Antivirus, Antispyware, Antitrojan and Firewall Prorgams

[~*McoreD*~]

Hi,

Got hit by a trojan on the very first day after a new install of Windows XP. I had avast! 4.5 Home Edition (to address Viruses) and Sygate Personal Firewall Pro 5.6 (to address attacks/hacks) installed. But it seems like I didn't have enough protection.

Damage:

The trojan did the following damage:
Disabled Task Manager.
Windows folder had to two executables that even loaded in Safe Mode: loadclean.exe and kernels32.exe.

I did some research and they were meant to do more damage to the system. Fortunately the firewall blocked the outgoing connections. (Now this is how Windows XP Firewall is not enough).

Recovery:

HKLM and KHCU had entries for kernels32.exe and I deleted them. Also ran a reg setting to get Task Manager back. Went to Safe Mode and deleted the two files.
Recovery wasn't 100%. Every time Windows started, a message popped up saying kernels32.exe was not found. Created a dummy file. It still opened up two command prompt windows.

Steps to take to prevent this happening again:

Until today I thought Antivirus and Firewall is all you need. I was very dissapointed. Formatted again and installed Windows XP. Determined this time to use the computer as a Limited User. But as usual got discouraged by all the error messages and usual program behaviours I had to face with applications. Limited User is too restrictive although I recommended this in the past. So that's not an option.

Now the system is clean but I have several questions. I was wondering...

1. Obviously it seems there is a need of a 3rd program that protects the system realtime. What program(s) could real-time protect your system from virus, spyware and trojan horses and also web attacks? My current system is: avast! 4.5 as an Antivirus and Sygate as a Firewall (AntiHacks)
2. Are AntiSpyware programs same as AntiTrojan programs?

Cheers,
McoreD

[roadworker]

The 3th 1 you need is a specific program for trojans,1 of the best is TrojanHunter.My 1st security line is covered by Avast Pro,Outpost Pro and TrojanHunter;the 2nd defense line is AdAware's Adwatch,Microsoft AntiSpyware and Spybot's TeaTimer;all of them monitoring in realtime....

Periodicly I let them all run their scanning engine....


Antispyware programs can recognise a few trojans,as do most virusscanners,but not enough to be a secure antitrojan solution...

[war59312]

If you where running ProcessGuard the virus would never have ran in the first place.

Also, don't use a user account. User a power account.

You can read more about Power Users here compared to normal users and admins.

http://www.wellesley.edu/Computing/Win2k/w2kgroups.html

Pretty easy to do:

Start Menu > Control Panel

Administrative Tools > Computer Management

Computer Management (Local) > System Tools > Local Users and Groups > Users

Right click on the user to setup and click Properties (or just double click on the user )

Click the "Member Of" tab and then click Add Button toward the bottom. Click the "Advanced" button on the left bottom corner.

Click the "Find Now" button. Left click On Power Users. Click OK. Click OK again. Click OK one last time.

Done!!

[~*McoreD*~]

Thank you for your replies to continue discussion. I like your 1st defence line roadworker. I will try TrojanHunter.

My idea of using Limited User accounts, Will, was to restrict myself from modifying files in Program Files and WINNT folder. Power Users can modify or create files in Program Files and WINNT just like Administrators. Do you think it won't matter?

[war59312]

Well it matters but its just easier. Since if you use a user account then you have to go into admin to allow you access to all the folders. Meaning you have to turn off simple file sharing first and then right click on every folder and or files you want your user account access to. Just about everything. Only thing on my system that will run under a user accunt without giving access is sygate. Even F-Prot antivirus will not run under a user account until you give the user write access to its directory.

Just a real pain in the a$$. Users cant run a lot of command line commands either which really bites. I use them to run my games, fav. appz, etc. So cant use a user account.

But really its up to you.

You're still safer running under a power user than you are under an admin account since power users cant access other users' data without permission. So what you need to do is make sure you can not access the admin folders on your system. Like:

C:\Documents and Settings\Administrator\

Also be sure to rename the Admininstrator account in Computer Management.

I for one block my user account from accessing all users too. So I have moved all start menu shortcuts and desktop shortcuts for example to my user account. So there is no need to ever access the all user folder under my power user account.

[Fisher]

Best Anti-Virus and FireWall is "F-Secure Anti-Virus Client Security 5.55"

[~*McoreD*~]

FYI Will, Sygate and avast! both can run under Limited User.
@Fisher, I haven't tried it yet but I will soon.

[Fisher]

The common belief is that the combination of network firewall and antivirus software on servers, desktops and laptops is good enough. However, this is no longer true. Protecting against these new forms of attack require a firewall to be integrated within the antivirus software on each individual computer in any company.
The solution
F-Secure Anti-Virus Client Security offers protection against new breeds of threats. The centrally managed and easy-to-use solution consists of tightly integrated virus protection, proactive personal firewall, intrusion prevention and application control software for company desktop and laptop computers.
Automatic real-time antivirus protection
Integrated desktop firewall
Intrusion prevention
Application control
Automatic virus definition updates

[KingCobra]

@McoreD - Sorry to hear of your problems.

Face it we are all computer geeks here and we continue to move from one program to another for more protection. I notice myself spending more time reading about how to secure my system and trying different security programs than I spend time doing things I really own a computer for. Just think how the regular "Joe" feels out there. I've heard of people who buy a new PC every 6 months because it's so jacked up with viruses and spyware it wont boot up.

Here's an idea. Leave your system off the internet while using Windows and bootup with Knoppix Live to surf. Nothing to install on the HD and when you shutdown your system to restart everything is 100% clean again. If you fear someone getting to your HD while using Knoppix, conisder disconnecting your HD power with a switch our just use a different box for the internet.

[robinwilson16]

Seems like you have to be so careful these days

I just got some ad-ware on my system and now run microsoft antiadware or whatever it was called