which antivirus

Hello,
could you advise me which antivirus is the best? I'm using Norton Antivirus and Ad-Aware with latest updates but it isn't enough.
There are still viruses on my computer and internet is much slower. It should be 512 kbps and my indicator shows 524 kbps but the reality is another. I must wait lots of minutes when I'll write internet address and now I must restart computer, because it's impossible to click through to the form with this question. (I'm writing it in notepad)

thanks for help
LVL 1
xLeonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

war1Commented:
Hi xLeon,

Norton AV is a good AV scanner and Adaware is a good adware scanner. But no adware scanner gets rid of all adware and spyware.

Check for virus and adware

Housecall Online Scan
http://housecall.antivirus.com
or
Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/

If computer still slow, download HijackThis

http://www.hijackthis.de/

Run the program and you will find many entries. Most are OK. Post the log at the Hijackthis forum and click Analyze, Save.  Post a link to the saved list here.

Cheers!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kenfcampCommented:
I've used PC-Cillin "http://www.trentmicro.com" for over 5 years on my windows machines, and have to say, I've never had reason to look for something else.
kenfcampCommented:
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

tsarevCommented:
You'd better reinstall Windows.

Or identify suspicious proceeses using the task manager and look up more info about them in the Internet. That's how I remove spyware which Anti-Spyware programs cannot remove.
r-kCommented:
If the problem isn't solved by now, try the suggestion by war1 to run HijackThis. Don't post the entire log here, instead post it at http://www.hijackthis.de/ and post the link to the analyzed log here.
centaxCommented:
i've used norton anti-virus in the past, as long as it's kept updated it's the best antivirus software out there in my opinion.
if you're looking for a free alternative, try AVG antivirus: http://www.grisoft.com

if you can pinpoint the actual viruses in question, there is no need to reinstall your entire system. just open your PC in safemode (press F8 repeatidly at startup and select SafeMode from the menu that will appear) and go into your system and manually delete them.
xLeonAuthor Commented:
Internet isn't working now in my computer, but it's interconnected with another computer with internet sharing. It is interesting that internet is going fast on the other computer.
But I can't use those programs, because they will analyze the healthy computer and some programs are not free.
I found these viruses with norton and adaware and they are still returning:
HVLScan.exe, Haktek.exe, Aphex.exe

I used SpyBot and it has found MiniBug

I'd like to reinstall Windows but I can't. My CD-ROM isn't working, it's damaged
rindiCommented:
Run hijackthis like others have mentioned earlier, but don't post the log here. paste the log to the hijackthis site which r-k mentioned, then click on "analyze" in that page. Then on "Save Analysis", again on that page, then paste the link to which you will bedirected to here.

NAV is OK if it works, but it too can be corrupted by virii it doesn't know, and NAV is particularly resource hungry which makes your system slowdown. I prefer using Avast! Antivirus, which is free for personal use.

But get that hijackthis run, it can greatly help us help you...
war1Commented:
xLeon,

Please follow what I wrote earlier

If computer still slow, download HijackThis

http://www.hijackthis.de/

Run the program and you will find many entries. Most are OK. Post the log at the Hijackthis forum and click Analyze, Save.  Post a link to the saved list here.
Dmitri FarafontovLinux Systems AdminCommented:
I highly recommend Kaspersky Personal or Kaspersky Personal Pro. Always lightning fast scanning, doesnt slowdown the machine a single bit. Has integrated scripting, email, macro scanner. Updates come out every 3 hours. And the price is very low as compared by other solutions. Check it out at http://kaspersky.com
Tim HolmanCommented:
Trend is way faster than Norton (5-6 times!).  
If you up the points, we'll help you fix this.
Dmitri FarafontovLinux Systems AdminCommented:
KAV, by Kaspersky Labs is one of the best tested ones, speed wise and detection rates.
xLeonAuthor Commented:
rindiCommented:
I'd turn off the following:

pdvdservice.exe             (This doesn't have to run resident)

CloneCDTray.exe             (This doesn't have to run resident)

Realsched.exe               (Is used to downlaod realplayer updates, but is mainly there for sending you ads. You can update realplayer manually, so I'd not run this in the background.)

msmsgs.exe                  (ms messenger service, not necessary and can be missused to compromise your PC)

wzqkpick.exe                (Winzip also runs when it isn't resident)

elbycheck.exe               (This doesn't have to run resident)

NeroCheck.exe               (This doesn't have to run resident)

mouse.exe                   (might be a mouse driver, but XP supports mice without extra drivers, so I think this could also be a virus or worm)

OSA9.exe                    (This doesn't have to run resident)



Also, your internet explorer is out of date, this leads me to believe that your windows isn't uptodate either. Run Windowsupdate manually, also update not just the critical updates.
xLeonAuthor Commented:
the following processes aren't between running processes: elbycheck.exe, NeroCheck.exe, OSA9.exe
the process msmsgs.exe is impossible to end up. It is appearing between running processes again and again.

