I've been running McAfee, Spybot and by default, Windows defender and ran
into a problem last week when I downloaded something questionable. I'm not
sure if it did anything because various scans by the above mentioned programs
have not turned anything up but I'm concerned.

I ran some of the free checks available from different sources and each
time, each one finds some new threat, and each scan program finds something
different than the others. So basically I'm not sure I'm infected or not.

I thought about adding some other programs (ad-aware or spy-sweeper) but am
wondering if this is overkill.

Any advice?

abbey wrote:
I've been running McAfee, Spybot and by default, Windows defender and ran
into a problem last week when I downloaded something questionable. I'm not
sure if it did anything because various scans by the above mentioned programs
have not turned anything up but I'm concerned.

I ran some of the free checks available from different sources and each
time, each one finds some new threat, and each scan program finds something
different than the others. So basically I'm not sure I'm infected or not.

I thought about adding some other programs (ad-aware or spy-sweeper) but am
wondering if this is overkill.

Any advice?

yes, ditch all 3 and just run NIS2007 if it's still available. it scans
faster than the just-released NIS2008, according to reviews.

"abbey" wrote in message
news
I've been running McAfee, Spybot and by default, Windows defender and ran
into a problem last week when I downloaded something questionable. I'm
not
sure if it did anything because various scans by the above mentioned
programs
have not turned anything up but I'm concerned.

I ran some of the free checks available from different sources and each
time, each one finds some new threat, and each scan program finds
something
different than the others. So basically I'm not sure I'm infected or not.

What threats where they?

What's the name of these tools? I'm asking, because there is some bogus
"anti spyware" offered on the net that will warn you about "infections" you
don't have, as a sales pitch.

I thought about adding some other programs (ad-aware or spy-sweeper) but
am
wondering if this is overkill.

It's recommended to run at least two different anti spy-/adware programs to
complement each other, because a single program will have to low a detection
rate. I see you have three already (I'm assuming you're running the entire
McAfee suite here), and you should consider how much more, if any, memory
and CPU you're willing to spend on this.

Charlie42

On Wed, 19 Sep 2007 10:46:03 -0700, abbey wrote:

I've been running McAfee, Spybot and by default, Windows defender and ran
into a problem last week when I downloaded something questionable. I'm not
sure if it did anything because various scans by the above mentioned programs
have not turned anything up but I'm concerned.
I ran some of the free checks available from different sources and each
time, each one finds some new threat, and each scan program finds something
different than the others. So basically I'm not sure I'm infected or not.
I thought about adding some other programs (ad-aware or spy-sweeper) but am
wondering if this is overkill.
Any advice?

The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss.

In addition to Spybot S&D and WindowsDefender download/install:
SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
and
Ad-Aware - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html

After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
Alternatively:
click onto Start==Run, type "msconfig" (without quotation marks), click
OK. Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click
Restart. To go back to Normal Mode, you must access the System
Configuration utility again and click the General tab then click/check the
radio button 'Normal Startup'- load all device drivers and services'.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222

A number of experts agree that the retail AV version of McAfee, Norton and
Trend Micro has become cumbersome and bloated for the average user.

Removal tools for recent Mcafee products
http://forums.mcafeehelp.com/viewtopic.php?t=71943
If this doesn't work use this:
Revo Uninstaller Freeware - Remove unwanted programs and traces easily
http://www.revouninstaller.com/
and/or
RegSeeker
http://www.hoverdesk.net/freeware.htm
Then use NTREGOPT to compact the registry; Follow instructions.
http://www.larshederer.homepage.t-online.de/erunt

Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection. In
fact, most of experts (inlc. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

In the case of Avast, choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html

AVG Anti-Virus Free Edition
http://free.grisoft.com/

Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser

ESET NOD32 Antivirus - Not Free
http://www.eset.com/
Have you seen these "extra settings for NOD32"?
http://www.wilderssecurity.com/showthread.php?t=37509

On-demand AV application (add it to your arsenal and use it as a "second
opinion" av scanner).
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-1...e-Edition.html

Some more useful applications:
Spyware Blaster - Free
http://www.javacoolsoftware.com/spywareblaster.html

Rootkit Revealer - Free
http://www.microsoft.com/technet/sys...tRevealer.mspx

Crap Cleaner _ Free
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender"

CW Shredder - Free
http://www.softpedia.com/get/Interne...Shredder.shtml

Ensure that you OS is current/updated/patched.
http://www.update.microsoft.com/wind....aspx?ln=en-us

Ensure that *all* software on your pc is current/updated.

