Superantispyware update

[Guest]

Hello Tim,

This is a Panda product. Is SUPER fast.
http://www.pandasoftware.com/about_panda/press_room/nanoscan_online_scanner_detects_malware.htm

Maybe you want to keep the link in your flash drive.

I try the scanner, but my systems are clean, so the only thing I can said
is, that scanner really FLY, I don't about detections.

Enjoy
--

Of course in the interests of "full disclosure" I should mention that I also
have, and keep updated, just in case,

MS Monthly Malicious Software Removal Tool
MS/Sysinternals RootkitRevealer v1.71
McAfee Rootkit Detective [Beta]
McAfee Stinger and
Avast Stand alone Virus Cleaner 1.0.209

these can all be run from a flash drive,

"he says sheepishly as in crawls back into his cave ..."

?:-\
Tim

But surely, Randy, the problems will arise only if they're running in the
background to provide RTP? If you're using them as on-demand scanners (as in
Tim's case, and indeed in mine to a lesser extent) there shouldn't be a
problem in general?

I've never
encountered any difficulty in doing on-demand scanning with a wide range of
AS programs, myself - and generally speaking it seems to be a recommended
practice. Isn't that so? (If it isn't, I've been wasting my time these last
few months trying to put together an effective arsenal that I can trust.)

 

[Guest]

This is a Panda product. Is SUPER fast.
http://www.pandasoftware.com/about_panda/press_room/nanoscan_online_scanner_detects_malware.htm

Thanks for the link Engel. I just tried it, and yes it sure is fast! I can't
judge how effective it is because it detected nothing, but it's a useful
extra check to have available.

 

[Guest]

Of course in the interests of "full disclosure" I should mention that I also
have, and keep updated, just in case,

MS Monthly Malicious Software Removal Tool
MS/Sysinternals RootkitRevealer v1.71
McAfee Rootkit Detective [Beta]
McAfee Stinger and
Avast Stand alone Virus Cleaner 1.0.209

The only one of those I use is the Malicious software removal tool. I
haven't dared to venture into rootkit detecting waters so far, basically
because I wouldn't have the faintest clue about what I was doing.

 

[Bill Sanderson MVP]

I've used three rootkit detecting products--Sysinternals Rootkit Revealer,
F-secure's Blacklight, and something else whose name and vendor I can't
recall at the moment. Blacklight is pretty user friendly--I think the
results are pretty clear. Rootkit Revealer results need some
interpretation, or have in the past--they will list stuff which is "normal"
and you need to do some reading in the help to be sure of what you are
seeing.

I have, in fact, worked on a couple of systems that had commercial spyware
rootkits on them, and the rootkit tools were the only ones that detected the
problem. Windows Defender didn't see it, nor did AVG's spyware app, nor
Norton Antivirus.

--

Of course in the interests of "full disclosure" I should mention that I
also
have, and keep updated, just in case,

MS Monthly Malicious Software Removal Tool
MS/Sysinternals RootkitRevealer v1.71
McAfee Rootkit Detective [Beta]
McAfee Stinger and
Avast Stand alone Virus Cleaner 1.0.209

The only one of those I use is the Malicious software removal tool. I
haven't dared to venture into rootkit detecting waters so far, basically
because I wouldn't have the faintest clue about what I was doing.

 

[Tom Emmelot]

Hi Engel,

So I did the scan, than it says Nothing found and my PC-Cillin 2007 is
up to date. Than i found out on the same site that Nano only detects,
that the real version "Activescan2" detects more! Also it can remove
things, but than it took more than a hour to find with the full scan!
So nice a flying scanner but it fly's over the things!

Regards >*< TOM >*<

Engel schreef:

Hello Tim,

This is a Panda product. Is SUPER fast.
http://www.pandasoftware.com/about_panda/press_room/nanoscan_online_scanner_detects_malware.htm

Maybe you want to keep the link in your flash drive.

I try the scanner, but my systems are clean, so the only thing I can said
is, that scanner really FLY, I don't about detections.

Enjoy
--

Of course in the interests of "full disclosure" I should mention that I also
have, and keep updated, just in case,

MS Monthly Malicious Software Removal Tool
MS/Sysinternals RootkitRevealer v1.71
McAfee Rootkit Detective [Beta]
McAfee Stinger and
Avast Stand alone Virus Cleaner 1.0.209

these can all be run from a flash drive,

"he says sheepishly as in crawls back into his cave ..."

