Security Essentials v. Adanced System Protector

[AdamZ]

Question on Anti Virus programs.

A few months ago I tried to download MS Security Essentials on one of my office computers. I screwed it up, I think I downloaded an imposter program. So called our IT guy in and he cleaned it up and I think he put on a program called Advanced System Protector by SysTweak.

Yesterday I found two programs on that computer one called Shopper-Pro and the other YT Downloader that I think are adware. I tried to remove them from the Uninstall programs application but they would not uninstall.

We scanned with the Advanced System Protector which after about 35 minutes indicated it revealed 210 "Infections". When I clicked on "Clean" it of course told me our trial period was up and that I should pay something like $30 for the program. Not being familiar with the program I did not pay and purchase the program but I again downloaded MS Security Essentials, this time properly and ran a full scan of the computer which took a couple of hours.

Oddly MS Security Essentials found nothing. No issues detected. So now I'm wondering is MS Security Essentials not doing its job or is the Advanced System Protector creating some BS info to make me purchase the program?

 

[denverpilot]

I hate to say this, but if it's acting that bad, lots of folks will say "use this tool" or "use that tool" but there's no guarantees. I'd just get my data off of it, flatten it completely and reload the OS. And then practice better online hygene, and keep backups good enough if you "make a mistake" again, you just revert to the previous weekly whole disk image.

 

[N918KT]

I always use the freeware Malwarebytes to scan for malware, but I hate how long it takes to scan. A threat scan (quick scan) takes as long as nearly 30 minutes to scan for my computer.

I also have the latest version of Microsoft Security Essentials for my computer, but I don't know how effective the program is. I read online that Microsoft Security Essentials is almost ineffective at detecting malware. It used to be very effective in the past but nowadays its effectiveness is almost zero. I don't know how effective the latest version of Microsoft Security Essentials is, but I hope the people at Microsoft fixed its flaws.

 

[denverpilot]

It's an amazing industry. You type exactly what you want the machine to do into it and it does it. But you do it so badly you then type some more stuff into the machine to fix all the stuff you didn't pay attention to the first time.

And customers "hope" you did it right. And keep sending money.

Amazing isn't it?

 

[RJM62]

I can count on my fingers the number of machines that I had to wipe and reformat. There were many that I did because there was nothing valuable on them and it was the easier way to go, but I've rarely come across a machine so infected that it couldn't be made whole.

Personally, it doesn't sound to me like your machine is that badly infected. It certainly doesn't sound rooted. What I suggest you do is:

1. Uninstall all the security software except for MalwareBytes Anti-Malware if it's installed.

2. Restart.

3. Install or update MalwareBytes, and run a full scan. Delete, clean or quarantine whatever it finds.

4. Restart.

5. Install and run CCleaner, including the registry scanner.

6. Restart.

7. Install and run a full scan with ESET NOD32 Antivirus (or one of the ESET suites if you want the additional features). Restart if instructed.

8. Disable System Restore (clear all the restore points).

9. Restart.

10. Re-enable System Restore.

Rich

EDIT: On review, I changed my own advice. Don't pay for ESET until the rest of the steps are completed. Maybe give it a week or more, in fact. It's unlikely that a keylogger would survive the scans by both Malware Bytes and ESET, so you may as well use the trial version of ESET to make sure the system is clean before entering a card number to pay for it. The trial version is full-featured. And of course, make a full backup first.

 

[denverpilot]

LOL. Four reboots and no guarantees.

No offense Rich, I still say get the data off and wipe it. Waste of freakin time trying to fix Microsoft OS vulnerabilities.

However you decide to go about cleaning it up...

Clonezilla the silly thing after it's back to normal, and then again every so often. A month, a week, a year, whatever you feel comfortable with.

Keep extra copies of data (not the OS) on something cloud based or network storage locally.

Machine gets screwed up again (because it WILL, even if it's not malicious), restore from Clonezilla and cloud/net storage. Broken to fixed in an hour. If that. One reboot and you have your life back while it's restoring.

Take dog for walk. Go flying. Whatever. Life's way too short to clean Windows machines when something causes them to soil their diapers.

Just my opinion. Ran out of personal time for such silliness years ago.

Better yet... After cleanup...

P2V into a virtual machine, run Win virtual machine inside a better OS, make regular snapshots of virtual machine.

I just treat Windows as an appliance these days, whenever possible. I think we're going to P2V our main AD server and the Windows file server at the office, too. Stuff them inside a XenServer.

P2V of Windows was called "containing the virus" by the Linux architect at my last employer. He wasn't really kidding.

 

[RJM62]

LOL. Four reboots and no guarantees.

No offense Rich, I still say get the data off and wipe it. Waste of freakin time trying to fix Microsoft OS vulnerabilities.

However you decide to go about cleaning it up...