Practice Safe-Hex
http://www.claymania.com/safe-hex.html

For viral malware...
Download David H. Lipman's MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your FireWall to allow it to download the needed AV vendor
related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode. This way all the components can be downloaded from each AV
vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can download the files and perform a scan in Normal Mode. Once you
have downloaded the files needed for each scanner you want to use, you
should reboot the PC into Safe Mode [F8 key during boot] and re-run the
menu again and choose which scanner you want to run in Safe Mode.
It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.
http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

Now stay safe:

Let's see what I ran-I only used things that seemed to be rated decently by
sources such as CNET. Some of those listed however weren't compatible with
Vista - at least at the time of the review.

I did the free one from Kaspersky, also the one from Spysweeper (which will
install and identify for free but not remove unless you subscribe) and tried
Ewido which for some reason did not complete and wouldn't allow me a second
chance to install.

Some of the things detected:
odigo, coolwebsearch both of which I have read to be "real" threats
I forgot which one found these: iframeref.gen, trojandownloadr, zlobgen

Like I said, none of the three applications I have installed mentioned these.

I haven't installed or considered Norton since I've seem to read conflicting
reviews.

Does this clarify?

"Charlie42" wrote:


"abbey" wrote in message
news
I've been running McAfee, Spybot and by default, Windows defender and ran
into a problem last week when I downloaded something questionable. I'm
not
sure if it did anything because various scans by the above mentioned
programs
have not turned anything up but I'm concerned.

I ran some of the free checks available from different sources and each
time, each one finds some new threat, and each scan program finds
something
different than the others. So basically I'm not sure I'm infected or not.

What threats where they?

What's the name of these tools? I'm asking, because there is some bogus
"anti spyware" offered on the net that will warn you about "infections" you
don't have, as a sales pitch.

I thought about adding some other programs (ad-aware or spy-sweeper) but
am
wondering if this is overkill.

It's recommended to run at least two different anti spy-/adware programs to
complement each other, because a single program will have to low a detection
rate. I see you have three already (I'm assuming you're running the entire
McAfee suite here), and you should consider how much more, if any, memory
and CPU you're willing to spend on this.

Charlie42

Wow-thanks for your thorough response. I had to copy it all into a word
document so I can absorb it all. I've already added the "Ad-Aware" and will
try the supernantispyware next. Some of the others I haven't heard of but
sound very useful (crap cleaner for instance!)

I'll let you know how I do once I get things cleaned up.
Many thanks.

On Wed, 19 Sep 2007 18:46:01 -0700, abbey wrote:

Let's see what I ran-I only used things that seemed to be rated decently by
sources such as CNET. Some of those listed however weren't compatible with
Vista - at least at the time of the review.

Very good; Ensure you download software only from reputable sources. If in
doubt - DON'T! Check first in relevant fora and/or ng's.

I did the free one from Kaspersky, also the one from Spysweeper (which will
install and identify for free but not remove unless you subscribe) and tried
Ewido which for some reason did not complete and wouldn't allow me a second
chance to install.

Don't use these apps. anymore; They are nothing but marketing tools
(promotional baits) to pay for something you may not require; Their use can
be pretty unsafe as well.

Some of the things detected: odigo, coolwebsearch both of which I have read
to be "real" threats I forgot which one found these: iframeref.gen,
trojandownloadr, zlobgen

Odigo; "Odigo Express is a Web-based version of the Odigo Messenger
that allows you to access your Odigo Friends List and communicate with
users from any computer ...". Did you install this application? If not get
rid of it using Revo Uninstaller.
coolwebsearch; CW Shredder might remove this.
iframeref.gen and zlobgen; David's MULTI_AV.EXE should take care of
these.

