806 brake horsepower..and that on that limp wrist faerie liquid the Americans call petrol, if you run it on the more explosive jungle juice we have in Europe you'd be getting 850 brake horsepower..."

      Comment


      • #4
        Originally posted by Technoid
        I have actually ditched my NAV2003 install and I'm now using AVG free, I havent noticed any speedchanges tho
        Well AVG isn't the speed demon it used to be. Give NOD32 a try!
        The Internet - where men are men, women are men, and teenage girls are FBI agents!

        I'm the least you could do
        If only life were as easy as you
        I'm the least you could do, oh yeah
        If only life were as easy as you
        I would still get screwed

        Comment


        • #5
          That and NAV2003 is not nearly as bad as the versions that followed it.
          Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

          Comment


          • #6
            I think 2004 was the best then it's been getting worse since then.

            Gurm whats NOD32 really like. I hear good things about it.
            Chief Lemon Buyer no more Linux sucks but not as much
            Weather nut and sad git.

            My Weather Page

            Comment


            • #7
              What about Lavasoft Adaware; the first spyware removal tool? Is it good?
              ATHLON XP 2600; Abit KX7-333Raid; 1GB SDRAM DDR PC-3200 Corsair XMS; Matrox Parhelia AGP 256; HITACHI 7K250 250GB; HITACHI 120GXP 120GB; HITACHI 120GXP 60GB; Sound Blaster Audigy 2; Plextor DVDRW PX-716A; Plextor CDRW Premium

              Comment


              • #8
                It's worth using, but it's not enough by itself. Personally, I don't think any of them are enough by themselves.
                Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

                Comment


                • #9
                  Originally posted by Wombat
                  It's worth using, but it's not enough by itself. Personally, I don't think any of them are enough by themselves.
                  That's what I've read and what I've recently experienced by trying to clean out my infected system. Each tool would find some things the other didn't. Doesn't give you any confidence at all.
                  <TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>

                  Comment


                  • #10
                    I'm fine with it. The thing is, the spyware companies are deliberately coding themselves to hide from specific spyware-removal tools, and/or to infect and cripple/disable those tools. Just be thankful they can't code against all of them at once.
                    Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

                    Comment


                    • #11
                      Since Sasq is apparently busy more than usual:

                      obligatory linux plug here

                      Comment


                      • #12
                        Originally posted by Nowhere
                        Since Sasq is apparently busy more than usual:

                        obligatory linux plug here
                        Shouldn't that be a MAC plug?


                        For easy cleaning of a system, try Hitman:
                        HitmanPro cleans malware, viruses, trojans, keyloggers, rootkits, trackers, ransomware and spyware while HitmanPro.Alert provides continuous scanning in real time.

                        The webpage is Dutch, but the interface is English. It installs various (free) scansoftware, scans (and cleans) using this software, and removes the software again.
                        Just scroll halfway down to see the list.
                        It also launches some purchased scan-software that is installed on the system.

                        The downside is that you cannot customize the various tools, the upside is that it runs them all unattended.


                        Jörg
                        pixar
                        Dream as if you'll live forever. Live as if you'll die tomorrow. (James Dean)

                        Comment


                        • #13
                          I got a recomenedation to try Bitdefender virus scan, and it seem to be pretty good.

                          It works (well) in windows xp 64bit, you can start up multiple instances of it and get them to scan your harddrives in parallel, it defaults to the second cpu/core which is usualy least active one so its almost like a backgound scan, and if you want you assign individual instance to cpus/cores

                          and it finds virus's

                          Comment


                          • #14
                            VJ, nah : http://forums.murc.ws/showthread.php...ory+linux+plug

                            Comment


                            • #15
                              Interesting util VJ

                              I just tried it. Took about 1-1.5 hours to run. You can configure it to add A/V too. It isn't totally stand-alone as you have to agree to the EULAs after the downloads (can be done for all at once though )

                              It presents a nice report afterwards. Here's mine to give a flavour:

                              Hitman Pro 2.4.1 - Report
                              05-04-2006 14:55



                              --------------------------------------------------------------------------------
                              Setup files external protection and inspection components
                              STATUS DESCRIPTION VERSION SIZE
                              Updated CWShredder Setup 2.19.0.1099 532480 bytes
                              Updated SpywareBlaster Setup 3.5.1.0 2566736 bytes
                              Updated Ad-Aware SE Personal Setup 1.0.6.0 2855080 bytes
                              Updated Spybot S&D Setup - 5037072 bytes
                              Updated Spy Sweeper Setup 4.5.8.683 8942160 bytes
                              Updated Spyware Doctor Setup 3.5.0.478 6427704 bytes

                              --------------------------------------------------------------------------------
                              Updates
                              STATUS DESCRIPTION SIZE
                              Recent Hitman Pro updater 203068 bytes
                              Recent Hitman Pro uninstaller 216306 bytes
                              Updated SurfRight Launcher 243471 bytes
                              Updated SurfRight Helper 293358 bytes
                              Updated Spyware Block List 576774 bytes
                              Updated Ad-Aware SE definitions 599106 bytes
                              Updated Flash Player 8.0.24.0 823472 bytes
                              Updated eEye JScript Patch 1.01 959672 bytes
                              Hitman Pro does not need to download updates

                              --------------------------------------------------------------------------------
                              Disk Cleanup
                              Cleaned C:\Documents and Settings\Elanor\Local Settings\Temporary Internet Files\Content.IE5
                              Cleaned C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5
                              Cleaned C:\Documents and Settings\Elanor\Local Settings\Temp
                              Cleaned C:\Documents and Settings\Tony\Local Settings\Temp
                              Cleared 1948 MB
                              Disk Cleanup clears folders with temporary Windows and Internet Files. Over time these folders can contain a lot of files, occupying a lot of disk space. This space could normally be used for documents and programs. Clearing the temporary folders is also an advantage for Hitman Pro because it will shorten inspection time of Ad-aware, Spy Sweeper and Spybot S&D. Also, the inspection programs will find fewer traces of spyware because potential spyware installation files are already wiped by Disk Cleanup.


