|
Antivirus, Antispyware, Antitrojan and Firewall Prorgams
Hi,
Got hit by a trojan on the very first day after a new install of Windows XP. I had avast! 4.5 Home Edition (to address Viruses) and Sygate Personal Firewall Pro 5.6 (to address attacks/hacks) installed. But it seems like I didn't have enough protection. Damage: The trojan did the following damage: Disabled Task Manager. Windows folder had to two executables that even loaded in Safe Mode: loadclean.exe and kernels32.exe. I did some research and they were meant to do more damage to the system. Fortunately the firewall blocked the outgoing connections. (Now this is how Windows XP Firewall is not enough). Recovery: HKLM and KHCU had entries for kernels32.exe and I deleted them. Also ran a reg setting to get Task Manager back. Went to Safe Mode and deleted the two files. Recovery wasn't 100%. Every time Windows started, a message popped up saying kernels32.exe was not found. Created a dummy file. It still opened up two command prompt windows. Steps to take to prevent this happening again: Until today I thought Antivirus and Firewall is all you need. I was very dissapointed. Formatted again and installed Windows XP. Determined this time to use the computer as a Limited User. But as usual got discouraged by all the error messages and usual program behaviours I had to face with applications. Limited User is too restrictive although I recommended this in the past. So that's not an option. Now the system is clean but I have several questions. I was wondering... 1. Obviously it seems there is a need of a 3rd program that protects the system realtime. What program(s) could real-time protect your system from virus, spyware and trojan horses and also web attacks? My current system is: avast! 4.5 as an Antivirus and Sygate as a Firewall (AntiHacks) 2. Are AntiSpyware programs same as AntiTrojan programs? Cheers, McoreD |
The 3th 1 you need is a specific program for trojans,1 of the best is TrojanHunter.My 1st security line is covered by Avast Pro,Outpost Pro and TrojanHunter;the 2nd defense line is AdAware's Adwatch,Microsoft AntiSpyware and Spybot's TeaTimer;all of them monitoring in realtime....
Periodicly I let them all run their scanning engine.... Antispyware programs can recognise a few trojans,as do most virusscanners,but not enough to be a secure antitrojan solution... |
If you where running ProcessGuard the virus would never have ran in the first place. :)
Also, don't use a user account. User a power account. :) You can read more about Power Users here compared to normal users and admins. http://www.wellesley.edu/Computing/Win2k/w2kgroups.html Pretty easy to do: Start Menu > Control Panel Administrative Tools > Computer Management Computer Management (Local) > System Tools > Local Users and Groups > Users Right click on the user to setup and click Properties (or just double click on the user ;) ) Click the "Member Of" tab and then click Add Button toward the bottom. Click the "Advanced" button on the left bottom corner. Click the "Find Now" button. Left click On Power Users. Click OK. Click OK again. Click OK one last time. Done!! |
Thank you for your replies to continue discussion. I like your 1st defence line roadworker. I will try TrojanHunter.
My idea of using Limited User accounts, Will, was to restrict myself from modifying files in Program Files and WINNT folder. Power Users can modify or create files in Program Files and WINNT just like Administrators. Do you think it won't matter? |
Well it matters but its just easier. Since if you use a user account then you have to go into admin to allow you access to all the folders. Meaning you have to turn off simple file sharing first and then right click on every folder and or files you want your user account access to. Just about everything. Only thing on my system that will run under a user accunt without giving access is sygate. Even F-Prot antivirus will not run under a user account until you give the user write access to its directory.
Just a real pain in the a$$. Users cant run a lot of command line commands either which really bites. I use them to run my games, fav. appz, etc. So cant use a user account. But really its up to you. You're still safer running under a power user than you are under an admin account since power users cant access other users' data without permission. So what you need to do is make sure you can not access the admin folders on your system. Like: C:\Documents and Settings\Administrator\ Also be sure to rename the Admininstrator account in Computer Management. I for one block my user account from accessing all users too. So I have moved all start menu shortcuts and desktop shortcuts for example to my user account. So there is no need to ever access the all user folder under my power user account. |
Best Anti-Virus and FireWall is "F-Secure Anti-Virus Client Security 5.55"
|
FYI Will, Sygate and avast! both can run under Limited User.
@Fisher, I haven't tried it yet but I will soon. |
The common belief is that the combination of network firewall and antivirus software on servers, desktops and laptops is good enough. However, this is no longer true. Protecting against these new forms of attack require a firewall to be integrated within the antivirus software on each individual computer in any company.
