Trend Micro Anti-Spyware?

[louise]

I'm running NOD32 and I run AdAWare and Spyware doctor about once a
week.

I am a little concerned about trojans and such. Anyone know
anything about Trend Micro Anti-Spyware - or, what would be best to
check for trojans on a regular basis?

TIA

Louise

 

[David H. Lipman]

From: "louise" <[email protected]>

| I'm running NOD32 and I run AdAWare and Spyware doctor about once a
| week.
|
| I am a little concerned about trojans and such. Anyone know
| anything about Trend Micro Anti-Spyware - or, what would be best to
| check for trojans on a regular basis?
|
| TIA
|
| Louise

Trend anti virus software handles Trojans. Most notible is the Trend Sysclean utility which
will remove them.

You can use the following tool which provides "On Demand" scanners for Tren Micro, Sophos
and McAfee and will remove all forms of Trojans.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[Art]

I'm running NOD32 and I run AdAWare and Spyware doctor about once a
week.

I am a little concerned about trojans and such. Anyone know
anything about Trend Micro Anti-Spyware - or, what would be best to
check for trojans on a regular basis?

KAV is your best bet. Here's a free way:
*********************************************************
The following procedure will give you a on-demand scan
with a clean/delete capability using the Kaspersky scan
engine and the extra defs:

Download mwav.exe from here:

http://www.spywareinfo.dk/download/mwav.exe

Allow it to extract the files to c:\Kaspersky

Next, download wget.exe from here:

http://users.ugent.be/~bpuype/wget/#download

And copy it to c:\Kaspersky

Use Notepad to create the following batch file:

@echo off
cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat
copy it to c:\Kaspersky

Now run c:\Kaspersky\update.bat

Then run c:\Kaspersky\mwavscan
*****************************************************

Art

http://home.epix.net/~artnpeg

 

[Bud]

Anyone know

anything about Trend Micro Anti-Spyware - or, what would be best to
check for trojans on a regular basis?

Or consider Trojan Hunter or Ewido.

http://www.anti-trojan-software-reviews.com/

 

[* * Chas]

|
| >I'm running NOD32 and I run AdAWare and Spyware doctor about once a
| >week.
| >
| >I am a little concerned about trojans and such. Anyone know
| >anything about Trend Micro Anti-Spyware - or, what would be best to
| >check for trojans on a regular basis?
|
| KAV is your best bet. Here's a free way:
| *********************************************************
| The following procedure will give you a on-demand scan
| with a clean/delete capability using the Kaspersky scan
| engine and the extra defs:
|
| Download mwav.exe from here:
|
| http://www.spywareinfo.dk/download/mwav.exe
|
| Allow it to extract the files to c:\Kaspersky
|
| Next, download wget.exe from here:
|
| http://users.ugent.be/~bpuype/wget/#download
|
| And copy it to c:\Kaspersky
|
| Use Notepad to create the following batch file:
|
| @echo off
| cls
| echo -----------------------------------------------
| echo Updating using updates1 ftp site
| echo -----------------------------------------------
| wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
| wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
| echo -----------------------------------------------
| echo Updating completed!
| echo -----------------------------------------------
|
| Save the batch file as update.bat
| copy it to c:\Kaspersky
|
| Now run c:\Kaspersky\update.bat
|
| Then run c:\Kaspersky\mwavscan
| *****************************************************
|
| Art

Thanks for all of your efforts on this. I installed mwav and it found
the following on my system:

File C:\WINDOWS\SYSTEM\c14b2s.dll infected by
"Trojan-Dropper.Win32.Agent.of" Virus.

I've only found one reference to this malware on the web or in the NGs.

This has been a rock solid Win98SE system running trouble free for most
of the last 5 years. I regularly run NOD32 in Windows and DOS, F-Prot in
DOS, SpyBot 1.4, AdAware SE 1.06, A Square and other defensive programs.
They found nothing.

During the past week this PC started acting weird. For example, I was
having problems sending faxes with WinFax Pro; Excel and other programs
were crashing.

Today was cleanup day. Hopefully this will cure the problem.

