windows defender is a joke!

[Stephanie Stewart]

My brand new computer has a virus and I used windows defender to delete it
and everytime it gets done scanning it says an error has occured and I can't
even delete the program that has the virus. I'm really upset that to even get
help with this, i have to pay 60.00 for "advanced support." Vista is starting
to SUCK.
does anyone have any advice?

 

[Doomer]

Windows Defender isn't an antivirus application.

They only try to monitor start registry and hooks registrers to disallow
spywares and worms to install itself.

Ivan Carlos - Chief Information & Security Officer
E-mail / Skype / WLM: (e-mail address removed)
Cell.: +55 (11) 8112-0666

 

[DL]

You need a dedicated anti virus application, or a dedicated internet
security application
Kaspersky appears to do well in various reviews
For Spyware/trojans, use MS Defender, SpyBot & Adaware - all free & use them
all on a regular basis, depending on your browsing/download habits

Think for a minute, if MS included a anti virus app with its Vista, how long
would it be before an Anti Competative action would be launched by the
Companies that produce dedicated applications, as it MS is taking a risk
with Defender
BTW OneCare has had some abysmal reviews
Most, if not all, Viruses are installed by the user actions or inactions

 

[Kayman]

My brand new computer has a virus and I used windows defender to delete it
and everytime it gets done scanning it says an error has occured and I can't
even delete the program that has the virus. I'm really upset that to even get
help with this, i have to pay 60.00 for "advanced support." Vista is starting
to SUCK.
does anyone have any advice?

You need to educate yourself with respect to AV/A-S applications.

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
and (optional)
On-demand AV application.
(add it to your arsenal and use it as a "second opinion" av scanner).
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free (build-in in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

After the software is updated, it is suggested scanning the system in Safe
Mode.

Some more useful applications:
SpywareBlaster - Free
SpywareBlaster is not a scanner application. It blocks the installation of
most ActiveX-based spyware, adware, browser hijackers, dialers and other
unwanted programs from the user's computer. SpywareBlaster works by
blacklisting the CLSID of known malware programs, effectively preventing
them from infecting a protected computer and also allows the user to
prevent privacy hazards such as tracking cookies.
http://www.javacoolsoftware.com/spywareblaster.html

Rootkit Revealer - Free
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx

Crap Cleaner - Free
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".

CW Shredder - Free
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml

 

[DevilsPGD]

In message <[email protected]>

My brand new computer has a virus and I used windows defender to delete it
and everytime it gets done scanning it says an error has occured and I can't
even delete the program that has the virus. I'm really upset that to even get
help with this, i have to pay 60.00 for "advanced support." Vista is starting
to SUCK.
does anyone have any advice?

I'd suggest not installing viruses in the first place.

 

[fred]

i'm no expert, but restoring the system might work. you can take the computer
back to an earlier state, like last wednesday. to do this u turn on the
computer and at the dell logo screen u tap the F8 key than restore. it might
work?

 

[Kayman]

i'm no expert, but restoring the system might work.

<snip>
Restoring the system won't remove the virus.

 

[What?]

<snip>
Restoring the system won't remove the virus.

It's just a little fyi.

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

 

[Kayman]

You need to educate yourself with respect to AV/A-S applications.

Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
and (optional)
On-demand AV application.
(add it to your arsenal and use it as a "second opinion" av scanner).
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free (build-in in Vista)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

After the software is updated, it is suggested scanning the system in Safe
Mode.

Some more useful applications:
SpywareBlaster - Free
SpywareBlaster is not a scanner application. It blocks the installation of
most ActiveX-based spyware, adware, browser hijackers, dialers and other
unwanted programs from the user's computer. SpywareBlaster works by
blacklisting the CLSID of known malware programs, effectively preventing
them from infecting a protected computer and also allows the user to
prevent privacy hazards such as tracking cookies.
http://www.javacoolsoftware.com/spywareblaster.html

Rootkit Revealer - Free
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx

Crap Cleaner - Free
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".

CW Shredder - Free
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml

In addition you could download The PC Decrapifier
http://www.pcdecrapifier.com/download
"The PC Decrapifier will uninstall many of the common trialware and
annoyances found on many of the PCs from big name OEMs."

And a HijackThis scan may be in order.
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Fora where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is required in any of the below before posting a log

http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://forums.tomcoyote.org/index.php?showforum=27
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.spywarewarrior.com/viewforum.php?f=5

 

[Kayman]

It's just a little fyi.

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild".

