bva has had many difficulties with antivirus over the last two years, applications that are trying to be more than just handle virus protection. bva has seen a common trend on the support center/helpdesk that many issues that surface in our ticketing system come from some anti-virus trying to do more then monitor or protect viruses.
It has been very frustrating but thought bva would voice our recommended products after testing.
- Kaspersky Anti-virus
- AVG Antivirus 2012
- Bitdefender Antivirus
- Webroot Antivirus
- ESET NOD32
- Panda Antivirus
- Norton 2012
Creeper, the world’s first computer virus, was created in 1971. Twenty years later, there were still only about 1300 viruses around the ‘net. Today, forty years after Creeper, there are over 200 million virus varians “in the wild”. What start out as proof of concept for how computers communicate has evolved into a complex “prank”, and now into the toolkit of the cybercriminal.
When dealing with malware and viruses on Windows systems, often one tool is not sufficient. You may need to expand your tool set to include multiple applications in order to effectively clean off an infection or threat.
- Turn off System Restore. This can be done in the System control panel. Don’t forget to turn it back on when you’re finished!
- Clear temporary internet files (IE cache) for all profiles. If you’re only dealing with a single-user computer, this is easily accomplished with the Internet Options control panel. If multiple users login to the infected computer, rather than manually deleting for each user, you can use ICSweep to view and delete the IE cache for all users. Originally designed for terminal server environments, ICSweep works well on desktop operating systems, too. You can download it here: http://www.ctrl-alt-del.com.au/CAD_TSUtils.htm
- CCleaner is also effective at cleaning out the IE cache, but only for the currently logged in user. http://www.piriform.com/
- Boot the computer into Safe Mode with Networking, if possible, and launch your anti-spyware application. Safe Mode prevents many unwanted services & processes from running, but if you use the networking version, you can still update the definitions for your apps. However, this isn’t always possible, depending on the nature of the infection, so you may need to boot to Safe Mode (with no networking) and manually update from another source (eg. USB drive).
- I have had success using Malwarebytes’ quick scan for basic infection & removal. http://www.malwarebytes.org/. Recently, I’ve found Hitman Pro to be very effective in detecting and removing root kits and boot sector viruses, such as Alureon. http://www.surfright.nl/en/hitmanpro
- You may need to boot to a CD, or use another method to scan externally, if you’ve got something that’s really entrenched. There are many Linux-based “Live” CD images available for free download: http://www.knoppix.net/ or you can manually create your own Windows Preinstallation Environment (PE) CD http://technet.microsoft.com/en-us/library/cc766093%28WS.10%29.aspx Microsoft’s Diagnostic & Recovery Toolset (DaRT) includes ERD Commander disc images, and also includes Microsoft Security Essentials for offline scanning.
This scanner performs many steps in one run. I had a workstation the other day that was infected with spyware. I ran this tool which scanned ports, spyware, viruses, registry issues, etc. It took just about over an hour to run and it fixed many issues. After a reboot the machine performed better and was able to dig deeper into cleaning and repairing the workstation. This is a full scan, all in one tool that can be handy in this situation. http://onecare.live.com/site/en-us/default.htm