 

[Art]

| *********************************************************
| The following procedure will give you a on-demand scan
| with a clean/delete capability using the Kaspersky scan
| engine and the extra defs:
|
| Download mwav.exe from here:
|
| http://www.spywareinfo.dk/download/mwav.exe
|
| Allow it to extract the files to c:\Kaspersky
|
| Next, download wget.exe from here:
|
| http://users.ugent.be/~bpuype/wget/#download
|
| And copy it to c:\Kaspersky
|
| Use Notepad to create the following batch file:
|
| @echo off
| cls
| echo -----------------------------------------------
| echo Updating using updates1 ftp site
| echo -----------------------------------------------
| wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
| wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
| echo -----------------------------------------------
| echo Updating completed!
| echo -----------------------------------------------
|
| Save the batch file as update.bat
| copy it to c:\Kaspersky
|
| Now run c:\Kaspersky\update.bat
|
| Then run c:\Kaspersky\mwavscan
| *****************************************************

Thanks for all of your efforts on this. I installed mwav and it found
the following on my system:

File C:\WINDOWS\SYSTEM\c14b2s.dll infected by
"Trojan-Dropper.Win32.Agent.of" Virus.

I've only found one reference to this malware on the web or in the NGs.

This has been a rock solid Win98SE system running trouble free for most
of the last 5 years. I regularly run NOD32 in Windows and DOS, F-Prot in
DOS, SpyBot 1.4, AdAware SE 1.06, A Square and other defensive programs.
They found nothing.

During the past week this PC started acting weird. For example, I was
having problems sending faxes with WinFax Pro; Excel and other programs
were crashing.

Today was cleanup day. Hopefully this will cure the problem.

Did the KAV engine seem to do a effective cleanup job? Or did you have
to use generic Trojan removal methods?

It's a good idea to keep a copy of your registry on removeable media
so you can restore it. The problem is, of course, that you didn't have
a way to know whether or not the registry you save is a good one.
That's the tricky part for most users. And it's a another reason to
use a powerful scanner like KAV (along with spyware scanners and other
general checks) on-demand before backup. Users should familiarize
themselves with all their normal running processes and the contents
of at least some regustry run keys. They should use more than one
method of checking for abnormal outgoing internet activity. KAV's
TrojanFinder is a useful utility for this.

When descriptions by the vendor (in this case Kaspersky) aren't
available it might be helpful to use Project VGREP to see if other
vendors do detect the malware and what they name it. Then with
some luck, you might find a description by a different vendor. Also,
uploading infested files to Virus Total might serve that same purpose.

Art

http://home.epix.net/~artnpeg

 

[optikl]

I'm running NOD32 and I run AdAWare and Spyware doctor about once a
week.

I am a little concerned about trojans and such. Anyone know
anything about Trend Micro Anti-Spyware - or, what would be best to
check for trojans on a regular basis?

TIA

Louise

If you're really "worried" about Trojans, then perhaps you should look
at BOClean. Trojans are only a problem (1) if they if they find a way on
your system and (2)you execute them. BOClean is very efficient at
finding and killing rogue processes.

 

[louise]

If you're really "worried" about Trojans, then perhaps you should look
at BOClean. Trojans are only a problem (1) if they if they find a way on
your system and (2)you execute them. BOClean is very efficient at
finding and killing rogue processes.

It's my impression that BOClean does not provide on-demand
scanning. I'm looking for something I don't leave running all the
time.

Any suggestions for something that offers on-demand scanning?
Trojan Hunter? Or something better?

TIA

Louise

 

[* * Chas]

| In article <[email protected]>, (e-mail address removed)
| says...
| > louise wrote:
| > > I'm running NOD32 and I run AdAWare and Spyware doctor about once
a
| > > week.
| > >
| > > I am a little concerned about trojans and such. Anyone know
| > > anything about Trend Micro Anti-Spyware - or, what would be best
to
| > > check for trojans on a regular basis?
| > >
| > > TIA
| > >
| > > Louise
| >
| > If you're really "worried" about Trojans, then perhaps you should
look
| > at BOClean. Trojans are only a problem (1) if they if they find a
way on
| > your system and (2)you execute them. BOClean is very efficient at
| > finding and killing rogue processes.
| >
| It's my impression that BOClean does not provide on-demand
| scanning. I'm looking for something I don't leave running all the
| time.
|
| Any suggestions for something that offers on-demand scanning?
| Trojan Hunter? Or something better?
|
| TIA
|
| Louise

A lot of folks have recommended A-Squared. They have a free version:

http://www.emsisoft.com/en/software/free/

I'm trying it now.

Chas.

 

[Morgan Ohlson]

Thanks for all of your efforts on this. I installed mwav and it found
the following on my system:

File C:\WINDOWS\SYSTEM\c14b2s.dll infected by
"Trojan-Dropper.Win32.Agent.of" Virus.

I've only found one reference to this malware on the web or in the NGs.

