More on this

Discussion in 'A+ Certification' started by Bill Eitner, Jul 4, 2008.

  1. Bill Eitner

    Bill Eitner Guest

    See the bottom for new text.
    Here's a good reference point from which to start:
    MF wrote:
    > "Bill Eitner" <> wrote in message
    > news:rhH4k.8204$...
    >> MF wrote:
    >>> "smackedass" <> wrote in message
    >>> news:pIf4k.1998$n9.1334@trndny01...
    >>>> I'm starting to question my own judgement. >

    > <snip>
    >>>> people look at me like I've got two heads when I say that I don't like
    >>>> Symantec/Norton. Name recognition goes a long way.


    >>>> What say you?


    >>>> sa
    >>> Good question. And maybe unanswerable,


    > <snip>


    >>> So I double click it and it installs with no warning or complaints from
    >>> Norton running in the background. And what it installs is a

    key-logging,
    >>> call-home trojan. Luckily, it was badly written and immediately

    crashed
    >>> XP SP2.

    >> This must have been before you had Bit Defender.
    >> I'm curious as to whether or not it would have
    >> identified it to any degree. With what has
    >> happened with AVG 8 (noticeable performance hit)
    >> and the fact that Grisoft is discontinuing support
    >> for 7.5, I'm interested in figuring out where
    >> Bit Defender ranks as far as detection capability.


    > I was thinking about this. About keeping the trojan carrier

    program, doing
    > up a hard drive with the same OS, imaging it, then downloading every

    AV prog
    > I could get. Then find out which of them would detect the nasty

    through an
    > on demand scan, and, after that, see if any of them would catch the

    program
    > and prevent it from installing. It would be interesting. But following
    > interests like that is one of the reasons I don't have a yacht, so I

    didn't
    > do it.


    There's a huge difference between having the dough
    for a yacht and keeping one file for testing anti-
    virus programs. Tell me where to go to download
    the little music program and I'll do it. On-demand
    scan it with Bit Defender--that's all I'm asking.

    > <snip>
    >>> I had a feeling these guys were missing the boat and had not identified
    >>> the variant I had. So I searched many forums (scrolling past dozens of
    >>> HJT logs)

    >> What's an HJT log?


    > The log(s) produced by HijackThis. The ultimate fallback program for a
    > manual cleansing. Written by Merijn, purchased last year by trend micro.
    > Still freeware.


    I'm familiar with HiJack This, but asking people to
    recognize it by "HJT" is asking a lot. It's not
    that well known. A few more keystrokes won't kill
    you or make you look less cool.

    - Hide quoted text -
    - Show quoted text -
    >>> had identified the files and registry keys the trojan installed. So I
    >>> went through the partition and killed it off manually. This was fairly
    >>> easy, because I knew the two dates associated with the trojan's files,
    >>> but the research was looooooong and less than joyful.

    >> At least you hit paydirt in the end.


    >>> If, as with most people, that had been my only computer, and XP the

    only
    >>> OS on the machine, I would have semi-screwed.

    >> Live CD to the rescue.
    >> One of the most valuable benefits of a live CD
    >> OS is that none of the hard drive files are in
    >> use--therefore no virus can fight your eradication
    >> efforts. And once the infected files are dealt
    >> with the registry entries refer to nothing and
    >> can be mopped up by a general purpose registry
    >> cleaner like CCleaner.


    > Agreed. That's the "semi" part of it. I haven't made/updated such a

    disk
    > in over a year ;( -- in fact, I should do it now.


    A custom Bart PE disk can make you look
    like a God. I've become fairly well known
    at the school I attend (I'm 44 and am attending
    a trade school in order to change careers).
    Other students know where to find me (the
    computer/electronics/telecom/wireless
    networking lab where I prepped for the A+).
    Most every week I end up straightening out
    at least one or two computers. It's good
    ` experience and I never turn down a chance
    to try and fix a computer. Most are software
    issues like virus infections. In fact the
    huge majority are such. Hardware problems
    are rare even though many of the owners
    think that's what's wrong. For example,
    last week I dealt with a Dell laptop where
    the display would randomly shut off. At
    first it appeared to be a hardware issue
    (the display backlight), but in the end
    it was malware. I installed Bit Defender
    from a hard drive in an enclosure (another
    of my favorite little toys), updated it and
    ran it. It found 20+ malware programs.
    After a half-day (4 hours) of cleaning it
    up the little laptop was working fairly well.

    - Hide quoted text -
    - Show quoted text -
    >>> Therefore:


    >>> Give the customer what they ask for. If they want Symantec, they get
    >>> Symantec. If you don't, and they later get a virus, they'll blame

    you.
    >> Good point. However, with me, they'd quickly be
    >> hipped to the fact that it was one of their decisions
    >> that led to the infection and that's where the buck
    >> ultimately stops. For example, you chose to obtain
    >> by whatever means and run that little music program.


    >> You pays your money and you takes your chances.