I don't have explorer as a default browser. I'm using Mozilla Firefox 1.0.3
rindiCommented:
You can disable the messenger via outlook in tools, options, other, the instant messaging checkbox. Elbycheck you can also disable via msconfig in the startup tab or the services tab, and if it shows up in your taskbar, by rightclicking it you can often turn off these items from starting. Otherwise you should also be able to disable that via Clone CD and changing the configuration options. The same should work with nerocheck.
xLeonAuthor Commented:
I have Microsoft Outloook 2000 and I can't find there instant messaging checkbox. Except of msmsgs.exe are all 'malicious' processes from the above list disabled.
rindiCommented:
Outlook -> Tools -> Options. The "Other" Tab, the option right at the bottom of the screen.

You can also right click in the taskbar on the messanger and open the service, then you can look for the setup of it and find and disable where it say's start automatically on bootup (or similar).
war1Commented:
Here is how to disable Windows Messenger

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.
r-kCommented:
To expand on what rindi already said:

 Start Messenger, then Tools -> Options -> Preferences and un-check the box that reads "Run Windows Messenger when Windows starts"
xLeonAuthor Commented:
In outlook 2000 is it probably somewhere else
in Services I can't find Windows messanger

I think that this process isn't critical because now is internet running OK. I have just done two scans with Norton and Adware.
xLeonAuthor Commented:
war1Commented:
If you are unfamiliar with this domain, hve HJT delete it

O17 - HKLM\System\CCS\Services\Tcpip\..\{D38EB293-F340-4C43-AF03-80FABA127BF6}: NameServer = 194.228.2.1 194.228.41.113
r-kCommented:
All those entries for hostserv.exe are extremely suspicious. If you don;t know what that process is, suggest removing or disabling it.
xLeonAuthor Commented:
I tried that ip address in my browser but is probably doesn't exist. But I don't know how to delete it.


hostserv is removed.
r-kCommented:
"hostserv is removed."

Good. You might want to do another scan with HijackThis and make sure it didn't come back.

Those nameservers seem legit. Are you based somewhere in Europe or Africa?
Dmitri FarafontovLinux Systems AdminCommented:
194.228.2.1 PTR record: ns2.tel.cz. [TTL 86400s] [A=194.228.2.1]
194.228.41.113 PTR record: dns-polvezni.iol.cz. [TTL 86400s] [A=194.228.41.113]
i
netnum:      194.228.2.0 - 194.228.2.31
netname:      BFP-PCD-AIS
descr:        IOL - Internal LAN, DNS
country:      CZ
admin-c:      IOL1-RIPE
tech-c:       IOL1-RIPE
status:       ASSIGNED PA
notify:       hostmaaster@iol.cz
mnt-by:       AS5610-MTN
changed:      hostmaster@iol.cz 20020404
source:       RIPE


inetnum:      194.228.41.64 - 194.228.41.127
netname:      INFOVISTA-NET
descr:        Thamova 11
descr:        Praha 8
country:      CZ
admin-c:      IOL1-RIPE
tech-c:       IOL1-RIPE
status:       ASSIGNED PA
notify:       hostmaster@iol.cz
mnt-by:       AS5610-MTN
changed:      hostmaster@iol.cz 20020609
source:       RIPE

war1Commented:
>>  I tried that ip address in my browser but is probably doesn't exist. But I don't know how to delete it.

Check the item in HijackThis log and have HJT delete it.
xLeonAuthor Commented:
that seems to be nameserver of my provider
r-kCommented:
I would leave it alone.
xLeonAuthor Commented:
and this is another scan
http://www.hijackthis.de/logfiles/20fe2bba142b199fbe482d7026191220.html

mouse and hostserv are there again but they are not between running processes
r-kCommented:
"mouse and hostserv are there again"

If HiJackThis won't remove it, you can just use Regedit to edit the resgistry, browse on over to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and delete the entries for mouse and hostserv from there
(but do this only if you are somewhat familiar with regedit)

Be sure to run HijackThis again to be sure they are really gone.
rindiCommented:
Mainly try getting rid of that mouse.exe. If you can't remove it via hijackthis or regedit, boot into safe mode, find mouse.exe and either rename or delete this file. Also don't have realsched starting up. Then, you are still using an outdated IE version. Even if you use firefox for normal surfing, IE is still necessary for the windowsupdate. Run the full windowsupdate by hand, don't just select the critical updates, also select the others.
xLeonAuthor Commented:
HiJackthis was able to remove mouse and hostserv

now it's time to split up points between you experts. 25 war1, 20 rindi, 20 r-k. I don't have more points, so many thanks to DeltaFire
rindiCommented:
Thanks too.
war1Commented:
Good luck to you and don't get anymore adware. :)
Dmitri FarafontovLinux Systems AdminCommented:
Good Luck and happy surfring ;-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.