Clonezilla the silly thing after it's back to normal, and then again every so often. A month, a week, a year, whatever you feel comfortable with.

Keep extra copies of data (not the OS) on something cloud based or network storage locally.

Machine gets screwed up again (because it WILL, even if it's not malicious), restore from Clonezilla and cloud/net storage. Broken to fixed in an hour. If that. One reboot and you have your life back while it's restoring.

Take dog for walk. Go flying. Whatever. Life's way too short to clean Windows machines when something causes them to soil their diapers.

Just my opinion. Ran out of personal time for such silliness years ago.

Better yet... After cleanup...

P2V into a virtual machine, run Win virtual machine inside a better OS, make regular snapshots of virtual machine.

I just treat Windows as an appliance these days, whenever possible. I think we're going to P2V our main AD server and the Windows file server at the office, too. Stuff them inside a XenServer.

P2V of Windows was called "containing the virus" by the Linux architect at my last employer. He wasn't really kidding.

Oh, absolutely clone the machine. I clone the HD, plus make local data backups, plus online cloud backups. There's really no excuse not to once it's running properly. But nothing in Adam's post indicated to me that he has a known-good clone handy.

Wiping the system every time it has a problem is rarely necessary, at least on Windows 7 and 8. It wasn't necessary that often on XP, either. And whether it's the most expedient way to solve a problem depends on how much stuff of on the system (more in terms of software than data) as much as the nature and extent of the problem.

I've serviced PCs that had literally nothing installed. Everything their users did was Web-based, and they had literally nothing user-specific except maybe some bookmarks and pictures. In those cases, sure, back up the tiny amount of data, reformat, and reinstall / restore. No other approach makes sense if the system is seriously infected and contains nothing user-installed.

As for the reboots, the first one is to clear up any temp files or registry entries from the security software uninstallations. These files can sometimes interfere with the MBAM or ESET installations.

The second is to assure that any malicious process MBAM found that may still be running in RAM is killed. (Most likely MBAM would require this one, anyway.)

The third is to reload the Windows Registry after cleaning it with CCLeaner.

The fourth is to save the configuration without System Restore enabled, in which malware has been known to hide, to assure that all the restore points and everything in them have "really" been deleted.

If I were servicing Adam's computer, I wouldn't do it as described above. Having been out of that loop for a while, I can't say exactly how I would do it; but if I were doing it three years ago I might be spending most of my time in ERD or some bootable Linux distro. I didn't spend a lot of time working on infected systems from within those systems. I spent enough time to identify or at least narrow down the problem, then booted into ERD or some other bootable environment to fix it.

But I have no reason to believe that Adam has a bootable environment handy nor knows his way around one. I also don't believe that his machine is so badly infected that that's needed. In fact, I have no reason to believe that it's really "infected" at all. Systweak may have identified every cookie as malware to scare the user into paying for the license, or there may be a few PUPs; but this really doesn't sound to me like a machine with a raging malware problem that needs to be put down and rebuilt.

I don't especially like MS Security Essentials, but nonetheless, it found nothing. Systweak found more than 200 alleged problems. Since there's no coin invested in either of them, let's let a third party decide. MBAM is as good as anything out there for that purpose. But in terms of ongoing protection, I believe that ESET has the edge over anything else available right now; so once the system's cleaned up, install ESET to keep it that way.

That's my line of thought in reasoning in suggesting what I did. It costs Adam nothing except the ESET license (and MBAM, optionally -- both can co-exist), and all the tools are easily available and usable by a layman.

Rich

 

[steingar]

Been using Macs going on a quarter century and I've yet to loose any data from a virus.

 

[charheep]

I like
Spybot Search and Destroy
MBAM
ccleaner
Pulling the drive and putting it into a sled and scanning it with a second pc, when done
Installing Kapersky or MSE
dont go to weird sites

Like steingar, I yet to lose any data or wipe out and rebuild a PC, going all the way back to Windos 98 days.

 

[masloki]

Microsoft security essentials went from top rated to worst in the last year or so. MS has as much written it off and recommends users use anything else for better protection.

 

[SCCutler]

Been using Macs going on a quarter century and I've yet to loose any data from a virus.

An inevitable comment, and a useless distraction for the vast majority of business computer users who must run software which simply does not exist for Macs.

Once you get outside academia and schools, Macs are of limited utility.

I've tried to venture that way, and I like the way Apple's computers are engineered, but could not get software to do what needed to be done (legal industry). Fact is, business still runs on PCs, and there appears to be no trend away from that.

In our firm, we run all real work inside RDP sessions, and the desktops are just Remote Desktop clients, and this works supremely well, no exploits or virii at all, setting up a new user with all required programs is trivially simple and quick. Spending Mac-level coin on workstations would be like buying a Ferrari to deliver newspapers.

 

[denverpilot]

An inevitable comment, and a useless distraction for the vast majority of business computer users who must run software which simply does not exist for Macs.