Like I said, none of the three applications I have installed mentioned these.
I haven't installed or considered Norton since I've seem to read conflicting
reviews.

Good thinking/decision!

Valuable advice from an AV expert, David H. Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Question:
"Is it advisable to turn off System Restore while cleaning the OS using
AV/A-S, and if so, when do you turn it off and then on?
Also is it was recommended to delete all restore point during this
procedure?"

Answer(David H. Lipman):
"I used to be convinced that one should dump the System restore cache PRIOR
to cleaning a system. However after many discussions and based upon
personal tests and experience, I have come to the conclusion that this
should be done AFTER a system is cleaned.

Here's the problem. Most malware are binary files that the System Restore
cache will create a backup of in restore points. When one gets infected,
copies of the infector are now stored in the System Restore cache. If you
clean the system then restore to a prior Restore Point that contains
infectors, the OS become re-infected.

If you clean a PC and don't expect to restore to a previous Restore Point
then eventually the infected files will cache-out. In that situation, one
does NOT need to dump the System Restore cache.

If you dump the System Restore cache PRIOR to cleaning the system, you will
also remove a fall back point. That is, if during the cleanup the system
becomes unstable, you will not be able to restore the system from a
previous Restore Point. If you did restore the system
back to that state, you can clean the system differently such that the
system won't become unstable and/or unusable. Thus an infected Restore
Point is better than no Restore Point at all.

Later, when the system is cleaned and verified to be stable, you can then
dump the System Restore cache, reboot the PC and then re-enable the system
Restore cache and subsequently manually create an initial Restore Point.

Thus it is better the dump the cache AFTER and not BEFORE the system has
been cleaned of malware."

Be guided accordingly.

Stimulating thought from Gary S. Terhune MS MVP Shell/User
http://grystmill.com/articles/cleanboot.htm
http://grystmill.com/articles/security.htm

"Forget about paid versions, free AV ware are just as efficient and
reliable!"
Question:
"Do you think that the free AV can be really as efficient that the other
ones?"
Answer:
"Absolutely. In fact, when it comes to real efficiency, the ability to scan
accurately for viruses without getting in the way of the rest of the
computer's functions, some of the free ones are more efficient than some of
the most expensive. For instance, Norton and McAfee, and even Trend Micro
in some packages, are among the most *inefficient* applications out
there,whereas Avast!, AVG, and other free offerings are among the most
efficient. After that, it's a question of the definitions used, and whether
or not they're free has absolutely no bearing on those stats.
Understand, many of the best offerings are offered to home users for free
by huge companies that make their money serving business and industry
clients,and their logic is that the more home machines they can get
protected,preventing them from becoming zombies that distribute malware,
the better off business and industry are."

Good luck

Thanks so much for all the help. There was just too much information to sort
through on the web, and most of it is probably unreliable so I appreciate it!

"Kayman" wrote:

On Wed, 19 Sep 2007 18:46:01 -0700, abbey wrote:

Let's see what I ran-I only used things that seemed to be rated decently by
sources such as CNET. Some of those listed however weren't compatible with
Vista - at least at the time of the review.

Very good; Ensure you download software only from reputable sources. If in
doubt - DON'T! Check first in relevant fora and/or ng's.

I did the free one from Kaspersky, also the one from Spysweeper (which will
install and identify for free but not remove unless you subscribe) and tried
Ewido which for some reason did not complete and wouldn't allow me a second
chance to install.

Don't use these apps. anymore; They are nothing but marketing tools
(promotional baits) to pay for something you may not require; Their use can
be pretty unsafe as well.

Some of the things detected: odigo, coolwebsearch both of which I have read
to be "real" threats I forgot which one found these: iframeref.gen,
trojandownloadr, zlobgen

Odigo; "Odigo Express is a Web-based version of the Odigo Messenger
that allows you to access your Odigo Friends List and communicate with
users from any computer ...". Did you install this application? If not get
rid of it using Revo Uninstaller.
coolwebsearch; CW Shredder might remove this.
iframeref.gen and zlobgen; David's MULTI_AV.EXE should take care of
these.

