• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 557
  • Last Modified:

Best AV for Anti-virus viruses?

In your experiences what's the best AV program to fight variants of the 2011 Anti-Virus Virus.

No online reviews please. I need feedback from experienced computer repair professionals who have had success with repairing Windows XP & Windows 7 and keeping PCs free from current versions of the Anti-Virus Virus.
3 Solutions
F-secure or Trend Office
Sean ScissorsProgram Analyst IICommented:
The AV2011 is a vicious sucker. I have seen probably around 20 different variations of names, some of which cause different issues. As far as what to use to stop it and if you have it how to get rid of it...well that is very situational based. A lot of consumers get that virus by pressing on some download link of some sort. And truth of the matter is most AVs won't stop a virus from getting in if you say "yes" to the download as it bypasses the AV software.

If you do in fact get it I have used Malwarebytes to remove a lot of it, HitmanPro is good too. HiJackThis is almost always necessary as some pieces of the more vicious versions just will not go away. TDSSkiller and GMER as a lot of times it creates a rootkit to re-implement itself and definitely Rkill.exe because usually when AV2011 is executed it disables everything else and you cant run really anything, not even task manager.

Keep in mind a lot of times it likes to break the .exe file extension within the registry. In the exe folder within the registry it changes the data to a direct link to the virus itself. Fortunately there are easy fixes for that as long as you just keep a RegFix which is a small one line script to replace the exact key with the correct/default data.

After doing all of the above (if exe is broken then fix that first to do the rest) you should be good to go. AV2011 really is a nasty one.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I've had VERY good luck with VIPRE Antivirus.  I had a client get infected with it while being "protected" by ESET's NOD32 and I replaced NOD32 with VIPRE and it cleaned it nicely, a reboot and things were back to normal (after the cleaning).

(I do not recommend trend unless you like problems with Windows... I hope to blog about my experiences with it soon).

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

tpgriffinAuthor Commented:
leew: How does VIPREĀ® "3 or more PC" license works? How about VIPREĀ® Premium?
Lee W, MVPTechnology and Business Process AdvisorCommented:
Actually, I have only one home user client on it (I don't work with home users much and when I do, they've usually purchased something awful like Norton).  The one client is using a 3 year home license on 4 machines.  Seems to work great (it's the premium edition).

Most of my clients are using the business class VIPRE Enterprise and only one (though a large one) is on Enterprise Premium.  So far, I rarely (if ever) hear anything negative about it.

GFI/Sunbelt offers a 30 day moneyback guarantee - which I used once for another client that had trouble installing the 3.x client (they are on 4.0 now which doesn't seem to have any install problems).  

If you buy the 3 or more license, you get one license key you can use with all your installs.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Just keep in mind, for as good as it is, the product, like all antivirus products, generally needs to have seen the malicious software first before it can clean it (meaning Sunbelt would have to have seen that variant before you can expect them to clean it - it's POSSIBLE it gets it anyway, but MOST things are cleaned by virus definition, not heuristics.
"...keeping PCs free from current versions of the Anti-Virus Virus. ..!

Once you are infected, there are a number of tools you can use.
To prevent infection, user education is the most powerful defence. If users are downloading from random pop-ups, or clicking on links haphazardly then the pc will get infected no matter WHAT av is being run.

I try to tell users to treat the internet like a city at night: there are areas which you wouldn't wander around in looking lost; you would pay attention and be careful.  A lot of rogue av programs originate from a pop-up which says something like "Warning!!! Virus detected.  Scan now?" .  Close the window by pressing alt+f4 and you don't click on anything inside the window.  Users like the idea of using a keyboard shortcut and will be keen to try it out.
I used the Vipre Enterprise it did work good for most part.  But lately the issues we had with Outlook 2007 it would lock up on numerous workstations and some trojans would infect some workstations.  Even with numerous deep scans could not get rid of them.  So I had to re-image those workstations.

I have done research and am going to try Kaspersky Enterprise Space Security.  This is a total suite package that will cover File Servers, Email Servers and workstations.  No need to get separate licenses for email and workstations like other vendors.  Kaspersky will give you 1.5x the amount of mailboxes to help cover email aliases too.  The auto delpoy will perform a network discovery and automatically determine which OS the workstation / server has and remove the previous vendor software and installs the new one.
"In-depth, Layered Defense"

Lots of discussions around here about preferred AV solutions and they can get pretty...exciting.

As the owner of a small computer repair shop (home users only), I have had great success with the combination of MS MSE and Malwarebytes-Pro. With that combination PLUS no regular user with 'Admin' privileges, I haven't had an infected computer in about a year.

You don't describe your topography, but MSE is free for up to 10 licenses - after that you need to use the paid product. MBAM-Pro is a one-time charge of US$17-25 - and the license is for the life-time of the registered user (NOT the life of the computer as I have mistakenly posted before.

In addition to the above, I've been posting the following recommendations for years, and they work:

I have never been a fan of any software FW product. Use the native Windows FW on your computers and add a small Linksys FW/Router (hardware) at your incoming internet connection.

Use a pre-built "HOSTS" protection (http://www.mvps.org/winhelp2002/hosts.htm) and sign up for their auto-mailer to notify you of updates.

Cookies - "First Party" set to 'Prompt' (Allow Session) and "Third Party" set to 'Block'.
Forgot the links:


@phototropic - love that analogy:
"...treat the internet like a city at night...
Sopho Endpoint Security works quite well.  We've had great results with it.  If you want to test it against your current AV vendor, they have an option to download their scanner to compare results.  They also have some great additional options..... acceptable use policy (i.e. controlling USB media, privacy data), web content scanner, heuristics, host firewall).  With an infection from a rogue AV like 2011 Antivirus, you need something that can monitor the any hijacked API calls, Sophos has shown to alert on suspicious activity of known .exes like svchost.exe which is a favorite of malware to inject code into.  Good luck!
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sorry, I usually start my responses off with "what is the best flavor of Ice Cream?"  because just like ice cream, everyone has their favorite antivirus.

I've not heard of any verifiable problems with VIPRE failing to clean a virus, but as i stated, products usually have to have seen a virus (Trojan) before they can clean them.  And i'll add that in general - THEY ALL STINK.  12 years ago, an AV program caught 99% of what was out there.  Today, I'd estimate 80%.  The virus writers are winning.  PERIOD.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now