                              --------------------------------------------------------------------------------
                              System protection and immunization
                              Windows Security Update concerning WMF Vulnerability (KB912919)
                              System is protected against WMF Exploit
                              eEye Digital Security JScript Patch
                              System is protected against JScript Exploit, using patch version 1.01
                              For more information see http://www.eeye.com/html/research/al...L20060324.html
                              Adobe Flash Player 8 ActiveX control upgrade
                              Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to version 8.0.24.0 (or higher).
                              For more information see http://www.macromedia.com/devnet/sec...apsb06-03.html
                              Adobe Flash Player 8 ActiveX control is upgraded to version 8.0.24.0 (was 7.0.19.0)
                              Applied workaround when logged in as Restricted User, based on TechNote: http://www.macromedia.com/go/624850b5
                              Shutting down Messenger service
                              The Messenger service can be abused to send ads and spam to computers in a network. Microsoft also released security updates to repair vulnerabilities in the Messenger service; attackers where able to run code through the Messenger service on unpatched systems. Note that the Messenger service has nothing to do with MSN Messenger en Windows Messenger.
                              Install on Demand has been disabled
                              When Install on Demand enabled, a Web page can download items to display the page properly, or perform a particular task. Web sites can abuse Installation on demand to install spyware. Note that when you disable Install on Demand you will no longer be prompted to download missing Language Pack components (for Web pages that require, for example, Japanese-text display support).
                              Trust level of zone Internet is set to Normal (Current User)
                              Trust level of zone Internet is set to Normal (All Users)
                              The trust level the Internet Zone should at least be set to Normal. This default setting causes Internet Explorer to prompt the user whenever potentially unsafe content is ready to download.
                              SpywareBlaster protection applied
                              Blocks the installation of spyware, adware, dialers, browser hijackers, and other potentially unwanted ActiveX-based software. With Internet Explorer 6 and Mozilla/Firefox, it also blocks cookies that may be used to track your activities, build a profile about your habits, collect information, or uniquely identify you to advertisers.
                              SpywareBlaster is freeware for personal and educational use. For more information see http://www.javacoolsoftware.com/spywareblaster.html

                              Spyware Block List protection applied (3599 elements are blocked)
                              This protection prevents installation and execution of harmfull ActiveX controls in Internet Explorer. It is an addition to the SpywareBlaster protection.
                              Spyware Block List is free for personal and non-commercial use. For more information see http://www.spywareguide.com/blockfile.php

                              --------------------------------------------------------------------------------
                              Ad-Aware SE Personal, free for private use. 00:05:07
                              1.06r1 SE1R102 03.04.2006
                              Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components.
                              Tracking Cookie

                              --------------------------------------------------------------------------------
                              Spybot - Search & Destroy 00:04:02
                              Version 1.4 (Build 2005-05-23) Latest detection update: 2006-04-01
                              Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer (removal of adware, spyware, dialers, keyloggers, usage tracks, trojans and other baddies). Spybot S&D is also capable of blocking threatening ActiveX downloads (supplementing SpywareBlaster) to protect your system against spyware.
                              Windows Security Center.AntiVirusOverride
                              eXact Advertising.BargainsBuddy
                              WebTrends live
                              Hotbar
                              Winfixer

                              --------------------------------------------------------------------------------
                              Webroot Spy Sweeper 00:14:15
                              Version 4.5.8.683 Definitions 649
                              Webroot Spy Sweeper lets you protect your privacy and your computer from a variety of spyware and unwanted programs, from those that monitor all of your computer's activities (system monitors), to those that can steal or destroy data (Trojan horses). It also detects programs that pop up advertising on your computer (adware) and cookies that may contain personal information (tracking cookies).
                              java byteverify
                              Tracking Cookie

                              --------------------------------------------------------------------------------
                              PC Tools Spyware Doctor 00:10:07
                              Version 3.5.0.478 Database 3.04420
                              Spyware Doctor is a top-rated malware & spyware removal utility that detects and removes your PC from thousands of potential spyware, adware, trojans, keyloggers, spybots and tracking threats.
                              Trojan.ISEXEng
                              Bargain Buddy
                              BlazeFind
                              MediaMotor
                              Tracking Cookie
                              Advertising
                              Lop.com
                              Affiliated with Browser Hijackers
                              WinFixer
                              Known Bad Sites

                              --------------------------------------------------------------------------------
                              Hitman Pro AntiSpyware 1.9.4
                              This additional inspection is searching for spyware, viruses, worms and Trojans wich can not (up to now) be found or deleted by the external components.

                              C:\Documents and Settings\Tony\Cookies\tony@itxt.vibrantmedia[1].txt (Tracking Cookie(s)) is deleted

                              <snip>

                              C:\Documents and Settings\Tony\Cookies\tony@micorsoft[1].txt (Known Bad Sites) is deleted
                              Legend: certified spyware
                              found with heuristics
                              links to spyware

                              Additional inspection did not find malicious software

                              --------------------------------------------------------------------------------
                              This report is generated by Hitman Pro, created by Mark Loman
                              Support the resistance against spyware and make a small donation; see the link Donate on the website http://www.hitmanpro.com/
                              FT.

                              Comment

                              Working...
                              X