I am aware of this and wouldn't dispute the fact that this is a 'preferred'
course of action. However, not everyone is proficient to do so (I don't
think the OP is, nor is she inclined spending $'s to get professional
assistance). Pending on infestation severity one has a good chance removing
viruses by using quality removel tools/techniques. So, at this stage the
advice she's got is pretty good.
BTW,you do know the difference between *flatten/rebuild* OS and *restoring*
a system using the *System Restore* function, don't you?

 

[FromTheRafters]

In message <[email protected]>


I'd suggest not installing viruses in the first place.

Viruses don't install, they infect. Blended threats may
install, and have a virus as one of their functions. Sure,
it may sound simple to "just not execute" the malware
in the first place, but with viruses it isn't that easy. How
could you determine what program(s) to not execute?

 

[DevilsPGD]

In message <#[email protected]> "FromTheRafters"

Viruses don't install, they infect. Blended threats may
install, and have a virus as one of their functions. Sure,
it may sound simple to "just not execute" the malware
in the first place, but with viruses it isn't that easy. How
could you determine what program(s) to not execute?

While technically true, when was the last time you saw a real virus?

 

[Kayman]

Viruses don't install, they infect. Blended threats may
install, and have a virus as one of their functions. Sure,
it may sound simple to "just not execute" the malware
in the first place, but with viruses it isn't that easy. How
could you determine what program(s) to not execute?

Scanning a program with a quality AV apps *prior* execution may give you an
indication

 

[What?]

"The only way to clean a compromised system is to flatten and rebuild".

I am aware of this and wouldn't dispute the fact that this is a 'preferred'
course of action. However, not everyone is proficient to do so (I don't
think the OP is, nor is she inclined spending $'s to get professional
assistance). Pending on infestation severity one has a good chance removing
viruses by using quality removel tools/techniques. So, at this stage the
advice she's got is pretty good.
BTW,you do know the difference between *flatten/rebuild* OS and *restoring*
a system using the *System Restore* function, don't you?

I have been working with MS since 1996 and in IT as a professional since
1971. I think I have got a pretty good take on it. ;-)

 

[Mick Murphy]

Below is a list of the security you need to install on your computer.

Only one anti-virus to be installed.(more than one can cause conflicts)
More than one anti-spyware program is allowable.

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus
It is low resource using, free and Vista 32bit and 64bit compatible.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2â€
Download it, install it, update it, immunize your system and scan your
System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware
being downloaded to your Computer, use SpywareBlaster 4, available at the
above link.

 

[FromTheRafters]

In message <#[email protected]> "FromTheRafters"


While technically true, when was the last time you saw a real virus?

Many blended threat worms of the recent past have used real virus
code. The point is that an infected file is likely to be executed by the
system or the user just as it would have had it not been infected.

It is real easy to say "just don't do it" and believe it is that simple.
I just wanted to point out that that is a naive attitude.

 

[FromTheRafters]

Scanning a program with a quality AV apps *prior* execution may give you
an
indication

True, but these days you may not have complete control over
what programs get executed. In fact you may not even have
an awareness of programs being executed.

 

[DevilsPGD]

In message <#[email protected]> "FromTheRafters"

Many blended threat worms of the recent past have used real virus
code. The point is that an infected file is likely to be executed by the
system or the user just as it would have had it not been infected.

They do?

Virtually everything I've run into falls into the one of two categories:

1) Trojan, being a piece of software which appears to perform a certain
action but in fact performs another.

2) Worms, being self-replicating computer programs spreading more or
less without user intervention across a network.

I haven't seen one in many years that played the original virus trick of
actually modifying existing EXEs and waiting for the user to shuffle
those EXEs off to another PC somehow. With USB drives capacity
increasing, and portable software becoming more popular, we may well see
the return of real viruses in the near future, but I can't think of one
that has had a major impact in many moons.

Now, that being said, a fair amount of malware is polymorphic in one
form or another.

It is real easy to say "just don't do it" and believe it is that simple.
I just wanted to point out that that is a naive attitude.

Perhaps somewhat naive, but the reality of it is that if you practice
minimal safe computing techniques, specifically, staying behind an
inbound packet filtering (Windows Firewall or NAT tend to do the job)
and don't install or run anything offered to you unsolicited, only
install software either from reputable companies or that you have
researched, plus stay up to date with Windows and application patches,
you'll be safe.