?:-\
Tim

:
In my opinion, the above three are overkill, you should consider uninstalling them.
Your call - just a recommendation, as too many A-S applications (will) cause problems.
But surely, Randy, the problems will arise only if they're running in the
background to provide RTP? If you're using them as on-demand scanners (as in
Tim's case, and indeed in mine to a lesser extent) there shouldn't be a
problem in general?
I've never
encountered any difficulty in doing on-demand scanning with a wide range of
AS programs, myself - and generally speaking it seems to be a recommended
practice. Isn't that so? (If it isn't, I've been wasting my time these last
few months trying to put together an effective arsenal that I can trust.)

 

[Guest]

I have, in fact, worked on a couple of systems that had commercial spyware
rootkits on them, and the rootkit tools were the only ones that detected the
problem. Windows Defender didn't see it, nor did AVG's spyware app, nor
Norton Antivirus.

That's a depressing piece of information, Bill! Were these systems
misbehaving in any way? I mean - did you check them out for rootkits because
they were behaving oddly and you were suspicious? Or did the detection come
unexpectedly, out of the blue, during a routine check?

What about the Microsoft Malicious Software Removal tool? Does that detect
rootkits?

 

[Guest]

So I did the scan, than it says Nothing found and my PC-Cillin 2007 is
up to date. Than i found out on the same site that Nano only detects,
that the real version "Activescan2" detects more! Also it can remove
things, but than it took more than a hour to find with the full scan!
So nice a flying scanner but it fly's over the things!

I'm not quite clear, Tom - did the full scan actually find anything after
its hour of searching?

I suppose the point about the fast scanner is that, as it says, it only
detects ACTIVE malware. Presumably if something is lying around dormant for
some reason, it won't be picked up by the fast scanner, because at the moment
of scanning there's no actual PROCESS to detect. Is that right?

 

[Randy Knobloch]

That's a depressing piece of information, Bill! Were these systems
misbehaving in any way? I mean - did you check them out for rootkits because
they were behaving oddly and you were suspicious? Or did the detection come
unexpectedly, out of the blue, during a routine check?

What about the Microsoft Malicious Software Removal tool? Does that detect
rootkits?

More info for you, Alan -
http://support.microsoft.com/?kbid=890830

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.

 

[Robinb]

happens to be my # 3 because it found a trojan that all the others could not
find
robin

 

[Robinb]

wow a bit parinod tim?
robin

You have 'em in ranking order, Tim? Like a 'my favourite movies' list?
Go on - you know we want to know. Give us the countdown to number 1......

#1 Real Time Active Protection:
WD [Spyware], McAfee [Viruses & PUPS], TeaTimer [System Changes WD
doesn't see]

OnDemand Scanners:
#2 Adaware [trusted, established, reliable, catches selective cookies]
#3 SpyBot S&D [trusted, established, reliable, catches cookies AdAware
doesn't]
#4 Windows Defender Ondemand Scan [Updated 2x a week, MS SHOULD know what
it's doing, no false alarms yet]

3rd Tier:
#5 SuperAntiSpyware [Updates too often for me to trust that they test
well.
Their support people lied to me. Also Makes system changes that are not
brought to our attention at installation]
#6 Yahoo Anti-Spy [Does not update often enough [months], but it's quick]
#7 Yahoo Norton Spyware Scan [WAY TO BIG, RARELY UPDATES[months]]

#8 XoftsoftSpy [Had a bad rep once, I don't forgive easily. False alarms
in
the beginning [U3 version]]
#9 Avast AV [U3 version] [Not a bad program at all] Some reported false
alarms in its Real Time component but I don't use the RTP.

#10 ClamWin Updates Several times a day. Takes forever to run [80
minutes]
#11 U3AntiVirus [McAfee] Same engine and dats as the desktop version
[Ondemand scan only]

#'s 8,9&11must be run from the flash drive
#10 is tested 2x a week for backup purposes but takes just tooooo long to
use.
#11 is never used by me [I use it to save other peoples butts]

All the above are of course Free for me [very important factor]

These [and browsing unknown sites with a "locked down" version of Firefox]
are my arsenal.

?
Tim
Geek w/o Portfolio
Only the Paranoid Survive

You have 'em in ranking order, Tim? Like a 'my favourite movies' list?

Go on - you know we want to know. Give us the countdown to number 1......

