[tomdkat]

So, I was cruising through the malware removal forum and skimming some of the threads when I noticed something interesting. When talking about software to protect a system against spyware or viruses, certain apps are mentioned a lot (AVG, Avast!, Ad-Aware, Spybot, etc). When seeking help to remove malware, the apps recommended to protect against malware are less frequently mentioned and special removal tools, like ComboFix, are mentioned instead.

What's the point of installing anti-virus or anti-spyware apps if those apps won't be used to remove infections? Or is it that the specialized removal tools are simply better at removing nasty malware or viruses? If this is the case, why do the general purpose protection tools seem to consistently be deficient, requiring the need of the specialized removal tools?

Peace...

[Byteman]

Hi,

We are always giving advice on malware that is changing, newer tougher types coming along all the time. There can be some delay before the regular security programs can add the malware to their programs, or they just do not for some reason....

These special utilities are usually built by individuals, and we are allowed to use them, provided we provide the instructions and keep abreast of changes with the utility from the maker.

ComboFix is updated just about daily to relect new items to fix.

Some antispyware or antivirus/combo programs we reccommend may provide additional protection, while the special tools are only removers or show us logs that are helpful.

SpyBot for instance can provide some protection for the browser, as well as remove things.

The pay-for versions of AdAware , AVG Antispyware, etc provide more protections than the free versions, you may have seen info about those, too.

We generally look at a Hijackthis log first, to see if any of the more difficult to remove malware is there, and if so, it is up to the particular helper how they want to proceed....

*First may be a run with AVG or SUPER Antispyware, or a run with SDFix or ComboFix, depends. The version of Windows now that we have Vista comes into play as not all the programs OR special tools work in Vista.

*We then keep going through scan logs, and online scan results, until the problem seems to be fixed.... doing this can result in some really deep nosing around, in some cases.

*We often see outdated versions of the usual programs being used, and you may have seen it posted to get rid of for example, SpyBot 1.4 and get the newest version, 1.52....

[ccampton]

i alyways put my 2 cents in on this been using norton anti-virus standalone for 5 years. not one pop-up, nor one virus. pc is on 24/7

[tomdkat]

Thanks for the feedback. You make some great points.

For the record, I'm in no way criticizing the assitance, recommendations, or advice provided by those helping with malware removal. I was just wondering why it seems the general purpose software seems to be generally recommended infrequently. I especially noticed this on the AVG forum where people recommend a lot of the same removal tools that are recommended here.

I had no idea ComboFix was updated so frequently. Personally, I was thinking those who develop the specific removal tools had some information not available to the general protection software developers which enabled them (the specific removal tool developers) to develop tools that are more effective.

Thanks!

Peace...

[Byteman]

Hi,

I hope my post didn't make you feel that you were complaining, wasn't meant that way, only as explanation of what do.

Malware, meaning all types of things, has changed a lot and the most relied upon programs of the past few years cannot keep up with these newer rootkit level and other nasty types.


For particular, recurrent infections that change themselves or come back as different variants, the special tools work best, once they are updated to fix those latest variants. You can run into the situation, where no tool has it included at any given time, and come back several hours and get updates, or an updated version, which will take care of the infected files....

Takes a combination of things to clean up a very infected computer, that's for sure.

The newer malware often is not even very visible in Hijackthis logs, often we run the special tools as a way to ensure there isn't any of that hidden kind but, you should not do that without the correct directions for these tools!

I can tell you, that even with NO malware showing in a Hijackithis log it is often a big surprise when something like ComboFix pops up it's log loaded with nasties....

[idowindows]

Quote:

Originally Posted by ccampton

i alyways put my 2 cents in on this been using norton anti-virus standalone for 5 years. not one pop-up, nor one virus. pc is on 24/7

This reminds me of that guy on tv recently. Got a million miles on his pickup truck and that's awesome - but really, how many people can make same claim? The masses fall under the not-as-lucky category...some even as - victims.

Some times even the removal of Norton could prove troublesome.

[Byteman]

Yes, it's possible to avoid malware, but your antivirus program is not responsible for that, not totally anyway.

Everyone should be using an antivirus program.

Not everyone posting for help at TSG or other sites, is not using an antivirus program....

There are sure plenty of folks using Norton products of all types and versions posting along with the best of the antivirus product users....the difference is in what they do on the Internet, and how experienced they are, things like that.

[tomdkat]

Thanks for the feedback. What's the best way to determine if your anti-virus software of choice is actually doing its job?

Peace...

[Byteman]

Hi, You can use one or more of the online type scans, they detect a lot more than just virii so it is also a good way to check up on ALL the removal or protective programs you are using for all types of malware.

Housecall online scan:
http://www.trendsecure.com/portal/en...security_tools
_ _ _ _
Or this one:

HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Or this one: Kaspersky online full scan

• Please go HERE and click Free Online Scanner
• Read and Accept the Agreement
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• If you see a Windows dialog asking if you want to install this software, click the Install button.
• The program will launch and then begin downloading the latest definition files,
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
• Copy and Paste the contents of the on line scanner results into a Reply here in your thread, along with a new HJT log and log from any other scans you run.

_________

Bit Defender online
This online scanner is very thorough and can scan inside System Restore Points to delete
bad files-- this scanner will delete anything it finds infected! Which is why I have put it last- if a false positive is encountered, it will be deleted with no way to recover it, so use Housecall or Kaspersky first!! If you would like confirmation that any given item is bad or good, post back!

• * Go here and do the BitDefender online virus scan.
• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop so you can attach it to your next reply to this thread.