Once you get outside academia and schools, Macs are of limited utility.



I've tried to venture that way, and I like the way Apple's computers are engineered, but could not get software to do what needed to be done (legal industry). Fact is, business still runs on PCs, and there appears to be no trend away from that.



In our firm, we run all real work inside RDP sessions, and the desktops are just Remote Desktop clients, and this works supremely well, no exploits or virii at all, setting up a new user with all required programs is trivially simple and quick. Spending Mac-level coin on workstations would be like buying a Ferrari to deliver newspapers.

Spike,

There is only one developer in my whole company running Windows, and he's migrating to Linux because he's too cheap/broke/whatever to buy a Mac.

Most are on Mac, a handful on Linux.

The only thing Windows does is give us a cheap desktop for the call center employees. Once the phone system upgrades are done, any web browser will work.

No execs running Windows either. Not for years.

Half the company is on Macs.

The print shop thinks they're on Windows but all the fancy million dollar and half million dollar printers are now running Linux with vendor-customized desktops on their integrate control consoles. (Xerox, and Oce'). They have Windows desktops for nothing but email and copying files to those consoles.

Only the seven year old mass label printer for mailings is running Windows software, and it's going to be kept off the network and left behind at XP, because it works.

Most of the Macs in the building were purchased by individuals and their company Windows hardware sits unused. The company won't buy them Macs but they switched on their own dime anyway.

The old "Macs are for schools" is dead dead dead.

 

[Henning]

Been using Macs going on a quarter century and I've yet to loose any data from a virus.

I've been using PCs since before Windows, same here.

 

[asechrest]

I switched to Linux at home and no longer worry about it. Though I do admit it's not for everyone. Specifically, folks who must use Windows-only software in the course of business.

 

[Cpt_Kirk]

I run everything in a sandbox. I only extract anything when I know it's 100% safe. I use Malwarebytes WHEN I need to scan.

 

[SCCutler]

Spike,

There is only one developer in my whole company running Windows, and he's migrating to Linux because he's too cheap/broke/whatever to buy a Mac.

Most are on Mac, a handful on Linux.

The only thing Windows does is give us a cheap desktop for the call center employees. Once the phone system upgrades are done, any web browser will work.

No execs running Windows either. Not for years.

Half the company is on Macs.

The print shop thinks they're on Windows but all the fancy million dollar and half million dollar printers are now running Linux with vendor-customized desktops on their integrate control consoles. (Xerox, and Oce'). They have Windows desktops for nothing but email and copying files to those consoles.

Only the seven year old mass label printer for mailings is running Windows software, and it's going to be kept off the network and left behind at XP, because it works.

Most of the Macs in the building were purchased by individuals and their company Windows hardware sits unused. The company won't buy them Macs but they switched on their own dime anyway.

The old "Macs are for schools" is dead dead dead.

Notwithstanding all of which, about which I offer no argument, in the legal marketplace, it's all written for windows. Sorry, just the way it is. Not developers, just lawyers.

Of course, we had a Linux server which, in six plus years of operation, never ever ever failed in any way. Flawless. But, I ain't running the puters anymore.

Like I said, we run rdp, so a $2,000 desktop would be tits on a boar hog. I am trying my first thin client, seems perfect for the task.

 

[SCCutler]

Just observing: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0

 

[RJM62]

I switched to Linux at home and no longer worry about it. Though I do admit it's not for everyone. Specifically, folks who must use Windows-only software in the course of business.

That's pretty much my situation. Mint could do everything I need if it weren't for the Adobe software.

Rich

 

[SCCutler]

That's pretty much my situation. Mint could do everything I need if it weren't for the Adobe software.

Rich

Exactly my situation, for workstations. We've come full-circle - the desktop is pretty much a near dumb terminal.

 

[asechrest]

That's pretty much my situation. Mint could do everything I need if it weren't for the Adobe software.

Rich

I've had a few hiccups, too, even though my home computer is strictly personal use. We screwed up my 11 year old step daughter's in-class Powerpoint project by converting to Libre Office's file format. And while I hardly ever play computer games any more, I really wanted to play Goat Simulator, because goats are kick-ass animals. But I had to wait for the Linux port.

But the pros still far outweigh the cons for me. Every time my OS starts up in 10 seconds flat I giggle a little.

 

[SCCutler]

Funny thing - ever since I got my Windows 8 Laptop, it boots up in less than ten seconds, and I cannot believe it after years of sluggy waiting for Windows to get ready to work.

 

[James331]

How about setting up user permissions. My windows box, my day to day account only has USER permissions, I log out and log into my admin account only to install software etc.

AVG free is good, black vipers system configuration settings are good, also spybot s&d for a scan and fix (not a fan of their resident programs though).