This has been a rock solid Win98SE system running trouble free for most
of the last 5 years. I regularly run NOD32 in Windows and DOS, F-Prot in
DOS, SpyBot 1.4, AdAware SE 1.06, A Square and other defensive programs.
They found nothing.

During the past week this PC started acting weird. For example, I was
having problems sending faxes with WinFax Pro; Excel and other programs
were crashing.

Basicly you describe the same as I experienced last 4 days. The
TrojanDropper was also a ghost in my machine... deleted by BitDefender (when
most others failed)
Running win in Safe mode (hold Cntrl during start => safe) SpyBot also
found one CoolWebSeach that CWShredder didn't manage.

See "my thread": "A shit storm of virus..." below

---------------
050901
Bazooka: Dldr.small.ayl.0 BHO.searchtoolbar Exploit.crackz.ws1
SideFind Unknown.Startup.99
X-Cleaners: CWS
X-raypc: 7adPowerdialer SearchToolbarLFFLA
BitDefender OL: Cszcv(trojandropper.vidro.u) dgprpsetup(tr start.page)
dc2526(startpage)
ca eTrust OL: win32.alureon html.bloon.v
Avast!: TR Win32.Vidlo-H W:Win32NetskyP mail:BeagleGen
TRhish-Bankfraude1 W:beagle-aq W:netsky-s W:Swen W:Sober
W:Netsky-D vbs:malware(script) Oth:Trojan-gen Adw:Adan-094
TR:Qhost-G TR:Trojano-1403 ((>1100 warnings)) /// BitDefender:
Exploit.html.codebase.exec.gen /// SpyBot: FindSpy.A

050902
Kaspersky OL. Win32.small.bel win32.agent.mj(trojan dropper)
spy.html.bayfraud.dc spy.html.bayfraud.hc
exploit.html.iframe.filedownload

050903
hclean32.exe exploit.iframe.vulnurability(+36 tillh filer) /// SpyBot:
CoolwwwSearch.service Findspy.A

NOTE!!! Bazooka says that att BHOSearchToolbar, Exploit.crackz.ws-1 och
SideFind still REMAINS!!!


Morgan O.

 

[optikl]

It's my impression that BOClean does not provide on-demand
scanning. I'm looking for something I don't leave running all the
time.

Quite true. But the whole problem with protecting against Trojans is
that they can be very difficult to detect, unless of course they execute
to memory. If I was concerned that a Trojan might somehow make it on to
one of my systems, I'd want to mitigate any risk by having an on access
program that would identify and kill any rogue process before it could
do its damage. Remember, many Trojans can't be detected by obvious
degradation to system performance. On Demand scanning, unless it's done
daily and every time any file is downloaded to your system may not catch it.

Any suggestions for something that offers on-demand scanning?
Trojan Hunter? Or something better?

TIA

There are plenty of on-demand scanner out there. Some KAV variant would
probably be your best bet.

 

[louise]

| In article <[email protected]>, (e-mail address removed)
| says...
| > louise wrote:
| > > I'm running NOD32 and I run AdAWare and Spyware doctor about once
a
| > > week.
| > >
| > > I am a little concerned about trojans and such. Anyone know
| > > anything about Trend Micro Anti-Spyware - or, what would be best
to
| > > check for trojans on a regular basis?
| > >
| > > TIA
| > >
| > > Louise
| >
| > If you're really "worried" about Trojans, then perhaps you should
look
| > at BOClean. Trojans are only a problem (1) if they if they find a
way on
| > your system and (2)you execute them. BOClean is very efficient at
| > finding and killing rogue processes.
| >
| It's my impression that BOClean does not provide on-demand
| scanning. I'm looking for something I don't leave running all the
| time.
|
| Any suggestions for something that offers on-demand scanning?
| Trojan Hunter? Or something better?
|
| TIA
|
| Louise

A lot of folks have recommended A-Squared. They have a free version:

http://www.emsisoft.com/en/software/free/

I'm trying it now.

Chas.

Thanks.

Did you look at Ewido - they too have a free version.

Louise

 

[* * Chas]

| In article <[email protected]>,
| (e-mail address removed) says...
<snip>
| > A lot of folks have recommended A-Squared. They have a free version:
| >
| > http://www.emsisoft.com/en/software/free/
| >
| > I'm trying it now.
| >
| > Chas.
| >
| Thanks.
|
| Did you look at Ewido - they too have a free version.
|
| Louise

No I didn't try it. A-Squared allows me to scan PCs across my network. I
did D/L Mwav. It uses the KAV scan engine. Mwav found a trojan that I
recently picked up. Everything else that I used missed it.

Chas.