Like I said, none of the three applications I have installed mentioned these.
I haven't installed or considered Norton since I've seem to read conflicting
reviews.

Good thinking/decision!

Valuable advice from an AV expert, David H. Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Question:
"Is it advisable to turn off System Restore while cleaning the OS using
AV/A-S, and if so, when do you turn it off and then on?
Also is it was recommended to delete all restore point during this
procedure?"

Answer(David H. Lipman):
"I used to be convinced that one should dump the System restore cache PRIOR
to cleaning a system. However after many discussions and based upon
personal tests and experience, I have come to the conclusion that this
should be done AFTER a system is cleaned.

Here's the problem. Most malware are binary files that the System Restore
cache will create a backup of in restore points. When one gets infected,
copies of the infector are now stored in the System Restore cache. If you
clean the system then restore to a prior Restore Point that contains
infectors, the OS become re-infected.

If you clean a PC and don't expect to restore to a previous Restore Point
then eventually the infected files will cache-out. In that situation, one
does NOT need to dump the System Restore cache.

If you dump the System Restore cache PRIOR to cleaning the system, you will
also remove a fall back point. That is, if during the cleanup the system
becomes unstable, you will not be able to restore the system from a
previous Restore Point. If you did restore the system
back to that state, you can clean the system differently such that the
system won't become unstable and/or unusable. Thus an infected Restore
Point is better than no Restore Point at all.

Later, when the system is cleaned and verified to be stable, you can then
dump the System Restore cache, reboot the PC and then re-enable the system
Restore cache and subsequently manually create an initial Restore Point.

Thus it is better the dump the cache AFTER and not BEFORE the system has
been cleaned of malware."

Be guided accordingly.

Stimulating thought from Gary S. Terhune MS MVP Shell/User
http://grystmill.com/articles/cleanboot.htm
http://grystmill.com/articles/security.htm

"Forget about paid versions, free AV ware are just as efficient and
reliable!"
Question:
"Do you think that the free AV can be really as efficient that the other
ones?"
Answer:
"Absolutely. In fact, when it comes to real efficiency, the ability to scan
accurately for viruses without getting in the way of the rest of the
computer's functions, some of the free ones are more efficient than some of
the most expensive. For instance, Norton and McAfee, and even Trend Micro
in some packages, are among the most *inefficient* applications out
there,whereas Avast!, AVG, and other free offerings are among the most
efficient. After that, it's a question of the definitions used, and whether
or not they're free has absolutely no bearing on those stats.
Understand, many of the best offerings are offered to home users for free
by huge companies that make their money serving business and industry
clients,and their logic is that the more home machines they can get
protected,preventing them from becoming zombies that distribute malware,
the better off business and industry are."

Good luck

On Thu, 20 Sep 2007 16:40:41 -0700, abbey wrote:

Thanks so much for all the help.

YW

There was just too much information to sort through on the web,

Such as? You have a problem and received quality advice; Learn to
comprehend!

and most of it is probably unreliable

and did you arrive to that conclusion?

so I appreciate it!

huh?

What I was TRYING to say was just that....thank you.... I did receive great
information. Doing a GENERAL web search for information like this can leave
one with a lot of information and I personally don't know every tech-related
web site and whether or not they are reliable or perhaps something bad in the
guise of help. Sorry but I *do* have some trouble following some of the
really detailed technical information. Your information was clear and easy
for me to follow.

So let me try again....thank you for the help. I appreciate your
information which I as able to comprehend and use.

"Kayman" wrote:

On Thu, 20 Sep 2007 16:40:41 -0700, abbey wrote:

Thanks so much for all the help.

YW

There was just too much information to sort through on the web,

Such as? You have a problem and received quality advice; Learn to
comprehend!

and most of it is probably unreliable

and did you arrive to that conclusion?

so I appreciate it!

huh?