 

[schmookeeg]

Did ComboFix fall out of fashion, or am I behind the times? That's been my go-to when my computer has visited digital thailand and came back with an itch.

Also casting around for a replacement for MSE.. haven't settled on anything just yet.

 

[RJM62]

Did ComboFix fall out of fashion, or am I behind the times? That's been my go-to when my computer has visited digital thailand and came back with an itch.

Also casting around for a replacement for MSE.. haven't settled on anything just yet.

ComboFix is a bit overkill, in my opinion. I used it mainly on rooted computers, which Adam's doesn't seem to be.

Rich

 

[schmookeeg]

ComboFix is a bit overkill, in my opinion. I used it mainly on rooted computers, which Adam's doesn't seem to be.

Rich

Getting called "overkill" by the guy with the 4 reboot process is high praise indeed!

It's usually the insidious ones that catch me out, so I just start with the napalm... haven't spent a lot of time on the little bug sprays

 

[RJM62]

Getting called "overkill" by the guy with the 4 reboot process is high praise indeed!

It's usually the insidious ones that catch me out, so I just start with the napalm... haven't spent a lot of time on the little bug sprays

Hey, that's one way to look at it. But ComboFix is very aggressive and does break things from time to time, so I think it should be used by someone who can fix those things if that happens. I would have real reservations about recommending that a non-geek run it on a production computer. It's a bit more risky than I think is acceptable for a DIY tool.

Rich

 

[AdamZ]

Hey, that's one way to look at it. But ComboFix is very aggressive and does break things from time to time, so I think it should be used by someone who can fix those things if that happens. I would have real reservations about recommending that a non-geek run it on a production computer. It's a bit more risky than I think is acceptable for a DIY tool.

Rich

Tha'ts good information because we have had issues in the past with on anti-virus program allegedly screwing up our firm's billing and time management system

 

[timwinters]

What about Avast? Haven't seen it mentioned. Is it passé too?

 

[RJM62]

Tha'ts good information because we have had issues in the past with on anti-virus program allegedly screwing up our firm's billing and time management system

It does happen sometimes, especially with industry-specific software that's way out of the mainstream. Sometimes these programs aren't especially well-written, either, and they plant DLLs and the like in system areas where they trip the heuristics of some AV programs. (A lot of them also mess with UAC, but that's a whole 'nuther realm of annoyance.)

I had a lot of clients in the construction industry who used the same archaic software that handled literally every aspect of their businesses. It also was very prone to triggering heuristic false-positives on most AV programs. It had to be worked around with tedious whitelisting and meticulous backups.

I was in the process of virtualizing these clients' setups when I sold the business. The guy who bought it was a real disappointment and didn't carry on with that, which resulted in an unwelcome (though profitable) long-distance trip for me to recover a former client's system following an AV change on the server that borked the proprietary software. I was furious that he hadn't made a full backup prior to the change, but he never figured that a simple AV switch would cause such problems.

A lot of my colleagues made fun of me back then for being OCD about backups and following a very meticulous, cautious methodology rather than just running things like ComboFix routinely. But my clients' systems were mission-critical to their businesses, so even if the overall rate of problems encountered with these quick-fix methods was low, for the affected clients it would be devastating. So my shop followed a cautious path.

Rich

 

[jsstevens]

[snip]

A lot of my colleagues made fun of me back then for being OCD about backups and following a very meticulous, cautious methodology rather than just running things like ComboFix routinely. But my clients' systems were mission-critical to their businesses, so even if the overall rate of problems encountered with these quick-fix methods was low, for the affected clients it would be devastating. So my shop followed a cautious path.

Rich

The question in IT is not "Am I paranoid?" It's "Am I paranoid enough?"

I heartily endorse your approach.

John

 

[denverpilot]

Notwithstanding all of which, about which I offer no argument, in the legal marketplace, it's all written for windows. Sorry, just the way it is. Not developers, just lawyers.



Of course, we had a Linux server which, in six plus years of operation, never ever ever failed in any way. Flawless. But, I ain't running the puters anymore.



Like I said, we run rdp, so a $2,000 desktop would be tits on a boar hog. I am trying my first thin client, seems perfect for the task.

Understood. I knew the legal biz was kinda stuck with Windows software so I was just lettin' ya know the "academics and graphic arts" view of the Mac market is outdated.

That companies won't always PAY for them, isn't. I can't believe our VP allows as many BYOD as he does and has no worries with data walking off. I've suggested gently that we're courting a major problem but the willpower to order Macs isn't there.

(I think folks like Jesse and Jason will attract better developers than we will over time because of things like that. And they have better control over their environment.)

 

[denverpilot]

Been using Macs going on a quarter century and I've yet to loose any data from a virus.

Boy do we have a new deal for you...

http://www.cnet.com/news/new-apple-...=nl.e757&s_cid=e757&ttag=e757&ftag=CAD2e9d5b9