The solution F-Secure Anti-Virus Client Security offers protection against new breeds of threats. The centrally managed and easy-to-use solution consists of tightly integrated virus protection, proactive personal firewall, intrusion prevention and application control software for company desktop and laptop computers. Automatic real-time antivirus protection Integrated desktop firewall Intrusion prevention Application control Automatic virus definition updates |
@McoreD - Sorry to hear of your problems. :(
Face it we are all computer geeks here and we continue to move from one program to another for more protection. I notice myself spending more time reading about how to secure my system and trying different security programs than I spend time doing things I really own a computer for. Just think how the regular "Joe" feels out there. I've heard of people who buy a new PC every 6 months because it's so jacked up with viruses and spyware it wont boot up. Here's an idea. Leave your system off the internet while using Windows and bootup with Knoppix Live to surf. Nothing to install on the HD and when you shutdown your system to restart everything is 100% clean again. If you fear someone getting to your HD while using Knoppix, conisder disconnecting your HD power with a switch our just use a different box for the internet. |
Seems like you have to be so careful these days
I just got some ad-ware on my system and now run microsoft antiadware or whatever it was called :p |
Quote:
The realtime protection in Microsoft AntiSpyware is a good feature though, warnings much like ZoneAlarm before malicious activity happens. |
If anybody was wondering the difference between the F-Secure Anti-Virus Client Security 5.5 and F-Secure Internet Security 2005 here there are. I am currently evaluating F-Secure Anti-Virus Client Security 5.5 which is 20 MB lighter than F-Secure Internet Security 2005.
F-Secure Anti-Virus Client Security 5.5 Virus Protection Internet Shield Automatic Updates F-Secure Internet Security 2005 Virus Protection Internet Shield Automatic Updates Spam Control Parental Control |
F-Secure Anti-Virus Client Security 5.5
Price: $435 USD :o |
Seems like Norton Corporate 9.1 isn't enough to stop trojans either as doing a full system scan revieled about 10 of them.
I thought auto-protect stopped them from entering your system :rolleyes: |
Guys, be extra careful about your System these days. During the Anti-virus program switch from avast! to F-Secure I think I got hit by another virus. During F-Secure scans it reported that is virus in System Information folder. Even the Administrator doesn't have access to it.
After rebooting the PC today, it took ages to go from Loading your Personal Settings to Desktop. TaskBar didn't show up. Just the Desktop icons. I have say that restricted Administrator's access to WINNT folder: removed Full Control and kept Read/Execute. But this cannot be the reason because even after giving Full Control, it still took ages to load to Desktop. Same happened to Limited Users. The weirdest thing is there is nothing suspicious in HKLM or HKCU. Now I am running the PC in Diagnostic Startup. It loaded faster just like usual. I am enabling one service at a time, one startup item at a time to see what makes it run slow. So take care. McoreD. |
Sounds like your working out the issue correctly. Hope you figure it out.
Um well you know you can just give admin access to System Info Folder right? You have to turn off hide protected system files first of course. ;) BTW normally thats caused by System restore. Just turn off system restore and all the files should be gone and make sure recycle bin is empty too. I have never had a trogen on my system. Well besides netbus that I put on myself to play around with. ;) In HS that is. Scared the hell out of the peeps in the library by opening the cd rom drive remotely. lol |
Just to see how prompt Antivirus companies act and how much you can trust your AV, I searched for the keyword "Bropia" in their websites.
avast! Anti-Virus http://www.avast.com/eng/vps_history.html F-Secire Anti-Virus http://www.f-secure.com/v-descs/bropia_a.shtml Grisoft AVG Anti-Virus :eek: No virus starting with 'bropia' found. McAfee VirusScan http://vil.nai.com/vil/content/v_131202.htm NOD32 Antivirus System :huh: Samples have been submitted and Eset are working on an update as we speak. Symantec Anti-Virus http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.l.html |
New Version:
Anti-Virus Client Security v5.55 SR1 I like it. R e l e a s e I n f o Automatic real-time antivirus protection Stops viruses and other malicious code attacking via e-mail, the web, floppy disks and CD-ROMs in real-time. The scanning of POP3, IMAP and SMTP mail traffic ensures that no viruses are sent out or received through e-mail. Integrated desktop firewall Provides robust monitoring and filtering of Internet traffic preventing unauthorized access to the workstations over the network and hides the workstations from Internet hackers and network worms. Intrusion prevention Analyzes Internet traffic and automatically detects and blocks suspicious network traffic such as port scans and network worms. Application control Enables the network administrator to centrally control the applications on the workstations that are allowed to access the Internet. Thus, the end-users cannot run forbidden applications (such as peer-to-peer networking) that may allow hackers and worms to sneak in and confidential documents to leak out. Automatic virus definition updates Virus definition databases are transparently and automatically updated typically 1-2 times per day with minimal bandwidth use. The fail-over feature ensures that antivirus software will get the latest cure against new viruses even if the primary delivery server is unreachable. |
on the subject of security & trojans, when using trojan hunter 4.1 with the latest update recently found an instance of Bropia along with several other confirmed trojans they were in compressed form and hadn't ben executed yet.
If you dl'd these you might want to check em... zip.zipkg\files.part001.rar/awi.exe Ultimate.xp.2003.crackpack.keychangers.productacti vation\files/awi.exe trace.zip/nc.exe FhGv3.3.2pro.sfx.exe (some kind of codec) [nX2kII].exe (mirc related) |
TrojanHunter is great.....latest 4.2 version has automated update now...:)
|
| All times are GMT +1. The time now is 07:43 PM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.