AV software tends to be far too slow to keep up with threats -- I've
been in the mail server business for many years now, my own server scans
each and every inbound message with three different engines, and still
we see malware sneaking through that, if rescanned 24 hours later, gets
caught. I wouldn't suggest to users that they rely on AV software, it
simply isn't up for the task.

There is also a fairly new class of worm, specifically attacking
vulnerabilities in AV software, often in the form of buffer overruns in
parsers -- So in some cases you're actually more vulnerable with AV
software installed then without. While this isn't a new concept as a
whole, malware exploiting this type of vulnerability automatically is
relatively new.

I can tell you that when I was in school, I absolutely loved McAfee, all
you had to do was get a file called "program.exe" into the search path
of the client-side component, then launch an AV scan and it would launch
said program.exe executable from the service-side scanning component
which ran with administrative privileges. Quick and easy promotion to
full administrative rights, what could be better?

 

[FromTheRafters]

In message <#[email protected]> "FromTheRafters"


They do?

Yes, here's a recent example.

http://www.trendmicro.com/VINFO/virusencyclo/default5.asp?VName=PE_PAGIPEF.CE-O

Virtually everything I've run into falls into the one of two categories:

1) Trojan, being a piece of software which appears to perform a certain
action but in fact performs another.

2) Worms, being self-replicating computer programs spreading more or
less without user intervention across a network.

Too bad these things can't be so easily pigeonholed. This
is why "blended threat" is so often used to describe them.

I haven't seen one in many years that played the original virus trick of
actually modifying existing EXEs and waiting for the user to shuffle
those EXEs off to another PC somehow.

It is not required of viruses to seek out or inhabit new devices - that
is worm behavior, however you can see how backups may become
involved if infected files are backed up and then the computer is cleaned.
You may not back up worm files, but you might back up virally infected
files which also contain the worm code.

With USB drives capacity
increasing, and portable software becoming more popular, we may well see
the return of real viruses in the near future, but I can't think of one
that has had a major impact in many moons.

Mostly because the viral impact is overshadowed by the worm
and other malicious code's impact. The infection of files may be
just in order to "rise from the dead" after one removes an active
worm from a system.

Now, that being said, a fair amount of malware is polymorphic in one
form or another.

True, but irrelevent.

Perhaps somewhat naive, but the reality of it is that if you practice
minimal safe computing techniques, specifically, staying behind an
inbound packet filtering (Windows Firewall or NAT tend to do the job)
and don't install or run anything offered to you unsolicited, only
install software either from reputable companies or that you have
researched, plus stay up to date with Windows and application patches,
you'll be safe.

Fairly safe - yes.
Absolutely safe - no.

Reputable sources can still unknowingly offer "infected" programs.
You still will need AV to scan incoming programs before execution.

AV software tends to be far too slow to keep up with threats -- I've
been in the mail server business for many years now, my own server scans
each and every inbound message with three different engines, and still
we see malware sneaking through that, if rescanned 24 hours later, gets
caught. I wouldn't suggest to users that they rely on AV software, it
simply isn't up for the task.

This lag time between the onset of a threat and the response by
way of detection definitions being implemented is the achilles
heel of the AV service. That is why the recent malware is mostly
aimed to exploit this instead of using the older viral techniques.
Without AV it would quickly become much worse.

There is also a fairly new class of worm, specifically attacking
vulnerabilities in AV software, often in the form of buffer overruns in
parsers -- So in some cases you're actually more vulnerable with AV
software installed then without.

True, but these flaws in software are inevitable for all program
types. The key is that they are addressed quickly when discovered.
The reputable AV companies are really good about this.

While this isn't a new concept as a
whole, malware exploiting this type of vulnerability automatically is
relatively new.

IIRC most of these were related to the routines used by the AV to
unpack, unzip, melt, or otherwise translate data to code to scanning
purposes. I never thought that that was a good idea for AV to do.

The user should have some responsibility for his own protection.

Then it seems that the Java system translated zipped files into code
and executed it without the user in the loop - in my eyes this feature
necessitated the scanning within archives feature. So the scanner
program essentially became an internet facing receiver of foreign
code that even unzipped and executed the malware it was trying
to protect you from.

I actually laughed when I first heard about this - the irony of it all.

I can tell you that when I was in school, I absolutely loved McAfee, all
you had to do was get a file called "program.exe" into the search path
of the client-side component, then launch an AV scan and it would launch
said program.exe executable from the service-side scanning component
which ran with administrative privileges. Quick and easy promotion to
full administrative rights, what could be better?

Spoken like a true hacker. D