See the bottom for new text. \nHere's a good reference point from which to start:\n[QUOTE]\n> <snip> [/QUOTE]\n[QUOTE]\n> I was thinking about this. About keeping the trojan carrier program, doing\n > up a hard drive with the same OS, imaging it, then downloading every AV prog\n > I could get. Then find out which of them would detect the nasty through an\n > on demand scan, and, after that, see if any of them would catch the program\n > and prevent it from installing. It would be interesting. But following\n > interests like that is one of the reasons I don't have a yacht, so I didn't\n > do it.[/QUOTE]\n\n There's a huge difference between having the dough\n for a yacht and keeping one file for testing anti-\n virus programs. Tell me where to go to download\n the little music program and I'll do it. On-demand\n scan it with Bit Defender-\-that's all I'm asking.\n[QUOTE]\n> The log(s) produced by HijackThis. The ultimate fallback program for a\n > manual cleansing. Written by Merijn, purchased last year by trend micro.\n > Still freeware.[/QUOTE]\n\n I'm familiar with HiJack This, but asking people to\n recognize it by "HJT" is asking a lot. It's not\n that well known. A few more keystrokes won't kill\n you or make you look less cool.\n\n- Hide quoted text -\n- Show quoted text -[QUOTE]\n> Agreed. That's the "semi" part of it. I haven't made/updated such a disk\n > in over a year ;( -\- in fact, I should do it now.[/QUOTE]\n\n A custom Bart PE disk can make you look\n like a God. I've become fairly well known\n at the school I attend (I'm 44 and am attending\n a trade school in order to change careers).\n Other students know where to find me (the\n computer/electronics/telecom/wireless\n networking lab where I prepped for the A+).\n Most every week I end up straightening out\n at least one or two computers. It's good\n` experience and I never turn down a chance\n to try and fix a computer. Most are software\n issues like virus infections. In fact the\n huge majority are such. Hardware problems\n are rare even though many of the owners\n think that's what's wrong. For example,\n last week I dealt with a Dell laptop where\n the display would randomly shut off. At\n first it appeared to be a hardware issue\n (the display backlight), but in the end\n it was malware. I installed Bit Defender\n from a hard drive in an enclosure (another\n of my favorite little toys), updated it and\n ran it. It found 20+ malware programs.\n After a half-day (4 hours) of cleaning it\n up the little laptop was working fairly well.\n\n- Hide quoted text -\n- Show quoted text -[QUOTE]\n> There's not much else you can do. If your AVs have been keeping you safe\n > for a while, the tendency is to trust them. You can't acquire and update\n > five different AVs every time you are going to try out a questionable\n > program. So you dance with the one you brung, at least till they [/QUOTE]\nstiff you.\n\n And even then maybe you forgive them.\n The trick for a virus author is to be clever.\n Being one of the first to see a new variant\n is not impossible.\n\n FYI, a good but mostly unknown program that\n can be used as a second line of on-demand\n defense is A-squared free. It can be configured\n to where there is basically no trace of it on a\n box for the most part (manually disable all options\n and services):\n [URL]http://www.emsisoft.com/en/software/free/[/URL]\n That means it can truly co-exist with other\n security software without causing any issues.\n It's another program I use contextually that\n seems to be an above-average detector.\n\n- Hide quoted text -\n- Show quoted text -[QUOTE]\n> You betcha. [/QUOTE]\n[QUOTE]\n> Me too. \n > I know. I _think_ the Pro version will be good for the rest of the year,\n > but I got a popup from AVG saying that the Free version (on a different\n > machine) will not be supported after June 25. Perhaps they will come out\n > with an 8.01 with less bloat - but I think I'll try Avira and Bit Defender\n > no matter what they do.[/QUOTE]\n\n Personally, I think you're at a level where Bit Defender\n with all options unchecked and nothing else would be\n appropriate. You knew what you were doing when you\n danced with the little music program. You don't need\n a program that looks over your shoulder (checks every\n file you open and every action you take). If you choose\n to run both, be aware of the services that may conflict.\n Disable the Bit Defender services until you need/want to\n use the program. They are: bdss, vsserv, livesrv and xcomm.\n Further, I suggest trying the Bit Defender / A-Squared\n combo. To that you can also add Spybot. Every two weeks\n I manually update and run all three along with a backup of\n everything critical. Because I have a clue, they never find\n anything-\-but I always do it all just the same.\n\nBegin the new text here.\n\nI've just run into a situation that brought me to the conclusion that\nBit Defender isn't particularly special.\n\nSo, the quoted paragraph above makes me look like an idiot.\nI have to accept that. See below:\n\nEven though I religiously scan all downloaded executables manually\nand know the difference between safe and risky business online,\nrecently I ended up with an annoying variant of the Trojan Vundo.\nAs far as I can tell, this variant goes by: Vundo.euo which, trust me,\nisn't widely known. My recommended combo of Bit Defender Free V10 and\nA2 Free didn't see it coming. And, after the fact, Bit Defender didn't\nrecognize all of the infected files. It found one-\-but that wasn't\nenough to stop it. A2 Free didn't see any of it-\-even at the height\nof the infection.\n\nHere's the deal with this variant: On an XP box it prevents Explorer\nfrom running. That means you have no taskbar-\-no start menu-\-just the\nbackground. Newbies won't know how to deal with that at all.\nGuys in the know will know to give a three-finger-salute (alt-ctrl-del)\nto bring up task manger and then manually start another instance (be it\ncrippled) of explorer. From there the box is usable but slow.\n\nThere is more to explain, but I'll cut to the chase.\n\nIn my 12 years of experience this was one of the worst infections I've\never had to clear-\-and it was on my own box! In the end, HJT (Hi-Jack\nThis) was the key. It exposed a key file that when deleted took out\nthe bulk of the infection. From there it was just a mop-up operation\n(delete orphaned files and registry entries).\n\nSo, there you have it.\n\nFeel free to respond and post your own stories.