Please help me find a new AntiVirus to replace others that had failed to root a virus.
July 6, 2006 11:04 AM Subscribe
Please help me find a new AntiVirus to replace others that had failed to root a virus.
I need a new antivirus program that can deal with serious Trojan threats. Recently, my other anti-virus programs had failed me. Avast, McAfee, and Microsoft Defender and Anti-Spyware failed to detect the Vundo Trojan that had attached itself to Winlogon.exe and made it take up 100% of the CPU. (The trojan accomplished by modifying the registry and attaching DLL processes to winlogon.exe) I had to do my own research to root out this virus. Therefore I feel that these three programs do not adequately protect my computer from viruses. I need a new antivirus that deals with tricky Trojans that attach themselves to Windows processes. Please reccomend something. I fear that one of these days my system will be overcome by another vicious Trojan horse.
I need a new antivirus program that can deal with serious Trojan threats. Recently, my other anti-virus programs had failed me. Avast, McAfee, and Microsoft Defender and Anti-Spyware failed to detect the Vundo Trojan that had attached itself to Winlogon.exe and made it take up 100% of the CPU. (The trojan accomplished by modifying the registry and attaching DLL processes to winlogon.exe) I had to do my own research to root out this virus. Therefore I feel that these three programs do not adequately protect my computer from viruses. I need a new antivirus that deals with tricky Trojans that attach themselves to Windows processes. Please reccomend something. I fear that one of these days my system will be overcome by another vicious Trojan horse.
What you might be looking for is a rootkit detector, rather than just anti-virus. A rootkit is malware that alters your registery to hide software (such as to render a trojan invisible to anti-virus software). Rootkits can be hard to detect and can escape most anti-virus software, so a specialised rootkit sweep in addition to your anti-virus software is one way to go.
posted by -harlequin- at 11:27 AM on July 6, 2006
posted by -harlequin- at 11:27 AM on July 6, 2006
If you've been rootkit-ed, the only real solution is to backup your data and reinstall the operating system. Rootkit detectors provide a false sense of security.
posted by Blazecock Pileon at 11:30 AM on July 6, 2006
posted by Blazecock Pileon at 11:30 AM on July 6, 2006
Response by poster: harlequin, do you know any rootkit sweet programs? Blazecock, I did manage to remove XVundo once it was detected. The answer to a removable Trojan that hides itself is to get a software program that can detect it. Why should I reinstall all my software packages and my OS if I am dealing with removable Trojans that can be taken care of?
posted by gregb1007 at 11:42 AM on July 6, 2006
posted by gregb1007 at 11:42 AM on July 6, 2006
Why should I reinstall all my software packages and my OS if I am dealing with removable Trojans that can be taken care of?
Rootkits open up your machine to any other compromise under the sun.
Imagine someone (Mr. Vundo) kicking down your front door. While the person kicking down your door may not walk in and steal your television, anyone else could steal the TV or unlock other doors to your house while the front door is missing.
Even if you put in a new front door (run a trojan removal tool), you still may have other unlocked doors you can't easily know about.
You can't trust that your machine hasn't been compromised by other vulnerabilities in the duration of time when you have been rootkit-ed.
Best to reinstall the operating system and applications in this case. It's more work, but security is the main downside of using Windows, and — unfortunately — that extra work is the simple reality for safe and responsible computing.
posted by Blazecock Pileon at 11:50 AM on July 6, 2006
Rootkits open up your machine to any other compromise under the sun.
Imagine someone (Mr. Vundo) kicking down your front door. While the person kicking down your door may not walk in and steal your television, anyone else could steal the TV or unlock other doors to your house while the front door is missing.
Even if you put in a new front door (run a trojan removal tool), you still may have other unlocked doors you can't easily know about.
You can't trust that your machine hasn't been compromised by other vulnerabilities in the duration of time when you have been rootkit-ed.
Best to reinstall the operating system and applications in this case. It's more work, but security is the main downside of using Windows, and — unfortunately — that extra work is the simple reality for safe and responsible computing.
posted by Blazecock Pileon at 11:50 AM on July 6, 2006
Sorry, I don't know of any good ones - I've been meaning to look into this for a while, but haven't as yet. Blazecock is probably right though - if you can find a rootkit and remove it, then use AV, and the symptoms stop, then you've probably got it, but I don't know if you could be sure. I haven't looked into it much :-/
posted by -harlequin- at 12:19 PM on July 6, 2006
posted by -harlequin- at 12:19 PM on July 6, 2006
Do you know how you were infected? If you're just looking for a solid AV program, I like NOD32 or Kaspersky. If you're really paranoid and want an extra layer of protection for your system processes you can look into ProcessGuard or Prevx. Read through some threads on the Wilders Security Forums for more recommendations.
For simply finding rootkits, there's a Sysinternal's tool that was co-written by the guy who brought to light the Sony Rootkit thing: Rootkit Revealer. It won't remove them automatically and it can be confusing to use, but it's a powerful tool. F-Secure had a simple one called Blacklight available in beta form, but it seems unavailable in standalone form now. It's apparently integrated into their suite now.
posted by Pryde at 1:00 PM on July 6, 2006
For simply finding rootkits, there's a Sysinternal's tool that was co-written by the guy who brought to light the Sony Rootkit thing: Rootkit Revealer. It won't remove them automatically and it can be confusing to use, but it's a powerful tool. F-Secure had a simple one called Blacklight available in beta form, but it seems unavailable in standalone form now. It's apparently integrated into their suite now.
posted by Pryde at 1:00 PM on July 6, 2006
« Older Arbitrary [x]html DOM Containers | California Real Estate Broker Exam Test Prep books Newer »
This thread is closed to new comments.
You might also look at their (free) removal tool for Trojan.Vundo.
posted by Blazecock Pileon at 11:16 AM on July 6, 2006