It's a funny thing, the way we 'feel' about these programs, don't you
think?
I feel instinctively that I trust Superantispyware - maybe because it
picked
up a weird bit of malware for Robin that everything else had missed, but
it's
more of a gut reaction really. When it tells me I'm clean, I really
believe
I'm clean!

 

[Robinb]

I installed superantispyware on 20 computers so far and none of the hiccuped
in anyway
all different OS- xp home, xp pro, media center
robin

Inline, Tim -

#1 Real Time Active Protection:
WD [Spyware], McAfee [Viruses & PUPS], TeaTimer [System Changes WD
doesn't see]

I would disable SpyBot's "TeaTimer", if that is what you are referring to
above.
It *is* troublesome and causes many users issues. I do not run it.

OnDemand Scanners:
#2 Adaware [trusted, established, reliable, catches selective cookies]
#3 SpyBot S&D [trusted, established, reliable, catches cookies AdAware
doesn't]
#4 Windows Defender Ondemand Scan [Updated 2x a week, MS SHOULD know what
it's doing, no false alarms yet]

You got that right, SpyBot will catch what Ad-aware does not and
vice-versa.

3rd Tier:
#5 SuperAntiSpyware [Updates too often for me to trust that they test
well.
Their support people lied to me. Also Makes system changes that are not
brought to our attention at installation]

I cannot comment on Super AntiSpyware since I have never "successfully"
run it.
I regret to hear of the issues that you have had with this program.

#6 Yahoo Anti-Spy [Does not update often enough [months], but it's quick]
#7 Yahoo Norton Spyware Scan [WAY TO BIG, RARELY UPDATES[months]]
#8 XoftsoftSpy [Had a bad rep once, I don't forgive easily. False alarms
in
the beginning [U3 version]]

In my opinion, the above three are overkill, you should consider
uninstalling them.
Your call - just a recommendation, as too many A-S applications (will)
cause problems.

#9 Avast AV [U3 version] [Not a bad program at all] Some reported false
alarms in its Real Time component but I don't use the RTP.

Cannot comment on Avast, you might look at A-V Comparatives and see how
it rates compared to other A-V apps.
(http://www.av-comparatives.org/)

#10 ClamWin Updates Several times a day. Takes forever to run [80
minutes]
#11 U3AntiVirus [McAfee] Same engine and dats as the desktop version
[Ondemand scan only]

Again, some overkill on the above perhaps?

#'s 8,9&11must be run from the flash drive

Why must they be run from a Flash drive? I lack in understanding this.
Hard-drive restrictions, perhaps, though I see no problems in running them
that way.

#10 is tested 2x a week for backup purposes but takes just tooooo long to
use.

Then don't use it, uninstall as necessary!

#11 is never used by me [I use it to save other peoples butts]

OK, please explain "other people", if you do not use it yourself.

All the above are of course Free for me [very important factor]

Freeware software is not always the best choice, your choice and option.

These [and browsing unknown sites with a "locked down" version of
Firefox]
are my arsenal.

I prefer IE7, you might try the following settings and use IE for a while
as a default
Browser. No goad, just a suggestion.
http://www.mvps.org/winhelp2002/restricted.htm#Setting

You may also want to add Spyware Blaster, it's an excellent program that
does
/not/ run in the "background.
http://www.javacoolsoftware.com/spywareblaster.html
Official Support -
http://www.wilderssecurity.com/forumdisplay.php?f=19

I hope my comments help you make the right choices in what you need
and what you should or can uninstall as being too much protection.

As I say to some posters, too much Security is not better Security.

Regards,
Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.

 

[Guest]

wow a bit parinod tim?

No, I'm not a "bit" paranoid,
I'm "very" paranoid,
It's the people that say I'm a "bit" paranoid that are out to get me.

Obviously Robin you've never read my .sig files ?

Seriously though, It's really very simple when you think about it.
I have one well established antivirus scanner running full time.
I have one up and comming spyware/adware scanner running full time.

As a backup I have every free OnDemand scanner I can find.
I especially like to have portable/non-installed programs that I can put on
a flash drive so I can help other people fix their machines .

This gives me a good mix of different Signature/Database files that could
cover a whole gambit of malware that I may run accross.

It also means I have a good exposure to lot of the programs out there and
can make recommandations based on my experience.

And nothing, and I mean NOTHING, brings more joy to my heart and tears to my
eyes than a user, who was sure their machine was trashed, saying,

"Thank you Tim, Thank you. You just saved my ass"

I've had people break down in tears when I was not able to help and they
lost everything. Nothing, and I mean NOTHING, make me feel worse.