    >> I (and probably most others here) would have done
    >> the same thing. I would have manually updated Bit
    >> Defender, scanned it, and if nothing was found,
    >> executed it. That's how the game is played.


    > There's not much else you can do. If your AVs have been keeping you safe
    > for a while, the tendency is to trust them. You can't acquire and update
    > five different AVs every time you are going to try out a questionable
    > program. So you dance with the one you brung, at least till they

    stiff you.

    And even then maybe you forgive them.
    The trick for a virus author is to be clever.
    Being one of the first to see a new variant
    is not impossible.

    FYI, a good but mostly unknown program that
    can be used as a second line of on-demand
    defense is A-squared free. It can be configured
    to where there is basically no trace of it on a
    box for the most part (manually disable all options
    and services):
    http://www.emsisoft.com/en/software/free/
    That means it can truly co-exist with other
    security software without causing any issues.
    It's another program I use contextually that
    seems to be an above-average detector.

    - Hide quoted text -
    - Show quoted text -
    >>> If, however, they don't express any preferences, give them what you

    think
    >>> is going to be easiest for them to keep updated and to use.

    > <snip>
    >>> You can see the reason for my sort of vague advice above simply by
    >>> searching on "best anti virus program" and reading a few reviews.

    >> I did that when I was looking into on-demand scanners.
    >> What a mistake that was--nothing but argument.


    > You betcha.


    >> I'm hoping that Bit Defender is as good as it claims
    >> to be as far as detection goes.


    > Me too.


    >>> I might note that after looking at four such reviews at random, it
    >>> appears that Avira AntiVir is coming up in the world. Personally,

    I got
    >>> rid of Norton, have AVG 7.5 Pro (they had a one day give away that I
    >>> stumbled on) with Bit Defender in reserve for a second scan of

    stuff I am
    >>> leery about. I am, however, open to abandoning AVG if their reviews
    >>> don't improve.

    >> Eventually you'll have to make a decision as updates
    >> for AVG 7.5 will be discontinued. Let us know what
    >> you decide to go with.
    >> --

    > I know. I _think_ the Pro version will be good for the rest of the year,
    > but I got a popup from AVG saying that the Free version (on a different
    > machine) will not be supported after June 25. Perhaps they will come out
    > with an 8.01 with less bloat - but I think I'll try Avira and Bit

    Defender
    > no matter what they do.


    Personally, I think you're at a level where Bit Defender
    with all options unchecked and nothing else would be
    appropriate. You knew what you were doing when you
    danced with the little music program. You don't need
    a program that looks over your shoulder (checks every
    file you open and every action you take). If you choose
    to run both, be aware of the services that may conflict.
    Disable the Bit Defender services until you need/want to
    use the program. They are: bdss, vsserv, livesrv and xcomm.
    Further, I suggest trying the Bit Defender / A-Squared
    combo. To that you can also add Spybot. Every two weeks
    I manually update and run all three along with a backup of
    everything critical. Because I have a clue, they never find
    anything--but I always do it all just the same.

    Begin the new text here.

    I've just run into a situation that brought me to the conclusion that
    Bit Defender isn't particularly special.

    So, the quoted paragraph above makes me look like an idiot.
    I have to accept that. See below:

    Even though I religiously scan all downloaded executables manually
    and know the difference between safe and risky business online,
    recently I ended up with an annoying variant of the Trojan Vundo.
    As far as I can tell, this variant goes by: Vundo.euo which, trust me,
    isn't widely known. My recommended combo of Bit Defender Free V10 and
    A2 Free didn't see it coming. And, after the fact, Bit Defender didn't
    recognize all of the infected files. It found one--but that wasn't
    enough to stop it. A2 Free didn't see any of it--even at the height
    of the infection.

    Here's the deal with this variant: On an XP box it prevents Explorer
    from running. That means you have no taskbar--no start menu--just the
    background. Newbies won't know how to deal with that at all.
    Guys in the know will know to give a three-finger-salute (alt-ctrl-del)
    to bring up task manger and then manually start another instance (be it
    crippled) of explorer. From there the box is usable but slow.

    There is more to explain, but I'll cut to the chase.

    In my 12 years of experience this was one of the worst infections I've
    ever had to clear--and it was on my own box! In the end, HJT (Hi-Jack
    This) was the key. It exposed a key file that when deleted took out
    the bulk of the infection. From there it was just a mop-up operation
    (delete orphaned files and registry entries).

    So, there you have it.

    Feel free to respond and post your own stories.
    Bill Eitner, Jul 4, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hans-Georg Michna
    Replies:
    4
    Views:
    525
    Hans-Georg Michna
    Aug 24, 2003
  2. DVD Verdict
    Replies:
    0
    Views:
    563
    DVD Verdict
    Apr 7, 2005
  3. Louise

    Sygate uses more and more memory?

    Louise, Jun 1, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    486
    Louise
    Jun 1, 2004
  4. Alan Browne
    Replies:
    2
    Views:
    276
    Ron Hunter
    May 14, 2005
  5. Au79
    Replies:
    0
    Views:
    442
Loading...

Share This Page