Solved

Best AV for Anti-virus viruses?

Posted on 2011-02-17
12
506 Views
Last Modified: 2013-11-22
In your experiences what's the best AV program to fight variants of the 2011 Anti-Virus Virus.

No online reviews please. I need feedback from experienced computer repair professionals who have had success with repairing Windows XP & Windows 7 and keeping PCs free from current versions of the Anti-Virus Virus.
0
Comment
Question by:tpgriffin
12 Comments
 
LVL 6

Expert Comment

by:Bxoz
Comment Utility
F-secure or Trend Office
0
 
LVL 8

Expert Comment

by:Sean Scissors
Comment Utility
The AV2011 is a vicious sucker. I have seen probably around 20 different variations of names, some of which cause different issues. As far as what to use to stop it and if you have it how to get rid of it...well that is very situational based. A lot of consumers get that virus by pressing on some download link of some sort. And truth of the matter is most AVs won't stop a virus from getting in if you say "yes" to the download as it bypasses the AV software.

If you do in fact get it I have used Malwarebytes to remove a lot of it, HitmanPro is good too. HiJackThis is almost always necessary as some pieces of the more vicious versions just will not go away. TDSSkiller and GMER as a lot of times it creates a rootkit to re-implement itself and definitely Rkill.exe because usually when AV2011 is executed it disables everything else and you cant run really anything, not even task manager.

Keep in mind a lot of times it likes to break the .exe file extension within the registry. In the exe folder within the registry it changes the data to a direct link to the virus itself. Fortunately there are easy fixes for that as long as you just keep a RegFix which is a small one line script to replace the exact key with the correct/default data.

After doing all of the above (if exe is broken then fix that first to do the rest) you should be good to go. AV2011 really is a nasty one.
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 333 total points
Comment Utility
I've had VERY good luck with VIPRE Antivirus.  I had a client get infected with it while being "protected" by ESET's NOD32 and I replaced NOD32 with VIPRE and it cleaned it nicely, a reboot and things were back to normal (after the cleaning).

(I do not recommend trend unless you like problems with Windows... I hope to blog about my experiences with it soon).

0
 

Author Comment

by:tpgriffin
Comment Utility
leew: How does VIPRE® "3 or more PC" license works? How about VIPRE® Premium?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Actually, I have only one home user client on it (I don't work with home users much and when I do, they've usually purchased something awful like Norton).  The one client is using a 3 year home license on 4 machines.  Seems to work great (it's the premium edition).

Most of my clients are using the business class VIPRE Enterprise and only one (though a large one) is on Enterprise Premium.  So far, I rarely (if ever) hear anything negative about it.

GFI/Sunbelt offers a 30 day moneyback guarantee - which I used once for another client that had trouble installing the 3.x client (they are on 4.0 now which doesn't seem to have any install problems).  

If you buy the 3 or more license, you get one license key you can use with all your installs.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Just keep in mind, for as good as it is, the product, like all antivirus products, generally needs to have seen the malicious software first before it can clean it (meaning Sunbelt would have to have seen that variant before you can expect them to clean it - it's POSSIBLE it gets it anyway, but MOST things are cleaned by virus definition, not heuristics.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 23

Expert Comment

by:phototropic
Comment Utility
"...keeping PCs free from current versions of the Anti-Virus Virus. ..!

Once you are infected, there are a number of tools you can use.
To prevent infection, user education is the most powerful defence. If users are downloading from random pop-ups, or clicking on links haphazardly then the pc will get infected no matter WHAT av is being run.

I try to tell users to treat the internet like a city at night: there are areas which you wouldn't wander around in looking lost; you would pay attention and be careful.  A lot of rogue av programs originate from a pop-up which says something like "Warning!!! Virus detected.  Scan now?" .  Close the window by pressing alt+f4 and you don't click on anything inside the window.  Users like the idea of using a keyboard shortcut and will be keen to try it out.
0
 
LVL 5

Expert Comment

by:shadowmantx
Comment Utility
I used the Vipre Enterprise it did work good for most part.  But lately the issues we had with Outlook 2007 it would lock up on numerous workstations and some trojans would infect some workstations.  Even with numerous deep scans could not get rid of them.  So I had to re-image those workstations.

I have done research and am going to try Kaspersky Enterprise Space Security.  This is a total suite package that will cover File Servers, Email Servers and workstations.  No need to get separate licenses for email and workstations like other vendors.  Kaspersky will give you 1.5x the amount of mailboxes to help cover email aliases too.  The auto delpoy will perform a network discovery and automatically determine which OS the workstation / server has and remove the previous vendor software and installs the new one.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 167 total points
Comment Utility
"In-depth, Layered Defense"

Lots of discussions around here about preferred AV solutions and they can get pretty...exciting.

As the owner of a small computer repair shop (home users only), I have had great success with the combination of MS MSE and Malwarebytes-Pro. With that combination PLUS no regular user with 'Admin' privileges, I haven't had an infected computer in about a year.

You don't describe your topography, but MSE is free for up to 10 licenses - after that you need to use the paid product. MBAM-Pro is a one-time charge of US$17-25 - and the license is for the life-time of the registered user (NOT the life of the computer as I have mistakenly posted before.

In addition to the above, I've been posting the following recommendations for years, and they work:

I have never been a fan of any software FW product. Use the native Windows FW on your computers and add a small Linksys FW/Router (hardware) at your incoming internet connection.

Use a pre-built "HOSTS" protection (http://www.mvps.org/winhelp2002/hosts.htm) and sign up for their auto-mailer to notify you of updates.

Cookies - "First Party" set to 'Prompt' (Allow Session) and "Third Party" set to 'Block'.
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
Forgot the links:

http://www.microsoft.com/security_essentials/
http://technet.microsoft.com/en-us/evalcenter/ff182914.aspx
http://www.malwarebytes.org/

@phototropic - love that analogy:
"...treat the internet like a city at night...
0
 
LVL 6

Expert Comment

by:Melannk24
Comment Utility
Sopho Endpoint Security works quite well.  We've had great results with it.  If you want to test it against your current AV vendor, they have an option to download their scanner to compare results.  They also have some great additional options..... acceptable use policy (i.e. controlling USB media, privacy data), web content scanner, heuristics, host firewall).  With an infection from a rogue AV like 2011 Antivirus, you need something that can monitor the any hijacked API calls, Sophos has shown to alert on suspicious activity of known .exes like svchost.exe which is a favorite of malware to inject code into.  Good luck!
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 333 total points
Comment Utility
Sorry, I usually start my responses off with "what is the best flavor of Ice Cream?"  because just like ice cream, everyone has their favorite antivirus.

I've not heard of any verifiable problems with VIPRE failing to clean a virus, but as i stated, products usually have to have seen a virus (Trojan) before they can clean them.  And i'll add that in general - THEY ALL STINK.  12 years ago, an AV program caught 99% of what was out there.  Today, I'd estimate 80%.  The virus writers are winning.  PERIOD.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now