?
Only the Paranoid Survive,
and the friends of the Paranoid.

 

[Randy Knobloch]

I installed superantispyware on 20 computers so far and none of the hiccuped in anyway
all different OS- xp home, xp pro, media center

Good to know, Robin - fare well with the installations and protection the program
provides.

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.

 

[Guest]

Hi Tim,

by D. Scott Secor
Tantum paranoid superstes! (ex Latin: Only the paranoid survive!)

;-)
--

 

[Guest]

Hi Tim,

Sorry, I should read your signature for today, before I send my post.
--

 

[Guest]

More info for you, Alan -
http://support.microsoft.com/?kbid=890830

Thanks Randy. That is, er ... a LOT of information!

But really, I do continue to despair at the appalling communication skills
that are displayed in these Microsoft documents. After trying to read through
that interminable document (admittedly quickly, because I do have other
things to do today), I can't find an answer to my (surely simple and
reasonable) question: does the Malicious Software Removal Tool detect
rootkits? It gives a list of specific things it does detect, but I have no
idea what they are. Are they rootkits? Are SOME of them rootkits, maybe? Are
there dozens of rootkits out there that the tool won't detect?

Baffled, as usual.

 

[Robinb]

lol you are too nice to "get to"
hugs,
robin

No, I'm not a "bit" paranoid,
I'm "very" paranoid,
It's the people that say I'm a "bit" paranoid that are out to get me.

Obviously Robin you've never read my .sig files ?

Seriously though, It's really very simple when you think about it.
I have one well established antivirus scanner running full time.
I have one up and comming spyware/adware scanner running full time.

As a backup I have every free OnDemand scanner I can find.
I especially like to have portable/non-installed programs that I can put
on
a flash drive so I can help other people fix their machines .

This gives me a good mix of different Signature/Database files that could
cover a whole gambit of malware that I may run accross.

It also means I have a good exposure to lot of the programs out there and
can make recommandations based on my experience.

And nothing, and I mean NOTHING, brings more joy to my heart and tears to
my
eyes than a user, who was sure their machine was trashed, saying,

"Thank you Tim, Thank you. You just saved my ass"

I've had people break down in tears when I was not able to help and they
lost everything. Nothing, and I mean NOTHING, make me feel worse.

?
Only the Paranoid Survive,
and the friends of the Paranoid.

 

[Randy Knobloch]

Thanks Randy. That is, er ... a LOT of information!

But really, I do continue to despair at the appalling communication skills
that are displayed in these Microsoft documents. After trying to read through
that interminable document (admittedly quickly, because I do have other
things to do today), I can't find an answer to my (surely simple and
reasonable) question: does the Malicious Software Removal Tool detect
rootkits? It gives a list of specific things it does detect, but I have no
idea what they are. Are they rootkits? Are SOME of them rootkits, maybe? Are
there dozens of rootkits out there that the tool won't detect?

Baffled, as usual.

Pardon the abbreviated reply, Alan!
The answer is *yes* - the tool does scan for rootkits.
Example: http://www.microsoft.com/security/encyclopedia/details.aspx?name=WinNT/FURootkit

You may also try, the below as well.
http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

Regards,
Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.

 

[Donald Anadell]

Thanks Randy. That is, er ... a LOT of information!

But really, I do continue to despair at the appalling communication skills
that are displayed in these Microsoft documents. After trying to read
through
that interminable document (admittedly quickly, because I do have other
things to do today), I can't find an answer to my (surely simple and
reasonable) question:

does the Malicious Software Removal Tool detect
rootkits?

Some Rootkits.

It gives a list of specific things it does detect, but I have no
idea what they are. Are they rootkits?

These are the two Rootkits that the MRT scans for:

WinNT/F4IRootkit
Copy protection rootkit on certain Sony BMG audio CDs
http://www.microsoft.com/security/encyclopedia/details.aspx?name=WinNT/F4IRootkit

WinNT/FURootkit
http://www.microsoft.com/security/encyclopedia/details.aspx?name=WinNT/FURootkit

Are SOME of them rootkits, maybe?

Yes, see above.

 

[Bill Sanderson MVP]

The Malicious Software Removal tool does target rootkits, but didn't find
the one I had in place. It was completely obvious the machine was
infected--popups all over the place, no matter that everything gave it a
clean bill of health.

I've never found a rootkit on a machine which had no symptoms of having
one--but those are the ones you want to find, of course.


--